Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:25-12-2015 Executado por Jhean (administrador) em JHEAN-PC (25-12-2015 13:50:15) Executando a partir de C:\Users\Jhean\Desktop Perfis Carregados: Jhean (Perfis Disponíveis: Jhean & Convidado) Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: FF) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Positivo Informática S.A.) C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Users\Jhean\AppData\Local\Crsoft\crsvc.exe (QNT) C:\Users\Jhean\AppData\Roaming\NetService\netservice.exe (UpAurora.COM) C:\Windows\System32\config\systemprofile\AppData\Roaming\UpAuroraBrowser\Installer\UpAuroraKernelService.exe () C:\Users\Jhean\AppData\Roaming\WinNetSvc\WinNetSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft) C:\Program Files\Positivo Informática\Positivo Experience\Positivo Audio Power\AudioPower.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (ManyCam LLC) C:\Program Files\ManyCam\Bin\ManyCam.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Positivo Informática) C:\Program Files\Positivo Informática\Recovery\Recovery2.exe (Positivo Informática S.A.) C:\Program Files\Positivo Informática\Positivo Experience\Positivo Smart Backup\PositivoSmartBackup.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Users\Jhean\Downloads\yet_another_cleaner_sk_3776540.exe (Elex do Brasil Participações Ltda) C:\Users\Jhean\AppData\Local\Temp\iSafeDownloader.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [StartUpManagerPositivo] => C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe [171520 2011-03-30] () HKLM\...\Run: [AudioPower] => C:\Program Files\Positivo Informática\Positivo Experience\Positivo Audio Power\AudioPower.exe [866304 2011-04-20] (Microsoft) HKLM\...\Run: [PlusService] => C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe [811520 2014-02-23] (Yuna Software) HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-09] (Nero AG) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader.exe /silent HKLM\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation) HKLM\...\Run: [assecsystedllx] => C:\WINDOWS\assecsystedllx.exe HKLM\...\Run: [OiVelox] => C:\Program Files\Oi\Programmer\OiVeloxCheck.exe HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [dply_en_036020129] => [X] HKLM\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] () HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation) HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG) HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\Run: [ares] => "C:\Program Files\Ares\Ares.exe" -h HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\Run: [Facebook Update] => C:\Users\Jhean\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-19] (Facebook Inc.) HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\Run: [Java] => C:\Users\Jhean\AppData\Roaming\Java\javax.exe HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\Run: [ManyCam] => C:\Program Files\ManyCam\Bin\ManyCam.exe [2160024 2012-06-28] (ManyCam LLC) HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50385536 2015-12-17] (Skype Technologies S.A.) HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\FA889F48BA91932CA1794DC9B9F86E43.dll Start /RUNNING HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\MountPoints2: {03768812-5dd2-11e3-a25b-6c626d26561c} - F:\LGAutoRun.exe HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\MountPoints2: {46e176af-a50c-11e2-a2d9-6c626d26561c} - F:\autorun.exe HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\MountPoints2: {d3935a46-4a86-11e1-909d-6c626d26561c} - F:\.\Start.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-08-01] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Assistente para criação de disco de recuperação.lnk [2011-05-18] ShortcutTarget: Assistente para criação de disco de recuperação.lnk -> C:\Program Files\Positivo Informática\Recovery\Recovery2.exe (Positivo Informática) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-06-20] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Jhean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2013-10-03] ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [.DEFAULT] => Proxy está habilitado. ProxyServer: [.DEFAULT] => http=127.0.0.1:54913;https=127.0.0.1:54913 AutoConfigURL: [.DEFAULT] => http=127.0.0.1:54913;https=127.0.0.1:54913 Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 130.193.10.163 134.19.181.198 Tcpip\..\Interfaces\{0B9A73B3-1FB0-4135-BC58-04654929F072}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{0B9A73B3-1FB0-4135-BC58-04654929F072}: [DhcpNameServer] 130.193.10.163 134.19.181.198 Internet Explorer: ================== HKU\S-1-5-21-255382789-2173596302-2239780989-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=1d51ae774123a3f63399ff88f9ea9240 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=5VMM8RXM_ST3500418AS&tm=1427663692 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-255382789-2173596302-2239780989-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=1d51ae774123a3f63399ff88f9ea9240 HKU\S-1-5-21-255382789-2173596302-2239780989-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=5VMM8RXM_ST3500418AS&tm=1427663692 SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {ABCD0123-1234-5678-ABCD-0123456789AB} URL = hxxp://search.hao123.com.br/s?tn=SE_garavast_6upp6eh1&cid=avastbcl&ie=utf-8&wd={searchTerms} SearchScopes: HKU\.DEFAULT -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = SearchScopes: HKU\S-1-5-21-255382789-2173596302-2239780989-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-255382789-2173596302-2239780989-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-255382789-2173596302-2239780989-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-255382789-2173596302-2239780989-1000 -> {706C53B1-CFF1-4EE0-BCBD-3F1C14D1B94D} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-255382789-2173596302-2239780989-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-255382789-2173596302-2239780989-1000 -> {ABCD0123-1234-5678-ABCD-0123456789AB} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-255382789-2173596302-2239780989-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO: Sem Nome -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Nenhum Arquivo BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-05] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-01] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-05] (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKU\S-1-5-21-255382789-2173596302-2239780989-1000 -> Sem Nome - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Nenhum Arquivo DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.jogostempo.com?oem=mbtkv3&uid=5VMM8RXM_ST3500418AS&tm=1427665835 FireFox: ======== FF ProfilePath: C:\Users\Jhean\AppData\Roaming\Mozilla\Firefox\Profiles\dsaj4aue.default-1446044846523 FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=1d51ae774123a3f63399ff88f9ea9240 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-11-14] () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-05] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-255382789-2173596302-2239780989-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jhean\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Users\Jhean\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation) FF Extension: Oasis Space 1.0.1 - C:\Users\Jhean\AppData\Roaming\Mozilla\Firefox\Profiles\dsaj4aue.default-1446044846523\Extensions\{19784bd9-5ddf-42a0-b5e7-fb730e09b665}.xpi [2015-11-17] [não assinado] FF Extension: Sem Nome - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [não assinado] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-20] [não assinado] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-01] [não assinado] FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Jhean\AppData\Roaming\Mozilla\Firefox\Profiles\ro93xsl5.default-1402421084429\extensions\fftoolbar2014@etech.com => não encontrado (a) FF HKLM\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Jhean\AppData\Roaming\Mozilla\Firefox\Profiles\ro93xsl5.default-1402421084429\extensions\quick_searchff@gmail.com => não encontrado (a) FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Jhean\AppData\Roaming\Mozilla\Firefox\Profiles\ro93xsl5.default-1402421084429\extensions\sweetsearch@gmail.com => não encontrado (a) FF HKU\S-1-5-21-255382789-2173596302-2239780989-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-12-07] Chrome: ======= CHR HomePage: Default -> www.qqovd.com?oem=mbtkv3&uid=5VMM8RXM_ST3500418AS&tm=1427663692 CHR StartupUrls: Default -> "hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=1d51ae774123a3f63399ff88f9ea9240" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Profile: C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-23] CHR Extension: (Google Docs) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-23] CHR Extension: (Google Drive) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23] CHR Extension: (YouTube) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23] CHR Extension: (Bing) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-11-23] CHR Extension: (Google Search) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-14] CHR Extension: (Real-time) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\epiigdnioginncdapahfgjfcckgabdod [2015-11-23] CHR Extension: (Planilhas do Google) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-23] CHR Extension: (Documentos Google off-line) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-24] CHR Extension: (Skype) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-24] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-23] CHR Extension: (Gmail) - C:\Users\Jhean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-23] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01] CHR HKLM\...\Chrome\Extension: [jongbaldhepiipcgeobleedccockoofh] - C:\Program Files\LyricsDroid\120.crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] CHR HKLM\...\Chrome\Extension: [obneapcmdojdbokehdkjfcebdllnlfpn] - C:\Users\Jhean\AppData\Roaming\1.crx CHR HKU\S-1-5-21-255382789-2173596302-2239780989-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AppManagerService; C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\PositivoExperienceService.exe [40448 2011-03-24] (Positivo Informática S.A.) [Arquivo não assinado] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software) S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [134920 2012-03-06] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) R2 Crashhd; C:\Users\Jhean\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] () S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-07-01] (Macrovision Europe Ltd.) [Arquivo não assinado] S2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [Arquivo não assinado] S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\upgsvr--.exe [2787328 2015-12-25] (TODO: ) [Arquivo não assinado] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] R2 NetTcpHandler; C:\Users\Jhean\AppData\Roaming\NetService\netservice.exe [211824 2015-03-20] (QNT) S3 npggsvc; C:\Windows\system32\GameMon.des [4041880 2011-12-13] (INCA Internet Co., Ltd.) [Arquivo não assinado] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] R2 UpAurora Kernel Service; C:\Windows\system32\config\systemprofile\AppData\Roaming\UpAuroraBrowser\Installer\UpAuroraKernelService.exe [184880 2015-12-03] (UpAurora.COM) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 WinNetSvc; C:\Users\Jhean\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () S2 AdobeARMservice; "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [X] S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 aswFW; C:\Windows\system32\Drivers\aswFW.sys [112984 2012-03-06] (AVAST Software) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] () R1 aswKbd; C:\Windows\system32\Drivers\aswKbd.sys [24408 2012-03-06] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2012-03-06] (ALWIL Software) R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [196440 2012-03-06] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] () R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-08-17] (GFI Software) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC) R3 PositivoAudioDriverWdm; C:\Windows\System32\DRIVERS\pad.sys [52496 2011-03-24] () S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X] S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X] S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X] S1 Bnbase; System32\drivers\bnbasex.sys [X] S1 Bndef; \??\C:\Windows\System32\drivers\bndef.sys [X] S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X] S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 dump_wmimmc; \??\C:\WeMade Entertainment\DigimonBattle\GameGuard\dump_wmimmc.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 PCFApiUtil; \??\C:\Program Files\PC Faster\5.1.0.0\PCFApiUtil.sys [X] S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X] S3 Spring; \??\C:\Program Files\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\Spring.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2015-12-25 13:53 - 2015-12-25 13:53 - 00001820 _____ C:\Users\Public\Desktop\YAC.lnk 2015-12-25 13:53 - 2015-09-09 23:56 - 00058640 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys 2015-12-25 13:53 - 2015-04-16 06:55 - 00048784 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys 2015-12-25 13:52 - 2015-12-25 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC 2015-12-25 13:50 - 2015-12-25 13:50 - 00000000 ____D C:\Program Files\Elex-tech 2015-12-25 13:49 - 2015-12-25 13:49 - 00000000 ____D C:\Users\Jhean\AppData\Roaming\Elex-tech 2015-12-25 13:48 - 2015-12-25 13:49 - 00873488 _____ C:\Users\Jhean\Downloads\yet_another_cleaner_sk_3776540.exe 2015-12-25 13:24 - 2015-12-25 13:53 - 00028612 _____ C:\Users\Jhean\Desktop\FRST.txt 2015-12-25 13:19 - 2015-12-25 13:19 - 00000000 ____D C:\Users\Public\Documents\Baidu 2015-12-25 12:28 - 2015-12-25 12:35 - 00055447 _____ C:\Users\Jhean\Downloads\Addition.txt 2015-12-25 12:25 - 2015-12-25 12:35 - 00057555 _____ C:\Users\Jhean\Downloads\FRST.txt 2015-12-25 12:24 - 2015-12-25 13:50 - 00000000 ____D C:\FRST 2015-12-25 12:22 - 2015-12-25 12:22 - 01721856 _____ (Farbar) C:\Users\Jhean\Desktop\FRST.exe 2015-12-25 11:52 - 2015-12-25 13:24 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update 2015-12-25 11:52 - 2015-12-25 13:24 - 00000000 ____D C:\ProgramData\Windows Update 2015-12-25 11:50 - 2015-12-25 15:59 - 02787328 _____ (TODO: ) C:\Users\Todos os Usuários\upgsvr--.exe 2015-12-25 11:50 - 2015-12-25 15:59 - 02787328 _____ (TODO: ) C:\ProgramData\upgsvr--.exe 2015-12-24 12:24 - 2015-12-25 11:38 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-12-24 10:23 - 2015-12-24 10:25 - 208666624 _____ C:\Users\Jhean\Downloads\[pv]_boa_-_shout_it_out_(m-on__1080i)_[www.k2nblog.com].wmv 2015-12-24 09:31 - 2015-12-24 17:11 - 01323687 _____ ( ) C:\Users\Todos os Usuários\carssc.exe 2015-12-24 09:31 - 2015-12-24 17:11 - 01323687 _____ ( ) C:\ProgramData\carssc.exe 2015-12-24 09:31 - 2015-12-24 09:31 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2015-12-24 09:31 - 2015-12-24 09:31 - 00000000 ____D C:\ProgramData\WindowsMsg 2015-12-24 01:04 - 2015-12-24 01:04 - 00349560 _____ C:\Users\Jhean\Downloads\an_evolutionary_perspective_on_self_organized_division_of_labor_in_social_i REVISADO.pdf 2015-12-24 00:10 - 2015-10-07 10:31 - 01365391 _____ C:\Users\Jhean\Downloads\wilson sexdens 1980.pdf 2015-12-23 23:45 - 2015-12-23 23:45 - 00278332 _____ C:\Users\Jhean\Downloads\minima e trilha.pdf 2015-12-23 23:45 - 2015-12-23 23:45 - 00000000 ____D C:\Users\Jhean\AppData\Local\Mendeley Ltd 2015-12-23 23:44 - 2015-12-23 23:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mendeley Desktop 2015-12-23 23:44 - 2015-12-23 23:44 - 00000000 ____D C:\Program Files\Mendeley Desktop 2015-12-23 23:42 - 2015-12-23 23:43 - 21737872 _____ C:\Users\Jhean\Downloads\Mendeley-Desktop-1.15.2-win32.exe 2015-12-22 12:15 - 2015-12-22 12:16 - 149947839 _____ C:\Users\Jhean\Desktop\Gokhan Keser Söylesem Ayıp Olur.wmv 2015-12-20 15:37 - 2015-12-20 15:46 - 183613694 _____ C:\Users\Jhean\Desktop\ayaka live.mp4 2015-12-19 20:25 - 2015-12-19 20:25 - 08636780 _____ (www.video-gif-converter.com ) C:\Users\Jhean\Downloads\freevideotogif.exe 2015-12-19 20:07 - 2015-12-19 20:09 - 38189064 _____ C:\Users\Jhean\Downloads\DynamicLinkMediaServerRetail-1.0.1-mul-AdobeUpdate.zip 2015-12-19 13:02 - 2015-12-19 13:02 - 00000000 ____D C:\Users\Jhean\Documents\Any GIF Animator 2015-12-19 12:55 - 2015-12-19 12:55 - 00000000 ____D C:\Program Files\Common Files\VisioForge Shared 2015-12-19 12:51 - 2015-12-19 12:52 - 21519706 _____ (AnyGIF.org ) C:\Users\Jhean\Downloads\any-gif-animator.exe 2015-12-19 12:39 - 2015-12-19 12:39 - 00000000 ____D C:\Users\Jhean\AppData\Roaming\Media Freeware 2015-12-19 12:36 - 2015-12-19 12:36 - 10305440 _____ (Media Freeware) C:\Users\Jhean\Downloads\videotogif_setup.exe 2015-12-19 12:34 - 2015-12-19 12:34 - 00628168 _____ C:\Users\Jhean\Downloads\videotogif_setup-70679937.exe 2015-12-19 12:10 - 2015-12-19 12:22 - 109630886 _____ C:\Users\Jhean\Downloads\01.10.2005 Youth Singo U;Nee (유니)_ Call Call Call (HD-1080P).avi 2015-12-18 10:37 - 2015-12-18 10:37 - 00931534 _____ C:\Users\Jhean\Downloads\34513-40465-1-PB.pdf 2015-12-17 09:52 - 2015-12-17 14:31 - 02245032 _____ (UpAurora.COM) C:\Users\Todos os Usuários\UpAurora_1.0.0.3034__101br.exe 2015-12-17 09:52 - 2015-12-17 14:31 - 02245032 _____ (UpAurora.COM) C:\ProgramData\UpAurora_1.0.0.3034__101br.exe 2015-12-17 09:45 - 2015-12-17 09:45 - 00000000 ____D C:\Users\Jhean\AppData\Roaming\WinNetSvc 2015-12-16 17:50 - 2015-12-16 17:50 - 00307904 _____ C:\Users\Jhean\Desktop\^B95FFDEA27598E7C09D07D1705D55EEAB47E9741F10C94DA56^pimgpsh_fullsize_distr.jpg 2015-12-16 15:22 - 2015-12-16 15:23 - 03215627 _____ C:\Users\Jhean\Downloads\SmithA_WealthNations_p.pdf 2015-12-16 10:58 - 2015-12-16 10:58 - 00221617 _____ C:\Users\Jhean\Downloads\texto completo.pdf 2015-12-16 10:58 - 2015-12-16 10:58 - 00219603 _____ C:\Users\Jhean\Downloads\1-s2.0-S0960982207015035-main.pdf 2015-12-16 10:48 - 2015-12-16 10:48 - 01911666 _____ C:\Users\Jhean\Downloads\Cremer et al 2007.pdf 2015-12-16 10:25 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe 2015-12-16 10:25 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe 2015-12-16 10:21 - 2015-12-16 10:21 - 00000000 ____D C:\Users\Jhean\AppData\Local\Adobe 2015-12-16 10:17 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe 2015-12-16 10:17 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe 2015-12-16 10:05 - 2015-11-26 07:58 - 04127064 _____ C:\Users\Todos os Usuários\ch_dl_url 2015-12-16 10:05 - 2015-11-26 07:58 - 04127064 _____ C:\ProgramData\ch_dl_url 2015-12-16 09:52 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Todos os Usuários\upgsvr.exe 2015-12-16 09:52 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe 2015-12-16 09:51 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Jhean\AppData\Roaming\upgsvr.exe 2015-12-09 19:55 - 2015-12-09 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-09 19:55 - 2015-12-09 19:55 - 00000000 ____D C:\Program Files\Common Files\Skype 2015-12-09 10:48 - 2015-11-10 16:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 10:48 - 2015-11-10 16:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 10:48 - 2015-11-10 16:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 10:48 - 2015-11-10 15:40 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 10:47 - 2015-11-11 18:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 10:47 - 2015-11-11 16:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 10:47 - 2015-11-11 16:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 10:47 - 2015-11-11 14:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 10:47 - 2015-11-11 13:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-09 10:47 - 2015-11-11 13:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 10:47 - 2015-11-11 13:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 10:47 - 2015-11-11 12:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 10:47 - 2015-11-09 22:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-09 10:47 - 2015-11-09 22:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-09 10:47 - 2015-11-09 22:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 10:47 - 2015-11-09 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-09 10:47 - 2015-11-09 22:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-09 10:47 - 2015-11-09 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-09 10:47 - 2015-11-09 22:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-09 10:47 - 2015-11-09 22:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 10:47 - 2015-11-09 22:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-09 10:47 - 2015-11-09 22:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-09 10:47 - 2015-11-09 22:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 10:47 - 2015-11-09 22:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-09 10:47 - 2015-11-09 22:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-09 10:47 - 2015-11-09 22:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 10:47 - 2015-11-09 22:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-09 10:47 - 2015-11-09 21:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-09 10:47 - 2015-11-09 21:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 10:47 - 2015-11-09 21:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-09 10:47 - 2015-11-09 21:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 10:47 - 2015-11-09 21:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-09 10:47 - 2015-11-09 21:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 10:47 - 2015-11-09 21:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 10:47 - 2015-11-09 21:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 10:47 - 2015-11-09 21:36 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 10:47 - 2015-11-09 21:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-09 10:47 - 2015-11-09 21:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 10:47 - 2015-11-09 21:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 10:47 - 2015-11-09 21:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 10:45 - 2015-11-20 16:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 10:45 - 2015-11-20 16:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 10:45 - 2015-11-20 16:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 10:45 - 2015-11-20 16:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 10:45 - 2015-11-20 16:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 10:45 - 2015-11-20 16:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-09 10:45 - 2015-11-20 16:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 10:45 - 2015-11-20 16:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-09 10:45 - 2015-11-20 16:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 10:45 - 2015-11-20 16:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 10:45 - 2015-11-20 16:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-09 10:45 - 2015-11-05 17:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-09 10:44 - 2015-11-05 17:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-09 10:44 - 2015-11-05 07:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 10:44 - 2015-11-03 16:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-09 10:44 - 2015-11-03 16:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 10:44 - 2015-10-08 21:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-12-09 10:44 - 2015-10-08 21:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-09 10:44 - 2015-10-08 21:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-09 10:44 - 2015-10-08 21:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-09 10:44 - 2015-10-08 17:13 - 00419928 _____ C:\Windows\system32\locale.nls 2015-12-05 22:04 - 2015-12-05 22:09 - 123239725 _____ C:\Users\Jhean\Downloads\Divashley - Focus On Me.rar 2015-12-03 10:03 - 2015-12-03 10:04 - 09855378 _____ C:\Users\Jhean\Downloads\Flr Est - Mr and Mr 2015.zip 2015-12-01 19:13 - 2015-12-01 19:13 - 00000132 _____ C:\Users\Jhean\AppData\Roaming\Preferências do Formato BMP do Adobe CS6 ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2015-12-25 13:54 - 2015-08-07 16:25 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-12-25 13:54 - 2011-06-14 14:41 - 00001527 _____ C:\Users\Jhean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-12-25 13:46 - 2011-06-28 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPlus 2 2015-12-25 13:46 - 2011-06-28 12:29 - 00000000 ____D C:\Program Files\EditPlus 2 2015-12-25 13:45 - 2012-01-07 17:58 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-25 13:38 - 2014-12-21 16:04 - 00000000 ____D C:\Users\Jhean\Desktop\Ronan Keating Discography 10 Album Pack. 320kbps 2015-12-25 13:35 - 2011-06-21 23:26 - 00000000 ____D C:\Users\Jhean\AppData\Local\CrashDumps 2015-12-25 13:33 - 2009-07-14 02:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-25 13:33 - 2009-07-14 02:34 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-25 13:29 - 2013-01-02 11:03 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-25 13:21 - 2013-03-02 00:49 - 00000000 ____D C:\Users\Jhean\AppData\Roaming\Skype 2015-12-25 13:20 - 2011-06-14 19:35 - 00000000 ____D C:\Users\Jhean\Tracing 2015-12-25 13:19 - 2015-06-20 14:57 - 00000640 _____ C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job 2015-12-25 13:19 - 2012-01-07 17:58 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-25 13:19 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-25 13:16 - 2014-01-02 15:36 - 00000000 ____D C:\AdwCleaner 2015-12-25 12:59 - 2013-03-19 22:54 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-255382789-2173596302-2239780989-1000UA.job 2015-12-25 12:25 - 2009-07-14 00:37 - 00000000 ____D C:\Windows 2015-12-25 11:38 - 2015-08-07 16:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-12-25 01:27 - 2011-06-14 14:43 - 00000000 ____D C:\Users\Jhean\AppData\Local\Last.fm 2015-12-24 21:59 - 2013-03-19 22:54 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-255382789-2173596302-2239780989-1000Core.job 2015-12-24 09:33 - 2015-03-29 19:14 - 00000000 ____D C:\Users\Jhean\AppData\Roaming\RunDir 2015-12-22 23:10 - 2015-08-14 14:12 - 00000132 _____ C:\Users\Jhean\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 2015-12-22 23:10 - 2014-09-13 16:56 - 00000000 ____D C:\Users\Jhean\Desktop\Ayaka 2015-12-22 12:56 - 2015-07-03 23:58 - 00000000 ____D C:\Users\Jhean\Desktop\Brandon White - Videos 2015-12-20 12:52 - 2015-08-14 15:23 - 00001456 _____ C:\Users\Jhean\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2015-12-20 11:10 - 2015-03-29 19:50 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol 2015-12-20 11:10 - 2015-03-29 19:50 - 00000286 __RSH C:\ProgramData\ntuser.pol 2015-12-19 12:06 - 2015-05-29 13:28 - 00000000 ____D C:\Users\Jhean\Desktop\fotos sjb 2015-12-19 00:14 - 2013-03-02 00:47 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2015-12-19 00:14 - 2013-03-02 00:47 - 00000000 ____D C:\ProgramData\Skype 2015-12-18 01:38 - 2010-11-21 00:33 - 00705798 _____ C:\Windows\system32\prfh0416.dat 2015-12-18 01:38 - 2010-11-21 00:33 - 00147638 _____ C:\Windows\system32\prfc0416.dat 2015-12-18 01:38 - 2010-11-20 19:01 - 01600212 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-18 01:38 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\inf 2015-12-18 01:32 - 2015-08-08 12:07 - 00000000 ___SD C:\Windows\system32\GWX 2015-12-16 10:21 - 2015-10-12 03:08 - 00000000 ____D C:\Users\Jhean\AppData\Roaming\Adobe 2015-12-15 22:30 - 2013-01-19 12:56 - 00000000 ____D C:\Users\Jhean\Desktop\Musics 2015-12-15 10:59 - 2013-03-11 13:41 - 00000000 ____D C:\Users\Jhean\AppData\Roaming\uTorrent 2015-12-14 22:31 - 2015-05-08 20:42 - 00002552 _____ C:\Users\Jhean\Desktop\hawk.txt 2015-12-11 21:07 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\rescache 2015-12-10 11:06 - 2009-07-14 02:33 - 00557368 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-10 02:23 - 2011-08-21 13:06 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2015-12-10 02:23 - 2011-08-21 13:06 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-10 02:23 - 2011-05-18 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-10 02:22 - 2011-05-18 15:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-10 02:17 - 2014-01-17 23:24 - 00000000 ____D C:\Windows\system32\MRT 2015-12-10 02:02 - 2011-07-27 13:44 - 137798368 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-09 19:55 - 2014-02-27 11:06 - 00000000 ____D C:\Users\Jhean\AppData\Local\Skype 2015-12-09 19:55 - 2014-02-27 11:05 - 00000000 ___RD C:\Program Files\Skype 2015-12-09 19:45 - 2013-01-02 11:03 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-12-09 19:45 - 2011-06-14 23:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-12-07 14:14 - 2009-07-14 02:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-12-02 13:25 - 2012-06-14 21:58 - 00247976 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-11-28 01:01 - 2012-10-28 22:54 - 00000000 ____D C:\Users\Jhean\Desktop\Files 2015-11-25 22:07 - 2015-04-22 20:46 - 00009906 _____ C:\Users\Jhean\Desktop\drake williams.txt ==================== Arquivos na raiz de alguns diretórios ======= 2013-07-31 22:50 - 2013-07-29 14:07 - 0051992 _____ (cake bake) C:\Program Files\trzC16A.tmp 2013-04-23 21:39 - 2013-04-23 21:39 - 0000005 _____ () C:\Users\Jhean\AppData\Roaming\.sunvox_pateditor 2015-12-01 19:13 - 2015-12-01 19:13 - 0000132 _____ () C:\Users\Jhean\AppData\Roaming\Preferências do Formato BMP do Adobe CS6 2015-08-14 15:21 - 2015-09-18 23:44 - 0000132 _____ () C:\Users\Jhean\AppData\Roaming\Preferências do Formato GIF do Adobe CS6 2015-08-14 14:12 - 2015-12-22 23:10 - 0000132 _____ () C:\Users\Jhean\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 2015-12-16 09:51 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\Jhean\AppData\Roaming\upgsvr.exe 2011-10-26 00:12 - 2011-12-12 22:03 - 0001057 _____ () C:\Users\Jhean\AppData\Roaming\vso_ts_preview.xml 2015-08-14 15:23 - 2015-12-20 12:52 - 0001456 _____ () C:\Users\Jhean\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2012-06-03 23:32 - 2013-01-21 12:47 - 0007168 _____ () C:\Users\Jhean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-12-24 09:31 - 2015-12-24 17:11 - 1323687 _____ ( ) C:\ProgramData\carssc.exe 2015-12-16 10:05 - 2015-11-26 07:58 - 4127064 _____ () C:\ProgramData\ch_dl_url 2013-12-12 13:04 - 2013-12-12 13:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-01-15 03:15 - 2014-01-15 03:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll 2011-06-20 12:54 - 2011-06-20 13:06 - 0000767 _____ () C:\ProgramData\hpzinstall.log 2015-12-16 10:17 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe 2015-12-17 09:52 - 2015-12-17 14:31 - 2245032 _____ (UpAurora.COM) C:\ProgramData\UpAurora_1.0.0.3034__101br.exe 2015-12-25 11:50 - 2015-12-25 15:59 - 2787328 _____ (TODO: ) C:\ProgramData\upgsvr--.exe 2015-12-16 09:52 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe 2015-03-29 20:55 - 2015-03-29 19:49 - 1047392 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe 2015-12-16 10:25 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\carssc.exe C:\ProgramData\FileSplitUpLoad.dll C:\ProgramData\LightGate.exe C:\ProgramData\UpAurora_1.0.0.3034__101br.exe C:\ProgramData\upgsvr--.exe C:\ProgramData\upgsvr.exe C:\ProgramData\WeatherMini.exe C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe C:\Users\Todos os Usuários\carssc.exe C:\Users\Todos os Usuários\FileSplitUpLoad.dll C:\Users\Todos os Usuários\LightGate.exe C:\Users\Todos os Usuários\UpAurora_1.0.0.3034__101br.exe C:\Users\Todos os Usuários\upgsvr--.exe C:\Users\Todos os Usuários\upgsvr.exe C:\Users\Todos os Usuários\WeatherMini.exe C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job Alguns arquivos em TEMP: ==================== C:\Users\Jhean\AppData\Local\Temp\1434726124.exe C:\Users\Jhean\AppData\Local\Temp\1435748888.exe C:\Users\Jhean\AppData\Local\Temp\2kqmsy8y.dll C:\Users\Jhean\AppData\Local\Temp\6tqaadgd.dll C:\Users\Jhean\AppData\Local\Temp\9ybzoeif.dll C:\Users\Jhean\AppData\Local\Temp\aqjy1omt.dll C:\Users\Jhean\AppData\Local\Temp\AskSLib.dll C:\Users\Jhean\AppData\Local\Temp\atcMedia7531435966160.exe C:\Users\Jhean\AppData\Local\Temp\Baidu_PCAppStore_4.3.1.5732.exe C:\Users\Jhean\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.9.107990.exe C:\Users\Jhean\AppData\Local\Temp\Baidu_Secure_SystemUp_5.1.3.114963.exe C:\Users\Jhean\AppData\Local\Temp\bdgD8F3.exe C:\Users\Jhean\AppData\Local\Temp\bdgE0D.exe C:\Users\Jhean\AppData\Local\Temp\bpttpjaj.dll C:\Users\Jhean\AppData\Local\Temp\burnsetup.exe C:\Users\Jhean\AppData\Local\Temp\b_txxneb.dll C:\Users\Jhean\AppData\Local\Temp\CloudBackup8432.exe C:\Users\Jhean\AppData\Local\Temp\dhbbtqea.dll C:\Users\Jhean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphq2cvn.dll C:\Users\Jhean\AppData\Local\Temp\ep6luizg.dll C:\Users\Jhean\AppData\Local\Temp\fm5grgd0.dll C:\Users\Jhean\AppData\Local\Temp\FreemakeVideoDownloader_3.7.0.13.exe C:\Users\Jhean\AppData\Local\Temp\ICReinstall_drivereasy-4-7-1-19920-32-bits.exe C:\Users\Jhean\AppData\Local\Temp\ICReinstall_popcorn-time-beta-3-5-32-bits.exe C:\Users\Jhean\AppData\Local\Temp\Installer.exe C:\Users\Jhean\AppData\Local\Temp\Keygen Installer__9167_il29.exe C:\Users\Jhean\AppData\Local\Temp\lmxzixkv.dll C:\Users\Jhean\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Jhean\AppData\Local\Temp\offercast.exe C:\Users\Jhean\AppData\Local\Temp\ppadsetup.exe C:\Users\Jhean\AppData\Local\Temp\pstagesetup.exe C:\Users\Jhean\AppData\Local\Temp\q0yeezjw.dll C:\Users\Jhean\AppData\Local\Temp\qctv-krv.dll C:\Users\Jhean\AppData\Local\Temp\qricuwf9.dll C:\Users\Jhean\AppData\Local\Temp\Quarantine.exe C:\Users\Jhean\AppData\Local\Temp\rcmdkiz_.dll C:\Users\Jhean\AppData\Local\Temp\SHSetup.exe C:\Users\Jhean\AppData\Local\Temp\SkypeSetup.exe C:\Users\Jhean\AppData\Local\Temp\spark_install.exe C:\Users\Jhean\AppData\Local\Temp\Update_12e6.exe C:\Users\Jhean\AppData\Local\Temp\Update_987f.exe C:\Users\Jhean\AppData\Local\Temp\utt67FB.tmp.exe C:\Users\Jhean\AppData\Local\Temp\utt6DB2.tmp.exe C:\Users\Jhean\AppData\Local\Temp\uzv4oz1m.dll C:\Users\Jhean\AppData\Local\Temp\vcredist_x86.exe C:\Users\Jhean\AppData\Local\Temp\vpsetup.exe C:\Users\Jhean\AppData\Local\Temp\zudplxl3.dll ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2015-12-22 21:17 ==================== Fim de FRST.txt ============================