Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:21-02-2016 01 Executado por Maurício (administrador) em MAURÍCIO-VAIO (21-02-2016 23:55:14) Executando a partir de C:\Users\Maurício\Desktop Perfis Carregados: Maurício (Perfis Disponíveis: Maurício & DefaultAppPool) Platform: Windows 10 Home Versão 1511 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TODO: ) C:\ProgramData\Updata\GoogleUpdata.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (VLOME) C:\Users\Maurício\AppData\Local\Temp\00007299\casrss.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Google Inc.) C:\Users\Maurício\AppData\Local\Google\Update\GoogleUpdate.exe () C:\Program Files\Sony\VAIO Care\listener.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe () C:\ProgramData\WindowsMsg\osmsg.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\Maurício\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Maurício\AppData\Roaming\Spotify\SpotifyCrashService.exe (Spotify Ltd) C:\Users\Maurício\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Maurício\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Maurício\AppData\Roaming\Spotify\Spotify.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Google Inc.) C:\Users\Maurício\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Maurício\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Maurício\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Maurício\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Maurício\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Maurício\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Maurício\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Maurício\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Google Inc.) C:\Users\Maurício\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM-x32\...\Run: [QHSafeTray] => "C:\Program Files (x86)\PSafe\Total\safemon\QHSafeTray.exe" /start HKLM-x32\...\Run: [sun7] => [X] Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.) HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.) HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\...\Run: [Google Update] => C:\Users\Maurício\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.) HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\...\Run: [Spotify Web Helper] => C:\Users\Maurício\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-02-21] (Spotify Ltd) HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\...\Run: [Spotify] => C:\Users\Maurício\AppData\Roaming\Spotify\Spotify.exe [6743664 2016-02-21] (Spotify Ltd) HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.) HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\...\Run: [Pritc] => C:\Users\Maurício\AppData\Local\Temp\00007299\casrss.exe [2954240 2016-02-06] (VLOME) <===== ATENÇÃO HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-04] () HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\...\RunOnce: [Uninstall C:\Users\Maur�cio\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Maurício\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Nenhum Arquivo CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [.DEFAULT] => Proxy está habilitado. ProxyServer: [.DEFAULT] => http=127.0.0.1:60064;https=127.0.0.1:60064 Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 187.60.96.18 187.60.96.19 Tcpip\..\Interfaces\{c6824594-1a86-4a9e-a1b4-44e15e837eff}: [DhcpNameServer] 187.60.96.19 187.60.96.18 Tcpip\..\Interfaces\{f9e065d0-0839-4dd5-8861-1aa17b3a1511}: [DhcpNameServer] 187.60.96.18 187.60.96.19 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=5fbe8ff527f15cd0059ddd7c7b48e1b8 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKU\S-1-5-21-3344363619-2784074106-1113438760-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sony.com.br/vaio SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {6FA57F6D-E6C8-1F5E-E53D-68F29113985E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3344363619-2784074106-1113438760-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = SearchScopes: HKU\S-1-5-21-3344363619-2784074106-1113438760-1000 -> {92001F8A-C36B-473A-91E7-5BE0C81CF2B3} URL = hxxp://clikseguro.com/Search.aspx?cx=017847565674971774939%3Aktp_l5v6i2u&ie=ISO-8859-1&q={searchTerms} BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-01-23] (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-24] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-04-29] (Atheros Commnucations) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-24] (Oracle Corporation) Toolbar: HKU\S-1-5-21-3344363619-2784074106-1113438760-1000 -> Sem Nome - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Nenhum Arquivo Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1454794112&z=9a83ef203f44133b2622cdbgdz0wbzbm8tezcg5g7o&from=face&uid=HitachiXHTS547550A9E384_J2110051DNX1ABDNX1ABX FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-01-23] (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-24] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo] FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-01-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-01-11] (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin HKU\S-1-5-21-3344363619-2784074106-1113438760-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Maurício\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.) FF Plugin HKU\S-1-5-21-3344363619-2784074106-1113438760-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Maurício\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.) FF Plugin HKU\S-1-5-21-3344363619-2784074106-1113438760-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Maurício\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-11] (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-11] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKU\.DEFAULT\...\Firefox\Extensions: [buscape@buscape.com.br] - C:\Program Files (x86)\Buscapé\Buscapé na Hora\Firefox FF Extension: Sem Nome - C:\Program Files (x86)\Buscapé\Buscapé na Hora\Firefox [2013-02-27] [não assinado] Chrome: ======= CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/" CHR DefaultSearchURL: Profile 1 -> hxxps://mystart.com/default-search/rsc001__moss__org103__103_55f20019a6fde1d80a7b23c6__2_4_5__moc__nt__yr/?q={searchTerms} CHR DefaultSearchKeyword: Profile 1 -> yahoo CHR Profile: C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-10] CHR Extension: (Pesquisa do Google) - C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-10] CHR Extension: (AdBlock) - C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-04] CHR Extension: (Facebook Flat — New Design & AdBlock) - C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2016-02-04] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29] CHR Extension: (Gmail) - C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-10] CHR Profile: C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Docs) - C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-06] CHR Extension: (AdBlock) - C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-21] CHR Extension: (Skype) - C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-06] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Maurício\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-06] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] CHR HKLM-x32\...\Chrome\Extension: [pppagaglfkmlpgobnlenhknilehpmcbo] - C:\Program Files (x86)\PSafe\PSafeAV\safemon\360webshield.crx StartMenuInternet: Google Chrome - C:\Users\Maurício\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.yoursearching.com/?type=sc&ts=1454794112&z=9a83ef203f44133b2622cdbgdz0wbzbm8tezcg5g7o&from=face&uid=HitachiXHTS547550A9E384_J2110051DNX1ABDNX1ABX ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) [Arquivo não assinado] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation) R2 GoogleChromeUpdata; C:\ProgramData\Updata\GoogleUpdata.exe [2768384 2016-02-04] (TODO: ) [Arquivo não assinado] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [Arquivo não assinado] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-03-25] () [Arquivo não assinado] S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-19] (Electronic Arts) S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] () R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2014-07-25] (360.cn) S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2014-08-27] (360.cn) R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2014-08-27] (360.cn) R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [311888 2014-07-25] (Qihu 360 Software Co., Ltd.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.) S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.) R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2016-02-04] () R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-08-02] (Disc Soft Ltd) R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-21] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-01-06] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 idsvc; não ImagePath U5 REALPLAYERUPDATESVC; não ImagePath ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-21 23:55 - 2016-02-21 23:56 - 00026917 _____ C:\Users\Maurício\Desktop\FRST.txt 2016-02-21 23:55 - 2016-02-21 23:55 - 00000000 ____D C:\FRST 2016-02-21 23:52 - 2016-02-21 23:54 - 02371072 _____ (Farbar) C:\Users\Maurício\Desktop\FRST64.exe 2016-02-11 11:52 - 2016-02-11 11:52 - 08817344 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2016-02-10 01:54 - 2016-01-27 02:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-02-10 01:54 - 2016-01-27 02:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-02-10 01:54 - 2016-01-27 02:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-02-10 01:54 - 2016-01-27 02:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-02-10 01:54 - 2016-01-27 02:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-02-10 01:54 - 2016-01-27 02:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-02-10 01:54 - 2016-01-27 02:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-02-10 01:54 - 2016-01-27 01:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-02-10 01:54 - 2016-01-27 01:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-02-10 01:54 - 2016-01-27 01:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-02-10 01:54 - 2016-01-27 01:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-02-10 01:54 - 2016-01-27 01:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-02-10 01:53 - 2016-01-29 03:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-02-10 01:53 - 2016-01-29 03:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-02-10 01:53 - 2016-01-27 03:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-02-10 01:53 - 2016-01-27 03:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-02-10 01:53 - 2016-01-27 03:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-02-10 01:53 - 2016-01-27 03:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-02-10 01:53 - 2016-01-27 03:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-02-10 01:53 - 2016-01-27 02:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-02-10 01:53 - 2016-01-27 02:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-02-10 01:53 - 2016-01-27 02:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-02-10 01:53 - 2016-01-27 02:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-02-10 01:53 - 2016-01-27 02:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe 2016-02-10 01:53 - 2016-01-27 02:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-02-10 01:53 - 2016-01-27 02:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-02-10 01:53 - 2016-01-27 02:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-02-10 01:53 - 2016-01-27 02:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-02-10 01:53 - 2016-01-27 02:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-02-10 01:53 - 2016-01-27 02:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-02-10 01:53 - 2016-01-27 02:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2016-02-10 01:53 - 2016-01-27 02:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-02-10 01:53 - 2016-01-27 02:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-02-10 01:53 - 2016-01-27 02:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-02-10 01:53 - 2016-01-27 02:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll 2016-02-10 01:53 - 2016-01-27 02:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-02-10 01:53 - 2016-01-27 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-02-10 01:53 - 2016-01-27 02:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-02-10 01:53 - 2016-01-27 02:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-02-10 01:53 - 2016-01-27 02:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-02-10 01:53 - 2016-01-27 02:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll 2016-02-10 01:53 - 2016-01-27 02:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll 2016-02-10 01:53 - 2016-01-27 02:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-02-10 01:53 - 2016-01-27 02:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-02-10 01:53 - 2016-01-27 02:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-02-10 01:53 - 2016-01-27 02:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2016-02-10 01:53 - 2016-01-27 02:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-02-10 01:53 - 2016-01-27 02:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-02-10 01:53 - 2016-01-27 01:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll 2016-02-10 01:53 - 2016-01-27 01:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-02-10 01:53 - 2016-01-27 01:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-02-10 01:53 - 2016-01-27 01:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-02-10 01:53 - 2016-01-27 01:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-02-10 01:53 - 2016-01-27 01:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-02-10 01:53 - 2016-01-27 01:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-02-10 01:53 - 2016-01-27 01:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-02-10 01:53 - 2016-01-27 01:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll 2016-02-10 01:53 - 2016-01-27 01:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-02-10 01:53 - 2016-01-27 01:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-02-10 01:53 - 2016-01-27 01:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-02-10 01:53 - 2016-01-27 01:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-02-10 01:53 - 2016-01-27 01:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-02-10 01:53 - 2016-01-27 01:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-02-10 01:53 - 2016-01-27 01:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-02-10 01:53 - 2016-01-27 01:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll 2016-02-09 14:09 - 2016-02-09 14:09 - 00000000 ____D C:\Users\Maurício\AppData\Local\IronSnout 2016-02-09 14:07 - 2016-02-09 14:07 - 00000222 _____ C:\Users\Maurício\Desktop\Iron Snout.url 2016-02-09 13:42 - 2016-02-09 13:42 - 00000000 ____D C:\Users\Maurício\AppData\Local\Steam 2016-02-08 03:27 - 2016-02-08 03:27 - 00127313 _____ C:\Users\Maurício\Downloads\download.htm 2016-02-07 00:42 - 2016-02-07 00:42 - 00055293 _____ C:\Users\Maurício\Desktop\JRT.txt 2016-02-07 00:34 - 2016-02-07 00:36 - 01609032 _____ (Malwarebytes) C:\Users\Maurício\Desktop\JRT.exe 2016-02-06 23:25 - 2016-02-06 23:25 - 00000000 ____D C:\Users\Todos os Usuários\4d31052f-6b03-1 2016-02-06 23:25 - 2016-02-06 23:25 - 00000000 ____D C:\Users\Todos os Usuários\4d31052f-5207-0 2016-02-06 23:25 - 2016-02-06 23:25 - 00000000 ____D C:\ProgramData\4d31052f-6b03-1 2016-02-06 23:25 - 2016-02-06 23:25 - 00000000 ____D C:\ProgramData\4d31052f-5207-0 2016-02-06 21:40 - 2016-02-06 21:40 - 00631808 _____ C:\WINDOWS\poy.dat 2016-02-06 21:39 - 2016-02-06 22:59 - 00000000 ____D C:\Users\Todos os Usuários\4d31052f-7591-0 2016-02-06 21:39 - 2016-02-06 22:59 - 00000000 ____D C:\Users\Todos os Usuários\4d31052f-0301-1 2016-02-06 21:39 - 2016-02-06 22:59 - 00000000 ____D C:\ProgramData\4d31052f-7591-0 2016-02-06 21:39 - 2016-02-06 22:59 - 00000000 ____D C:\ProgramData\4d31052f-0301-1 2016-02-06 21:39 - 2016-02-06 21:39 - 00022592 _____ C:\WINDOWS\System32\Tasks\{7D050547-7D79-057A-7F11-0D79057A117D} 2016-02-06 21:34 - 2016-02-21 23:35 - 00003658 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask 2016-02-06 20:04 - 2016-02-21 23:41 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-02-06 20:02 - 2016-02-07 00:21 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-02-06 20:02 - 2016-02-06 20:02 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2016-02-06 20:02 - 2016-02-06 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-02-06 20:02 - 2016-02-06 20:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-02-06 20:02 - 2016-02-06 20:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-02-06 20:02 - 2015-10-05 08:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-02-06 20:02 - 2015-10-05 08:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-02-06 20:02 - 2015-10-05 08:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-02-06 19:57 - 2016-02-06 20:02 - 22908888 _____ (Malwarebytes ) C:\Users\Maurício\Downloads\mbam-setup-2.2.0.1024.exe 2016-02-06 19:31 - 2016-02-06 19:32 - 05657667 _____ (Swearware) C:\Users\Maurício\Downloads\ComboFix.exe 2016-02-06 19:23 - 2016-02-06 19:23 - 00000000 ____D C:\Users\Todos os Usuários\Uniblue 2016-02-06 19:23 - 2016-02-06 19:23 - 00000000 ____D C:\ProgramData\Uniblue 2016-02-06 19:07 - 2016-02-06 19:07 - 00000000 ____D C:\Users\Public\Documents\ShopperPro3 2016-02-06 18:35 - 2016-02-07 00:19 - 00000000 ____D C:\Program Files\WajaNetEn 2016-02-06 18:32 - 2016-02-07 00:19 - 00000000 ____D C:\Users\Todos os Usuários\LFuQamXA 2016-02-06 18:32 - 2016-02-07 00:19 - 00000000 ____D C:\ProgramData\LFuQamXA 2016-02-06 18:31 - 2016-02-06 18:31 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2016-02-06 18:31 - 2016-02-06 18:31 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2016-02-06 18:29 - 2016-02-06 21:58 - 00000000 ____D C:\Users\Maurício\AppData\Local\Setup Wizard 2016-02-06 18:29 - 2016-02-06 19:41 - 00000000 ____D C:\Users\Maurício\AppData\Roaming\yoursearching 2016-02-06 18:25 - 2016-02-06 18:25 - 00003124 _____ C:\WINDOWS\System32\Tasks\ttwifi 2016-02-06 18:25 - 2016-02-06 18:25 - 00003060 _____ C:\WINDOWS\System32\Tasks\Pritc 2016-02-06 18:25 - 2016-02-06 18:25 - 00003018 _____ C:\WINDOWS\System32\Tasks\osTip 2016-02-06 18:25 - 2016-02-06 18:25 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-02-06 18:25 - 2016-02-06 18:25 - 00000000 ____D C:\Users\Todos os Usuários\Updata 2016-02-06 18:25 - 2016-02-06 18:25 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-02-06 18:25 - 2016-02-06 18:25 - 00000000 ____D C:\ProgramData\Updata 2016-02-06 17:56 - 2016-02-06 17:57 - 00278548 _____ C:\WINDOWS\Minidump\020616-23234-01.dmp 2016-02-06 17:56 - 2016-02-06 17:56 - 00000000 ____D C:\WINDOWS\Minidump 2016-02-04 22:48 - 2016-02-04 22:48 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys 2016-02-04 22:46 - 2016-02-04 22:46 - 00003424 _____ C:\WINDOWS\System32\Tasks\Sofureg 2016-02-04 22:46 - 2016-02-04 22:46 - 00000000 ____D C:\Users\Maurício\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-02-04 22:46 - 2016-02-04 22:46 - 00000000 ____D C:\uninst 2016-02-04 10:33 - 2016-02-04 10:33 - 00000000 ____D C:\Users\Public\Documents\Tools 2016-02-04 10:22 - 2016-02-04 10:22 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini 2016-01-28 21:11 - 2016-01-28 21:11 - 00000000 ____D C:\Users\Maurício\Documents\League of Legends 2016-01-28 19:58 - 2016-01-16 03:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-01-28 19:58 - 2016-01-16 03:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-01-28 19:58 - 2016-01-16 02:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-01-28 19:57 - 2016-01-16 02:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-01-28 19:57 - 2016-01-16 02:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-01-28 19:57 - 2016-01-16 02:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-01-28 19:57 - 2016-01-16 02:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-01-28 19:56 - 2016-01-16 03:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-01-28 19:56 - 2016-01-16 03:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2016-01-28 19:56 - 2016-01-16 03:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-01-28 19:56 - 2016-01-16 03:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-01-28 19:56 - 2016-01-16 03:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-01-28 19:56 - 2016-01-16 03:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2016-01-28 19:56 - 2016-01-16 03:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-01-28 19:56 - 2016-01-16 03:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2016-01-28 19:56 - 2016-01-16 03:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-01-28 19:56 - 2016-01-16 03:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-01-28 19:56 - 2016-01-16 03:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-01-28 19:56 - 2016-01-16 03:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-01-28 19:56 - 2016-01-16 03:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-01-28 19:56 - 2016-01-16 02:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll 2016-01-28 19:56 - 2016-01-16 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-01-28 19:56 - 2016-01-16 02:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-01-28 19:56 - 2016-01-16 02:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2016-01-28 19:56 - 2016-01-16 02:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2016-01-28 19:56 - 2016-01-16 02:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2016-01-28 19:56 - 2016-01-16 02:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-01-28 19:56 - 2016-01-16 02:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2016-01-28 19:56 - 2016-01-16 02:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-01-28 19:56 - 2016-01-16 02:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-01-28 19:56 - 2016-01-16 02:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-01-28 19:56 - 2016-01-16 02:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-01-28 19:56 - 2016-01-16 02:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-01-28 19:56 - 2016-01-16 02:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll 2016-01-28 19:56 - 2016-01-16 02:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-01-28 19:56 - 2016-01-16 02:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll 2016-01-28 19:56 - 2016-01-16 02:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-01-28 19:56 - 2016-01-16 02:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-01-28 19:56 - 2016-01-16 02:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-01-28 19:56 - 2016-01-16 02:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2016-01-28 19:56 - 2016-01-16 02:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll 2016-01-28 19:56 - 2016-01-16 02:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll 2016-01-28 19:56 - 2016-01-16 02:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-01-28 19:56 - 2016-01-16 02:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2016-01-28 19:56 - 2016-01-16 02:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-01-28 19:56 - 2016-01-16 02:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-01-28 19:56 - 2016-01-16 02:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-01-28 19:56 - 2016-01-16 02:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-01-28 19:56 - 2016-01-16 02:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-01-28 19:56 - 2016-01-16 02:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-01-28 19:56 - 2016-01-16 02:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-01-28 19:56 - 2016-01-16 02:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2016-01-28 19:56 - 2016-01-16 02:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll 2016-01-28 19:56 - 2016-01-16 02:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2016-01-28 19:56 - 2016-01-16 02:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-01-28 19:56 - 2016-01-16 02:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2016-01-28 19:56 - 2016-01-16 02:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-01-28 19:56 - 2016-01-16 02:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-01-28 19:56 - 2016-01-16 02:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-01-28 19:55 - 2016-01-16 03:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-01-28 19:55 - 2016-01-16 03:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-01-28 19:55 - 2016-01-16 03:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-01-28 19:55 - 2016-01-16 03:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-01-28 19:55 - 2016-01-16 03:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-01-28 19:55 - 2016-01-16 03:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2016-01-28 19:55 - 2016-01-16 03:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2016-01-28 19:55 - 2016-01-16 02:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-01-28 19:55 - 2016-01-16 02:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-01-28 19:55 - 2016-01-16 02:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll 2016-01-28 19:55 - 2016-01-16 02:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll 2016-01-28 19:55 - 2016-01-16 02:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll 2016-01-28 19:55 - 2016-01-16 02:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-01-28 19:55 - 2016-01-16 02:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll 2016-01-28 19:55 - 2016-01-16 02:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-01-28 19:55 - 2016-01-16 02:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll 2016-01-28 19:55 - 2016-01-16 02:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe 2016-01-28 19:55 - 2016-01-16 02:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe 2016-01-28 19:55 - 2016-01-16 02:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2016-01-28 19:55 - 2016-01-16 02:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-01-28 19:55 - 2016-01-16 02:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll 2016-01-28 19:55 - 2016-01-16 02:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-01-28 19:55 - 2016-01-16 02:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll 2016-01-28 19:55 - 2016-01-16 02:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-01-28 19:55 - 2016-01-16 02:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2016-01-28 19:55 - 2016-01-16 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-01-28 19:55 - 2016-01-16 02:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll 2016-01-28 19:55 - 2016-01-16 02:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll 2016-01-28 19:55 - 2016-01-16 02:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-01-28 19:55 - 2016-01-16 02:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll 2016-01-28 19:55 - 2016-01-16 02:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2016-01-28 19:55 - 2016-01-16 02:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-01-28 19:55 - 2016-01-16 02:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll 2016-01-28 19:55 - 2016-01-16 02:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2016-01-28 19:55 - 2016-01-16 02:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2016-01-28 19:55 - 2016-01-16 02:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-01-28 19:55 - 2016-01-16 02:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe 2016-01-28 19:55 - 2016-01-16 02:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe 2016-01-28 19:55 - 2016-01-16 02:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll 2016-01-28 19:55 - 2016-01-16 02:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2016-01-28 19:55 - 2016-01-16 02:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll 2016-01-28 19:55 - 2016-01-16 02:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-01-28 19:55 - 2016-01-16 02:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-01-28 19:55 - 2016-01-16 02:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2016-01-28 19:55 - 2016-01-16 02:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-01-28 19:55 - 2016-01-16 02:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-01-28 19:55 - 2016-01-16 02:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-01-28 19:55 - 2016-01-16 02:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-01-28 19:55 - 2016-01-16 02:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2016-01-27 09:02 - 2016-01-27 09:01 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-21 23:51 - 2012-10-07 19:37 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-02-21 23:45 - 2015-10-30 16:34 - 00000000 ____D C:\Users\Maurício\AppData\Roaming\Spotify 2016-02-21 23:35 - 2015-10-30 16:36 - 00000000 ____D C:\Users\Maurício\AppData\Local\Spotify 2016-02-21 23:35 - 2014-11-28 14:42 - 00000000 ____D C:\Users\Maurício\AppData\Roaming\Skype 2016-02-21 23:34 - 2015-08-02 19:15 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-02-21 23:34 - 2013-02-05 23:47 - 00001100 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-21 23:29 - 2015-12-12 03:31 - 02093768 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-02-21 23:29 - 2015-10-30 16:11 - 00887722 _____ C:\WINDOWS\system32\prfh0416.dat 2016-02-21 23:29 - 2015-10-30 16:11 - 00192768 _____ C:\WINDOWS\system32\prfc0416.dat 2016-02-21 23:29 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF 2016-02-21 23:25 - 2015-12-12 03:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-21 23:24 - 2015-10-30 03:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-02-21 23:24 - 2014-07-28 22:41 - 00000000 _RSHD C:\360SANDBOX 2016-02-21 23:22 - 2015-10-30 16:14 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-21 23:21 - 2013-02-05 23:47 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-21 23:20 - 2014-10-19 20:20 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3344363619-2784074106-1113438760-1000UA1cfebf33a23936e.job 2016-02-21 23:16 - 2012-06-23 19:09 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3344363619-2784074106-1113438760-1000UA.job 2016-02-21 22:40 - 2014-07-24 21:29 - 00000378 _____ C:\WINDOWS\Tasks\ReclaimerUpdateXML_Maurício.job 2016-02-21 21:34 - 2014-07-24 21:29 - 00000382 _____ C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Maurício.job 2016-02-21 20:25 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-21 20:09 - 2012-06-23 16:48 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{976835FB-A69B-4A2B-B8AB-C77DF1FF5C8B} 2016-02-21 14:16 - 2012-06-23 19:09 - 00001038 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3344363619-2784074106-1113438760-1000Core.job 2016-02-20 20:21 - 2012-06-23 19:15 - 00002470 _____ C:\Users\Maurício\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-20 20:14 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-17 23:20 - 2014-10-19 20:20 - 00001066 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3344363619-2784074106-1113438760-1000Core1cfebf338fdd3d1.job 2016-02-13 01:33 - 2012-08-10 22:23 - 00000000 ____D C:\Users\Maurício\AppData\Local\Last.fm 2016-02-11 11:43 - 2013-08-16 17:47 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-11 11:35 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-11 11:35 - 2012-10-23 16:51 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-10 22:59 - 2014-06-17 15:51 - 00000000 ____D C:\Program Files (x86)\Steam 2016-02-09 23:15 - 2014-10-19 20:20 - 00004272 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3344363619-2784074106-1113438760-1000UA1cfebf33a23936e 2016-02-09 23:15 - 2014-10-19 20:20 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3344363619-2784074106-1113438760-1000Core1cfebf338fdd3d1 2016-02-09 17:05 - 2015-12-12 03:32 - 00000000 ____D C:\Users\Maurício 2016-02-07 00:22 - 2015-12-12 03:46 - 00001495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-02-07 00:22 - 2015-11-26 11:19 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk 2016-02-07 00:22 - 2015-10-30 16:36 - 00001851 _____ C:\Users\Maurício\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2016-02-07 00:22 - 2015-09-15 18:59 - 00001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2016-02-07 00:22 - 2015-08-02 19:24 - 00001051 _____ C:\Users\Maurício\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursos Opcionais.lnk 2016-02-07 00:22 - 2015-08-02 19:23 - 00002382 _____ C:\Users\Maurício\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-07 00:22 - 2015-06-05 17:34 - 00002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk 2016-02-07 00:22 - 2015-06-04 14:45 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2016-02-07 00:22 - 2015-01-06 22:10 - 00002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk 2016-02-07 00:22 - 2014-06-17 15:51 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk 2016-02-07 00:22 - 2012-10-25 15:06 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-02-07 00:22 - 2012-10-25 15:06 - 00000947 _____ C:\Users\Public\Desktop\µTorrent.lnk 2016-02-07 00:22 - 2012-09-11 14:23 - 00002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visualizador do Microsoft PowerPoint .lnk 2016-02-07 00:22 - 2012-07-23 15:43 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-02-07 00:22 - 2012-01-23 22:09 - 00002173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Smart Network.lnk 2016-02-07 00:22 - 2012-01-23 21:57 - 00002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2016-02-07 00:22 - 2012-01-23 21:57 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2016-02-07 00:22 - 2012-01-23 21:57 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2016-02-07 00:22 - 2012-01-23 21:57 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2016-02-07 00:22 - 2012-01-23 21:53 - 00002679 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Easy Connect.lnk 2016-02-07 00:22 - 2012-01-23 21:53 - 00002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk 2016-02-07 00:22 - 2012-01-23 21:53 - 00001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer.lnk 2016-02-07 00:22 - 2012-01-23 21:51 - 00002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk 2016-02-07 00:22 - 2012-01-23 21:47 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Keyboard.lnk 2016-02-07 00:22 - 2012-01-23 21:35 - 00001125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk 2016-02-07 00:22 - 2012-01-23 21:32 - 00001299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk 2016-02-07 00:22 - 2012-01-23 21:27 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2016-02-07 00:22 - 2012-01-23 21:22 - 00001991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk 2016-02-07 00:22 - 2012-01-23 21:22 - 00001517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk 2016-02-07 00:22 - 2012-01-23 21:16 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk 2016-02-07 00:21 - 2015-10-30 16:36 - 00001865 _____ C:\Users\Maurício\Desktop\Spotify.lnk 2016-02-07 00:21 - 2015-08-03 16:23 - 00001116 _____ C:\Users\Public\Desktop\Last.fm Scrobbler.lnk 2016-02-07 00:21 - 2015-04-12 13:15 - 00002144 _____ C:\Users\Maurício\Desktop\Google Earth.lnk 2016-02-07 00:21 - 2014-03-23 11:12 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-02-07 00:21 - 2014-03-23 11:12 - 00000286 __RSH C:\ProgramData\ntuser.pol 2016-02-07 00:21 - 2013-09-30 18:30 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-02-07 00:21 - 2013-07-15 15:39 - 00001190 _____ C:\Users\Public\Desktop\aTube Catcher.lnk 2016-02-07 00:21 - 2013-02-05 23:47 - 00001035 _____ C:\Users\Maurício\Desktop\PhotoScape.lnk 2016-02-07 00:21 - 2013-01-11 01:10 - 00001268 _____ C:\Users\Public\Desktop\RealPlayer.lnk 2016-02-07 00:21 - 2012-01-23 22:05 - 00002180 _____ C:\Users\Public\Desktop\Imagination Studio Suite 2 - VAIO Edition.lnk 2016-02-07 00:21 - 2012-01-23 22:05 - 00002023 _____ C:\Users\Public\Desktop\Microsoft Office 2010.lnk 2016-02-07 00:20 - 2014-08-09 12:04 - 00000000 ____D C:\Users\Todos os Usuários\baidu 2016-02-07 00:20 - 2014-08-09 12:04 - 00000000 ____D C:\ProgramData\baidu 2016-02-07 00:20 - 2013-05-27 21:13 - 00000000 ____D C:\Users\Maurício\AppData\Roaming\baidu 2016-02-06 23:56 - 2009-07-14 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-02-06 23:54 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\Branding 2016-02-06 23:53 - 2013-06-23 16:59 - 00000000 ____D C:\Users\Todos os Usuários\ssafuE essavee 2016-02-06 23:53 - 2013-06-23 16:59 - 00000000 ____D C:\ProgramData\ssafuE essavee 2016-02-06 18:29 - 2014-10-20 16:04 - 00000000 __SHD C:\Users\Maurício\AppData\Local\EmieUserList 2016-02-06 18:29 - 2014-10-20 16:04 - 00000000 __SHD C:\Users\Maurício\AppData\Local\EmieSiteList 2016-02-06 17:56 - 2015-05-01 14:22 - 455391775 _____ C:\WINDOWS\MEMORY.DMP 2016-02-04 10:22 - 2015-12-12 03:32 - 00000000 ____D C:\Users\DefaultAppPool 2016-02-04 09:55 - 2015-08-02 19:23 - 00000000 ___RD C:\Users\Maurício\OneDrive 2016-02-03 19:54 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\rescache 2016-02-03 18:41 - 2013-02-05 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-02-03 16:01 - 2015-10-30 04:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-02-03 16:01 - 2015-10-30 04:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-03 13:16 - 2013-02-05 23:47 - 00004162 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-03 13:16 - 2013-02-05 23:47 - 00003930 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-01-31 03:01 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-01-31 03:01 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-01-31 03:01 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-01-31 03:01 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-01-31 03:01 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-01-31 03:01 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-01-31 03:01 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-01-28 19:20 - 2012-11-28 18:10 - 00000000 ____D C:\Users\Maurício\Desktop\Toques 2016-01-25 17:49 - 2013-01-16 19:40 - 00000000 ____D C:\Users\Maurício\AppData\Local\ElevatedDiagnostics 2016-01-25 11:33 - 2014-07-22 21:57 - 00000000 ____D C:\Users\Maurício\Desktop\FOTAS 2016-01-22 17:41 - 2015-04-18 16:07 - 00000000 ____D C:\Users\Maurício\Desktop\Geo ==================== Arquivos na raiz de alguns diretórios ======= 2014-06-17 18:58 - 2014-06-17 19:59 - 0000097 _____ () C:\Users\Maurício\AppData\Roaming\LauncherSettings_live.cfg 2014-06-17 19:02 - 2014-06-17 19:02 - 0000039 _____ () C:\Users\Maurício\AppData\Roaming\TheHunterSettings_steam_live.cfg 2013-09-14 03:42 - 2014-03-31 18:47 - 0000182 _____ () C:\Users\Maurício\AppData\Roaming\WB.CFG 2013-08-02 17:54 - 2013-09-23 23:39 - 0000117 _____ () C:\Users\Maurício\AppData\Local\ap_UA-24552437-8.txt 2013-04-19 14:27 - 2014-03-06 19:52 - 0000952 _____ () C:\ProgramData\KGyGaAvL.sys 2016-02-06 18:31 - 2016-02-06 18:31 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Arquivos para serem movidos ou deletados: ==================== C:\Users\Maurício\AppData\Local\Temp\00007299\casrss.exe C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Alguns arquivos em TEMP: ==================== C:\Users\Maurício\AppData\Local\Temp\13603P1WDE.exe C:\Users\Maurício\AppData\Local\Temp\1454815240.exe C:\Users\Maurício\AppData\Local\Temp\2445.tmp.exe C:\Users\Maurício\AppData\Local\Temp\94492374-D784-9438-D90A-88FF9BFD79E8.exe C:\Users\Maurício\AppData\Local\Temp\9673.tmp.exe C:\Users\Maurício\AppData\Local\Temp\986F.tmp.exe C:\Users\Maurício\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.dll C:\Users\Maurício\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.exe C:\Users\Maurício\AppData\Local\Temp\B48F.tmp.exe C:\Users\Maurício\AppData\Local\Temp\C1ED.tmp.exe C:\Users\Maurício\AppData\Local\Temp\D974.tmp.exe C:\Users\Maurício\AppData\Local\Temp\D9C9.tmp.exe C:\Users\Maurício\AppData\Local\Temp\F97D.tmp.exe C:\Users\Maurício\AppData\Local\Temp\fsd1B43.exe C:\Users\Maurício\AppData\Local\Temp\SpGWj2aRaB.exe C:\Users\Maurício\AppData\Local\Temp\tu17p84.exe C:\Users\Maurício\AppData\Local\Temp\Uninstall.exe C:\Users\Maurício\AppData\Local\Temp\UninstallModule.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-02-20 20:06 ==================== Fim de FRST.txt ============================