Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:07-02-2016
Executado por Roberta (administrador) em ROBERTA-PC (13-02-2016 13:18:38)
Executando a partir de C:\Users\Roberta\Desktop
Perfis Carregados: Roberta (Perfis Disponíveis: Roberta)
Platform: Microsoft Windows 7 Starter  (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

() C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
() C:\Windows\System32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(TODO:  ) C:\ProgramData\Updata\GoogleUpdata.exe
() C:\Windows\System32\srvany.exe
() C:\Windows\KMService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TU-Funs LIMITED) C:\ProgramData\QWdMQ\WdMan.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
() C:\ProgramData\msiql.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\Uniko Desktop\Desktop.exe
() C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_20_0_0_306_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [IgfxExt] => C:\Windows\system32\IgfxExt.exe [174616 2009-09-01] (Intel Corporation)
HKLM\...\Run: [HotkeyMon] => C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328 2009-09-11] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] => C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [1021424 2009-10-16] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2009-09-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SuperHybridEngine] => C:\Program Files\EeePC\SHE\SuperHybridEngine.exe [413688 2009-09-09] (ASUSTeK Computer Inc.)
HKLM\...\Run: [gmsd_br_005010228] => [X]
HKLM\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
HKLM\...\Run: [HomePageHelper] => c:\programdata\homepage.exe [1100288 2015-11-25] ()
HKU\S-1-5-21-2571868259-4256925888-904910982-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-04] ()
HKU\S-1-5-21-2571868259-4256925888-904910982-1000\...\Run: [msiql] => C:\ProgramData\msiql.exe [2415616 2016-01-26] ()
HKU\S-1-5-21-2571868259-4256925888-904910982-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-2571868259-4256925888-904910982-1000\...\MountPoints2: F - F:\iLinker.exe
HKU\S-1-5-21-2571868259-4256925888-904910982-1000\...\MountPoints2: {83349652-ba90-11e4-bdab-002243d43151} - E:\iLinker.exe
AppInit_DLLs: C:\ProgramData\Ecois\Tempgoair.dll => Nenhum Arquivo
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-02-20]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.204.0.10 200.204.0.138
Tcpip\..\Interfaces\{2C4A8192-E9C5-484F-B4F1-D857CD97F141}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{2C4A8192-E9C5-484F-B4F1-D857CD97F141}: [DhcpNameServer] 200.204.0.10 200.204.0.138
Tcpip\..\Interfaces\{49003362-B1E6-40BD-938F-6B09F4ADC3AB}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{BA5BBB13-B451-45BD-822E-36D2D57A61F5}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{BBBBA340-BA95-4E5D-9A06-112FBD79BE0B}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=9384958fba458cdeb420089bc13c87e1
HKU\S-1-5-21-2571868259-4256925888-904910982-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUCgaTJmbpk8E9EvpTtp9KzaIMynmF_IzcUh3-2Pbo__21RSXTopaI2RCGaOzP_o0eSx6uxNJJbXhmNOWAI4JTBdNutg-tfinsShRlZHHxaWIIilBt_5oPJOEc5rXpAWBSOTGbcyYLi7JJt5beR3YAJsAmqNv1Q8zkQAWqSyZNQ,,&q={searchTerms}
HKU\S-1-5-21-2571868259-4256925888-904910982-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-2571868259-4256925888-904910982-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUCgaTJmbpk8E9EvpTtp9KzaIMynmF_IzcUh3-2Pbo__21RSXTopaI2RCGaOzP_o0eSx6uxNJJbXhmNOWAI4JTBdNutg-tfinsShRlZHHxaWIIilBt_5oPJOEc5rXpAWBSOTGbcyYLi7JJt5beR3YAJsAmqNv1Q8zkQAWqSyZNQ,,&q={searchTerms}
HKU\S-1-5-21-2571868259-4256925888-904910982-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUCgaTJmbpk8E9EvpTtp9KzaIMynmF_IzcUh3-2Pbo__21RSXTopaI2RCGaOzP_o0eSx6uxNJJbXhmNOWAI4JTBdNutg-tfinsShRlZHHxaWIIilBt_5oPJOEc5rXpAWBSOTGbcyYLi7JJt5beR3YAJsAmqNv1Q8zkQAWqSyZNQ,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUCgaTJmbpk8E9EvpTtp9KzaIMynmF_IzcUh3-2Pbo__21RSXTopaI2RCGaOzP_o0eSx6uxNJJbXhmNOWAI4JTBdNutg-tfinsShRlZHHxaWIIilBt_5oPJOEc5rXpAWBSOTGbcyYLi7JJt5beR3YAJsAmqNv1Q8zkQAWqSyZNQ,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2571868259-4256925888-904910982-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUCgaTJmbpk8E9EvpTtp9KzaIMynmF_IzcUh3-2Pbo__21RSXTopaI2RCGaOzP_o0eSx6uxNJJbXhmNOWAI4JTBdNutg-tfinsShRlZHHxaWIIilBt_5oPJOEc5rXpAWBSOTGbcyYLi7JJt5beR3YAJsAmqNv1Q8zkQAWqSyZNQ,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2571868259-4256925888-904910982-1000 -> ielnksrch URL = 
SearchScopes: HKU\S-1-5-21-2571868259-4256925888-904910982-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBSiA1rEAocN4PQUCgaTJmbpk8E9EvpTtp9KzaIMynmF_IzcUh3-2Pbo__21RSXTopaI2RCGaOzP_o0eSx6uxNJJbXhmNOWAI4JTBdNutg-tfinsShRlZHHxaWIIilBt_5oPJOEc5rXpAWBSOTGbcyYLi7JJt5beR3YAJsAmqNv1Q8zkQAWqSyZNQ,,&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{D1F5921D-416A-4656-8B75-32B57057CA86}] - C:\Program Files\shopperz050220161443\Firefox\{D1F5921D-416A-4656-8B75-32B57057CA86}.xpi => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [{DF371121-FC15-4E46-8DC1-7A1A108DC409}] - C:\Program Files\groover050220162330\Firefox\{DF371121-FC15-4E46-8DC1-7A1A108DC409}.xpi => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [{0DA7B203-0BA9-477F-8563-38B199734B62}] - C:\Program Files\shopperz050220162301\Firefox\{0DA7B203-0BA9-477F-8563-38B199734B62}.xpi => não encontrado (a)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\Roberta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Roberta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13]
CHR Extension: (YouTube) - C:\Users\Roberta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Pesquisa do Google) - C:\Users\Roberta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Roberta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-13]
CHR Extension: (Gmail) - C:\Users\Roberta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [530944 2016-02-06] () [Arquivo não assinado]
R2 AsusService; C:\Windows\System32\AsusService.exe [219136 2009-08-18] () [Arquivo não assinado]
R2 GoogleChromeUpdata; C:\ProgramData\Updata\GoogleUpdata.exe [2768384 2016-02-04] (TODO:  ) [Arquivo não assinado]
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1734656 2016-01-11] () [Arquivo não assinado]
R2 KMService; C:\Windows\system32\srvany.exe [8192 2015-02-19] () [Arquivo não assinado]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
R2 WdMan; C:\ProgramData\QWdMQ\WdMan.exe [794376 2016-02-05] (TU-Funs LIMITED)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 ggbugreport; "C:\Program Files\SearchesToYesbnd\bugreport.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
S2 Winsere; "C:\Program Files\Winsere\Winsere\Winsere.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [49408 2016-02-05] (Cherimoya Ltd) [Arquivo não assinado]
R3 igd; C:\Windows\System32\DRIVERS\igdkmd32.sys [635168 2009-08-27] (Intel Corporation)
R1 {05a4953c-b4ea-4a19-a524-ee56a0c05d0a}Gw; C:\Windows\System32\drivers\{05a4953c-b4ea-4a19-a524-ee56a0c05d0a}Gw.sys [43112 2016-02-05] (StdLib)
S0 MPCBase; System32\drivers\MPCBase.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-02-13 13:18 - 2016-02-13 13:20 - 00013628 _____ C:\Users\Roberta\Desktop\FRST.txt
2016-02-13 13:18 - 2016-02-13 13:18 - 00000000 ____D C:\FRST
2016-02-13 13:17 - 2016-02-13 13:17 - 01721344 _____ (Farbar) C:\Users\Roberta\Desktop\FRST.exe
2016-02-13 13:09 - 2016-02-13 13:09 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-13 13:09 - 2016-02-13 13:09 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-13 12:58 - 2016-02-13 13:03 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-13 12:58 - 2016-02-13 13:03 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-13 12:46 - 2016-02-13 12:46 - 00000000 ____D C:\Users\Roberta\AppData\Roaming\CalendarTool
2016-02-13 12:45 - 2016-02-13 12:45 - 00000000 ____D C:\Program Files\CalendarTool
2016-02-13 12:42 - 2016-02-13 12:42 - 00001389 _____ C:\Users\Roberta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-13 11:30 - 2016-02-13 13:14 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-13 11:09 - 2016-02-13 11:09 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-13 11:09 - 2016-02-13 11:09 - 00000000 ____D C:\Program Files\CCleaner
2016-02-10 15:09 - 2016-02-10 15:09 - 00000000 ____D C:\Users\Roberta\Documents\UnikoDesktop Projects
2016-02-09 22:07 - 2016-02-09 22:07 - 00000859 _____ C:\Users\Public\Desktop\Uniko Desktop.lnk
2016-02-09 22:07 - 2016-02-09 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniko Desktop
2016-02-09 22:04 - 2016-02-09 22:07 - 00000000 ____D C:\Program Files\Uniko Desktop
2016-02-09 20:36 - 2016-02-09 21:51 - 308359076 _____ C:\Users\Roberta\Downloads\SetupUniko.exe
2016-02-09 17:09 - 2016-02-10 20:08 - 00000000 ____D C:\Users\Roberta\Desktop\FOTOS
2016-02-09 17:04 - 2016-02-09 17:04 - 00260452 _____ C:\Users\Roberta\Desktop\IPVA 2-3.xps
2016-02-07 11:58 - 2016-02-13 12:51 - 00000966 _____ C:\Users\Todos os Usuários\xcgui_debug.txt
2016-02-07 11:58 - 2016-02-13 12:51 - 00000966 _____ C:\ProgramData\xcgui_debug.txt
2016-02-05 22:50 - 2016-02-05 22:50 - 00000000 ____D C:\Users\Roberta\AppData\Roaming\LightGate
2016-02-05 22:49 - 2016-02-05 22:49 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-02-05 22:49 - 2016-02-05 22:49 - 00000286 __RSH C:\ProgramData\ntuser.pol
2016-02-05 21:55 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-02-05 21:55 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-02-05 21:53 - 2016-02-05 21:53 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-02-05 21:52 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2016-02-05 21:52 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-02-05 21:51 - 2016-02-05 21:51 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-02-05 21:51 - 2016-02-05 21:51 - 00000000 ____D C:\ProgramData\Windows Update
2016-02-05 21:50 - 2016-02-05 22:50 - 00009441 _____ C:\Users\Todos os Usuários\webad.xml
2016-02-05 21:50 - 2016-02-05 22:50 - 00009441 _____ C:\ProgramData\webad.xml
2016-02-05 21:50 - 2016-02-05 22:06 - 00000000 ____D C:\Users\Roberta\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-02-05 21:50 - 2016-01-26 11:54 - 02415616 _____ C:\Users\Todos os Usuários\msiql.exe
2016-02-05 21:50 - 2016-01-26 11:54 - 02415616 _____ C:\ProgramData\msiql.exe
2016-02-05 21:50 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-02-05 21:50 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-02-05 21:49 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Todos os Usuários\service.exe
2016-02-05 21:49 - 2016-01-11 15:49 - 01734656 _____ C:\ProgramData\service.exe
2016-02-05 21:48 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Roberta\AppData\Roaming\service.exe
2016-02-05 21:47 - 2016-02-05 21:48 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-02-05 21:38 - 2016-02-05 21:38 - 00000000 ____D C:\Users\Roberta\AppData\Roaming\ASPackage
2016-02-05 21:37 - 2016-02-05 21:37 - 00000000 ____D C:\Users\Roberta\AppData\Roaming\Mozilla
2016-02-05 21:32 - 2016-02-05 21:32 - 00002397 _____ C:\Windows\system32\findit.xml
2016-02-05 21:32 - 2016-02-05 21:32 - 00000000 ____D C:\Users\Todos os Usuários\Ecoiss
2016-02-05 21:32 - 2016-02-05 21:32 - 00000000 ____D C:\ProgramData\Ecoiss
2016-02-05 21:30 - 2016-02-07 10:50 - 00000000 ____D C:\Program Files\Common Files\FixStrong
2016-02-05 21:28 - 2016-02-05 21:28 - 00000000 ____D C:\Users\Todos os Usuários\ApplicationHosting
2016-02-05 21:28 - 2016-02-05 21:28 - 00000000 ____D C:\ProgramData\ApplicationHosting
2016-02-05 21:24 - 2016-02-05 21:24 - 00000000 ____D C:\Windows\system32\gab
2016-02-05 21:00 - 2016-02-05 14:39 - 00043112 _____ (StdLib) C:\Windows\system32\Drivers\{05a4953c-b4ea-4a19-a524-ee56a0c05d0a}Gw.sys
2016-02-05 20:36 - 2016-02-05 20:37 - 00000000 ____D C:\Users\Todos os Usuários\QWdMQ
2016-02-05 20:36 - 2016-02-05 20:37 - 00000000 ____D C:\ProgramData\QWdMQ
2016-02-05 20:36 - 2016-02-05 20:36 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-02-05 20:36 - 2016-02-05 20:36 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-02-05 20:34 - 2016-02-05 21:01 - 00000000 ____D C:\Users\Roberta\AppData\Roaming\yoursearching
2016-02-05 20:33 - 2016-02-13 12:42 - 00000512 _____ C:\Windows\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job
2016-02-05 20:33 - 2016-02-05 20:52 - 00000000 ____D C:\Users\Roberta\AppData\Roaming\WeatherTool
2016-02-05 20:33 - 2016-02-05 20:33 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-02-05 20:33 - 2016-02-05 20:33 - 00000000 ____D C:\Users\Todos os Usuários\Updata
2016-02-05 20:33 - 2016-02-05 20:33 - 00000000 ____D C:\Users\Todos os Usuários\baidu
2016-02-05 20:33 - 2016-02-05 20:33 - 00000000 ____D C:\Users\Roberta\AppData\Roaming\Baidu
2016-02-05 20:33 - 2016-02-05 20:33 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-02-05 20:33 - 2016-02-05 20:33 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-02-05 20:33 - 2016-02-05 20:33 - 00000000 ____D C:\ProgramData\Updata
2016-02-05 20:33 - 2016-02-05 20:33 - 00000000 ____D C:\ProgramData\baidu
2016-02-05 20:30 - 2016-02-05 21:24 - 00000000 ____D C:\Users\Roberta\AppData\Local\Tempfolder
2016-02-05 20:30 - 2016-02-05 20:30 - 00000000 ____D C:\Windows\system32\ruc
2016-02-05 20:30 - 2016-02-05 20:30 - 00000000 ____D C:\Users\Roberta\AppData\Roaming\SywsuUugol
2016-02-05 20:27 - 2016-02-05 20:27 - 00000000 ____D C:\Users\Roberta\AppData\LocalLow\Company
2016-02-05 20:27 - 2016-02-05 20:27 - 00000000 ____D C:\Users\Roberta\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-02-05 20:27 - 2016-02-05 20:27 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-02-05 20:21 - 2016-02-05 20:21 - 00258618 _____ C:\Users\Roberta\Desktop\gol parcela 2.xps
2016-02-05 20:16 - 2016-02-05 20:58 - 00000000 ____D C:\Users\Roberta\AppData\Local\B0A2DE00-1454703399-8146-2FCF-90E6BAEF0CA6
2016-02-05 20:11 - 2016-02-05 20:12 - 00000000 ____D C:\Users\Todos os Usuários\Erliemulidau
2016-02-05 20:11 - 2016-02-05 20:12 - 00000000 ____D C:\ProgramData\Erliemulidau
2016-02-05 20:09 - 2015-11-20 19:27 - 00017840 _____ () C:\Windows\system32\roboot.exe
2016-02-05 20:07 - 2016-02-05 20:56 - 00000000 ____D C:\Users\Roberta\AppData\Roaming\systweak
2016-02-05 20:02 - 2016-02-05 19:53 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-02-05 19:56 - 2016-02-05 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips
2016-02-05 19:48 - 2016-02-05 19:49 - 00384746 _____ (musetips.com ) C:\Users\Roberta\Downloads\MP3CutterSetup.exe
2016-02-05 19:33 - 2016-02-05 21:06 - 00049408 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-01-17 09:56 - 2016-01-17 13:02 - 566303197 _____ C:\Users\Roberta\Downloads\PAT.COLE2012.rar

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-02-13 13:09 - 2015-02-21 08:37 - 00000000 ____D C:\Program Files\Google
2016-02-13 12:58 - 2015-02-21 08:37 - 00000000 ____D C:\Users\Roberta\AppData\Local\Deployment
2016-02-13 12:49 - 2009-07-14 02:34 - 00010864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-13 12:49 - 2009-07-14 02:34 - 00010864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-13 12:46 - 2015-02-19 20:06 - 01626900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-13 12:46 - 2009-07-21 01:13 - 00703080 _____ C:\Windows\system32\prfh0416.dat
2016-02-13 12:46 - 2009-07-21 01:13 - 00145866 _____ C:\Windows\system32\prfc0416.dat
2016-02-13 12:46 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\inf
2016-02-13 12:42 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-13 12:34 - 2015-02-20 00:43 - 00000000 ____D C:\Windows\Panther
2016-02-13 11:30 - 2015-02-19 22:32 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-13 11:30 - 2015-02-19 22:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-10 18:53 - 2015-10-03 14:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-05 22:00 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-02-05 21:51 - 2009-07-14 02:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-05 21:00 - 2009-07-14 00:04 - 00000580 _____ C:\Windows\win.ini

==================== Arquivos na raiz de alguns diretórios =======

2016-02-05 21:48 - 2016-01-11 15:49 - 1734656 _____ () C:\Users\Roberta\AppData\Roaming\service.exe
2016-02-05 21:55 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-02-05 21:50 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-02-05 21:50 - 2016-01-26 11:54 - 2415616 _____ () C:\ProgramData\msiql.exe
2016-02-05 21:49 - 2016-01-11 15:49 - 1734656 _____ () C:\ProgramData\service.exe
2016-02-05 21:50 - 2016-02-05 22:50 - 0009441 _____ () C:\ProgramData\webad.xml
2016-02-07 11:58 - 2016-02-13 12:51 - 0000966 _____ () C:\ProgramData\xcgui_debug.txt
2016-02-05 21:52 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-02-05 20:36 - 2016-02-05 20:36 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll
[2009-07-13 21:12] - [2009-07-13 21:12] - 0269824 ____A (Microsoft Corporation) FB9D5A2A087AD678B29E07B1853528B9

C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-02-13 12:00

==================== Fim de FRST.txt ============================