Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:07-02-2016 Executado por windows 8 (administrador) em WINDOWS8 (13-02-2016 17:32:18) Executando a partir de C:\Users\windows 8\Desktop Perfis Carregados: windows 8 (Perfis Disponíveis: windows 8) Platform: Windows 8 Single Language (X64) Idioma: Português (Brasil) Internet Explorer Versão 10 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\GrassSoft\Macro Expert\MacroService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\GrassSoft\Macro Expert\MacroServiceWnd.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe () C:\ProgramData\WindowsMsg\osmsg.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe () C:\Users\windows 8\Microsoft\njwOq.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe (Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe (SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil) Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2014-05-05] (Banco Itaú Unibanco) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] (Atheros Communications) HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3829328 2014-05-15] (Tonec Inc.) HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-09] () HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Run: [svchost.exe] => C:\Users\windows 8\AppData\Roaming\Default Folder\svchost.exe [32768 2012-07-26] (Microsoft Corporation) HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\RunOnce: [Microsoft] => C:\Users\windows 8\Microsoft\njwOq.exe [1220283 2014-06-15] () HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Policies\system: [DisableTaskMgr] 1 HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Policies\Explorer: [NoFolderOptions] 1 HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: E - "E:\.\StartModem.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {169868b6-af3b-11e4-becd-50b7c3cbde91} - "E:\.\StartModem.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {1f880442-bb8f-11e3-be99-50b7c3cbde91} - "E:\AutoRun.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {1f880448-bb8f-11e3-be99-50b7c3cbde91} - "E:\AutoRun.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {3b54d4f8-e2c0-11e4-bed5-50b7c3cbde91} - "E:\LGAutoRun.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {444793f0-18e8-11e4-beb3-50b7c3cbde91} - "E:\LG_PC_Programs.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {96a530ea-b697-11e3-be96-50b7c3cbde91} - "E:\AutoRun.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {b71865c5-d44f-11e3-be9b-50b7c3cbde91} - "G:\iLinker.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {bc69d044-e7ff-11e3-bea2-50b7c3cbde91} - "E:\AutoRun.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {bc69d049-e7ff-11e3-bea2-50b7c3cbde91} - "E:\AutoRun.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {be29265b-a46e-11e3-be8c-50b7c3cbde91} - "E:\AutoRun.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {be2926a6-a46e-11e3-be8c-50b7c3cbde91} - "E:\AutoRun.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {be29284b-a46e-11e3-be8c-50b7c3cbde91} - "E:\AutoRun.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {dd39f776-6c41-11e4-bec0-50b7c3cbde91} - "F:\AutoRun.exe" HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\MountPoints2: {dd39f783-6c41-11e4-bec0-50b7c3cbde91} - "F:\AutoRun.exe" ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-11-04] (Banco do Brasil) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] () ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\windows 8\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-13] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-18] ShortcutTarget: MEGAsync.lnk -> C:\Users\windows 8\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{20F5812D-E470-4D7C-AE3E-2D756886BC97}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B632944F-1FB3-4ECA-920F-C6E185E512C5}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{B632944F-1FB3-4ECA-920F-C6E185E512C5}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-308377861-1605807132-3586080931-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com HKU\S-1-5-21-308377861-1605807132-3586080931-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-04-02] (Internet Download Manager, Tonec Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-09-13] (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-09-13] (Oracle Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-04-02] (Internet Download Manager, Tonec Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-25] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2014-05-05] (Banco Itaú Unibanco) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-25] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\windows 8\AppData\Roaming\Mozilla\Firefox\Profiles\vww4vy0s.default FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2016-01-19] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon FF HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\windows 8\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\windows 8\AppData\Roaming\IDM\idmmzcc5 [2016-02-03] [não assinado] FF HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\windows 8\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a) FF HKU\S-1-5-21-308377861-1605807132-3586080931-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\windows 8\AppData\Roaming\IDM\idmmzcc5 Chrome: ======= CHR dev: Chrome dev build detectado! <======= ATENÇÃO CHR HomePage: Default -> search.mpc.am CHR StartupUrls: Default -> "search.mpc.am" CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968 CHR DefaultSearchKeyword: Default -> mpc safe search CHR Profile: C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-02] CHR Extension: (Google Docs) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-02] CHR Extension: (Google Drive) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-02] CHR Extension: (YouTube) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02] CHR Extension: (Google Search) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02] CHR Extension: (Planilhas do Google) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-02] CHR Extension: (Unifinder New Tab) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggpcleoagckefcmekcbgdhhmcfcdofhj [2016-02-02] CHR Extension: (Documentos Google off-line) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-02] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-02] CHR Extension: (Gmail) - C:\Users\windows 8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-02] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-19] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-19] CHR HKLM-x32\...\Chrome\Extension: [ggpcleoagckefcmekcbgdhhmcfcdofhj] - C:\Users\windows 8\AppData\Local\adStartPage\unifinder.crx [2014-04-30] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-05-15] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S4 AcuWVSSchedulerv8; C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [1009840 2012-07-04] () S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated) S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations) [Arquivo não assinado] S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-02-13] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-02-13] (BlueStack Systems, Inc.) S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S4 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-01-31] (Samsung Electronics CO., LTD.) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-11-04] (GAS Tecnologia) S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Arquivo não assinado] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation) S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation) R2 Macro Expert; c:\program files (x86)\grasssoft\macro expert\MacroService.exe [413184 2015-02-26] () [Arquivo não assinado] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation) S4 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado] S4 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2921520 2013-04-09] (Samsung Electronics CO., LTD.) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) S4 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [Arquivo não assinado] S4 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [Arquivo não assinado] R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation) S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [Arquivo não assinado] S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20150921.003\BHDrvx64.sys [1650936 2015-09-23] (Symantec Corporation) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-02-13] (BlueStack Systems) R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222952 2013-01-24] (Qualcomm Atheros) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-12] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-12] (Symantec Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-02] () R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-02-13] (GAS Tecnologia) R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-09-22] (GAS Tecnologia) S0 gbpddreg; C:\Windows\SysWOW64\drivers\gbpddreg64.sys [29816 2015-09-22] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia) S3 huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.) R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20150930.101\IDSVia64.sys [767224 2015-09-23] (Symantec Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-13] (Malwarebytes) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160118.004\ENG64.SYS [138488 2015-10-16] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160118.004\EX64.SYS [2148080 2015-10-16] (Symantec Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [242688 2013-04-24] (QUALCOMM Incorporated) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 SymEFASI; C:\Windows\system32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-01-18] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-22] (GAS Tecnologia LTDA) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35232 2013-01-28] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [230904 2013-01-28] (Microsoft Corporation) S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2012-12-26] (MediaTek Inc.) R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-13] (GAS Tecnologia) R1 wsddpp; C:\windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia) S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) S3 BprotectEx; \??\C:\windows\System32\drivers\BprotectEx.sys [X] S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X] S1 iSafeKrnl; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [X] S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] S1 iSafeKrnlKit; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [X] S1 iSafeKrnlR3; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [X] S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X] S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] S3 SBIOSIO; \??\C:\Windows\Temp\SBIOSIO64.SYS [X] S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X] S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-13 17:32 - 2016-02-13 17:33 - 00028789 _____ C:\Users\windows 8\Desktop\FRST.txt 2016-02-13 17:32 - 2016-02-13 17:26 - 02370560 _____ (Farbar) C:\Users\windows 8\Desktop\FRST64.exe 2016-02-13 17:29 - 2016-02-13 17:32 - 00000000 ____D C:\FRST 2016-02-13 17:19 - 2016-02-13 17:19 - 00000000 ___RD C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-02-13 17:17 - 2016-02-13 17:17 - 00287248 _____ C:\windows\Minidump\021316-41296-01.dmp 2016-02-13 14:40 - 2016-02-13 14:40 - 00285792 _____ C:\windows\Minidump\021316-35437-01.dmp 2016-02-13 14:34 - 2016-02-13 14:34 - 00285792 _____ C:\windows\Minidump\021316-29578-01.dmp 2016-02-13 14:15 - 2016-02-13 14:15 - 00285792 _____ C:\windows\Minidump\021316-43515-01.dmp 2016-02-13 13:10 - 2016-02-13 14:18 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-02-13 12:38 - 2016-02-13 12:40 - 13704314 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (4).ppsx 2016-02-13 12:24 - 2016-02-13 12:24 - 00003102 _____ C:\windows\System32\Tasks\{9AF5C6E6-6C20-4DEC-847E-07AD6076B80C} 2016-02-12 21:17 - 2016-02-12 21:17 - 00002922 _____ C:\windows\System32\Tasks\osTip 2016-02-12 21:17 - 2016-02-12 21:17 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-02-12 20:46 - 2016-02-12 20:46 - 00002034 _____ C:\Users\windows 8\Downloads\config.inc.php 2016-02-12 19:00 - 2016-02-12 19:00 - 00318016 _____ C:\Users\windows 8\Downloads\credlanc_site (22).sql 2016-02-11 21:17 - 2016-02-11 21:17 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\gplyra 2016-02-11 15:01 - 2016-02-11 15:01 - 00001338 _____ C:\Users\windows 8\Desktop\Limpeza Grátis de Registros!.lnk 2016-02-10 21:25 - 2016-02-10 21:25 - 00001190 _____ C:\Users\windows 8\Desktop\Continue Last version Installation.lnk 2016-02-10 21:21 - 2016-02-13 12:26 - 00000000 ____D C:\ProgramData\baidu 2016-02-10 21:20 - 2016-02-13 14:14 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-02-10 21:18 - 2016-02-10 21:18 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-02-07 20:49 - 2016-02-07 20:49 - 00000000 ____D C:\Default Folder 2016-02-07 16:09 - 2016-02-07 16:09 - 00000043 _____ C:\Users\windows 8\Desktop\raspadinha.txt 2016-02-05 00:00 - 2016-02-05 00:00 - 00287248 _____ C:\windows\Minidump\020516-30953-01.dmp 2016-02-04 11:38 - 2016-02-04 11:38 - 00002051 _____ C:\Users\windows 8\Downloads\transacoes_tipo.sql 2016-02-04 11:36 - 2016-02-04 11:36 - 00002051 _____ C:\Users\windows 8\Downloads\transacoes_tipo.sql.crdownload 2016-02-03 14:36 - 2016-02-13 14:06 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\systweak 2016-02-03 10:52 - 2016-02-03 10:52 - 00117558 _____ C:\Users\windows 8\Downloads\0022-16 Novo - PRR - Quem leva Intermediações e Agenciamento Via Internet Ltda - Me - Thiago Sá - C (1).pdf 2016-02-03 10:52 - 2016-02-03 10:52 - 00023245 _____ C:\Users\windows 8\Downloads\CLIENTES QUEMLEVA.xlsx 2016-02-02 17:29 - 2016-02-02 17:29 - 00000000 _____ C:\autoexec.bat 2016-02-02 17:19 - 2016-02-02 17:36 - 00000000 ____D C:\ProgramData\Ultra Adware Killer 2016-02-02 17:19 - 2016-02-02 17:19 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys 2016-02-01 23:02 - 2016-02-01 23:02 - 00285792 _____ C:\windows\Minidump\020116-24171-01.dmp 2016-02-01 20:16 - 2016-02-01 20:17 - 00000000 ____D C:\Users\windows 8\Desktop\Adf.ly autoviewer 2016-02-01 00:39 - 2016-02-01 00:39 - 00285792 _____ C:\windows\Minidump\020116-24468-01.dmp 2016-01-31 23:34 - 2016-02-13 14:05 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support 2016-01-31 23:12 - 2016-02-13 14:14 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\NubolUjaupc 2016-01-31 23:12 - 2016-01-31 23:12 - 00000000 ____D C:\Users\windows 8\AppData\Local\Tempfolder 2016-01-31 23:10 - 2016-02-13 14:06 - 00000000 ____D C:\Users\windows 8\AppData\LocalLow\Company 2016-01-31 23:09 - 2016-01-31 23:19 - 00000008 _____ C:\END 2016-01-31 23:05 - 2016-01-31 23:25 - 00000000 ____D C:\Users\windows 8\AppData\Local\Chromium 2016-01-31 22:58 - 2016-01-31 22:55 - 00001575 _____ C:\windows\system32\Drivers\etc\hp.bak 2016-01-31 22:46 - 2016-01-31 22:47 - 03840000 _____ C:\Users\windows 8\Downloads\bot_pokerstars_download.iso 2016-01-31 22:23 - 2016-02-13 17:19 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Imminent 2016-01-31 22:23 - 2016-02-13 14:28 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Default Folder 2016-01-31 22:23 - 2016-01-31 22:23 - 00000000 ___SH C:\Users\windows 8\xHlbGKVr.txt 2016-01-31 22:23 - 2014-06-15 20:25 - 01220283 _____ C:\njwOq.exe 2016-01-31 00:34 - 2016-01-31 00:34 - 00028724 _____ C:\Users\windows 8\Downloads\index1 (3).htm 2016-01-31 00:34 - 2016-01-31 00:34 - 00028724 _____ C:\Users\windows 8\Downloads\index1 (2).htm 2016-01-30 23:47 - 2016-01-30 23:47 - 00013258 _____ C:\Users\windows 8\Downloads\download (13).htm 2016-01-30 22:56 - 2016-01-30 22:56 - 00031196 _____ C:\Users\windows 8\Downloads\form-history-filters.htm 2016-01-30 22:56 - 2016-01-30 22:56 - 00024019 _____ C:\Users\windows 8\Downloads\index (3).htm 2016-01-30 10:42 - 2016-01-30 10:43 - 00004675 _____ C:\Users\windows 8\Downloads\membros_temp (1).sql 2016-01-28 20:58 - 2016-01-31 13:16 - 00000000 ____D C:\Users\windows 8\Documents\Conference 2016-01-28 20:58 - 2016-01-28 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conference Recording Service 2016-01-28 20:58 - 2016-01-28 20:58 - 00000000 ____D C:\Program Files (x86)\Conference Recording Service 2016-01-28 20:58 - 2011-05-26 11:15 - 04191424 _____ C:\windows\ConferenceRS.exe 2016-01-28 20:58 - 2011-05-26 11:15 - 00028704 _____ C:\windows\Hook.dll 2016-01-28 20:21 - 2016-01-28 20:21 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\(5C-51-88-CB-92-F5) 2016-01-28 11:30 - 2016-02-05 16:05 - 00000880 _____ C:\Users\windows 8\Desktop\HTTrack Website Copier.lnk 2016-01-28 11:30 - 2016-01-28 11:30 - 00000000 ____D C:\Program Files\WinHTTrack 2016-01-27 16:11 - 2016-01-27 16:11 - 00208864 _____ C:\Users\windows 8\Downloads\credlanc_site (21).sql 2016-01-27 11:38 - 2016-01-27 11:38 - 00207026 _____ C:\Users\windows 8\Downloads\credlanc_site (20).sql 2016-01-26 16:10 - 2016-01-26 16:10 - 00389006 _____ C:\Users\windows 8\Downloads\1.3.5.pdf 2016-01-26 13:43 - 2016-01-26 13:45 - 60179442 _____ C:\Users\windows 8\Downloads\Apresentação WBM do Brasil.mp4 2016-01-26 13:09 - 2016-01-26 13:09 - 00172605 _____ C:\Users\windows 8\Downloads\PLANO DE NEGÓCIO - FRANQUIA HOME.xlsx 2016-01-25 22:28 - 2016-01-25 22:32 - 14100240 _____ (LogMeIn, Inc.) C:\Users\windows 8\Downloads\join.me.exe 2016-01-25 22:16 - 2016-01-25 22:19 - 15650019 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (3).ppsx 2016-01-25 21:35 - 2016-01-26 18:09 - 00000000 ____D C:\Users\windows 8\Desktop\Nova pasta 2016-01-25 20:58 - 2016-01-25 20:58 - 00252051 _____ C:\Users\windows 8\Downloads\Proposta.rar 2016-01-25 20:20 - 2016-01-25 20:22 - 15628821 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (2).ppsx 2016-01-25 19:55 - 2016-01-25 19:55 - 00012302 _____ C:\Users\windows 8\Downloads\a5f3faec3b966eade381d00a6bbfdcc0.jpeg 2016-01-25 18:48 - 2016-01-25 18:48 - 00022736 _____ C:\Users\windows 8\Downloads\produto_nuvem.sql 2016-01-25 16:19 - 2016-01-25 16:19 - 00192287 _____ C:\Users\windows 8\Downloads\credlanc (1).sql 2016-01-25 16:19 - 2016-01-25 16:19 - 00181642 _____ C:\Users\windows 8\Downloads\credlanc_site (19).sql 2016-01-25 15:48 - 2016-01-25 15:48 - 00191990 _____ C:\Users\windows 8\Downloads\credlanc.sql 2016-01-25 12:14 - 2016-01-25 12:14 - 00180778 _____ C:\Users\windows 8\Downloads\credlanc_site (18).sql 2016-01-25 11:44 - 2016-01-25 11:44 - 00179610 _____ C:\Users\windows 8\Downloads\credlanc_site (17).sql 2016-01-24 14:41 - 2016-01-24 14:45 - 15597014 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance (1).ppsx 2016-01-23 11:43 - 2016-01-23 11:43 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\MPC-HC 2016-01-23 11:41 - 2016-01-23 11:41 - 00001081 _____ C:\Users\windows 8\Desktop\MPC-HC.lnk 2016-01-22 19:38 - 2016-01-22 19:38 - 00172444 _____ C:\Users\windows 8\Downloads\credlanc_site (16).sql 2016-01-22 17:01 - 2016-01-22 17:01 - 00117558 _____ C:\Users\windows 8\Downloads\0022-16 Novo - PRR - Quem leva Intermediações e Agenciamento Via Internet Ltda - Me - Thiago Sá - C.pdf 2016-01-22 16:49 - 2016-01-22 16:51 - 08274282 _____ C:\Users\windows 8\Downloads\Nova Apresentação.rar 2016-01-22 16:20 - 2016-01-23 13:18 - 00000000 ____D C:\Users\windows 8\Desktop\joao filho de raul 2016-01-20 12:22 - 2016-01-20 12:22 - 00029247 _____ C:\Users\windows 8\Downloads\funcoes.inc (1).php 2016-01-19 21:08 - 2016-01-19 21:08 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security 2016-01-19 21:03 - 2016-01-19 21:03 - 00003234 _____ C:\windows\System32\Tasks\Norton WSC Integration 2016-01-19 19:34 - 2016-01-19 19:34 - 16695176 _____ C:\Users\windows 8\Downloads\Apresentação_CredLance.ppsx 2016-01-19 18:58 - 2016-01-19 18:58 - 00152981 _____ C:\Users\windows 8\Downloads\credlanc_site (15).sql 2016-01-19 10:33 - 2016-01-19 21:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2016-01-18 22:10 - 2016-02-13 14:18 - 00002413 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK 2016-01-18 20:03 - 2016-01-18 20:03 - 00000000 ____D C:\Users\windows 8\Desktop\drivers do pc 2016-01-18 18:41 - 2016-01-18 18:41 - 00069798 _____ C:\Users\windows 8\Desktop\7171601820667010.pdf 2016-01-18 16:55 - 2016-01-18 17:46 - 00000000 ____D C:\Users\windows 8\Documents\MEGAsync Downloads 2016-01-18 16:55 - 2016-01-18 16:55 - 00000000 ____D C:\Users\windows 8\AppData\Local\Mega Limited 2016-01-18 16:55 - 1969-12-31 22:00 - 729319424 _____ C:\Users\windows 8\Downloads\Windows XP BT Professional SP3 X86BITS 2015.iso 2016-01-18 16:52 - 2016-01-19 23:57 - 00000000 ____D C:\Users\windows 8\AppData\Local\MEGAsync 2016-01-18 16:52 - 2016-01-18 16:52 - 00001064 _____ C:\Users\windows 8\Desktop\MEGAsync.lnk 2016-01-18 16:52 - 2016-01-18 16:52 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync 2016-01-18 16:49 - 2016-01-18 16:50 - 10152576 _____ (MEGA Limited) C:\Users\windows 8\Downloads\MEGAsyncSetup.exe 2016-01-18 16:03 - 2016-01-18 16:03 - 01130137 _____ C:\Users\windows 8\Downloads\Windows XP PROFESSIONAL SP3 Jan 2015 SATA Drivers TechTools .cab 2016-01-18 14:54 - 2016-01-18 14:54 - 00000000 ____D C:\Bot ADDMEFAST 2016-01-18 14:54 - 2015-09-22 19:12 - 00121004 _____ C:\Bot ADDMEFAST.rar 2016-01-18 12:44 - 2016-01-18 13:22 - 383156224 _____ C:\Users\windows 8\Downloads\xpsp3_5512.080413-2113_br_x86fre_spcd.iso 2016-01-17 20:59 - 2016-01-17 20:59 - 00144402 _____ C:\Users\windows 8\Downloads\credlanc_site (14).sql 2016-01-16 18:50 - 2016-01-16 18:51 - 04704230 _____ C:\Users\windows 8\Downloads\WBM do Brasil.mp4 2016-01-14 18:29 - 2016-01-14 18:29 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-13 17:28 - 2015-07-31 09:33 - 00000000 ____D C:\windows\System32\Tasks\Remediation 2016-02-13 17:27 - 2014-03-03 14:40 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\DMCache 2016-02-13 17:20 - 2015-08-23 23:08 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-02-13 17:19 - 2014-02-28 18:15 - 00000000 ____D C:\Users\windows 8\AppData\Local\CrashDumps 2016-02-13 17:19 - 2014-02-28 01:11 - 00001090 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-13 17:18 - 2016-01-02 17:35 - 00028888 _____ (GAS Tecnologia) C:\windows\system32\Drivers\gbpddfac64.sys 2016-02-13 17:18 - 2016-01-02 17:19 - 00101080 _____ (GAS Tecnologia) C:\windows\system32\Drivers\wsddfac.sys 2016-02-13 17:18 - 2014-09-19 00:47 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2016-02-13 17:18 - 2014-05-30 17:21 - 00065536 _____ C:\windows\system32\Ikeext.etl 2016-02-13 17:18 - 2012-07-26 05:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-02-13 17:17 - 2014-08-30 20:48 - 00000000 ____D C:\windows\Minidump 2016-02-13 17:17 - 2014-08-30 20:47 - 663222650 _____ C:\windows\MEMORY.DMP 2016-02-13 17:08 - 2014-06-16 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-13 17:03 - 2014-02-28 01:11 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-13 17:01 - 2013-05-16 04:09 - 00000000 ____D C:\ProgramData\WinClon 2016-02-13 16:56 - 2012-07-26 06:12 - 00000000 ____D C:\windows\tracing 2016-02-13 16:08 - 2014-05-01 14:40 - 00000000 ____D C:\Users\windows 8\AppData\Local\PokerStars 2016-02-13 16:05 - 2014-05-01 14:39 - 00000000 ____D C:\Program Files (x86)\PokerStars 2016-02-13 14:34 - 2014-02-10 02:53 - 00000000 ____D C:\Users\windows 8 2016-02-13 14:28 - 2014-03-03 23:55 - 16596992 ___SH C:\Users\windows 8\Desktop\Thumbs.db 2016-02-13 14:25 - 2012-07-26 03:26 - 00524288 ___SH C:\windows\system32\config\BBI 2016-02-13 14:18 - 2015-12-18 23:45 - 00001941 _____ C:\Users\Public\Desktop\PokerStars.lnk 2016-02-13 14:18 - 2015-12-10 23:22 - 00001890 _____ C:\Users\Public\Desktop\Apps.lnk 2016-02-13 14:18 - 2015-12-10 23:22 - 00001801 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk 2016-02-13 14:18 - 2015-11-03 21:12 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-02-13 14:18 - 2015-11-03 21:12 - 00002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-02-13 14:18 - 2015-10-31 18:01 - 00000957 _____ C:\Users\Public\Desktop\Steam.lnk 2016-02-13 14:18 - 2015-04-14 08:52 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2016-02-13 14:18 - 2014-12-11 13:05 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-02-13 14:18 - 2014-12-11 12:35 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk 2016-02-13 14:18 - 2014-12-11 12:34 - 00001195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk 2016-02-13 14:18 - 2014-12-10 11:16 - 00001638 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk 2016-02-13 14:18 - 2014-12-10 11:15 - 00001550 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk 2016-02-13 14:18 - 2014-12-10 11:12 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk 2016-02-13 14:18 - 2014-12-10 10:54 - 00001219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk 2016-02-13 14:18 - 2014-12-10 10:47 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk 2016-02-13 14:18 - 2014-12-10 10:46 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk 2016-02-13 14:18 - 2014-12-07 20:40 - 00000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2016-02-13 14:18 - 2014-08-13 16:49 - 00001219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.lnk 2016-02-13 14:18 - 2014-08-13 16:48 - 00001341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk 2016-02-13 14:18 - 2014-08-13 16:47 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk 2016-02-13 14:18 - 2014-08-13 16:47 - 00001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk 2016-02-13 14:18 - 2014-06-16 19:49 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-02-13 14:18 - 2014-03-25 11:48 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk 2016-02-13 14:18 - 2014-03-25 11:47 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk 2016-02-13 14:18 - 2014-03-25 11:47 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk 2016-02-13 14:18 - 2014-03-25 11:46 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk 2016-02-13 14:18 - 2014-03-25 11:45 - 00000985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk 2016-02-13 14:18 - 2014-02-28 01:19 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-13 14:18 - 2013-05-16 04:25 - 00001968 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 2016-02-13 14:18 - 2013-05-16 04:20 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2016-02-13 14:18 - 2013-05-16 04:20 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2016-02-13 14:18 - 2013-05-16 04:03 - 00001900 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 11.lnk 2016-02-13 14:18 - 2012-07-26 03:26 - 00262144 ___SH C:\windows\system32\config\ELAM 2016-02-13 14:17 - 2015-12-18 23:45 - 00001953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk 2016-02-13 14:17 - 2014-09-13 16:38 - 00000286 __RSH C:\ProgramData\ntuser.pol 2016-02-13 14:14 - 2012-07-26 06:12 - 00000000 ____D C:\windows\LiveKernelReports 2016-02-13 14:06 - 2015-07-24 14:02 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Elex-tech 2016-02-13 14:06 - 2015-07-24 14:02 - 00000000 ____D C:\Program Files (x86)\Elex-tech 2016-02-13 13:10 - 2015-08-23 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-02-13 13:10 - 2015-08-23 23:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-02-13 12:58 - 2014-07-23 16:53 - 00000962 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-308377861-1605807132-3586080931-1001UA.job 2016-02-13 12:26 - 2014-06-16 20:01 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Baidu 2016-02-12 20:50 - 2014-06-16 19:27 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\FileZilla 2016-02-12 18:15 - 2014-09-16 13:54 - 00000000 ____D C:\Users\windows 8\Documents\Sicoob 2016-02-12 18:05 - 2014-09-13 19:08 - 00000000 ____D C:\Program Files\NetBeans 8.0.1 2016-02-12 15:58 - 2014-07-23 16:53 - 00000940 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-308377861-1605807132-3586080931-1001Core.job 2016-02-12 15:46 - 2015-12-25 19:44 - 00000000 ____D C:\Users\windows 8\Desktop\CREDLANCE SEGURO 2016-02-12 14:15 - 2016-01-11 10:07 - 00000000 ____D C:\Sicoobnet 2016-02-12 13:39 - 2012-07-26 06:12 - 00000000 ____D C:\windows\AUInstallAgent 2016-02-12 13:23 - 2012-07-26 06:12 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-12 11:32 - 2015-12-15 00:05 - 00000000 ____D C:\Users\windows 8\Desktop\CREDLANCE 2016-02-11 10:59 - 2016-01-11 10:12 - 00001416 _____ C:\Users\windows 8\Desktop\Sicoobnet Empresarial.lnk 2016-02-10 11:00 - 2014-11-16 21:32 - 00000000 ____D C:\Users\windows 8\AppData\Local\Adobe 2016-02-07 20:34 - 2012-07-26 03:37 - 00000000 ____D C:\windows\Inf 2016-02-07 17:11 - 2014-03-03 14:40 - 00000000 ____D C:\Users\windows 8\Downloads\Video 2016-02-05 15:19 - 2013-05-16 17:31 - 00762816 _____ C:\windows\system32\prfh0416.dat 2016-02-05 15:19 - 2013-05-16 17:31 - 00154608 _____ C:\windows\system32\prfc0416.dat 2016-02-05 15:19 - 2012-07-26 05:28 - 00922794 _____ C:\windows\system32\PerfStringBackup.INI 2016-02-05 12:56 - 2016-01-03 15:09 - 00000000 ____D C:\Users\windows 8\Desktop\POKER 2016-02-03 14:26 - 2014-06-02 18:07 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\IDM 2016-02-02 21:58 - 2014-02-28 01:11 - 00004066 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-02 21:58 - 2014-02-28 01:11 - 00003830 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-02 17:26 - 2014-10-15 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport 2016-02-02 17:26 - 2014-03-05 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro 2016-02-01 22:56 - 2014-06-19 20:36 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Skype 2016-02-01 20:26 - 2014-03-03 14:40 - 00000000 ____D C:\Users\windows 8\Downloads\Compressed 2016-02-01 15:36 - 2014-02-11 21:14 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-308377861-1605807132-3586080931-1001 2016-01-31 23:21 - 2014-02-10 02:54 - 00001406 _____ C:\Users\windows 8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-31 22:48 - 2014-03-24 18:56 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\CyberLink 2016-01-31 22:08 - 2014-07-25 00:22 - 00000000 ____D C:\Program Files (x86)\Steam 2016-01-30 22:29 - 2014-09-19 00:47 - 00000000 ____D C:\ProgramData\GbPlugin 2016-01-28 22:30 - 2014-02-10 02:55 - 00000000 ____D C:\Users\windows 8\Documents\Bluetooth Folder 2016-01-28 21:39 - 2014-02-10 02:55 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\Atheros 2016-01-28 21:21 - 2014-12-30 23:44 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\vlc 2016-01-28 16:36 - 2014-03-14 20:40 - 03372032 ___SH C:\Users\windows 8\Downloads\Thumbs.db 2016-01-28 11:35 - 2015-04-09 23:35 - 00000000 ____D C:\Meus Sites 2016-01-28 11:30 - 2015-04-09 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack 2016-01-27 12:24 - 2014-12-13 02:36 - 00000132 _____ C:\Users\windows 8\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 2016-01-25 22:29 - 2014-09-18 01:27 - 00000000 ____D C:\Users\windows 8\Documents\Simple Sticky Notes 2016-01-24 17:09 - 2014-08-29 16:32 - 00000000 ____D C:\Users\windows 8\Desktop\Fankoob 2016-01-23 11:41 - 2014-02-11 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2016-01-23 11:41 - 2014-02-11 21:10 - 00000000 ____D C:\Program Files (x86)\MPC-HC 2016-01-22 22:30 - 2012-07-26 06:12 - 00000000 ___HD C:\windows\ELAMBKUP 2016-01-21 11:27 - 2012-07-26 06:12 - 00000000 ____D C:\windows\system32\NDF 2016-01-20 13:41 - 2015-04-18 12:18 - 00000000 __RHD C:\Users\windows 8\Desktop\FAMILIA 2016-01-19 21:03 - 2013-05-16 04:07 - 00000000 ____D C:\windows\system32\Drivers\NISx64 2016-01-18 22:11 - 2013-05-16 04:09 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2016-01-18 22:11 - 2013-05-16 04:09 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2016-01-18 22:11 - 2013-05-16 04:09 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-01-18 22:11 - 2013-05-16 04:07 - 00000000 ____D C:\ProgramData\Norton 2016-01-18 22:09 - 2013-05-16 04:07 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security 2016-01-18 16:39 - 2014-12-02 00:22 - 00000000 ____D C:\Users\windows 8\AppData\Roaming\uTorrent 2016-01-18 13:19 - 2015-12-07 11:52 - 00000000 ____D C:\Users\windows 8\Desktop\AddmeFast Bot - Ultimate [Xtmhacks.com] ==================== Arquivos na raiz de alguns diretórios ======= 2014-09-17 21:26 - 2014-09-17 21:26 - 0000132 _____ () C:\Users\windows 8\AppData\Roaming\Adobe GIF Format CS5 Prefs 2014-06-01 18:19 - 2014-12-03 11:02 - 0000132 _____ () C:\Users\windows 8\AppData\Roaming\Adobe PNG Format CS5 Prefs 2014-10-15 19:31 - 2014-12-01 00:00 - 0000614 _____ () C:\Users\windows 8\AppData\Roaming\LiveSupport.exe_log.txt 2014-11-09 23:45 - 2014-04-01 19:22 - 0013986 ___SH () C:\Users\windows 8\AppData\Roaming\pgjk.vbs 2014-12-13 02:36 - 2016-01-27 12:24 - 0000132 _____ () C:\Users\windows 8\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 2014-10-15 19:31 - 2014-10-15 19:31 - 0000092 _____ () C:\Users\windows 8\AppData\Roaming\regsvr32.exe_log.txt 2015-01-26 09:40 - 2015-01-26 09:40 - 0017997 _____ () C:\Users\windows 8\AppData\Roaming\unins000.dat 2015-01-26 09:40 - 2015-01-26 09:40 - 0730322 _____ () C:\Users\windows 8\AppData\Roaming\unins000.exe 2014-07-30 19:39 - 2014-07-30 19:39 - 0000044 _____ () C:\Users\windows 8\AppData\Roaming\WB.CFG 2015-12-07 13:01 - 2015-12-07 13:01 - 0001456 _____ () C:\Users\windows 8\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2014-07-22 19:41 - 2014-07-22 20:12 - 0001456 _____ () C:\Users\windows 8\AppData\Local\Adobe Save for Web 12.0 Prefs 2014-09-22 15:12 - 2014-09-22 15:12 - 0007605 _____ () C:\Users\windows 8\AppData\Local\Resmon.ResmonCfg 2014-09-06 21:37 - 2014-09-06 21:37 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-02-01 20:59 - 2015-02-01 20:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-05-16 03:56 - 2013-02-19 05:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-05-16 03:56 - 2013-01-12 12:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml Alguns arquivos em TEMP: ==================== C:\Users\windows 8\AppData\Local\Temp\2609.tmp.exe C:\Users\windows 8\AppData\Local\Temp\5675.tmp.exe C:\Users\windows 8\AppData\Local\Temp\5C89.tmp.exe C:\Users\windows 8\AppData\Local\Temp\8DA9.tmp.exe C:\Users\windows 8\AppData\Local\Temp\98FB.tmp.exe C:\Users\windows 8\AppData\Local\Temp\AF35.tmp.exe C:\Users\windows 8\AppData\Local\Temp\B9B8.tmp.exe C:\Users\windows 8\AppData\Local\Temp\D999.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E899.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E8F8.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E8F9.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E8FA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E8FB.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E8FC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E8FD.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E8FE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E8FF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E900.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E901.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E902.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E913.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E914.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E924.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E925.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E926.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E927.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E928.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E929.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E92A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E92B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E92C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E92D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E94D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E94E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E94F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E950.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E961.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E962.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E963.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E964.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E965.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E966.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E967.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E968.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E998.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E999.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E99A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E99B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E99C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E99D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E99E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E99F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9A0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9A1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9A2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9B3.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9B4.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9B5.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9B6.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9B7.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9B8.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9B9.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9BA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9BB.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9BC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9BD.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9BE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9CE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9CF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9D0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9D1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9D2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9D3.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9D4.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9D5.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9D6.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9D7.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9D8.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9E9.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9EA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9EB.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9EC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9ED.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9EE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9EF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9F0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9F1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9F2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9F3.tmp.exe C:\Users\windows 8\AppData\Local\Temp\E9F4.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA04.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA05.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA06.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA07.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA08.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA09.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA0A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA0B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA0C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA1D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA1E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA1F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA20.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA21.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA22.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA23.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA24.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA25.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA26.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA27.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA38.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA39.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA3A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA3B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA3C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA3D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA3E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA3F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA40.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA41.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA42.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA52.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA53.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA54.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA55.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EA56.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EEDC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\EEFC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\esg_cleanup.exe C:\Users\windows 8\AppData\Local\Temp\F0D2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F140.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F141.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F142.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F143.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F154.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F155.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F156.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F157.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F186.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F187.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F188.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F199.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F19A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F19B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F19C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F19D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F1AE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F1AF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F1B0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F20E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F20F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F25F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F260.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F261.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F271.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F272.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F273.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F274.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F285.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F286.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F287.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F288.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F289.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F299.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F29A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F29B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F29C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F29D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F29E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2AF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2B0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2B1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2B2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2B3.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2C4.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2C5.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2C6.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2C7.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2C8.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2D8.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2D9.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2DA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2DB.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2EC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2ED.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2EE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2EF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F2F0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F301.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F302.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F303.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F304.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F305.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F306.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F307.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F308.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F318.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F319.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F32A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F32B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F32C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F32D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F32E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F32F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F330.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F331.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F332.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F342.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F353.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F354.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F365.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F366.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F367.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F368.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F369.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F36A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F36B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F37B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F37C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F37D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F37E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F37F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F380.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F381.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F382.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F383.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F384.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F385.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F396.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F397.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F398.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F399.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3AA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3AB.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3AC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3AD.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3AE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3BE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3BF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3C0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3C1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3C2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3C3.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3C4.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3C5.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3C6.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3C7.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3D8.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3D9.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3DA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3EA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3EB.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3EC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3ED.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3EE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3EF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3F0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3F1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3F2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3F3.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F3F4.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F405.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F406.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F417.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F418.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F419.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F41A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F41B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F41C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F41D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F41E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F42E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F42F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F430.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F431.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F442.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F453.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F454.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F455.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F465.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F466.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F467.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F478.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F479.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F499.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4AA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4AB.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4AC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4AD.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4BD.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4BE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4CF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4D0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4D1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4F1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F4F2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F504.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F514.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F525.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F526.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F527.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F528.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F529.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F52A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F52B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F52C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F52D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F52E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F53F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F540.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F541.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F542.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F543.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F544.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F564.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F584.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F585.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F5A5.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F5A6.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F5A7.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F5A8.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F5A9.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F5AA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F638.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F639.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F63A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F63B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F63C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F63D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F63E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F63F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F650.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F651.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F652.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F653.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F654.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F655.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F656.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F666.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F667.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F668.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F669.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F66A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F66B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F66C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F67D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F67E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F67F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F680.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F681.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F682.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F683.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F684.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F685.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F686.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F697.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F698.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F699.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F69A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F69B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F69C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F69D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F69E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F69F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6A0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6B0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6B1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6B2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6B3.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6B4.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6B5.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6B6.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6B7.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6B8.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6B9.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6CA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6CB.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6CC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6CD.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6CE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6CF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6D0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6D1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6D2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6D3.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6E3.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6E4.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6E5.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6E6.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6E7.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6E8.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6E9.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6EA.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6EB.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6FC.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6FD.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6FE.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F6FF.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F700.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F701.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F702.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F703.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F704.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F705.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F716.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F717.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F718.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F719.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F71A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F71B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F71C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F71D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F71E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F71F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F72F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F730.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F731.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F732.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F733.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F734.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F735.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F736.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F737.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F738.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F739.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F74A.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F74B.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F75C.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F75D.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F75E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F76E.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F77F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F780.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F790.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F791.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F800.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F801.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F831.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F870.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F8B0.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F8B1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F8E1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F93F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F97F.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F980.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F981.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F982.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F9C1.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F9C2.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F9D3.tmp.exe C:\Users\windows 8\AppData\Local\Temp\F9D4.tmp.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\windows\explorer.exe => O arquivo é assinado digitalmente C:\windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\windows\system32\services.exe => O arquivo é assinado digitalmente C:\windows\system32\User32.dll => O arquivo é assinado digitalmente C:\windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-01-27 15:19 ==================== Fim de FRST.txt ============================