Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 20.12.2018
Executado por Anderson (administrador) em MUSKITO (22-12-2018 01:04:32)
Executando a partir de E:\Downloads
Perfis Carregados: Anderson (Perfis Disponíveis: Anderson)
Platform: Windows 8 Pro (X64) Idioma: Português (Brasil)
Internet Explorer Versão 10 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\nvidia\wintask.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\setup\New_12080bff\instup.exe
(File Type Advisor) C:\Program Files (x86)\File Type Advisor\fileadvisor.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.5000183\weather_lite.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
() C:\Program Files\BEHRINGER\UMC_Audio_Driver\W7W8_x64\UMCAudioCplApp.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files\MmNkY2Q\Y2NiMzAyZDNmNTJmN.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [290064 2018-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [413832 2017-11-01] (Geek Software GmbH)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [50097096 2018-03-16] (Skype Technologies S.A.)
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [GoogleChromeAutoLaunch_651F33D33D3717DB198444A4A0525B1F] => "C:\Users\Anderson\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\MountPoints2: {68c7e6c2-3059-11e7-bea5-0025228bbeac} - "I:\Checker.exe"
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [205824 2009-05-29] ()
HKLM\...\Drivers32-x32: [VIDC.YV12] => C:\Windows\SysWOW64\yv12vfw.dll [217088 2004-01-25] (www.helixcommunity.org)
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [118784 2007-09-20] (fccHandler)
HKLM\...\Drivers32-x32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/)
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [85504 2010-01-05] ()
AppInit_DLLs: C:\ProgramData\Kolnixo\Tranron.dll => C:\ProgramData\Kolnixo\Tranron.dll [342528 2018-12-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UMC Control Panel Autostart.lnk [2018-11-02]
ShortcutTarget: UMC Control Panel Autostart.lnk -> C:\Program Files\BEHRINGER\UMC_Audio_Driver\W7W8_x64\UMCAudioCplApp.exe ()
Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Primary output from Start (Active).lnk [2018-12-14]
ShortcutTarget: Shortcut to Primary output from Start (Active).lnk -> C:\Users\Anderson\AppData\Roaming\Microsoft\Installer\{B94E929F-8F78-48B5-99B3-2227C5B27A7F}\_13E1866C7227330B501230.exe ()
GroupPolicy: Restrição - Chrome <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{664ABC89-DD29-46B7-824C-75C902F9B915}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDd9gHZpASSakhA3dmePKWUHIUhDuz4NxsS9r6LfZ4m6IoXyvchlUrP0zmNY0sDsarxRLSdQRlswaKVdrOhjqPJMOzxxmSYlMpaELVwSRhD34Mqkg42n4_oEBht8dxpKVnxHImCWGREIq5CLx7W22G6Zffdg,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2518058151-3121161267-773589023-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDd9gHZpASSakhA3dmePKWUHIUhDuz4NxsS9r6LfZ4m6IoXyvchlUrP0zmNY0sDsarxRLSdQRlswaKVdrOhjqPJMOzxxmSYlMpaELVwSRhD34Mqkg42n4_oEBht8dxpKVnxHImCWGREIq5CLx7W22G6Zffdg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2518058151-3121161267-773589023-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2518058151-3121161267-773589023-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180517__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2518058151-3121161267-773589023-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDd9gHZpASSakhA3dmePKWUHIUhDuz4NxsS9r6LfZ4m6IoXyvchlUrP0zmNY0sDsarxRLSdQRlswaKVdrOhjqPJMOzxxmSYlMpaELVwSRhD34Mqkg42n4_oEBht8dxpKVnxHImCWGREIq5CLx7W22G6Zffdg,,&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\7jry7kde.default-1508555690661 [2018-12-22]
FF Homepage: Mozilla\Firefox\Profiles\7jry7kde.default-1508555690661 -> file:///C:/ProgramData/Kolnixos/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\7jry7kde.default-1508555690661 -> file:///C:/ProgramData/Kolnixos/ff.NT
FF SearchPlugin: C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\7jry7kde.default-1508555690661\searchplugins\google-avg.xml [2018-12-15]
FF SearchPlugin: C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\7jry7kde.default-1508555690661\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-17]
FF Extension: (Sem Nome) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{A16C6B13-D41C-47BF-AAC2-FC71F1BB2363}.xpi [2018-12-14] [não assinado]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-12-22] <==== ATENÇÃO
Chrome:
=======
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDd9gHZpASSakhA3dmePKWUHIUhDuz4NxsS9r6LfZ4m6IoXyvchlUrP0zmNY0sDsar3oV_sQdae9G0EWOgrRxvlxK9-JNbx1VCjv6k2BHLqjR5qZ_b9i5cUWjTWqZswx3yIGAterlgXmA3DMl2xYjNfyI92w,,
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default [2018-12-22]
CHR Extension: (Apresentações) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-11]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-11-22]
CHR Extension: (YouTube) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-11]
CHR Extension: (Planilhas) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos Google off-line) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-07-16]
CHR Extension: (Adaware Secure) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [2018-11-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-11]
CHR Extension: (Chrome Media Router) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-19]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2518058151-3121161267-773589023-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2518058151-3121161267-773589023-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [324048 2018-11-19] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [8237160 2018-11-19] (AVG Technologies CZ, s.r.o.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Arquivo não assinado] <==== ATENÇÃO
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 MmNkY2Q; C:\Program Files\MmNkY2Q\Y2NiMzAyZDNmNTJmN.exe [483560 2018-12-21] ()
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
U2 NVU; C:\Windows\nvidia\wintask.exe [329728 2014-08-31] () [Arquivo não assinado]
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [413832 2017-11-01] (Geek Software GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2017-07-24] ()
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
S2 SysSvc; C:\Users\Anderson\AppData\Local\NtvHost\syssvc.exe [360448 2018-12-14] (CloudBees, Inc.) [Arquivo não assinado] <==== ATENÇÃO
R2 WeatherLiteService; C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe [149136 2017-03-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 WMS; C:\Windows\wmi\netmon.exe [329728 2014-08-31] () [Arquivo não assinado]
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe [474768 2017-03-01] (Wondershare)
S2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe -s [X]
S3 digiSPTIService64; "C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe" [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
R2 NzgwODgwMDZk; rundll32.exe C:\Windows\zbayksxwavr.kbay xUEh [X]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MirrorGo\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 80A7E021FE94; C:\Windows\80A7E021FE94.sys [621416 2018-12-14] (VideoDriver)
S3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [2919936 2013-06-02] (Qualcomm Atheros Communications, Inc.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [201504 2018-11-19] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [231104 2018-11-19] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [202528 2018-11-19] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [346840 2018-11-19] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [59744 2018-11-19] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46648 2018-11-19] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42552 2018-11-19] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [163496 2018-11-19] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [112040 2018-11-19] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87680 2018-11-19] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1028920 2018-11-19] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [469520 2018-11-19] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [208712 2018-11-19] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380704 2018-11-19] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-04-12] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-04-12] (Disc Soft Ltd)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 umc_audio; C:\Windows\System32\drivers\umc_audio.sys [353112 2018-02-20] ()
S3 umc_audioks; C:\Windows\system32\DRIVERS\umc_audioks.sys [54104 2018-02-20] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 YMIDUSBW; C:\Windows\system32\drivers\ymidusbx64.sys [43744 2015-07-28] (Yamaha Corporation)
R1 NjkxMzUwNWI; \??\C:\Windows\system32\drivers\NjkxMzUwNWI [X]
S3 RTL8192cu; \SystemRoot\system32\DRIVERS\rtwlanu.sys [X]
S3 RtlWlanu; \SystemRoot\system32\DRIVERS\rtwlanu.sys [X]
R1 YTI0MDFmYzYxZjg; \??\C:\Windows\system32\drivers\YTI0MDFmYzYxZjg [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-12-22 01:04 - 2018-12-22 01:04 - 000001968 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-12-22 01:04 - 2018-12-22 01:04 - 000000000 ____D C:\FRST
2018-12-22 01:02 - 2018-12-22 01:02 - 000067096 _____ C:\Users\Anderson\Desktop\download.htm
2018-12-22 01:02 - 2018-11-19 21:43 - 000378640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-12-22 01:00 - 2018-12-22 01:00 - 001286144 _____ C:\Windows\zbayksxwavr.kbay
2018-12-22 00:58 - 2018-12-22 00:58 - 000002253 _____ C:\Users\Anderson\Desktop\Google Chrome.lnk
2018-12-21 19:22 - 2018-12-21 19:22 - 000000000 ____D C:\Users\Anderson\Desktop\SLIDES
2018-12-21 08:54 - 2018-12-21 08:54 - 000149328 _____ C:\Windows\system32\Drivers\NjkxMzUwNWI
2018-12-21 08:54 - 2018-12-21 08:54 - 000101728 _____ C:\Windows\uninstaller.dat
2018-12-20 16:46 - 2018-12-20 16:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-20 16:45 - 2018-12-20 16:45 - 000000000 ____D C:\Program Files (x86)\MSECache
2018-12-18 14:10 - 2018-12-18 14:10 - 000096973 _____ C:\Users\Anderson\Documents\favoritos_18_12_2018.html
2018-12-15 01:40 - 2018-12-15 01:40 - 000000000 ____D C:\Users\Todos os Usuários\Errors
2018-12-15 01:40 - 2018-12-15 01:40 - 000000000 ____D C:\Users\Todos os Usuários\DumpFiles
2018-12-15 01:40 - 2018-12-15 01:40 - 000000000 ____D C:\ProgramData\Errors
2018-12-15 01:40 - 2018-12-15 01:40 - 000000000 ____D C:\ProgramData\DumpFiles
2018-12-15 01:38 - 2018-12-15 01:40 - 000000000 ____D C:\Users\Anderson\AppData\Local\SpeedCat-Logs
2018-12-15 01:08 - 2018-12-22 01:00 - 000000000 ____D C:\Program Files\MmNkY2Q
2018-12-15 00:40 - 2018-12-15 00:40 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\adaware
2018-12-15 00:40 - 2018-12-15 00:40 - 000000000 ____D C:\Users\Anderson\AppData\Local\AdAwareDesktop
2018-12-15 00:39 - 2018-12-15 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2018-12-15 00:38 - 2018-12-15 00:38 - 000000000 ____D C:\Program Files\adaware
2018-12-15 00:37 - 2018-12-15 00:37 - 000000000 ____D C:\Users\Anderson\AppData\Local\AdAwareUpdater
2018-12-15 00:36 - 2018-12-15 00:36 - 000000000 ____D C:\Program Files\Common Files\adaware
2018-12-15 00:34 - 2018-12-22 00:49 - 000000000 ____D C:\Users\Todos os Usuários\adaware
2018-12-15 00:34 - 2018-12-22 00:49 - 000000000 ____D C:\ProgramData\adaware
2018-12-14 03:24 - 2018-12-14 03:24 - 000000000 ____D C:\Users\Todos os Usuários\localNETService
2018-12-14 03:24 - 2018-12-14 03:24 - 000000000 ____D C:\ProgramData\localNETService
2018-12-14 03:15 - 2018-12-22 00:53 - 000000000 ____D C:\Windows\SysWOW64\SSL
2018-12-14 03:14 - 2018-12-14 03:14 - 000000286 __RSH C:\Users\Anderson\ntuser.pol
2018-12-14 03:11 - 2018-12-22 01:00 - 000000000 ____D C:\Users\Anderson\AppData\Local\GoogleChromeUserData
2018-12-14 03:10 - 2018-12-14 03:10 - 000015614 _____ C:\Windows\SysWOW64\findit.xml
2018-12-14 03:10 - 2018-12-14 03:10 - 000000000 ____D C:\Users\Todos os Usuários\Kolnixos
2018-12-14 03:10 - 2018-12-14 03:10 - 000000000 ____D C:\ProgramData\Kolnixos
2018-12-14 03:09 - 2018-12-22 00:59 - 000000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2018-12-14 03:09 - 2018-12-22 00:59 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-12-14 03:09 - 2018-12-14 13:04 - 000000000 ____D C:\Program Files (x86)\ZmyMStEpU
2018-12-14 03:09 - 2018-12-14 03:09 - 001248768 _____ C:\Windows\lsvdfhrkpt.lsvd
2018-12-14 03:08 - 2018-12-22 00:52 - 000000000 ____D C:\Users\Anderson\AppData\Local\NtvHost
2018-12-14 03:08 - 2018-12-22 00:49 - 000000000 ____D C:\Users\Anderson\AppData\Local\GoogleChromeApplication
2018-12-14 03:08 - 2018-12-19 23:23 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-12-14 03:08 - 2018-12-14 03:21 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\pvc0z10bt3c
2018-12-14 03:08 - 2018-12-14 03:21 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\bk2gg03k5of
2018-12-14 03:08 - 2018-12-14 03:21 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\3vghlxecehe
2018-12-14 03:08 - 2018-12-14 03:11 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\CRMSvc
2018-12-14 03:08 - 2018-12-14 03:08 - 000621416 _____ (VideoDriver) C:\Windows\80A7E021FE94.sys
2018-12-14 03:07 - 2018-12-22 00:53 - 000000000 ____D C:\Users\Anderson\AppData\Local\WhiteClick
2018-12-14 03:07 - 2018-12-22 00:52 - 000000000 ____D C:\Users\Todos os Usuários\Kolnixo
2018-12-14 03:07 - 2018-12-22 00:52 - 000000000 ____D C:\ProgramData\Kolnixo
2018-12-14 03:07 - 2018-12-14 03:35 - 000000000 ____D C:\Program Files (x86)\bestDownloader
2018-12-14 03:07 - 2018-12-14 03:22 - 000000000 ___HD C:\Windows\rss
2018-12-14 03:07 - 2018-12-14 03:21 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\cqgbhr4g2fc
2018-12-14 03:07 - 2018-12-14 03:21 - 000000000 ____D C:\Program Files (x86)\jbcvgdivpla
2018-12-14 03:07 - 2018-12-14 03:11 - 000000000 ____D C:\Users\Todos os Usuários\Logic Cramble
2018-12-14 03:07 - 2018-12-14 03:11 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\vkedwrovrj1
2018-12-14 03:07 - 2018-12-14 03:11 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-12-14 03:07 - 2018-12-14 03:11 - 000000000 ____D C:\Program Files (x86)\Money
2018-12-14 03:07 - 2018-12-14 03:10 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\e2kcqtcyiso
2018-12-14 03:07 - 2018-12-14 03:07 - 025260414 _____ (TigerTrade ) C:\Users\Todos os Usuários\gtwptd.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 025260414 _____ (TigerTrade ) C:\ProgramData\gtwptd.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 007858688 _____ C:\Users\Anderson\AppData\Local\agent.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 002036157 _____ C:\Users\Anderson\AppData\Local\Trustzozfan.tst
2018-12-14 03:07 - 2018-12-14 03:07 - 000126464 _____ C:\Users\Anderson\AppData\Local\noah.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 000070896 _____ C:\Users\Anderson\AppData\Local\Config.xml
2018-12-14 03:07 - 2018-12-14 03:07 - 000018432 _____ C:\Users\Anderson\AppData\Local\Main.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 000005568 _____ C:\Users\Anderson\AppData\Local\md.xml
2018-12-14 03:07 - 2018-12-14 03:07 - 000000000 ____D C:\Users\Todos os Usuários\PrefsSecure
2018-12-14 03:07 - 2018-12-14 03:07 - 000000000 ____D C:\ProgramData\PrefsSecure
2018-12-14 03:07 - 2018-12-14 03:07 - 000000000 ____D C:\Program Files (x86)\foldershare
2018-12-14 03:06 - 2018-12-14 03:06 - 000722944 _____ C:\Users\Anderson\AppData\Local\sham.db
2018-12-14 03:06 - 2018-12-14 03:06 - 000452096 _____ (Accomplice) C:\Users\Todos os Usuários\gtwptb.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 000452096 _____ (Accomplice) C:\ProgramData\gtwptb.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 000140800 _____ C:\Users\Anderson\AppData\Local\installer.dat
2018-12-14 03:06 - 2018-12-14 03:06 - 000017664 _____ C:\Users\Anderson\AppData\Local\InstallationConfiguration.xml
2018-12-14 02:57 - 2018-12-14 02:58 - 000002578 _____ C:\Users\Anderson\Documents\Registrar Vegas Pro.htm
2018-12-13 14:14 - 2018-12-13 14:14 - 000155992 _____ C:\Windows\system32\Drivers\YTI0MDFmYzYxZjg
2018-12-13 12:31 - 2018-12-13 12:31 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-12-13 12:31 - 2018-12-13 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-12-13 12:31 - 2018-12-13 12:31 - 000000000 ____D C:\Program Files\VS Revo Group
2018-12-13 12:30 - 2018-12-13 12:30 - 007197480 _____ (VS Revo Group ) C:\Users\Anderson\Downloads\Baixaki_Revo Uninstaller.exe
2018-12-13 11:02 - 2018-12-13 11:02 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\NetMedia Providers
2018-12-13 10:59 - 2018-12-13 12:26 - 000000000 ____D C:\Program Files (x86)\Sonic Foundry
2018-12-13 10:59 - 2018-12-13 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Foundry
2018-12-10 17:19 - 2018-12-10 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-RackS 24
2018-12-10 17:19 - 1997-05-12 17:53 - 000314368 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2018-11-28 19:10 - 2018-11-28 19:10 - 000000043 _____ C:\Users\Anderson\Desktop\METALOFONE PANELA PRESSÃO.txt
2018-11-21 22:14 - 2018-12-21 02:02 - 000000000 ____D C:\Users\Anderson\Desktop\ENSAIO CORAL
2018-11-21 22:13 - 2018-11-21 21:31 - 000004748 _____ C:\Users\Anderson\Desktop\ENSAIO CORAL 21-11-2.RPP-NEWTEMP
2018-11-20 13:44 - 2018-11-20 13:44 - 000000000 ____D C:\Users\Anderson\AppData\LocalLow\uTorrent
2018-11-20 00:05 - 2018-11-20 13:45 - 000000000 ____D C:\Users\Anderson\Downloads\Suits.S08E01.720p.WEB-DL.DUAL.WWW.COMANDOTORRENTS.COM
2018-11-16 12:32 - 2018-11-16 12:50 - 000000000 ____D C:\Users\Anderson\Downloads\Tom Jobim
2018-11-16 01:28 - 2018-11-16 01:28 - 000001200 _____ C:\Downloads - Atalho.lnk
2018-11-16 00:58 - 2018-11-16 01:33 - 000000000 ____D C:\Users\Anderson\Downloads\Suits.S07E02.PROPER.720p.HDTV.x264-FLEET[rarbg]
2018-11-16 00:52 - 2018-11-16 01:33 - 000000000 ____D C:\Users\Anderson\Downloads\Suits.S07E01.720p.HDTV.x264-AVS[rarbg]
2018-11-15 23:35 - 2018-11-15 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melodyne plugin
2018-11-15 23:35 - 2018-11-15 23:35 - 000000000 ____D C:\Program Files (x86)\Celemony
2018-11-09 18:37 - 2018-11-09 18:37 - 000000000 ___RD C:\Users\Anderson\Documents\Scanned Documents
2018-11-09 18:37 - 2018-11-09 18:37 - 000000000 ____D C:\Users\Anderson\Documents\Fax
2018-11-05 22:42 - 2018-11-12 02:05 - 000003050 _____ C:\Windows\System32\Tasks\{468E74ED-127A-4DA3-A227-E7F13CE4CCBA}
2018-11-05 22:42 - 2018-11-05 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2018-11-05 22:41 - 2018-11-05 22:42 - 000000000 ____D C:\Program Files (x86)\RESIDENT EVIL
2018-11-05 22:39 - 2018-11-05 23:38 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAPCOM
2018-11-05 20:35 - 2018-11-05 20:35 - 000000000 ____D C:\Users\Anderson\Downloads\R.B.I.Baseball.16-CODEX
2018-11-03 20:46 - 2018-11-03 20:46 - 000000000 ____D C:\Users\Anderson\Documents\My Games
2018-11-03 20:39 - 2018-11-03 20:39 - 000000000 ____D C:\Users\Anderson\AppData\LocalLow\MLB_com
2018-11-02 14:05 - 2018-11-02 14:05 - 000000000 ____D C:\Users\Anderson\Documents\Amplitube4
2018-11-02 14:02 - 2018-11-02 14:02 - 000001209 _____ C:\Users\Anderson\Desktop\Custom Shop.lnk
2018-11-02 14:01 - 2018-11-02 14:01 - 000000000 ____D C:\Program Files\Cakewalk
2018-11-02 14:01 - 2012-08-29 13:23 - 012708016 _____ (Intel Corporation) C:\Windows\system32\mkl_def.dll
2018-11-02 14:01 - 2012-08-29 13:23 - 012474544 _____ (Intel Corporation) C:\Windows\system32\mkl_core.dll
2018-11-02 14:01 - 2012-08-29 13:23 - 009917616 _____ (Intel Corporation) C:\Windows\system32\mkl_intel_thread.dll
2018-11-02 14:01 - 2012-08-29 13:23 - 000529072 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2018-11-02 14:01 - 2012-08-29 13:23 - 000499712 _____ (Microsoft Corporation) C:\Windows\msvcp71.dll
2018-11-02 14:01 - 2012-08-29 13:23 - 000348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2018-11-02 14:01 - 2009-08-28 11:54 - 003462320 _____ (Intel Corporation) C:\Windows\system32\mkl_sequential.dll
2018-11-02 14:00 - 2018-11-02 14:00 - 000000000 ____D C:\Program Files\IK Multimedia
2018-11-02 13:47 - 2018-11-02 13:47 - 000000828 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2018-11-02 13:15 - 2018-11-02 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BEHRINGER
2018-11-02 13:15 - 2018-11-02 13:15 - 000000000 ____D C:\Program Files\BEHRINGER
2018-11-02 13:15 - 2018-02-20 08:02 - 000353112 _____ () C:\Windows\system32\Drivers\umc_audio.sys
2018-11-02 13:15 - 2018-02-20 08:02 - 000054104 _____ () C:\Windows\system32\Drivers\umc_audioks.sys
2018-10-30 23:12 - 2018-10-30 23:12 - 000004522 _____ C:\Users\Anderson\AppData\Roaming\CamStudio.cfg
2018-10-30 23:12 - 2018-10-30 23:12 - 000000408 _____ C:\Users\Anderson\AppData\Roaming\CamShapes.ini
2018-10-30 23:12 - 2018-10-30 23:12 - 000000408 _____ C:\Users\Anderson\AppData\Roaming\CamLayout.ini
2018-10-30 23:12 - 2018-10-30 23:12 - 000000046 _____ C:\Users\Anderson\AppData\Roaming\Camdata.ini
2018-10-30 23:11 - 2018-10-30 23:11 - 000001207 _____ C:\Users\Anderson\AppData\Roaming\CamStudio.Producer.ini
2018-10-30 23:11 - 2018-10-30 23:11 - 000000000 _____ C:\Users\Anderson\AppData\Roaming\CamStudio.Producer.Data.ini
2018-10-29 15:32 - 2018-10-29 15:32 - 000000000 ____D C:\Users\Anderson\Desktop\Acordes Violão
2018-10-29 15:22 - 2018-10-29 16:17 - 000000000 ____D C:\Users\Anderson\Desktop\Acordes Teclado
2018-10-25 13:48 - 2018-10-25 13:51 - 000000000 ____D C:\Users\Anderson\Downloads\PartituraHajaPazNaTerra4Vozes
2018-10-22 22:41 - 2018-11-19 21:43 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2018-10-22 22:41 - 2018-11-19 21:43 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswa025532626125b90.tmp
2018-10-18 14:25 - 2018-10-18 14:25 - 000001053 _____ C:\Users\Anderson\Desktop\MuseScore 2.lnk
2018-10-18 14:25 - 2018-10-18 14:25 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2018-10-04 16:36 - 2017-07-08 15:37 - 000912020 _____ C:\Users\Anderson\Desktop\Apostila Teclado.pdf
2018-09-28 00:41 - 2018-09-28 00:41 - 000000043 _____ C:\Users\Anderson\AppData\Roaming\WB.CFG
2018-09-27 17:45 - 2018-09-27 17:45 - 001242312 _____ (Microsoft Corporation) C:\Users\Anderson\Downloads\Baixaki_windows-movie-maker.exe
2018-09-27 17:42 - 2018-09-27 17:42 - 001908225 _____ C:\Users\Anderson\Downloads\Baixaki_virtualdub.zip
2018-09-27 17:42 - 2018-09-27 17:42 - 000002234 _____ C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2018-09-27 17:41 - 2018-10-09 16:41 - 000000000 ____D C:\Windows\System32\Tasks\{352F400B-8EA4-98BE-7CF1-6E5F4999CD3E}
2018-09-27 17:41 - 2018-10-09 16:41 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\352f400b8ea498be7cf16e5f4999cd3e
2018-09-27 17:40 - 2018-09-27 22:41 - 000000000 ____D C:\Users\Todos os Usuários\{EB002E63-6142-A4A5-E784-3AE77DC6B129}
2018-09-27 17:40 - 2018-09-27 22:41 - 000000000 ____D C:\ProgramData\{EB002E63-6142-A4A5-E784-3AE77DC6B129}
2018-09-27 17:40 - 2018-09-27 17:43 - 000000000 ____D C:\Users\Anderson\AppData\Local\{707B4627-54D3-2A9F-394B-0F771D23F3EF}
2018-09-27 17:40 - 2018-09-27 17:40 - 000001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-12-22 01:04 - 2017-04-11 14:03 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-12-22 01:02 - 2017-04-04 21:48 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2518058151-3121161267-773589023-1001
2018-12-22 00:55 - 2017-04-04 21:42 - 000000000 ____D C:\Users\Anderson
2018-12-22 00:54 - 2012-07-26 04:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-22 00:53 - 2018-08-04 00:13 - 000000000 ____D C:\Windows\nvidia
2018-12-22 00:53 - 2017-10-14 13:14 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\MuseScore
2018-12-22 00:53 - 2017-04-11 17:40 - 000000000 ____D C:\Windows\system32\AutoUpdateLicense
2018-12-22 00:53 - 2012-07-26 05:12 - 000000000 ____D C:\Windows\Resources
2018-12-22 00:53 - 2012-07-26 02:38 - 000000000 ____D C:\Windows\system32\Sysprep
2018-12-22 00:53 - 2012-07-26 02:37 - 000000000 ____D C:\Windows\Inf
2018-12-22 00:52 - 2018-08-11 22:24 - 000000000 ____D C:\Program Files (x86)\Waves
2018-12-22 00:52 - 2018-07-22 14:51 - 000000000 ____D C:\REAPER
2018-12-22 00:52 - 2018-01-12 11:20 - 000000000 ____D C:\Program Files (x86)\PDF24
2018-12-22 00:51 - 2018-04-30 13:23 - 000000000 ____D C:\Windows\Minidump
2018-12-22 00:50 - 2012-07-26 05:12 - 000000000 ____D C:\Windows\registration
2018-12-22 00:49 - 2017-05-09 09:57 - 000000000 ____D C:\Users\Anderson\AppData\Local\Adobe
2018-12-22 00:49 - 2017-04-13 15:00 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2018-12-22 00:49 - 2017-04-13 15:00 - 000000000 ____D C:\ProgramData\Package Cache
2018-12-22 00:14 - 2018-05-05 19:57 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\FileAdvisor
2018-12-22 00:12 - 2018-07-20 23:36 - 000000000 ____D C:\Users\Anderson\AppData\Local\CrashDumps
2018-12-21 01:53 - 2018-09-02 19:32 - 000000000 ____D C:\Users\Anderson\Desktop\CIDÉLIA
2018-12-14 03:49 - 2012-07-26 07:36 - 000000000 ____D C:\Program Files\Windows Journal
2018-12-14 03:45 - 2017-08-02 14:33 - 000000000 ____D C:\Program Files (x86)\Sony
2018-12-14 03:34 - 2018-08-04 00:13 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-12-14 03:34 - 2017-08-02 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2018-12-14 03:13 - 2017-05-05 18:40 - 000003170 __RSH C:\Users\Todos os Usuários\ntuser.pol
2018-12-14 03:13 - 2017-05-05 18:40 - 000003170 __RSH C:\ProgramData\ntuser.pol
2018-12-14 03:07 - 2017-08-02 14:35 - 000000000 ____D C:\Users\Anderson\AppData\Local\Sony
2018-12-14 03:07 - 2012-07-26 05:12 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-12-14 03:06 - 2017-12-21 23:06 - 000000000 ____D C:\Users\Anderson\Documents\Visual Studio 2008
2018-12-14 03:05 - 2017-04-13 12:05 - 000000000 ____D C:\Users\Anderson\AppData\Local\Microsoft Help
2018-12-13 12:16 - 2017-08-02 14:32 - 000000000 ____D C:\Program Files (x86)\Sony Setup
2018-12-13 11:02 - 2017-11-04 17:29 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\Sonic Foundry
2018-12-12 13:05 - 2017-04-11 11:51 - 000000000 ____D C:\Windows\system32\MRT
2018-12-12 12:47 - 2017-04-11 11:51 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-10 17:19 - 2018-07-13 00:53 - 000000000 ____D C:\Program Files (x86)\IK Multimedia
2018-12-10 17:19 - 2012-07-26 05:12 - 000000000 ____D C:\Windows\AUInstallAgent
2018-12-10 17:18 - 2018-07-13 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2018-12-10 17:18 - 2018-07-13 00:52 - 000000000 ____D C:\Users\Anderson\Documents\IK Multimedia
2018-12-10 17:18 - 2012-07-26 05:12 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-10 16:18 - 2018-07-13 00:57 - 000000032 _____ C:\Users\Anderson\AppData\Roaming\msregsvv.dll
2018-12-07 15:56 - 2012-07-26 07:33 - 000762618 _____ C:\Windows\system32\prfh0416.dat
2018-12-07 15:56 - 2012-07-26 07:33 - 000154410 _____ C:\Windows\system32\prfc0416.dat
2018-12-07 15:56 - 2012-07-26 04:28 - 001765682 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-05 14:34 - 2017-04-14 04:09 - 000000000 ____D C:\Users\Anderson\Documents\REAPER Media
2018-11-27 23:58 - 2017-04-11 10:00 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Arquivos na raiz de alguns diretórios =======
2018-12-14 03:06 - 2018-12-14 03:06 - 000452096 _____ (Accomplice) C:\ProgramData\gtwptb.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 025260414 _____ (TigerTrade ) C:\ProgramData\gtwptd.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 000452096 _____ (Accomplice) C:\Users\Todos os Usuários\gtwptb.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 025260414 _____ (TigerTrade ) C:\Users\Todos os Usuários\gtwptd.exe
2017-04-13 16:12 - 2017-04-13 16:13 - 003098524 _____ () C:\Users\Anderson\AppData\Roaming\AvidApplicationManager_Install.log
2018-10-30 23:12 - 2018-10-30 23:12 - 000000046 _____ () C:\Users\Anderson\AppData\Roaming\Camdata.ini
2018-10-30 23:12 - 2018-10-30 23:12 - 000000408 _____ () C:\Users\Anderson\AppData\Roaming\CamLayout.ini
2018-10-30 23:12 - 2018-10-30 23:12 - 000000408 _____ () C:\Users\Anderson\AppData\Roaming\CamShapes.ini
2018-10-30 23:12 - 2018-10-30 23:12 - 000004522 _____ () C:\Users\Anderson\AppData\Roaming\CamStudio.cfg
2018-10-30 23:11 - 2018-10-30 23:11 - 000000000 _____ () C:\Users\Anderson\AppData\Roaming\CamStudio.Producer.Data.ini
2018-10-30 23:11 - 2018-10-30 23:11 - 000001207 _____ () C:\Users\Anderson\AppData\Roaming\CamStudio.Producer.ini
2017-10-18 19:01 - 2017-10-18 19:39 - 000000040 _____ () C:\Users\Anderson\AppData\Roaming\cdr.ini
2018-07-13 00:57 - 2018-12-10 16:18 - 000000032 _____ () C:\Users\Anderson\AppData\Roaming\msregsvv.dll
2018-09-28 00:41 - 2018-09-28 00:41 - 000000043 _____ () C:\Users\Anderson\AppData\Roaming\WB.CFG
2018-12-14 03:07 - 2018-12-14 03:07 - 007858688 _____ () C:\Users\Anderson\AppData\Local\agent.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 000070896 _____ () C:\Users\Anderson\AppData\Local\Config.xml
2017-10-18 16:41 - 2018-07-22 13:55 - 000013824 _____ () C:\Users\Anderson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-12-14 03:06 - 2018-12-14 03:06 - 000017664 _____ () C:\Users\Anderson\AppData\Local\InstallationConfiguration.xml
2018-12-14 03:06 - 2018-12-14 03:06 - 000140800 _____ () C:\Users\Anderson\AppData\Local\installer.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 000018432 _____ () C:\Users\Anderson\AppData\Local\Main.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 000005568 _____ () C:\Users\Anderson\AppData\Local\md.xml
2018-12-14 03:07 - 2018-12-14 03:07 - 000126464 _____ () C:\Users\Anderson\AppData\Local\noah.dat
2018-09-23 14:40 - 2018-09-23 14:40 - 000000000 _____ () C:\Users\Anderson\AppData\Local\oobelibMkey.log
2018-12-14 03:06 - 2018-12-14 03:06 - 000722944 _____ () C:\Users\Anderson\AppData\Local\sham.db
2018-12-14 03:07 - 2018-12-14 03:07 - 002036157 _____ () C:\Users\Anderson\AppData\Local\Trustzozfan.tst
2018-12-14 03:08 - 2018-12-14 03:08 - 000032038 _____ () C:\Users\Anderson\AppData\Local\uninstall_temp.ico
Alguns arquivos em TEMP:
====================
2018-01-02 14:40 - 2017-12-07 23:44 - 000036152 _____ () C:\Users\Anderson\AppData\Local\Temp\clearRemnants.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 000375522 _____ ( ) C:\Users\Anderson\AppData\Local\Temp\ctp3ou5g5pb.exe
2018-12-14 03:08 - 2018-12-14 03:08 - 001527488 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\dbghelp.dll
2017-05-03 22:15 - 2017-09-02 20:13 - 000065536 _____ (Sony DADC Austria AG) C:\Users\Anderson\AppData\Local\Temp\drm_dialogs.dll
2017-04-13 16:04 - 2017-04-13 16:04 - 000110592 _____ () C:\Users\Anderson\AppData\Local\Temp\ext1558797897831441969.dll
2017-04-13 16:23 - 2017-04-13 16:23 - 000152576 _____ () C:\Users\Anderson\AppData\Local\Temp\ext3430211852866760886.dll
2017-04-13 16:14 - 2017-04-13 16:14 - 000152576 _____ () C:\Users\Anderson\AppData\Local\Temp\ext6836526540634501776.dll
2017-04-13 16:52 - 2017-04-13 16:52 - 000152576 _____ () C:\Users\Anderson\AppData\Local\Temp\ext7734025478134265667.dll
2017-04-13 15:08 - 2017-04-13 15:08 - 000110592 _____ () C:\Users\Anderson\AppData\Local\Temp\ext8069888109819359985.dll
2017-07-22 16:22 - 2014-03-01 03:59 - 000974848 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\kernel32.dll
2018-12-14 03:07 - 2018-12-14 03:07 - 000718128 _____ (Google Inc.) C:\Users\Anderson\AppData\Local\Temp\mcasin.exe
2018-12-14 03:08 - 2015-12-30 20:29 - 006972760 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\ntkrnlmp.exe
2017-06-22 14:09 - 2016-07-10 11:57 - 000150648 ____R (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\ose00001.exe
2018-12-14 03:08 - 2015-09-22 14:53 - 001273184 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\osloader.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 000658284 _____ (ZRFXRD ) C:\Users\Anderson\AppData\Local\Temp\pixel.exe
2018-01-02 14:15 - 2018-01-02 14:23 - 000492544 _____ () C:\Users\Anderson\AppData\Local\Temp\s3.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 003622912 _____ (TODO:) C:\Users\Anderson\AppData\Local\Temp\setup.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 001519327 _____ ( ) C:\Users\Anderson\AppData\Local\Temp\setupSD.exe
2017-08-06 02:51 - 2017-08-06 02:51 - 000012305 _____ () C:\Users\Anderson\AppData\Local\Temp\SIntf16.dll
2017-08-06 02:51 - 2017-08-06 02:51 - 000020020 _____ () C:\Users\Anderson\AppData\Local\Temp\SIntf32.dll
2017-08-06 02:51 - 2017-08-06 02:51 - 000024748 _____ () C:\Users\Anderson\AppData\Local\Temp\SIntfNT.dll
2018-12-14 03:08 - 2018-12-14 03:08 - 000167616 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\symsrv.dll
2018-05-03 23:11 - 2018-03-09 11:17 - 000158976 _____ (Myriad) C:\Users\Anderson\AppData\Local\Temp\Uninstal.exe
2018-08-28 18:43 - 2018-12-14 03:08 - 000099906 _____ () C:\Users\Anderson\AppData\Local\Temp\Uninstall.exe
2017-05-01 19:05 - 2017-05-01 19:06 - 014456872 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\vc_redist.x86.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 001157911 _____ (WhiteCli ) C:\Users\Anderson\AppData\Local\Temp\whiteclick.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2018-12-15 19:41
==================== Fim de FRST.txt ============================
Executado por Anderson (administrador) em MUSKITO (22-12-2018 01:04:32)
Executando a partir de E:\Downloads
Perfis Carregados: Anderson (Perfis Disponíveis: Anderson)
Platform: Windows 8 Pro (X64) Idioma: Português (Brasil)
Internet Explorer Versão 10 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\nvidia\wintask.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\setup\New_12080bff\instup.exe
(File Type Advisor) C:\Program Files (x86)\File Type Advisor\fileadvisor.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.5000183\weather_lite.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
() C:\Program Files\BEHRINGER\UMC_Audio_Driver\W7W8_x64\UMCAudioCplApp.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files\MmNkY2Q\Y2NiMzAyZDNmNTJmN.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [290064 2018-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2670056 2018-09-10] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [413832 2017-11-01] (Geek Software GmbH)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [50097096 2018-03-16] (Skype Technologies S.A.)
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\Run: [GoogleChromeAutoLaunch_651F33D33D3717DB198444A4A0525B1F] => "C:\Users\Anderson\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\...\MountPoints2: {68c7e6c2-3059-11e7-bea5-0025228bbeac} - "I:\Checker.exe"
HKLM\...\Drivers32-x32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [205824 2009-05-29] ()
HKLM\...\Drivers32-x32: [VIDC.YV12] => C:\Windows\SysWOW64\yv12vfw.dll [217088 2004-01-25] (www.helixcommunity.org)
HKLM\...\Drivers32-x32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [118784 2007-09-20] (fccHandler)
HKLM\...\Drivers32-x32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/)
HKLM\...\Drivers32-x32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [85504 2010-01-05] ()
AppInit_DLLs: C:\ProgramData\Kolnixo\Tranron.dll => C:\ProgramData\Kolnixo\Tranron.dll [342528 2018-12-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UMC Control Panel Autostart.lnk [2018-11-02]
ShortcutTarget: UMC Control Panel Autostart.lnk -> C:\Program Files\BEHRINGER\UMC_Audio_Driver\W7W8_x64\UMCAudioCplApp.exe ()
Startup: C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Primary output from Start (Active).lnk [2018-12-14]
ShortcutTarget: Shortcut to Primary output from Start (Active).lnk -> C:\Users\Anderson\AppData\Roaming\Microsoft\Installer\{B94E929F-8F78-48B5-99B3-2227C5B27A7F}\_13E1866C7227330B501230.exe ()
GroupPolicy: Restrição - Chrome <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{664ABC89-DD29-46B7-824C-75C902F9B915}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro
HKU\S-1-5-21-2518058151-3121161267-773589023-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDd9gHZpASSakhA3dmePKWUHIUhDuz4NxsS9r6LfZ4m6IoXyvchlUrP0zmNY0sDsarxRLSdQRlswaKVdrOhjqPJMOzxxmSYlMpaELVwSRhD34Mqkg42n4_oEBht8dxpKVnxHImCWGREIq5CLx7W22G6Zffdg,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2518058151-3121161267-773589023-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDd9gHZpASSakhA3dmePKWUHIUhDuz4NxsS9r6LfZ4m6IoXyvchlUrP0zmNY0sDsarxRLSdQRlswaKVdrOhjqPJMOzxxmSYlMpaELVwSRhD34Mqkg42n4_oEBht8dxpKVnxHImCWGREIq5CLx7W22G6Zffdg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2518058151-3121161267-773589023-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxinw_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtBzz0B0B0E0A0C0D0C0EzztN0D0Tzu0StCzyyDtCtN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyB0D0C0EyBtB0EzytGyCzytAyBtGzzyBzytBtGyCtDtC0DtG0EyC0C0DyBtBtDyB0B0AtDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0FyD0A0Ezy0FyDtG0FyEzz0DtGyEzzzy0AtGzytCyEyEtGtDzztCtCyDzz0EyE0F0FyByD2QtN0A0LzuyE%26cr%3D438849469%26a%3Dwncy_bxinw_17_18%26os_ver%3D6.2%26os%3DWindows%2B8%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2518058151-3121161267-773589023-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180517__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2518058151-3121161267-773589023-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDd9gHZpASSakhA3dmePKWUHIUhDuz4NxsS9r6LfZ4m6IoXyvchlUrP0zmNY0sDsarxRLSdQRlswaKVdrOhjqPJMOzxxmSYlMpaELVwSRhD34Mqkg42n4_oEBht8dxpKVnxHImCWGREIq5CLx7W22G6Zffdg,,&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\7jry7kde.default-1508555690661 [2018-12-22]
FF Homepage: Mozilla\Firefox\Profiles\7jry7kde.default-1508555690661 -> file:///C:/ProgramData/Kolnixos/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\7jry7kde.default-1508555690661 -> file:///C:/ProgramData/Kolnixos/ff.NT
FF SearchPlugin: C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\7jry7kde.default-1508555690661\searchplugins\google-avg.xml [2018-12-15]
FF SearchPlugin: C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\7jry7kde.default-1508555690661\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-17]
FF Extension: (Sem Nome) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{A16C6B13-D41C-47BF-AAC2-FC71F1BB2363}.xpi [2018-12-14] [não assinado]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\secure_cert.js [2018-12-22] <==== ATENÇÃO
Chrome:
=======
CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDd9gHZpASSakhA3dmePKWUHIUhDuz4NxsS9r6LfZ4m6IoXyvchlUrP0zmNY0sDsar3oV_sQdae9G0EWOgrRxvlxK9-JNbx1VCjv6k2BHLqjR5qZ_b9i5cUWjTWqZswx3yIGAterlgXmA3DMl2xYjNfyI92w,,
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default [2018-12-22]
CHR Extension: (Apresentações) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-11]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2018-11-22]
CHR Extension: (YouTube) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-11]
CHR Extension: (Planilhas) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Documentos Google off-line) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-07-16]
CHR Extension: (Adaware Secure) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [2018-11-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-11]
CHR Extension: (Chrome Media Router) - C:\Users\Anderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-19]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2518058151-3121161267-773589023-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2518058151-3121161267-773589023-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2910696 2018-09-10] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2704872 2018-09-10] (Adobe Systems, Incorporated)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [324048 2018-11-19] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [8237160 2018-11-19] (AVG Technologies CZ, s.r.o.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Arquivo não assinado] <==== ATENÇÃO
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 MmNkY2Q; C:\Program Files\MmNkY2Q\Y2NiMzAyZDNmNTJmN.exe [483560 2018-12-21] ()
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
U2 NVU; C:\Windows\nvidia\wintask.exe [329728 2014-08-31] () [Arquivo não assinado]
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [413832 2017-11-01] (Geek Software GmbH)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2017-07-24] ()
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
S2 SysSvc; C:\Users\Anderson\AppData\Local\NtvHost\syssvc.exe [360448 2018-12-14] (CloudBees, Inc.) [Arquivo não assinado] <==== ATENÇÃO
R2 WeatherLiteService; C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe [149136 2017-03-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 WMS; C:\Windows\wmi\netmon.exe [329728 2014-08-31] () [Arquivo não assinado]
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.222\WsAppService.exe [474768 2017-03-01] (Wondershare)
S2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe -s [X]
S3 digiSPTIService64; "C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe" [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
R2 NzgwODgwMDZk; rundll32.exe C:\Windows\zbayksxwavr.kbay xUEh [X]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MirrorGo\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 80A7E021FE94; C:\Windows\80A7E021FE94.sys [621416 2018-12-14] (VideoDriver)
S3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [2919936 2013-06-02] (Qualcomm Atheros Communications, Inc.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [201504 2018-11-19] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdrivera.sys [231104 2018-11-19] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsha.sys [202528 2018-11-19] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\System32\drivers\avgbloga.sys [346840 2018-11-19] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniva.sys [59744 2018-11-19] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\System32\drivers\avgHwid.sys [46648 2018-11-19] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42552 2018-11-19] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [163496 2018-11-19] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [112040 2018-11-19] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [87680 2018-11-19] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [1028920 2018-11-19] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [469520 2018-11-19] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [208712 2018-11-19] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [380704 2018-11-19] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-04-12] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-04-12] (Disc Soft Ltd)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 umc_audio; C:\Windows\System32\drivers\umc_audio.sys [353112 2018-02-20] ()
S3 umc_audioks; C:\Windows\system32\DRIVERS\umc_audioks.sys [54104 2018-02-20] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 YMIDUSBW; C:\Windows\system32\drivers\ymidusbx64.sys [43744 2015-07-28] (Yamaha Corporation)
R1 NjkxMzUwNWI; \??\C:\Windows\system32\drivers\NjkxMzUwNWI [X]
S3 RTL8192cu; \SystemRoot\system32\DRIVERS\rtwlanu.sys [X]
S3 RtlWlanu; \SystemRoot\system32\DRIVERS\rtwlanu.sys [X]
R1 YTI0MDFmYzYxZjg; \??\C:\Windows\system32\drivers\YTI0MDFmYzYxZjg [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-12-22 01:04 - 2018-12-22 01:04 - 000001968 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-12-22 01:04 - 2018-12-22 01:04 - 000000000 ____D C:\FRST
2018-12-22 01:02 - 2018-12-22 01:02 - 000067096 _____ C:\Users\Anderson\Desktop\download.htm
2018-12-22 01:02 - 2018-11-19 21:43 - 000378640 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2018-12-22 01:00 - 2018-12-22 01:00 - 001286144 _____ C:\Windows\zbayksxwavr.kbay
2018-12-22 00:58 - 2018-12-22 00:58 - 000002253 _____ C:\Users\Anderson\Desktop\Google Chrome.lnk
2018-12-21 19:22 - 2018-12-21 19:22 - 000000000 ____D C:\Users\Anderson\Desktop\SLIDES
2018-12-21 08:54 - 2018-12-21 08:54 - 000149328 _____ C:\Windows\system32\Drivers\NjkxMzUwNWI
2018-12-21 08:54 - 2018-12-21 08:54 - 000101728 _____ C:\Windows\uninstaller.dat
2018-12-20 16:46 - 2018-12-20 16:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-20 16:45 - 2018-12-20 16:45 - 000000000 ____D C:\Program Files (x86)\MSECache
2018-12-18 14:10 - 2018-12-18 14:10 - 000096973 _____ C:\Users\Anderson\Documents\favoritos_18_12_2018.html
2018-12-15 01:40 - 2018-12-15 01:40 - 000000000 ____D C:\Users\Todos os Usuários\Errors
2018-12-15 01:40 - 2018-12-15 01:40 - 000000000 ____D C:\Users\Todos os Usuários\DumpFiles
2018-12-15 01:40 - 2018-12-15 01:40 - 000000000 ____D C:\ProgramData\Errors
2018-12-15 01:40 - 2018-12-15 01:40 - 000000000 ____D C:\ProgramData\DumpFiles
2018-12-15 01:38 - 2018-12-15 01:40 - 000000000 ____D C:\Users\Anderson\AppData\Local\SpeedCat-Logs
2018-12-15 01:08 - 2018-12-22 01:00 - 000000000 ____D C:\Program Files\MmNkY2Q
2018-12-15 00:40 - 2018-12-15 00:40 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\adaware
2018-12-15 00:40 - 2018-12-15 00:40 - 000000000 ____D C:\Users\Anderson\AppData\Local\AdAwareDesktop
2018-12-15 00:39 - 2018-12-15 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2018-12-15 00:38 - 2018-12-15 00:38 - 000000000 ____D C:\Program Files\adaware
2018-12-15 00:37 - 2018-12-15 00:37 - 000000000 ____D C:\Users\Anderson\AppData\Local\AdAwareUpdater
2018-12-15 00:36 - 2018-12-15 00:36 - 000000000 ____D C:\Program Files\Common Files\adaware
2018-12-15 00:34 - 2018-12-22 00:49 - 000000000 ____D C:\Users\Todos os Usuários\adaware
2018-12-15 00:34 - 2018-12-22 00:49 - 000000000 ____D C:\ProgramData\adaware
2018-12-14 03:24 - 2018-12-14 03:24 - 000000000 ____D C:\Users\Todos os Usuários\localNETService
2018-12-14 03:24 - 2018-12-14 03:24 - 000000000 ____D C:\ProgramData\localNETService
2018-12-14 03:15 - 2018-12-22 00:53 - 000000000 ____D C:\Windows\SysWOW64\SSL
2018-12-14 03:14 - 2018-12-14 03:14 - 000000286 __RSH C:\Users\Anderson\ntuser.pol
2018-12-14 03:11 - 2018-12-22 01:00 - 000000000 ____D C:\Users\Anderson\AppData\Local\GoogleChromeUserData
2018-12-14 03:10 - 2018-12-14 03:10 - 000015614 _____ C:\Windows\SysWOW64\findit.xml
2018-12-14 03:10 - 2018-12-14 03:10 - 000000000 ____D C:\Users\Todos os Usuários\Kolnixos
2018-12-14 03:10 - 2018-12-14 03:10 - 000000000 ____D C:\ProgramData\Kolnixos
2018-12-14 03:09 - 2018-12-22 00:59 - 000000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2018-12-14 03:09 - 2018-12-22 00:59 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-12-14 03:09 - 2018-12-14 13:04 - 000000000 ____D C:\Program Files (x86)\ZmyMStEpU
2018-12-14 03:09 - 2018-12-14 03:09 - 001248768 _____ C:\Windows\lsvdfhrkpt.lsvd
2018-12-14 03:08 - 2018-12-22 00:52 - 000000000 ____D C:\Users\Anderson\AppData\Local\NtvHost
2018-12-14 03:08 - 2018-12-22 00:49 - 000000000 ____D C:\Users\Anderson\AppData\Local\GoogleChromeApplication
2018-12-14 03:08 - 2018-12-19 23:23 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2018-12-14 03:08 - 2018-12-14 03:21 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\pvc0z10bt3c
2018-12-14 03:08 - 2018-12-14 03:21 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\bk2gg03k5of
2018-12-14 03:08 - 2018-12-14 03:21 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\3vghlxecehe
2018-12-14 03:08 - 2018-12-14 03:11 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\CRMSvc
2018-12-14 03:08 - 2018-12-14 03:08 - 000621416 _____ (VideoDriver) C:\Windows\80A7E021FE94.sys
2018-12-14 03:07 - 2018-12-22 00:53 - 000000000 ____D C:\Users\Anderson\AppData\Local\WhiteClick
2018-12-14 03:07 - 2018-12-22 00:52 - 000000000 ____D C:\Users\Todos os Usuários\Kolnixo
2018-12-14 03:07 - 2018-12-22 00:52 - 000000000 ____D C:\ProgramData\Kolnixo
2018-12-14 03:07 - 2018-12-14 03:35 - 000000000 ____D C:\Program Files (x86)\bestDownloader
2018-12-14 03:07 - 2018-12-14 03:22 - 000000000 ___HD C:\Windows\rss
2018-12-14 03:07 - 2018-12-14 03:21 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\cqgbhr4g2fc
2018-12-14 03:07 - 2018-12-14 03:21 - 000000000 ____D C:\Program Files (x86)\jbcvgdivpla
2018-12-14 03:07 - 2018-12-14 03:11 - 000000000 ____D C:\Users\Todos os Usuários\Logic Cramble
2018-12-14 03:07 - 2018-12-14 03:11 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\vkedwrovrj1
2018-12-14 03:07 - 2018-12-14 03:11 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-12-14 03:07 - 2018-12-14 03:11 - 000000000 ____D C:\Program Files (x86)\Money
2018-12-14 03:07 - 2018-12-14 03:10 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\e2kcqtcyiso
2018-12-14 03:07 - 2018-12-14 03:07 - 025260414 _____ (TigerTrade ) C:\Users\Todos os Usuários\gtwptd.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 025260414 _____ (TigerTrade ) C:\ProgramData\gtwptd.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 007858688 _____ C:\Users\Anderson\AppData\Local\agent.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 002036157 _____ C:\Users\Anderson\AppData\Local\Trustzozfan.tst
2018-12-14 03:07 - 2018-12-14 03:07 - 000126464 _____ C:\Users\Anderson\AppData\Local\noah.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 000070896 _____ C:\Users\Anderson\AppData\Local\Config.xml
2018-12-14 03:07 - 2018-12-14 03:07 - 000018432 _____ C:\Users\Anderson\AppData\Local\Main.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 000005568 _____ C:\Users\Anderson\AppData\Local\md.xml
2018-12-14 03:07 - 2018-12-14 03:07 - 000000000 ____D C:\Users\Todos os Usuários\PrefsSecure
2018-12-14 03:07 - 2018-12-14 03:07 - 000000000 ____D C:\ProgramData\PrefsSecure
2018-12-14 03:07 - 2018-12-14 03:07 - 000000000 ____D C:\Program Files (x86)\foldershare
2018-12-14 03:06 - 2018-12-14 03:06 - 000722944 _____ C:\Users\Anderson\AppData\Local\sham.db
2018-12-14 03:06 - 2018-12-14 03:06 - 000452096 _____ (Accomplice) C:\Users\Todos os Usuários\gtwptb.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 000452096 _____ (Accomplice) C:\ProgramData\gtwptb.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 000140800 _____ C:\Users\Anderson\AppData\Local\installer.dat
2018-12-14 03:06 - 2018-12-14 03:06 - 000017664 _____ C:\Users\Anderson\AppData\Local\InstallationConfiguration.xml
2018-12-14 02:57 - 2018-12-14 02:58 - 000002578 _____ C:\Users\Anderson\Documents\Registrar Vegas Pro.htm
2018-12-13 14:14 - 2018-12-13 14:14 - 000155992 _____ C:\Windows\system32\Drivers\YTI0MDFmYzYxZjg
2018-12-13 12:31 - 2018-12-13 12:31 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-12-13 12:31 - 2018-12-13 12:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-12-13 12:31 - 2018-12-13 12:31 - 000000000 ____D C:\Program Files\VS Revo Group
2018-12-13 12:30 - 2018-12-13 12:30 - 007197480 _____ (VS Revo Group ) C:\Users\Anderson\Downloads\Baixaki_Revo Uninstaller.exe
2018-12-13 11:02 - 2018-12-13 11:02 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\NetMedia Providers
2018-12-13 10:59 - 2018-12-13 12:26 - 000000000 ____D C:\Program Files (x86)\Sonic Foundry
2018-12-13 10:59 - 2018-12-13 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Foundry
2018-12-10 17:19 - 2018-12-10 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-RackS 24
2018-12-10 17:19 - 1997-05-12 17:53 - 000314368 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2018-11-28 19:10 - 2018-11-28 19:10 - 000000043 _____ C:\Users\Anderson\Desktop\METALOFONE PANELA PRESSÃO.txt
2018-11-21 22:14 - 2018-12-21 02:02 - 000000000 ____D C:\Users\Anderson\Desktop\ENSAIO CORAL
2018-11-21 22:13 - 2018-11-21 21:31 - 000004748 _____ C:\Users\Anderson\Desktop\ENSAIO CORAL 21-11-2.RPP-NEWTEMP
2018-11-20 13:44 - 2018-11-20 13:44 - 000000000 ____D C:\Users\Anderson\AppData\LocalLow\uTorrent
2018-11-20 00:05 - 2018-11-20 13:45 - 000000000 ____D C:\Users\Anderson\Downloads\Suits.S08E01.720p.WEB-DL.DUAL.WWW.COMANDOTORRENTS.COM
2018-11-16 12:32 - 2018-11-16 12:50 - 000000000 ____D C:\Users\Anderson\Downloads\Tom Jobim
2018-11-16 01:28 - 2018-11-16 01:28 - 000001200 _____ C:\Downloads - Atalho.lnk
2018-11-16 00:58 - 2018-11-16 01:33 - 000000000 ____D C:\Users\Anderson\Downloads\Suits.S07E02.PROPER.720p.HDTV.x264-FLEET[rarbg]
2018-11-16 00:52 - 2018-11-16 01:33 - 000000000 ____D C:\Users\Anderson\Downloads\Suits.S07E01.720p.HDTV.x264-AVS[rarbg]
2018-11-15 23:35 - 2018-11-15 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melodyne plugin
2018-11-15 23:35 - 2018-11-15 23:35 - 000000000 ____D C:\Program Files (x86)\Celemony
2018-11-09 18:37 - 2018-11-09 18:37 - 000000000 ___RD C:\Users\Anderson\Documents\Scanned Documents
2018-11-09 18:37 - 2018-11-09 18:37 - 000000000 ____D C:\Users\Anderson\Documents\Fax
2018-11-05 22:42 - 2018-11-12 02:05 - 000003050 _____ C:\Windows\System32\Tasks\{468E74ED-127A-4DA3-A227-E7F13CE4CCBA}
2018-11-05 22:42 - 2018-11-05 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
2018-11-05 22:41 - 2018-11-05 22:42 - 000000000 ____D C:\Program Files (x86)\RESIDENT EVIL
2018-11-05 22:39 - 2018-11-05 23:38 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAPCOM
2018-11-05 20:35 - 2018-11-05 20:35 - 000000000 ____D C:\Users\Anderson\Downloads\R.B.I.Baseball.16-CODEX
2018-11-03 20:46 - 2018-11-03 20:46 - 000000000 ____D C:\Users\Anderson\Documents\My Games
2018-11-03 20:39 - 2018-11-03 20:39 - 000000000 ____D C:\Users\Anderson\AppData\LocalLow\MLB_com
2018-11-02 14:05 - 2018-11-02 14:05 - 000000000 ____D C:\Users\Anderson\Documents\Amplitube4
2018-11-02 14:02 - 2018-11-02 14:02 - 000001209 _____ C:\Users\Anderson\Desktop\Custom Shop.lnk
2018-11-02 14:01 - 2018-11-02 14:01 - 000000000 ____D C:\Program Files\Cakewalk
2018-11-02 14:01 - 2012-08-29 13:23 - 012708016 _____ (Intel Corporation) C:\Windows\system32\mkl_def.dll
2018-11-02 14:01 - 2012-08-29 13:23 - 012474544 _____ (Intel Corporation) C:\Windows\system32\mkl_core.dll
2018-11-02 14:01 - 2012-08-29 13:23 - 009917616 _____ (Intel Corporation) C:\Windows\system32\mkl_intel_thread.dll
2018-11-02 14:01 - 2012-08-29 13:23 - 000529072 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2018-11-02 14:01 - 2012-08-29 13:23 - 000499712 _____ (Microsoft Corporation) C:\Windows\msvcp71.dll
2018-11-02 14:01 - 2012-08-29 13:23 - 000348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2018-11-02 14:01 - 2009-08-28 11:54 - 003462320 _____ (Intel Corporation) C:\Windows\system32\mkl_sequential.dll
2018-11-02 14:00 - 2018-11-02 14:00 - 000000000 ____D C:\Program Files\IK Multimedia
2018-11-02 13:47 - 2018-11-02 13:47 - 000000828 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2018-11-02 13:15 - 2018-11-02 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BEHRINGER
2018-11-02 13:15 - 2018-11-02 13:15 - 000000000 ____D C:\Program Files\BEHRINGER
2018-11-02 13:15 - 2018-02-20 08:02 - 000353112 _____ () C:\Windows\system32\Drivers\umc_audio.sys
2018-11-02 13:15 - 2018-02-20 08:02 - 000054104 _____ () C:\Windows\system32\Drivers\umc_audioks.sys
2018-10-30 23:12 - 2018-10-30 23:12 - 000004522 _____ C:\Users\Anderson\AppData\Roaming\CamStudio.cfg
2018-10-30 23:12 - 2018-10-30 23:12 - 000000408 _____ C:\Users\Anderson\AppData\Roaming\CamShapes.ini
2018-10-30 23:12 - 2018-10-30 23:12 - 000000408 _____ C:\Users\Anderson\AppData\Roaming\CamLayout.ini
2018-10-30 23:12 - 2018-10-30 23:12 - 000000046 _____ C:\Users\Anderson\AppData\Roaming\Camdata.ini
2018-10-30 23:11 - 2018-10-30 23:11 - 000001207 _____ C:\Users\Anderson\AppData\Roaming\CamStudio.Producer.ini
2018-10-30 23:11 - 2018-10-30 23:11 - 000000000 _____ C:\Users\Anderson\AppData\Roaming\CamStudio.Producer.Data.ini
2018-10-29 15:32 - 2018-10-29 15:32 - 000000000 ____D C:\Users\Anderson\Desktop\Acordes Violão
2018-10-29 15:22 - 2018-10-29 16:17 - 000000000 ____D C:\Users\Anderson\Desktop\Acordes Teclado
2018-10-25 13:48 - 2018-10-25 13:51 - 000000000 ____D C:\Users\Anderson\Downloads\PartituraHajaPazNaTerra4Vozes
2018-10-22 22:41 - 2018-11-19 21:43 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2018-10-22 22:41 - 2018-11-19 21:43 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswa025532626125b90.tmp
2018-10-18 14:25 - 2018-10-18 14:25 - 000001053 _____ C:\Users\Anderson\Desktop\MuseScore 2.lnk
2018-10-18 14:25 - 2018-10-18 14:25 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2018-10-04 16:36 - 2017-07-08 15:37 - 000912020 _____ C:\Users\Anderson\Desktop\Apostila Teclado.pdf
2018-09-28 00:41 - 2018-09-28 00:41 - 000000043 _____ C:\Users\Anderson\AppData\Roaming\WB.CFG
2018-09-27 17:45 - 2018-09-27 17:45 - 001242312 _____ (Microsoft Corporation) C:\Users\Anderson\Downloads\Baixaki_windows-movie-maker.exe
2018-09-27 17:42 - 2018-09-27 17:42 - 001908225 _____ C:\Users\Anderson\Downloads\Baixaki_virtualdub.zip
2018-09-27 17:42 - 2018-09-27 17:42 - 000002234 _____ C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2018-09-27 17:41 - 2018-10-09 16:41 - 000000000 ____D C:\Windows\System32\Tasks\{352F400B-8EA4-98BE-7CF1-6E5F4999CD3E}
2018-09-27 17:41 - 2018-10-09 16:41 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\352f400b8ea498be7cf16e5f4999cd3e
2018-09-27 17:40 - 2018-09-27 22:41 - 000000000 ____D C:\Users\Todos os Usuários\{EB002E63-6142-A4A5-E784-3AE77DC6B129}
2018-09-27 17:40 - 2018-09-27 22:41 - 000000000 ____D C:\ProgramData\{EB002E63-6142-A4A5-E784-3AE77DC6B129}
2018-09-27 17:40 - 2018-09-27 17:43 - 000000000 ____D C:\Users\Anderson\AppData\Local\{707B4627-54D3-2A9F-394B-0F771D23F3EF}
2018-09-27 17:40 - 2018-09-27 17:40 - 000001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-12-22 01:04 - 2017-04-11 14:03 - 000003916 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-12-22 01:02 - 2017-04-04 21:48 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2518058151-3121161267-773589023-1001
2018-12-22 00:55 - 2017-04-04 21:42 - 000000000 ____D C:\Users\Anderson
2018-12-22 00:54 - 2012-07-26 04:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-22 00:53 - 2018-08-04 00:13 - 000000000 ____D C:\Windows\nvidia
2018-12-22 00:53 - 2017-10-14 13:14 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\MuseScore
2018-12-22 00:53 - 2017-04-11 17:40 - 000000000 ____D C:\Windows\system32\AutoUpdateLicense
2018-12-22 00:53 - 2012-07-26 05:12 - 000000000 ____D C:\Windows\Resources
2018-12-22 00:53 - 2012-07-26 02:38 - 000000000 ____D C:\Windows\system32\Sysprep
2018-12-22 00:53 - 2012-07-26 02:37 - 000000000 ____D C:\Windows\Inf
2018-12-22 00:52 - 2018-08-11 22:24 - 000000000 ____D C:\Program Files (x86)\Waves
2018-12-22 00:52 - 2018-07-22 14:51 - 000000000 ____D C:\REAPER
2018-12-22 00:52 - 2018-01-12 11:20 - 000000000 ____D C:\Program Files (x86)\PDF24
2018-12-22 00:51 - 2018-04-30 13:23 - 000000000 ____D C:\Windows\Minidump
2018-12-22 00:50 - 2012-07-26 05:12 - 000000000 ____D C:\Windows\registration
2018-12-22 00:49 - 2017-05-09 09:57 - 000000000 ____D C:\Users\Anderson\AppData\Local\Adobe
2018-12-22 00:49 - 2017-04-13 15:00 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2018-12-22 00:49 - 2017-04-13 15:00 - 000000000 ____D C:\ProgramData\Package Cache
2018-12-22 00:14 - 2018-05-05 19:57 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\FileAdvisor
2018-12-22 00:12 - 2018-07-20 23:36 - 000000000 ____D C:\Users\Anderson\AppData\Local\CrashDumps
2018-12-21 01:53 - 2018-09-02 19:32 - 000000000 ____D C:\Users\Anderson\Desktop\CIDÉLIA
2018-12-14 03:49 - 2012-07-26 07:36 - 000000000 ____D C:\Program Files\Windows Journal
2018-12-14 03:45 - 2017-08-02 14:33 - 000000000 ____D C:\Program Files (x86)\Sony
2018-12-14 03:34 - 2018-08-04 00:13 - 000000000 ____D C:\Program Files (x86)\VstPlugins
2018-12-14 03:34 - 2017-08-02 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2018-12-14 03:13 - 2017-05-05 18:40 - 000003170 __RSH C:\Users\Todos os Usuários\ntuser.pol
2018-12-14 03:13 - 2017-05-05 18:40 - 000003170 __RSH C:\ProgramData\ntuser.pol
2018-12-14 03:07 - 2017-08-02 14:35 - 000000000 ____D C:\Users\Anderson\AppData\Local\Sony
2018-12-14 03:07 - 2012-07-26 05:12 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-12-14 03:06 - 2017-12-21 23:06 - 000000000 ____D C:\Users\Anderson\Documents\Visual Studio 2008
2018-12-14 03:05 - 2017-04-13 12:05 - 000000000 ____D C:\Users\Anderson\AppData\Local\Microsoft Help
2018-12-13 12:16 - 2017-08-02 14:32 - 000000000 ____D C:\Program Files (x86)\Sony Setup
2018-12-13 11:02 - 2017-11-04 17:29 - 000000000 ____D C:\Users\Anderson\AppData\Roaming\Sonic Foundry
2018-12-12 13:05 - 2017-04-11 11:51 - 000000000 ____D C:\Windows\system32\MRT
2018-12-12 12:47 - 2017-04-11 11:51 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-10 17:19 - 2018-07-13 00:53 - 000000000 ____D C:\Program Files (x86)\IK Multimedia
2018-12-10 17:19 - 2012-07-26 05:12 - 000000000 ____D C:\Windows\AUInstallAgent
2018-12-10 17:18 - 2018-07-13 00:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2018-12-10 17:18 - 2018-07-13 00:52 - 000000000 ____D C:\Users\Anderson\Documents\IK Multimedia
2018-12-10 17:18 - 2012-07-26 05:12 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-10 16:18 - 2018-07-13 00:57 - 000000032 _____ C:\Users\Anderson\AppData\Roaming\msregsvv.dll
2018-12-07 15:56 - 2012-07-26 07:33 - 000762618 _____ C:\Windows\system32\prfh0416.dat
2018-12-07 15:56 - 2012-07-26 07:33 - 000154410 _____ C:\Windows\system32\prfc0416.dat
2018-12-07 15:56 - 2012-07-26 04:28 - 001765682 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-05 14:34 - 2017-04-14 04:09 - 000000000 ____D C:\Users\Anderson\Documents\REAPER Media
2018-11-27 23:58 - 2017-04-11 10:00 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Arquivos na raiz de alguns diretórios =======
2018-12-14 03:06 - 2018-12-14 03:06 - 000452096 _____ (Accomplice) C:\ProgramData\gtwptb.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 025260414 _____ (TigerTrade ) C:\ProgramData\gtwptd.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 000452096 _____ (Accomplice) C:\Users\Todos os Usuários\gtwptb.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 025260414 _____ (TigerTrade ) C:\Users\Todos os Usuários\gtwptd.exe
2017-04-13 16:12 - 2017-04-13 16:13 - 003098524 _____ () C:\Users\Anderson\AppData\Roaming\AvidApplicationManager_Install.log
2018-10-30 23:12 - 2018-10-30 23:12 - 000000046 _____ () C:\Users\Anderson\AppData\Roaming\Camdata.ini
2018-10-30 23:12 - 2018-10-30 23:12 - 000000408 _____ () C:\Users\Anderson\AppData\Roaming\CamLayout.ini
2018-10-30 23:12 - 2018-10-30 23:12 - 000000408 _____ () C:\Users\Anderson\AppData\Roaming\CamShapes.ini
2018-10-30 23:12 - 2018-10-30 23:12 - 000004522 _____ () C:\Users\Anderson\AppData\Roaming\CamStudio.cfg
2018-10-30 23:11 - 2018-10-30 23:11 - 000000000 _____ () C:\Users\Anderson\AppData\Roaming\CamStudio.Producer.Data.ini
2018-10-30 23:11 - 2018-10-30 23:11 - 000001207 _____ () C:\Users\Anderson\AppData\Roaming\CamStudio.Producer.ini
2017-10-18 19:01 - 2017-10-18 19:39 - 000000040 _____ () C:\Users\Anderson\AppData\Roaming\cdr.ini
2018-07-13 00:57 - 2018-12-10 16:18 - 000000032 _____ () C:\Users\Anderson\AppData\Roaming\msregsvv.dll
2018-09-28 00:41 - 2018-09-28 00:41 - 000000043 _____ () C:\Users\Anderson\AppData\Roaming\WB.CFG
2018-12-14 03:07 - 2018-12-14 03:07 - 007858688 _____ () C:\Users\Anderson\AppData\Local\agent.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 000070896 _____ () C:\Users\Anderson\AppData\Local\Config.xml
2017-10-18 16:41 - 2018-07-22 13:55 - 000013824 _____ () C:\Users\Anderson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-12-14 03:06 - 2018-12-14 03:06 - 000017664 _____ () C:\Users\Anderson\AppData\Local\InstallationConfiguration.xml
2018-12-14 03:06 - 2018-12-14 03:06 - 000140800 _____ () C:\Users\Anderson\AppData\Local\installer.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 000018432 _____ () C:\Users\Anderson\AppData\Local\Main.dat
2018-12-14 03:07 - 2018-12-14 03:07 - 000005568 _____ () C:\Users\Anderson\AppData\Local\md.xml
2018-12-14 03:07 - 2018-12-14 03:07 - 000126464 _____ () C:\Users\Anderson\AppData\Local\noah.dat
2018-09-23 14:40 - 2018-09-23 14:40 - 000000000 _____ () C:\Users\Anderson\AppData\Local\oobelibMkey.log
2018-12-14 03:06 - 2018-12-14 03:06 - 000722944 _____ () C:\Users\Anderson\AppData\Local\sham.db
2018-12-14 03:07 - 2018-12-14 03:07 - 002036157 _____ () C:\Users\Anderson\AppData\Local\Trustzozfan.tst
2018-12-14 03:08 - 2018-12-14 03:08 - 000032038 _____ () C:\Users\Anderson\AppData\Local\uninstall_temp.ico
Alguns arquivos em TEMP:
====================
2018-01-02 14:40 - 2017-12-07 23:44 - 000036152 _____ () C:\Users\Anderson\AppData\Local\Temp\clearRemnants.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 000375522 _____ ( ) C:\Users\Anderson\AppData\Local\Temp\ctp3ou5g5pb.exe
2018-12-14 03:08 - 2018-12-14 03:08 - 001527488 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\dbghelp.dll
2017-05-03 22:15 - 2017-09-02 20:13 - 000065536 _____ (Sony DADC Austria AG) C:\Users\Anderson\AppData\Local\Temp\drm_dialogs.dll
2017-04-13 16:04 - 2017-04-13 16:04 - 000110592 _____ () C:\Users\Anderson\AppData\Local\Temp\ext1558797897831441969.dll
2017-04-13 16:23 - 2017-04-13 16:23 - 000152576 _____ () C:\Users\Anderson\AppData\Local\Temp\ext3430211852866760886.dll
2017-04-13 16:14 - 2017-04-13 16:14 - 000152576 _____ () C:\Users\Anderson\AppData\Local\Temp\ext6836526540634501776.dll
2017-04-13 16:52 - 2017-04-13 16:52 - 000152576 _____ () C:\Users\Anderson\AppData\Local\Temp\ext7734025478134265667.dll
2017-04-13 15:08 - 2017-04-13 15:08 - 000110592 _____ () C:\Users\Anderson\AppData\Local\Temp\ext8069888109819359985.dll
2017-07-22 16:22 - 2014-03-01 03:59 - 000974848 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\kernel32.dll
2018-12-14 03:07 - 2018-12-14 03:07 - 000718128 _____ (Google Inc.) C:\Users\Anderson\AppData\Local\Temp\mcasin.exe
2018-12-14 03:08 - 2015-12-30 20:29 - 006972760 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\ntkrnlmp.exe
2017-06-22 14:09 - 2016-07-10 11:57 - 000150648 ____R (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\ose00001.exe
2018-12-14 03:08 - 2015-09-22 14:53 - 001273184 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\osloader.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 000658284 _____ (ZRFXRD ) C:\Users\Anderson\AppData\Local\Temp\pixel.exe
2018-01-02 14:15 - 2018-01-02 14:23 - 000492544 _____ () C:\Users\Anderson\AppData\Local\Temp\s3.exe
2018-12-14 03:06 - 2018-12-14 03:06 - 003622912 _____ (TODO:
2018-12-14 03:06 - 2018-12-14 03:06 - 001519327 _____ ( ) C:\Users\Anderson\AppData\Local\Temp\setupSD.exe
2017-08-06 02:51 - 2017-08-06 02:51 - 000012305 _____ () C:\Users\Anderson\AppData\Local\Temp\SIntf16.dll
2017-08-06 02:51 - 2017-08-06 02:51 - 000020020 _____ () C:\Users\Anderson\AppData\Local\Temp\SIntf32.dll
2017-08-06 02:51 - 2017-08-06 02:51 - 000024748 _____ () C:\Users\Anderson\AppData\Local\Temp\SIntfNT.dll
2018-12-14 03:08 - 2018-12-14 03:08 - 000167616 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\symsrv.dll
2018-05-03 23:11 - 2018-03-09 11:17 - 000158976 _____ (Myriad) C:\Users\Anderson\AppData\Local\Temp\Uninstal.exe
2018-08-28 18:43 - 2018-12-14 03:08 - 000099906 _____ () C:\Users\Anderson\AppData\Local\Temp\Uninstall.exe
2017-05-01 19:05 - 2017-05-01 19:06 - 014456872 _____ (Microsoft Corporation) C:\Users\Anderson\AppData\Local\Temp\vc_redist.x86.exe
2018-12-14 03:07 - 2018-12-14 03:07 - 001157911 _____ (WhiteCli ) C:\Users\Anderson\AppData\Local\Temp\whiteclick.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2018-12-15 19:41
==================== Fim de FRST.txt ============================