Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01 Executado por User (administrador) em USER-PC (25-03-2016 13:49:28) Executando a partir de C:\Users\User\Downloads Perfis Carregados: User (Perfis Disponíveis: User) Platform: Windows 7 Home Premium (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\Program Files (x86)\03000200-1458871782-0500-0006-000700080009\knstA341.tmp (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe () C:\ProgramData\WindowsMsg\osmsg.exe () C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe () C:\ProgramData\WindowsMsg\osmsg.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Space Sound Pro) C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe (Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe () C:\Windows\Temp\BE51.tmp (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe () C:\Users\User\AppData\Local\03000200-1458910782-0500-0006-000700080009\qnsrD96F.tmp () C:\Windows\Temp\BE50.tmp (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\User\Downloads\FRST64 (2).exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro) HKLM\...\Run: [WINCOM6J2] => "C:\Program Files (x86)\sunnyday\wincom_6J2.exe" HKLM\...\Run: [WINCOM59M] => "C:\Program Files (x86)\sunnyday\wincom_59M.exe" HKLM\...\Run: [WINCOMAJW] => "C:\Program Files (x86)\sunnyday\wincom_AJW.exe" HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [gmsd_br_547] => [X] HKLM-x32\...\Run: [gmsd_br_547b] => [X] HKLM-x32\...\Run: [rec_br_01] => [X] HKLM-x32\...\Run: [mpck_en_005030277] => [X] HKLM-x32\...\Run: [mbot_en_037050277] => [X] HKLM-x32\...\Run: [sun3] => [X] HKLM-x32\...\Run: [win_en_77] => [X] HKLM-x32\...\Run: [rec_en_235] => [X] HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe [1081344 2015-12-04] () HKLM-x32\...\Run: [sun21] => [X] HKLM-x32\...\Run: [HomePageHelper] => C:\Users\User\AppData\Roaming\HomePage.exe [1100288 2015-11-25] () HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER_1] => C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe [16896 2016-03-25] (Wizzservices) HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files (x86)\Hostify\idscservice.exe [1210368 2016-03-25] () Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-256664669-4211779640-4119910501-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-256664669-4211779640-4119910501-1001\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-03-05] (BitTorrent Inc.) HKU\S-1-5-21-256664669-4211779640-4119910501-1001\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-03-23] (Spotify Ltd) HKU\S-1-5-21-256664669-4211779640-4119910501-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2011136 2016-03-24] () HKU\S-1-5-21-256664669-4211779640-4119910501-1001\...\Run: [YeaInstaller] => C:\Users\User\AppData\Local\Temp\LJ1WOXJN4\LJ1WOXJN4.exe <===== ATENÇÃO HKU\S-1-5-21-256664669-4211779640-4119910501-1001\...\Run: [msiql] => c:\users\user\appdata\roaming\msiql.exe [1888256 2016-03-02] () HKU\S-1-5-21-256664669-4211779640-4119910501-1001\...\MountPoints2: {407bbb1a-1779-11e5-ac13-eca86bb534bc} - E:\setup.exe HKU\S-1-5-21-256664669-4211779640-4119910501-1001\...\MountPoints2: {4afaa99d-ca7f-11e4-91d7-806e6f6e6963} - D:\BlueBirds.exe HKU\S-1-5-21-256664669-4211779640-4119910501-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2009-07-13] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{7042C6CF-CDD6-4031-8712-727360420F25}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4 ManualProxies: Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-256664669-4211779640-4119910501-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-256664669-4211779640-4119910501-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/ HKU\S-1-5-21-256664669-4211779640-4119910501-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=WDCXWD5000AAKX-00U6AA0_WD-WCC2EPX4250542505&version=2.3.0.8724&pid=414031160&tid=422&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=WDCXWD5000AAKX-00U6AA0_WD-WCC2EPX4250542505&version=2.3.0.8724&pid=414031160&tid=422&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = SearchScopes: HKU\S-1-5-21-256664669-4211779640-4119910501-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-256664669-4211779640-4119910501-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-256664669-4211779640-4119910501-1001 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-256664669-4211779640-4119910501-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation) BHO-x32: Sem Nome -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> Nenhum Arquivo BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation) BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-06] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-06] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-06] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-06] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1433260347&z=66cee888571da8efe6756b4g1zec3c7o7q5e7cezfw&from=smt&uid=WDCXWD5000AAKX-00U6AA0_WD-WCC2EPX4250542505 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3csc9ft1.default FF DefaultSearchUrl: hxxps://www.google.com/search?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google FF Homepage: search.mpc.am FF Keyword.URL: hxxps://www.google.com/search?trackid=sp-006 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-01-12] (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2011-09-19] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-256664669-4211779640-4119910501-1001: @my.com/Games -> C:\Users\User\AppData\Local\MyComGames\NPMyComDetector.dll [2015-12-13] (My.com, Inc) FF Plugin HKU\S-1-5-21-256664669-4211779640-4119910501-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-11] (Unity Technologies ApS) FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3csc9ft1.default\searchplugins\delta-homes.xml [2016-01-19] FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3csc9ft1.default\searchplugins\google-avast.xml [2016-01-26] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2016-02-05] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2016-02-05] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\navegaki.xml [2015-06-02] FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3csc9ft1.default\extensions\default_newtabff@gmail.com => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3csc9ft1.default\extensions\defsearchp@gmail.com => não encontrado (a) Chrome: ======= CHR HomePage: Profile 1 -> search.mpc.am CHR StartupUrls: Profile 1 -> "search.mpc.am" CHR DefaultSearchURL: Profile 1 -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968 CHR DefaultSearchKeyword: Profile 1 -> MPC Safe Search CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-09-02] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-20] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-20] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-20] CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Alerta de ofertas e descontos) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jikhbokinakhjbhoifafpbaemffhomjl [2016-03-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-20] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit) S3 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation) S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-03-25] (TODO: ) [Arquivo não assinado] S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit) R2 mezoritezbt; C:\Program Files (x86)\03000200-1458871782-0500-0006-000700080009\knstA341.tmp [199168 2016-03-25] () [Arquivo não assinado] S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3758336 2015-11-29] (INCA Internet Co., Ltd.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation) R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-03-25] (Enigma Software Group USA, LLC.) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado] R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] () S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 zigipyro; C:\Users\User\AppData\Local\03000200-1458910782-0500-0006-000700080009\qnsrD96F.tmp [158720 2015-12-26] () [Arquivo não assinado] S2 Fiswihao; "C:\Users\User\AppData\Roaming\FacbuSuwru\Gijjeni.exe" -cms [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-02] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-25] () R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-23] (REALiX(tm)) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-11-29] (Qualcomm Atheros Co., Ltd.) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-06-02] (Duplex Secure Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-09-01] (SlimWare Utilities, Inc.) R1 {9eb617cc-040e-4915-b808-5e36623eae21}Gw64; C:\Windows\System32\drivers\{9eb617cc-040e-4915-b808-5e36623eae21}Gw64.sys [48784 2015-06-02] (StdLib) S3 lritom; \??\C:\Jogos\LoveRitmo\avital\lovertm64.sys [X] R1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X] S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X] S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X] S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X] S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X] S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-25 13:48 - 2016-03-25 13:48 - 02374144 _____ (Farbar) C:\Users\User\Downloads\FRST64 (2).exe 2016-03-25 13:01 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-03-25 12:59 - 2016-03-25 12:59 - 00000000 ____D C:\Users\User\AppData\Local\03000200-1458910782-0500-0006-000700080009 2016-03-25 12:52 - 2016-03-25 13:40 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy 2016-03-25 12:52 - 2016-03-25 13:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-03-25 12:52 - 2016-03-25 13:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-03-25 12:52 - 2016-03-25 12:52 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-03-25 12:52 - 2016-03-25 12:52 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2016-03-25 12:52 - 2016-03-25 12:52 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2016-03-25 12:52 - 2016-03-25 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-03-25 12:52 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2016-03-25 12:47 - 2016-03-25 12:51 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\User\Downloads\spybot-2.4.exe 2016-03-25 12:41 - 2016-03-25 12:41 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup 2016-03-25 12:41 - 2016-03-25 12:41 - 00000937 _____ C:\Users\User\Desktop\SpyHunter.lnk 2016-03-25 12:41 - 2016-03-25 12:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Enigma Software Group 2016-03-25 12:41 - 2016-03-25 12:41 - 00000000 _____ C:\autoexec.bat 2016-03-25 12:39 - 2016-03-25 12:40 - 00000000 ____D C:\sh4ldr 2016-03-25 12:35 - 2016-03-25 12:35 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-03-25 12:34 - 2016-03-25 12:34 - 00000000 ____D C:\Program Files\Enigma Software Group 2016-03-25 12:33 - 2016-03-25 12:33 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer.exe 2016-03-25 12:25 - 2016-03-25 12:25 - 00055588 _____ C:\Users\User\Downloads\Addition.txt 2016-03-25 12:24 - 2016-03-25 13:49 - 00026102 _____ C:\Users\User\Downloads\FRST.txt 2016-03-25 12:24 - 2016-03-25 13:49 - 00000000 ____D C:\FRST 2016-03-25 12:24 - 2016-03-25 12:24 - 02374144 _____ (Farbar) C:\Users\User\Downloads\FRST64 (1).exe 2016-03-25 12:23 - 2016-03-25 12:24 - 02374144 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2016-03-25 12:02 - 2016-03-25 12:02 - 00000000 ____D C:\Program Files (x86)\CalendarTool 2016-03-25 12:02 - 2016-02-24 06:18 - 01085440 _____ C:\Users\User\AppData\Roaming\delCalendarReg.exe 2016-03-25 12:02 - 2015-12-10 15:43 - 00600312 _____ C:\Users\User\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe 2016-03-25 12:01 - 2016-03-25 12:30 - 02786816 _____ (TODO: ) C:\Users\User\AppData\Roaming\svrupg.exe 2016-03-25 12:01 - 2016-03-25 12:30 - 00015482 _____ C:\Users\User\AppData\Roaming\webad.xml 2016-03-25 12:01 - 2016-03-25 12:29 - 00001922 ____R C:\Users\User\Desktop\Yeabeats Browser.lnk 2016-03-25 12:01 - 2016-03-02 10:49 - 01888256 _____ C:\Users\User\AppData\Roaming\msiql.exe 2016-03-25 12:01 - 2015-11-25 15:31 - 01100288 _____ C:\Users\User\AppData\Roaming\HomePage.exe 2016-03-25 11:45 - 2016-03-25 11:46 - 13767776 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x86.exe 2016-03-25 11:44 - 2016-03-25 11:45 - 14572000 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64.exe 2016-03-25 11:28 - 2015-05-29 10:28 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-25 11:27 - 2016-03-25 11:27 - 00003143 _____ C:\Users\User\Desktop\api-ms-win-crt-runtime-l1-1-0.zip 2016-03-25 11:15 - 2016-03-25 11:15 - 00000000 ____D C:\Users\User\AppData\Roaming\MCorp 2016-03-25 11:10 - 2016-03-25 11:10 - 00003086 _____ C:\Windows\System32\Tasks\{A4665021-2CAC-4B5C-A4BB-DBF7A488605D} 2016-03-25 10:45 - 2016-03-10 18:02 - 00000000 ____D C:\Users\User\Desktop\IGG-StarbounNightly06.03.16 2016-03-25 10:29 - 2016-03-25 12:29 - 00000000 ____D C:\Users\User\AppData\Roaming\LightGate 2016-03-25 07:59 - 2016-03-25 07:59 - 00000041 _____ C:\Users\Todos os Usuários\xcgui_debug.txt 2016-03-25 07:59 - 2016-03-25 07:59 - 00000041 _____ C:\ProgramData\xcgui_debug.txt 2016-03-25 05:40 - 2016-03-25 05:40 - 00001730 ____R C:\Yeabeats Browser.lnk 2016-03-25 05:39 - 2016-03-25 12:02 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update 2016-03-25 05:39 - 2016-03-25 12:02 - 00000000 ____D C:\ProgramData\Windows Update 2016-03-25 05:39 - 2016-03-25 05:39 - 00015482 _____ C:\Users\Todos os Usuários\webad.xml 2016-03-25 05:39 - 2016-03-25 05:39 - 00015482 _____ C:\ProgramData\webad.xml 2016-03-25 05:39 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe 2016-03-25 05:39 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe 2016-03-25 05:39 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe 2016-03-25 05:39 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe 2016-03-25 05:38 - 2016-03-02 10:49 - 01888256 _____ C:\Users\Todos os Usuários\msiql.exe 2016-03-25 05:38 - 2016-03-02 10:49 - 01888256 _____ C:\ProgramData\msiql.exe 2016-03-25 05:36 - 2016-03-25 05:36 - 00000000 ____D C:\Windows\system32\yviu 2016-03-25 05:29 - 2016-03-25 05:30 - 833796766 _____ C:\Users\User\Downloads\IGG-StarbounNightly06.03.16.rar 2016-03-25 04:26 - 2016-03-25 13:21 - 00000000 ____D C:\Users\User\AppData\Roaming\CalendarTool 2016-03-25 04:26 - 2016-03-25 04:26 - 00000000 ____D C:\Users\Public\Documents\Tools 2016-03-25 04:26 - 2016-03-25 04:26 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-03-25 04:26 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe 2016-03-25 04:26 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe 2016-03-25 04:25 - 2016-03-25 04:25 - 00000000 ____D C:\Users\User\AppData\Local\com_tuto_1 2016-03-25 04:25 - 2016-01-11 15:49 - 01734656 _____ C:\Users\User\AppData\Roaming\service.exe 2016-03-25 04:24 - 2016-03-25 04:24 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-03-25 04:22 - 2016-03-25 11:21 - 00000000 ____D C:\Program Files\NewExt 2016-03-25 04:22 - 2016-03-25 11:15 - 00000000 ____D C:\Program Files (x86)\sunnyday 2016-03-25 04:22 - 2016-03-25 11:03 - 00000000 ____D C:\Program Files (x86)\Hostify 2016-03-25 04:22 - 2016-03-25 04:23 - 00000000 ____D C:\Program Files\Windows Screen Manager 2016-03-25 04:22 - 2016-03-25 04:22 - 00000000 ____D C:\Users\Todos os Usuários\42273a83-53d5-0 2016-03-25 04:22 - 2016-03-25 04:22 - 00000000 ____D C:\Users\Todos os Usuários\42273a83-5117-1 2016-03-25 04:22 - 2016-03-25 04:22 - 00000000 ____D C:\ProgramData\42273a83-53d5-0 2016-03-25 04:22 - 2016-03-25 04:22 - 00000000 ____D C:\ProgramData\42273a83-5117-1 2016-03-25 03:33 - 2016-03-25 10:30 - 00000000 ____D C:\Users\User\AppData\Local\app 2016-03-25 03:32 - 2016-03-25 10:59 - 00000000 ____D C:\Users\User\AppData\Roaming\Lecleebn 2016-03-25 03:32 - 2016-03-25 04:35 - 00000000 ____D C:\Users\User\AppData\Local\SunnyDay3 2016-03-25 03:32 - 2016-03-25 03:32 - 00002910 _____ C:\Windows\System32\Tasks\osTip 2016-03-25 03:32 - 2016-03-25 03:32 - 00000000 ____D C:\Users\User\AppData\Local\Tempfolder 2016-03-25 03:31 - 2016-03-25 12:51 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-03-25 03:31 - 2016-03-25 12:28 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-03-25 03:31 - 2016-03-25 12:28 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-03-25 03:31 - 2016-03-25 03:31 - 00000872 _____ C:\Users\User\Desktop\SpaceSoundPro.lnk 2016-03-25 03:31 - 2016-03-25 03:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0 2016-03-25 03:29 - 2016-03-25 03:29 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} 2016-03-25 03:29 - 2016-03-25 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrivLauncher 2016-03-25 03:29 - 2016-03-25 03:29 - 00000000 ____D C:\Program Files (x86)\FrivLauncher 2016-03-25 03:28 - 2016-03-25 03:33 - 00000000 ____D C:\Program Files\SpaceSoundPro 2016-03-25 03:28 - 2016-03-25 03:32 - 00000000 ____D C:\Program Files (x86)\Max Driver Updater 2016-03-25 03:26 - 2016-03-25 03:26 - 00000286 __RSH C:\Users\User\ntuser.pol 2016-03-24 23:13 - 2016-03-24 23:15 - 00000000 ____D C:\Users\User\Downloads\minecraft Downloads 2016-03-24 23:11 - 2016-03-25 11:03 - 00000000 ____D C:\Users\User\AppData\Local\03000200-1458861098-0500-0006-000700080009 2016-03-24 23:09 - 2016-03-25 09:38 - 00000000 ____D C:\Program Files (x86)\03000200-1458871782-0500-0006-000700080009 2016-03-24 22:58 - 2015-05-29 10:28 - 00007680 _____ (Microsoft Corporation) C:\Users\User\Downloads\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-24 22:42 - 2016-03-24 22:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-24 22:41 - 2016-03-24 22:41 - 00000000 ____D C:\Users\Todos os Usuários\TEMP 2016-03-24 22:41 - 2016-03-24 22:41 - 00000000 ____D C:\ProgramData\TEMP 2016-03-20 20:36 - 2016-03-20 20:36 - 00000000 ____D C:\Users\User\Documents\HyperCam3 2016-03-15 12:43 - 2016-03-15 12:44 - 16789055 _____ C:\Users\User\Downloads\banner_60x90_1.psd 2016-03-15 12:37 - 2016-03-15 12:40 - 20694894 _____ C:\Users\User\Downloads\banner_70x120_1.psd 2016-03-15 01:12 - 2016-03-15 01:12 - 00030293 _____ C:\Users\User\Downloads\Whiter.A.Casa.do.Demonio.2015.BDRip.DUBLADO.rar 2016-03-15 01:11 - 2016-03-15 01:11 - 00038070 _____ C:\Users\User\Downloads\Extincao.Humana.2015.BDRip.XviD.DUAL-WWW.FILMESETORRENT.COM.rar 2016-03-15 01:11 - 2016-03-15 01:11 - 00029816 _____ C:\Users\User\Downloads\Segredo.Sombrio.DVDRip.Dual.Audio.rar 2016-03-15 01:08 - 2016-03-15 01:09 - 00029805 _____ C:\Users\User\Downloads\Orfanato.Onde.os.Pesadelos.se.Tornam.Realidade.DVDRip.DUBLADO.rar 2016-03-15 01:02 - 2016-03-15 01:02 - 00081730 _____ C:\Users\User\Downloads\Doce.Vinganca.DVDRip.XviD.Dual.Audio-3LT0N.rar 2016-03-15 01:02 - 2016-03-15 01:02 - 00070965 _____ C:\Users\User\Downloads\Doce.Vinganca.2.2014.BDRip.XviD.Dual.Audio_YKS.rar 2016-03-14 23:56 - 2016-03-24 22:17 - 00000000 ____D C:\Users\User\Downloads\FILMES 2016-03-14 18:03 - 2016-03-14 18:03 - 00015295 _____ C:\Users\User\Downloads\Orgulho.e.Preconceito.e.Zumbis.TS.V2.DUBLADO (1).rar 2016-03-14 18:03 - 2016-03-14 18:03 - 00012351 _____ C:\Users\User\Downloads\A.Segunda.Visao.2016.Bluray.720p.Dublado.rar 2016-03-14 06:36 - 2016-03-08 03:15 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2016-03-14 06:35 - 2016-03-14 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0 2016-03-14 06:35 - 2016-03-14 06:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-03-14 06:35 - 2016-02-13 22:47 - 00125720 _____ C:\Windows\SysWOW64\vulkan-1.dll 2016-03-14 06:35 - 2016-02-13 22:46 - 00126232 _____ C:\Windows\system32\vulkan-1.dll 2016-03-14 06:35 - 2016-02-13 22:45 - 00045848 _____ C:\Windows\system32\vulkaninfo.exe 2016-03-14 06:35 - 2016-02-13 22:45 - 00042264 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2016-03-14 06:33 - 2016-03-08 07:07 - 42968120 _____ C:\Windows\system32\nvcompiler.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 37609528 _____ C:\Windows\SysWOW64\nvcompiler.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 22932928 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 21313024 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 20854680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 18990976 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 18879544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 17725040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 17318184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 17246680 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 16439328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 12564024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2016-03-14 06:33 - 2016-03-08 07:07 - 10546944 _____ C:\Windows\system32\nvptxJitCompiler.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 08658120 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 03233336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 02808768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436451.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436451.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00956984 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00886840 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00749504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00693816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00678520 _____ C:\Windows\system32\nvfatbinaryLoader.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00473056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00391632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00379448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00175552 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2016-03-14 06:33 - 2016-03-08 07:07 - 00000139 _____ C:\Windows\SysWOW64\nv-vk32.json 2016-03-14 06:33 - 2016-03-08 07:07 - 00000139 _____ C:\Windows\system32\nv-vk64.json 2016-03-13 07:53 - 2016-03-13 07:53 - 00000000 ____D C:\Users\User\Downloads\lib 2016-03-12 16:52 - 2016-03-12 18:58 - 00000000 ____D C:\Users\User\Documents\espadas 2016-03-12 16:49 - 2016-03-12 16:49 - 00000000 ____D C:\Users\User\AppData\Local\{9164C349-1CEB-4A3C-B93E-F8D075523D85} 2016-03-07 18:14 - 2016-03-07 18:14 - 00020103 _____ C:\Users\User\Downloads\The.Walking.Dead.S06E11.1080p.WEB-DL.DUAL.rar 2016-03-05 23:47 - 2016-03-05 23:47 - 00000222 _____ C:\Users\User\Desktop\Path of Exile.url 2016-03-05 21:59 - 2016-03-05 21:59 - 00016387 _____ C:\Users\User\Downloads\varsity_regular.zip 2016-03-05 21:56 - 2016-03-05 21:56 - 00023097 _____ C:\Users\User\Downloads\cf_montreal_high_school.zip 2016-03-05 21:51 - 2016-03-05 21:51 - 00012515 _____ C:\Users\User\Downloads\be_true_to_your_school.zip 2016-03-04 15:43 - 2016-03-04 15:44 - 00000000 ____D C:\Users\User\Documents\My Spore Creations 2016-03-04 15:43 - 2016-03-04 15:44 - 00000000 ____D C:\Users\User\AppData\Roaming\Spore 2016-03-04 15:42 - 2016-03-04 15:42 - 00001531 _____ C:\Users\Public\Desktop\Spore.lnk 2016-03-04 15:42 - 2016-03-04 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spore 2016-03-04 15:36 - 2016-03-04 15:36 - 00000000 ____D C:\Games 2016-03-04 15:35 - 2016-03-04 15:35 - 00000000 ____D C:\Users\User\AppData\Local\Setup Integrity Check 2016-03-04 08:43 - 2016-03-04 08:43 - 00022743 _____ C:\Users\User\Downloads\SPORE COMPLETO BY FELIPETUTORIAIS.torrent 2016-03-02 01:32 - 2016-03-02 01:35 - 00000000 ____D C:\Users\User\AppData\Roaming\skyz 2016-03-02 01:32 - 2016-03-02 01:32 - 00167936 _____ (ICSharpCode.net) C:\Users\User\Downloads\ICSharpCode.SharpZipLib1.dll 2016-03-02 01:23 - 2016-03-13 03:48 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft 2016-03-02 00:20 - 2014-11-02 20:48 - 00000000 ____D C:\Users\User\Downloads\shaderpacks 2016-03-02 00:17 - 2016-03-13 07:59 - 00000000 ____D C:\Users\User\Documents\MINE BACKUP 2016-02-29 17:44 - 2016-03-12 18:10 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe 2016-02-29 12:40 - 2016-02-24 04:32 - 03650180 _____ () C:\Users\User\Documents\Shiginima Launcher SE v3.100.exe 2016-02-29 12:38 - 2016-02-29 12:40 - 09471556 _____ C:\Users\User\Downloads\ShiginimaSE_v3100.zip 2016-02-29 06:18 - 2016-02-29 06:18 - 00000000 ____D C:\Users\User\Documents\pasta mine ant 2016-02-28 13:01 - 2016-02-28 13:01 - 00016156 _____ C:\Users\User\Downloads\TWD.S06E10.720p.WEB-DL.DD5.1.H.264-DUAL.rar 2016-02-28 08:57 - 2016-02-28 08:57 - 00024456 _____ C:\Users\User\Downloads\The.Walking.Dead.S06E09.720p.Dublado.rar 2016-02-28 08:56 - 2016-02-28 08:56 - 00038725 _____ C:\Users\User\Downloads\Ted.2.2015.BDRip.Dual.Audio.rar 2016-02-27 22:30 - 2016-02-27 22:30 - 00021034 _____ C:\Users\User\Downloads\Ted.DVDRip.XviD.Dual.Audio-3LT0N.rar 2016-02-27 21:14 - 2016-02-27 21:14 - 00030410 _____ C:\Users\User\Downloads\The.Forest.2016.HDRip.rar 2016-02-24 04:27 - 2016-02-24 04:29 - 00000000 ____D C:\Users\User\Downloads\ShiginimaSE_v3100 ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-25 13:46 - 2015-05-09 19:41 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent 2016-03-25 13:41 - 2015-03-17 22:51 - 00000000 ____D C:\Users\User\AppData\Local\SlimWare Utilities Inc 2016-03-25 13:36 - 2015-03-19 12:55 - 00000000 ____D C:\Program Files (x86)\Steam 2016-03-25 13:05 - 2015-06-20 19:19 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-25 13:01 - 2015-12-03 21:27 - 00000000 ____D C:\Program Files\Common Files\AV 2016-03-25 12:31 - 2016-01-23 14:29 - 00003238 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler 2016-03-25 12:31 - 2016-01-23 14:29 - 00002870 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (User) 2016-03-25 12:31 - 2015-03-18 22:35 - 00000000 ____D C:\Users\User\Documents\atalhos programas 2016-03-25 12:29 - 2015-06-20 19:23 - 00002241 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-25 12:29 - 2015-06-20 19:23 - 00002229 ____R C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-25 12:29 - 2015-03-14 17:54 - 00001207 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-25 12:28 - 2015-06-20 19:19 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-25 12:27 - 2015-03-16 17:47 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA 2016-03-25 12:27 - 2015-03-16 17:47 - 00000000 ____D C:\ProgramData\NVIDIA 2016-03-25 12:27 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-25 12:10 - 2015-03-17 16:22 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2016-03-25 12:10 - 2015-03-17 16:22 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-25 11:56 - 2015-03-14 18:16 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2016-03-25 11:56 - 2015-03-14 18:16 - 00000000 ____D C:\ProgramData\AVAST Software 2016-03-25 11:47 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2016-03-25 11:00 - 2016-01-24 09:52 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps 2016-03-25 10:59 - 2009-07-14 02:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2016-03-25 10:55 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-03-25 04:23 - 2015-03-14 16:28 - 00001419 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-25 04:23 - 2015-03-14 16:28 - 00001385 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-03-24 23:08 - 2015-06-02 23:04 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-03-24 23:08 - 2015-06-02 23:04 - 00000286 __RSH C:\ProgramData\ntuser.pol 2016-03-24 23:08 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-03-24 22:32 - 2015-06-04 01:25 - 00000000 ___HD C:\Windows\msdownld.tmp 2016-03-24 22:32 - 2015-06-04 01:25 - 00000000 ____D C:\Windows\SysWOW64\directx 2016-03-23 19:42 - 2009-07-29 12:49 - 00727620 _____ C:\Windows\system32\prfh0416.dat 2016-03-23 19:42 - 2009-07-29 12:49 - 00156796 _____ C:\Windows\system32\prfc0416.dat 2016-03-23 19:42 - 2009-07-14 02:13 - 01680530 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-23 19:41 - 2015-07-28 19:18 - 00000000 ____D C:\Users\User\AppData\Local\Spotify 2016-03-23 19:41 - 2015-07-28 18:51 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify 2016-03-20 20:40 - 2015-03-14 17:49 - 00000000 ____D C:\Users\User\Incomplete 2016-03-20 18:52 - 2015-03-18 08:43 - 00000000 ____D C:\Users\User\AppData\Roaming\MPC-HC 2016-03-19 22:35 - 2015-12-08 05:47 - 00000000 ____D C:\KMPlayer 2016-03-19 16:10 - 2015-04-27 14:47 - 00000000 ____D C:\Users\User\Documents\Cross Fire 2016-03-19 01:59 - 2015-09-20 19:35 - 00001456 _____ C:\Users\User\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2016-03-18 23:45 - 2015-06-02 12:50 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite 2016-03-18 13:35 - 2009-07-14 01:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-18 13:35 - 2009-07-14 01:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-15 12:57 - 2015-04-11 19:39 - 00000000 ____D C:\Users\User\Documents\Meus arquivos- Design Gráfico 2016-03-14 06:37 - 2015-11-01 13:51 - 00000000 ____D C:\temp 2016-03-14 06:37 - 2015-03-17 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2016-03-14 06:37 - 2015-03-16 15:34 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation 2016-03-14 06:37 - 2015-03-16 15:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-03-14 06:01 - 2015-03-17 23:34 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA Corporation 2016-03-14 06:01 - 2015-03-17 23:34 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA 2016-03-09 17:05 - 2016-02-12 13:31 - 00000000 ___SD C:\Users\User\AppData\LocalLow\Temp 2016-03-08 07:07 - 2015-05-24 12:34 - 03711024 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2016-03-08 07:07 - 2015-03-17 23:31 - 03283896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2016-03-08 07:07 - 2015-03-16 15:33 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2016-03-08 07:07 - 2015-03-16 15:33 - 00036743 _____ C:\Windows\system32\nvinfo.pb 2016-03-08 03:27 - 2016-01-23 17:51 - 00532536 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2016-03-08 03:27 - 2016-01-23 17:51 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2016-03-08 03:27 - 2015-03-16 15:35 - 06369728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2016-03-08 03:27 - 2015-03-16 15:35 - 02994232 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2016-03-08 03:27 - 2015-03-16 15:35 - 02561472 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2016-03-08 03:27 - 2015-03-16 15:35 - 01264064 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2016-03-08 03:27 - 2015-03-16 15:35 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2016-03-08 03:27 - 2015-03-16 15:35 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2016-03-07 01:23 - 2015-03-16 15:35 - 06203411 _____ C:\Windows\system32\nvcoproc.bin 2016-03-06 19:21 - 2015-04-07 14:11 - 00000000 ____D C:\Windows\Minidump 2016-03-06 06:44 - 2015-03-23 06:44 - 00000000 ____D C:\Users\User\Documents\My Games 2016-03-06 01:35 - 2009-07-14 01:45 - 05128296 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-05 23:47 - 2015-07-10 03:28 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-03-05 23:19 - 2015-03-14 18:05 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2016-03-05 22:25 - 2016-02-21 15:06 - 00000967 _____ C:\Users\Public\Desktop\DS3 Tool.lnk 2016-03-05 22:25 - 2015-03-14 16:37 - 00139416 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2016-03-04 15:43 - 2016-01-20 16:41 - 00000000 ____D C:\Users\User\AppData\Local\SKIDROW 2016-03-04 15:43 - 2009-07-14 02:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-03-02 23:38 - 2016-02-19 14:03 - 00003603 _____ C:\Users\User\Desktop\Novo Documento de Texto.txt 2016-03-01 06:55 - 2015-04-25 22:02 - 00000000 ____D C:\Users\User\Documents\meus jogos 2016-02-29 12:37 - 2015-05-17 09:08 - 00000000 ____D C:\Users\User\Documents\arquivos do pen drive 2016-02-29 08:33 - 2015-03-14 17:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-26 16:26 - 2015-03-17 23:29 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics ==================== Arquivos na raiz de alguns diretórios ======= 2016-03-25 12:02 - 2016-02-24 06:18 - 1085440 _____ () C:\Users\User\AppData\Roaming\delCalendarReg.exe 2016-03-25 12:01 - 2015-11-25 15:31 - 1100288 _____ () C:\Users\User\AppData\Roaming\HomePage.exe 2016-03-25 12:01 - 2016-03-02 10:49 - 1888256 _____ () C:\Users\User\AppData\Roaming\msiql.exe 2015-09-20 14:28 - 2016-01-16 20:39 - 0000132 _____ () C:\Users\User\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 2016-03-25 04:25 - 2016-01-11 15:49 - 1734656 _____ () C:\Users\User\AppData\Roaming\service.exe 2016-03-25 12:01 - 2016-03-25 12:30 - 2786816 _____ (TODO: ) C:\Users\User\AppData\Roaming\svrupg.exe 2016-03-25 12:01 - 2016-03-25 12:30 - 0015482 _____ () C:\Users\User\AppData\Roaming\webad.xml 2016-03-25 12:02 - 2015-12-10 15:43 - 0600312 _____ () C:\Users\User\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe 2015-09-20 19:35 - 2016-03-19 01:59 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2015-03-18 00:54 - 2015-03-18 00:54 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg 2015-03-18 12:55 - 2015-03-18 12:55 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-03-25 05:39 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe 2016-03-25 05:39 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe 2016-03-25 04:26 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe 2016-03-25 05:38 - 2016-03-02 10:49 - 1888256 _____ () C:\ProgramData\msiql.exe 2016-03-25 05:39 - 2016-03-25 05:39 - 0015482 _____ () C:\ProgramData\webad.xml 2016-03-25 07:59 - 2016-03-25 07:59 - 0000041 _____ () C:\ProgramData\xcgui_debug.txt Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\delCalendarReg.exe C:\ProgramData\HomePage.exe C:\ProgramData\LightGate.exe C:\ProgramData\msiql.exe C:\Users\Todos os Usuários\delCalendarReg.exe C:\Users\Todos os Usuários\HomePage.exe C:\Users\Todos os Usuários\LightGate.exe C:\Users\Todos os Usuários\msiql.exe Alguns arquivos em TEMP: ==================== C:\Users\User\AppData\Local\Temp\175C.tmp.exe C:\Users\User\AppData\Local\Temp\370D.tmp.exe C:\Users\User\AppData\Local\Temp\7B28.tmp.exe C:\Users\User\AppData\Local\Temp\A93C.tmp.exe C:\Users\User\AppData\Local\Temp\D9FB.tmp.exe C:\Users\User\AppData\Local\Temp\F135.tmp.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll [2009-07-13 20:38] - [2015-03-14 16:37] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2009-07-13 20:24] - [2015-03-14 16:37] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-03-19 06:57 ==================== Fim de FRST.txt ============================