Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:10-04-2016 01 Executado por Felipe (administrador) em FELIPE-PC (12-04-2016 16:15:16) Executando a partir de C:\Users\Felipe\Desktop Perfis Carregados: Felipe (Perfis Disponíveis: Felipe) Platform: Microsoft Windows 7 Ultimate (X86) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão não detectado!) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe () C:\ProgramData\AppxedtatS\AppxedtatS.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Users\Felipe\AppData\Roaming\Uvulgi\Uvulgi.exe () C:\Users\Felipe\AppData\Roaming\Uvulgi\Awabtocuce.exe () C:\ProgramData\CloudPrinter\CloudPrinter.exe () C:\Users\Felipe\AppData\Roaming\ExukNirji\Topexiud.exe () C:\Users\Felipe\AppData\Roaming\Ufyakq\Ufyakq.exe () C:\Users\Felipe\AppData\Roaming\Ufyakq\Monav.exe () C:\Users\Felipe\AppData\Roaming\Yacoifbaz\Yacoifbaz.exe () C:\Users\Felipe\AppData\Roaming\Yacoifbaz\Moasco.exe (DotC United Inc) C:\Program Files\MPC Cleaner\MPCTray.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe () C:\Users\Felipe\AppData\Roaming\ByueCura\Zojhipk.exe () C:\Users\Felipe\AppData\Local\Apps\2.0\abril.exe () C:\Users\Felipe\AppData\Roaming\Asapg\Asapg.exe () C:\Users\Felipe\AppData\Roaming\Asapg\Etunkahmay.exe () C:\Users\Felipe\AppData\Roaming\EooripFogg\Loasci.exe () C:\Users\Felipe\AppData\Roaming\HucinFidbozi\Aidoafic.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (© 2015 Microsoft Corporation) C:\Users\Felipe\AppData\Local\Microsoft\BingSvc\BingSvc.exe () C:\ProgramData\WindowsMsg\osmsg.exe () C:\ProgramData\msiql.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\ProgramData\DCHP\DCHP.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.) HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.) HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] () HKLM\...\Run: [HomePageHelper] => c:\users\felipe\appdata\roaming\homepage.exe [1100288 2015-11-25] () HKLM\...\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER_1] => C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe [16896 2016-04-11] (Wizzservices) HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [GoogleChromeAutoLaunch_3598036481B262A4AE210A3CE1B03E37] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.) HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [BingSvc] => C:\Users\Felipe\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-04] (© 2015 Microsoft Corporation) HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [YeaInstaller] => C:\Users\Felipe\AppData\Local\Temp\56AG92J7J\56AG92J7J.exe <===== ATENÇÃO HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2055168 2016-04-07] () HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [Pritc] => C:\Users\Felipe\AppData\Local\Temp\is-NB6G5.tmp\print.exe <===== ATENÇÃO HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [msiql] => C:\ProgramData\msiql.exe [1917952 2016-04-01] () HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3498507567-1271723686-615099086-1000\...\MountPoints2: {fd7fcc6b-8734-11e5-bbfd-5cc9d3f60713} - G:\Setup.exe AppInit_DLLs: C:\ProgramData\AppxedtatS\Finla.dll => C:\ProgramData\AppxedtatS\Finla.dll [257536 2016-04-12] () ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Winsock: Catalog5 08 C:\ProgramData\System32\SafeGuard32.dll [2771896 2016-04-11] () Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 20.23.52.1 Tcpip\..\Interfaces\{233DCDF9-EE70-4DDA-8B47-9E79C55F720E}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{74C38BCE-6413-4354-99B8-5C3A5F3C6E3D}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{AC94A06A-36E7-4BA2-895E-460B2BD69B93}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{E45AACF7-B072-4B6F-8227-A7832D843F2A}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{E45AACF7-B072-4B6F-8227-A7832D843F2A}: [DhcpNameServer] 20.23.52.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=br HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=br HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms} HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms} HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms} HKU\S-1-5-21-3498507567-1271723686-615099086-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=br SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms} SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = SearchScopes: HKU\S-1-5-21-3498507567-1271723686-615099086-1000 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8 SearchScopes: HKU\S-1-5-21-3498507567-1271723686-615099086-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = SearchScopes: HKU\S-1-5-21-3498507567-1271723686-615099086-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kskZc5Kv9SxCbOALsx5ol8rlHMxq3CPN-AUUOJ1YPQHE62SqKMikNB47lLff2eJfMzCCN9O9GmJvLF_JrhNEr6N6WPFjDQ,,&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF NewTab: hxxp://www.hohosearch.com/?ts=AHEqA3EmAHUmCE..&v=20160409&uid=19E5649E23490F96CBB81A1ADCAB55FC&ptid=clc&mode=ffseng FF DefaultSearchEngine: hohosearch FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch FF SelectedSearchEngine: hohosearch FF Homepage: search.mpc.am/?geo=br FF Keyword.URL: hxxp://www.hohosearch.com/chrome.php?uid=19E5649E23490F96CBB81A1ADCAB55FC&ptid=ftp&ts=AHEqA3EmAHYlBE..&v=20160409&mode=ffexttoolbar&q= FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\user.js [2016-04-11] FF user.js: detected! => C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p8sxnvxd.default-1460421532074\user.js [2016-04-11] FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\searchplugins\.xml [2016-04-11] FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\searchplugins\DD1B66D4.xml [2016-04-11] FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\searchplugins\navegaki.xml [2016-04-11] FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\p8sxnvxd.default-1460421532074\searchplugins\DD1B66D4.xml [2016-04-11] FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\.xml [2016-04-11] FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-04-11] FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\findit.xml [2016-04-12] FF SearchPlugin: C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\navegaki.xml [2016-04-11] FF Extension: Quick Searcher - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-11] [não assinado] FF Extension: Adblock Plus - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-31] FF Extension: Quick Searcher - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\pxk1agdd.default\Extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-11] [não assinado] FF Extension: GsearchFinder - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-04-09] FF Extension: Adblock Plus - C:\Users\Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-31] Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://vosteran.com/?f=7&a=vst_ggfc_15_04_ch&cd=2XzuyEtN2Y1L1QzuyD0C0Czy0DtA0FyCtDyBtCtAtAtC0AyCtN0D0Tzu0StCtCtCyEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0DtAtA0AyD0DyBtGtA0CzztBtG0AyB0F0CtG0CyD0EzztGtBzzzy0C0AyByC0DyBtCzy0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BzztByB0FzzzztGyDyBtCzytGyEzz0B0EtG0AtAtDtDtGtAtC0BtAzztB0EtD0DtB0Fzz2Q&cr=936708617&ir=","hxxp://binkiland.com/?f=7&a=bnk_cmi_15_08&cd=2XzuyEtN2Y1L1QzuyD0C0Czy0DtA0FyCtDyBtCtAtAtC0AyCtN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyEzzyBtBtDtBtBtGzztD0AtAtGtD0CyB0AtGyD0BtCyEtGyBtCtCtA0F0A0FzzyE0DtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0BzztByB0FzzzztGyDyBtCzytGyEzz0B0EtG0AtAtDtDtGtAtC0BtAzztB0EtD0DtB0Fzz2Q&cr=29741416&ir=","hxxp://do-search.com/?type=hp&ts=1430666171&from=cor&uid=ST500DM002-1BD142_6VMXMYXBXXXX6VMXMYXB","hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_19¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0E0CyCyEyB0FyDtDyD0AtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFyDtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0C0FzytCyCtGzyyCtCzytGyCzytAtAtGzy0AyEtCtGyBtAtAyE0EyC0A0CyDtD0C0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtC0D0EtCyDyE0FtG0CyCtB0CtGyE0B0E0DtGzytAzy0DtGyD0EtC0F0CtAtCyE0Ezz0E0F2QtN0A0LzuyE%26cr%3D603851012%26a%3Dwncy_bxi01_15_19%26os%3DWindows 7 Ultimate","hxxp://www.hohosearch.com/?mode=nnnb&ptid=icb&uid=1FA9805588624C02F20396D1664F0444&v=20160409&ts=AHEqA3ElC3UmAE..","hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=3d2334dc21396b6d674d81cdd87fca66" CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIvsCCX_Y7AYFuqP98ztRdo3bLXE2cvsZjdzd6RQjnfGGEwgpVHZ_vmtvrZM7ifGOf06W2NceiPKtomcL3_QNEG6edDG4kt7Wn_ZnG5f1_OnM8U6o5-4oQ7_nJ5sWBjq1mH6bFAt53S0HpS7xRZW9-nK-ZjznTbsfg8-kWNf3xFkhej8OA0erj9o,&q={searchTerms} CHR DefaultSearchKeyword: Default -> feed.sonic-search.com CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms} CHR Profile: C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-10] CHR Extension: (Google Drive) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10] CHR Extension: (YouTube) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-10] CHR Extension: (Google Search) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10] CHR Extension: (Planilhas do Google) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-10] CHR Extension: (Documentos Google off-line) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Gmail) - C:\Users\Felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-10] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] CHR HKU\S-1-5-21-3498507567-1271723686-615099086-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [593376 2013-04-11] (Intel Corporation) R2 AppxedtatS; C:\ProgramData\\AppxedtatS\\AppxedtatS.exe [692736 2016-04-12] () [Arquivo não assinado] R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512 2011-11-21] (ASUS) R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS) S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437784 2016-04-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-07] (BlueStack Systems, Inc.) S3 BstHdPlusAndroidSvc; C:\Program Files\BlueStacks\HD-Plus-Service.exe [433688 2016-04-07] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [921112 2016-04-07] (BlueStack Systems, Inc.) R2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [104240 2012-09-12] (Intel(R) Corporation) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 Cadidovpen; C:\Users\Felipe\AppData\Roaming\Uvulgi\Uvulgi.exe [174440 2016-04-11] () R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1015808 2016-04-11] () [Arquivo não assinado] S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-06-04] (Intel Corporation) R2 DCHP; C:\ProgramData\\DCHP\\DCHP.exe [400384 2016-04-12] () [Arquivo não assinado] R2 Deibj; C:\Users\Felipe\AppData\Roaming\ExukNirji\Topexiud.exe [125800 2016-04-11] () S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [383640 2015-09-14] () R2 Gepmed; C:\Users\Felipe\AppData\Roaming\Ufyakq\Ufyakq.exe [174472 2016-04-11] () [Arquivo não assinado] S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [922928 2015-11-12] (NVIDIA Corporation) R2 Gitmibfit; C:\Users\Felipe\AppData\Roaming\Yacoifbaz\Yacoifbaz.exe [174432 2016-04-11] () S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-03-31] () [Arquivo não assinado] S2 GoogleChromeUpSvc; C:\Users\Felipe\AppData\Roaming\svrupg.exe [2767872 2016-04-11] (TODO: ) [Arquivo não assinado] S3 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274024 2015-06-04] (Intel Corporation) S2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-04-11] (DotC United Inc) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-05-08] () S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation) S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6288688 2015-11-12] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4611888 2015-11-12] (NVIDIA Corporation) R2 Ooucanut; C:\Users\Felipe\AppData\Roaming\ByueCura\Zojhipk.exe [125800 2016-04-11] () R2 ProntSpooler; C:\Users\Felipe\AppData\Local\Apps\2.0\abril.exe [124928 2016-04-07] () [Arquivo não assinado] R2 Pulfoizl; C:\Users\Felipe\AppData\Roaming\Asapg\Asapg.exe [174440 2016-04-11] () R2 Sukdadp; C:\Users\Felipe\AppData\Roaming\EooripFogg\Loasci.exe [125832 2016-04-11] () [Arquivo não assinado] S3 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [112792 2015-09-14] () R2 Torcepx; C:\Users\Felipe\AppData\Roaming\HucinFidbozi\Aidoafic.exe [125792 2016-04-11] () S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [383640 2015-09-14] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) S3 XBox; C:\Users\Felipe\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2530032 2013-05-08] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 AiCharger; C:\Windows\System32\DRIVERS\AiCharger.sys [14720 2012-05-07] (ASUSTek Computer Inc.) R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider) S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [112608 2013-04-11] (Windows (R) Win 7 DDK provider) R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS) R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2910720 2015-04-12] (Qualcomm Atheros Communications, Inc.) R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [14464 2011-09-07] (ASUS) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [140856 2016-04-07] (BlueStack Systems) R2 BstkDrv; C:\Program Files\BlueStacks\BstkDrv.sys [220216 2016-04-06] (Bluestack System Inc. ) R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [62272 2016-04-11] (Cherimoya Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2015-11-09] (DT Soft Ltd) R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15680 2012-05-21] (Intel Corporation) R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [350016 2012-05-21] (Intel Corporation) R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [793920 2012-05-21] (Intel Corporation) R0 MPCBase; C:\Windows\System32\drivers\MPCBase.sys [29032 2016-04-11] (DotC United Inc) R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [52968 2016-04-11] (DotC United Inc) R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [26928 2015-11-05] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18736 2015-11-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [44840 2015-11-05] (NVIDIA Corporation) R2 Proteq; C:\Windows\system32\Drivers\Proteq.sys [7598 2014-06-23] (PROTEQ) [Arquivo não assinado] R3 RSBASTOR; C:\Windows\System32\DRIVERS\RtsBaStor.sys [219240 2012-02-01] (Realtek Semiconductor Corp.) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-04-12 16:15 - 2016-04-12 16:15 - 00000000 ____D C:\FRST 2016-04-12 16:13 - 2016-04-12 16:13 - 00000000 ____D C:\Users\Todos os Usuários\DCHP 2016-04-12 16:13 - 2016-04-12 16:13 - 00000000 ____D C:\ProgramData\DCHP 2016-04-12 16:10 - 2016-04-12 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC 2016-04-12 04:24 - 2016-04-12 04:24 - 00000000 ____D C:\Users\Todos os Usuários\AppxedtatSs 2016-04-12 04:24 - 2016-04-12 04:24 - 00000000 ____D C:\ProgramData\AppxedtatSs 2016-04-12 04:23 - 2016-04-12 16:13 - 00000000 ____D C:\Users\Todos os Usuários\AppxedtatS 2016-04-12 04:23 - 2016-04-12 16:13 - 00000000 ____D C:\ProgramData\AppxedtatS 2016-04-11 22:55 - 2016-04-12 04:24 - 00001401 _____ C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-04-11 22:54 - 2016-04-12 16:10 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-11 22:54 - 2016-04-11 22:54 - 00000678 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-04-11 22:46 - 2016-04-11 22:47 - 00000354 _____ C:\Windows\Tasks\MPC AdCleaner.job 2016-04-11 22:46 - 2016-04-11 22:47 - 00000000 ____D C:\Program Files\MPC AdCleaner 2016-04-11 22:46 - 2016-04-11 22:46 - 00001821 _____ C:\Users\Felipe\Desktop\MPC AdCleaner.lnk 2016-04-11 22:46 - 2016-04-11 22:46 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner 2016-04-11 22:44 - 2016-04-11 22:44 - 00000000 ____D C:\Program Files\SunnyDayApps 2016-04-11 22:44 - 2016-04-11 22:44 - 00000000 ____D C:\Program Files\rec_en_251 2016-04-11 22:41 - 2016-04-11 22:41 - 00000000 ____D C:\Program Files\Windows Screen Manager 2016-04-11 22:33 - 2016-04-11 22:33 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\MCorp 2016-04-11 22:28 - 2016-04-12 16:10 - 00001687 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk 2016-04-11 22:08 - 2016-04-11 22:09 - 00000000 ____D C:\Program Files\NewExt 2016-04-11 22:07 - 2016-04-11 22:07 - 00000000 ____D C:\Users\Todos os Usuários\115792b6-7e71-1 2016-04-11 22:07 - 2016-04-11 22:07 - 00000000 ____D C:\ProgramData\115792b6-7e71-1 2016-04-11 22:03 - 2016-04-11 22:38 - 00489916 _____ C:\Windows\ntbtlog.txt 2016-04-11 22:00 - 2016-04-11 22:00 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Uvulgi 2016-04-11 22:00 - 2016-04-11 22:00 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\ExukNirji 2016-04-11 21:51 - 2016-04-11 22:00 - 00062272 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2016-04-11 21:50 - 2016-04-11 21:50 - 00000000 ____D C:\Users\Felipe\Mozilla 2016-04-11 21:49 - 2016-04-11 21:49 - 00011426 _____ C:\Users\Felipe\Desktop\Addition.txt 2016-04-11 21:45 - 2016-04-12 16:16 - 00024955 _____ C:\Users\Felipe\Desktop\FRST.txt 2016-04-11 21:44 - 2016-04-11 21:44 - 01725952 _____ (Farbar) C:\Users\Felipe\Desktop\FRST.exe 2016-04-11 21:41 - 2016-04-11 21:50 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\UPUpdata 2016-04-11 21:39 - 2016-04-11 21:39 - 00000801 _____ C:\Windows\system32\${LOGFILE} 2016-04-11 21:38 - 2016-04-11 21:38 - 00000000 ____D C:\Users\Felipe\Desktop\Dados anteriores do Firefox 2016-04-11 21:32 - 2016-04-11 22:28 - 00000000 ____D C:\Program Files\MPC Cleaner 2016-04-11 21:32 - 2016-04-11 21:47 - 00000000 ____D C:\Users\Todos os Usuários\System32 2016-04-11 21:32 - 2016-04-11 21:47 - 00000000 ____D C:\ProgramData\System32 2016-04-11 21:32 - 2016-04-11 21:32 - 00052968 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys 2016-04-11 21:32 - 2016-04-11 21:32 - 00029032 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCBase.sys 2016-04-11 21:28 - 2016-04-11 21:28 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\ByueCura 2016-04-11 21:28 - 2016-04-11 21:28 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Asapg 2016-04-11 21:26 - 2016-04-11 21:26 - 00333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nsd50EB.tmp 2016-04-11 21:25 - 2016-04-11 21:25 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\XBox 2016-04-11 21:24 - 2016-04-11 21:34 - 00000000 ____D C:\Program Files\Hostify 2016-04-11 21:24 - 2016-04-11 21:24 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} 2016-04-11 21:24 - 2016-04-11 21:24 - 00000000 ____D C:\Users\Todos os Usuários\baidu 2016-04-11 21:24 - 2016-04-11 21:24 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Baidu 2016-04-11 21:24 - 2016-04-11 21:24 - 00000000 ____D C:\ProgramData\baidu 2016-04-11 21:24 - 2016-04-11 21:23 - 00333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nss1A90.tmp 2016-04-11 21:24 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Felipe\AppData\Roaming\delCalendarReg.exe 2016-04-11 21:23 - 2016-04-11 21:23 - 00016815 _____ C:\Users\Felipe\AppData\Roaming\webad.xml 2016-04-11 21:23 - 2016-04-11 21:23 - 00001926 ____R C:\Users\Felipe\Desktop\Yeabeats Browser.lnk 2016-04-11 21:22 - 2016-04-01 14:51 - 01917952 _____ C:\Users\Felipe\AppData\Roaming\msiql.exe 2016-04-11 21:22 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Felipe\AppData\Roaming\HomePage.exe 2016-04-11 21:20 - 2016-04-11 21:20 - 00000286 __RSH C:\Users\Felipe\ntuser.pol 2016-04-11 21:14 - 2016-04-11 21:42 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\cpuminer 2016-04-11 21:14 - 2016-04-11 21:14 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\gplyra 2016-04-11 21:14 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe 2016-04-11 21:14 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe 2016-04-11 21:13 - 2016-04-11 21:13 - 00196608 _____ C:\Windows\kaz.exe 2016-04-11 21:13 - 2016-04-11 21:13 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update 2016-04-11 21:13 - 2016-04-11 21:13 - 00000000 ____D C:\ProgramData\Windows Update 2016-04-11 21:12 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe 2016-04-11 21:12 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe 2016-04-11 21:11 - 2016-04-11 21:11 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Ufyakq 2016-04-11 21:11 - 2016-04-11 21:11 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\EooripFogg 2016-04-11 21:10 - 2016-04-11 21:21 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\LightGate 2016-04-11 21:10 - 2016-04-11 21:10 - 01626416 _____ C:\Users\Felipe\AppData\Roaming\Don-Stock.tst 2016-04-11 21:10 - 2016-04-11 21:05 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\Don-Stock.exe 2016-04-11 21:10 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe 2016-04-11 21:10 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe 2016-04-11 21:09 - 2016-04-11 22:55 - 02767872 _____ (TODO: ) C:\Users\Felipe\AppData\Roaming\svrupg.exe 2016-04-11 21:09 - 2016-04-11 22:55 - 00016815 _____ C:\Users\Todos os Usuários\webad.xml 2016-04-11 21:09 - 2016-04-11 22:55 - 00016815 _____ C:\ProgramData\webad.xml 2016-04-11 21:09 - 2016-04-11 21:39 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Nosibay 2016-04-11 21:09 - 2016-04-11 21:09 - 00072699 _____ C:\Users\Felipe\AppData\Roaming\DuoCanlight.tst 2016-04-11 21:09 - 2016-04-11 21:05 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\DuoCanlight.exe 2016-04-11 21:08 - 2016-04-11 21:08 - 00848437 _____ C:\Users\Felipe\AppData\Roaming\Holdtam.bin 2016-04-11 21:08 - 2016-04-11 21:08 - 00000000 ____D C:\Users\Felipe\AppData\Local\Setup Wizard 2016-04-11 21:08 - 2016-04-11 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetworkEn 2016-04-11 21:08 - 2016-04-01 14:51 - 01917952 _____ C:\Users\Todos os Usuários\msiql.exe 2016-04-11 21:08 - 2016-04-01 14:51 - 01917952 _____ C:\ProgramData\msiql.exe 2016-04-11 21:07 - 2016-04-11 21:29 - 00000000 ____D C:\Users\Felipe\AppData\Local\00000236-1460408863-8000-FFFF-40167EA038C9 2016-04-11 21:07 - 2016-04-11 21:07 - 00000000 ____D C:\Users\Felipe\AppData\Local\rec_en_251 2016-04-11 21:06 - 2016-04-12 04:24 - 00002405 _____ C:\Windows\system32\findit.xml 2016-04-11 21:06 - 2016-04-11 21:06 - 00000000 ____D C:\Users\Todos os Usuários\Statdexs 2016-04-11 21:06 - 2016-04-11 21:06 - 00000000 ____D C:\ProgramData\Statdexs 2016-04-11 21:06 - 2016-04-11 21:00 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-04-11 21:05 - 2016-04-11 22:14 - 00000000 ____D C:\Users\Todos os Usuários\Statdex 2016-04-11 21:05 - 2016-04-11 22:14 - 00000000 ____D C:\ProgramData\Statdex 2016-04-11 21:05 - 2016-04-11 22:00 - 00000000 ____D C:\Users\Felipe\AppData\Local\Tempfolder 2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Yacoifbaz 2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\HucinFidbozi 2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\LocalLow\Company 2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\Users\Felipe\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-04-11 21:05 - 2016-04-11 21:05 - 00000000 ____D C:\uninst 2016-04-11 21:04 - 2016-04-11 21:10 - 06504960 _____ C:\Users\Felipe\AppData\Roaming\agent.dat 2016-04-11 21:04 - 2016-04-11 21:10 - 00126464 _____ C:\Users\Felipe\AppData\Roaming\noah.dat 2016-04-11 21:04 - 2016-04-11 21:10 - 00065424 _____ C:\Users\Felipe\AppData\Roaming\Config.xml 2016-04-11 21:04 - 2016-04-11 21:10 - 00018432 _____ C:\Users\Felipe\AppData\Roaming\Main.dat 2016-04-11 21:04 - 2016-04-11 21:04 - 01626416 _____ C:\Users\Felipe\AppData\Roaming\Hat-Fax.tst 2016-04-11 21:04 - 2016-04-11 20:58 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\Hat-Fax.exe 2016-04-11 21:04 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Todos os Usuários\service.exe 2016-04-11 21:04 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Felipe\AppData\Roaming\service.exe 2016-04-11 21:04 - 2016-03-31 11:32 - 01747456 _____ C:\ProgramData\service.exe 2016-04-11 21:03 - 2016-04-12 04:23 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter 2016-04-11 21:03 - 2016-04-12 04:23 - 00000000 ____D C:\ProgramData\CloudPrinter 2016-04-11 21:03 - 2016-04-11 21:41 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-04-11 21:03 - 2016-04-11 21:41 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-04-11 21:03 - 2016-04-11 21:10 - 00005568 _____ C:\Users\Felipe\AppData\Roaming\md.xml 2016-04-11 21:03 - 2016-04-11 21:09 - 00126464 _____ C:\Users\Felipe\AppData\Roaming\lobby.dat 2016-04-11 21:03 - 2016-04-11 21:09 - 00054272 _____ C:\Users\Felipe\AppData\Roaming\ApplicationHosting.dat 2016-04-11 21:03 - 2016-04-11 21:03 - 00072699 _____ C:\Users\Felipe\AppData\Roaming\Istansoft.tst 2016-04-11 21:03 - 2016-04-11 20:58 - 01015808 _____ C:\Users\Felipe\AppData\Roaming\Istansoft.exe 2016-04-11 21:01 - 2016-04-11 21:01 - 00848437 _____ C:\Users\Felipe\AppData\Roaming\Doubleis.bin 2016-04-11 21:00 - 2016-04-11 21:00 - 00000000 ____D C:\Users\Public\Documents\Tools 2016-04-11 21:00 - 2016-04-11 21:00 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-04-11 20:59 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Felipe\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe 2016-04-11 20:58 - 2016-04-11 21:06 - 00015408 _____ C:\Users\Felipe\AppData\Roaming\InstallationConfiguration.xml 2016-04-11 20:58 - 2016-04-11 21:05 - 00127488 _____ C:\Users\Felipe\AppData\Roaming\Installer.dat 2016-04-11 20:58 - 2016-04-11 21:05 - 00078801 _____ C:\Users\Felipe\AppData\Roaming\inst.lat 2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Todos os Usuários\115792b6-2b57-0 2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Todos os Usuários\115792b6-1b75-1 2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\Users\Felipe\AppData\Local\csdi_monetize_220160408 2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\ProgramData\115792b6-2b57-0 2016-04-11 20:58 - 2016-04-11 20:58 - 00000000 ____D C:\ProgramData\115792b6-1b75-1 2016-04-11 20:57 - 2016-04-11 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioVideoKit 2016-04-11 20:57 - 2016-04-11 20:57 - 00000000 ____D C:\Users\Felipe\AppData\Local\csdi_monetize_120160408 2016-04-11 20:56 - 2016-04-11 20:56 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\FreeVPN 2016-04-11 20:56 - 2016-04-11 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free VPN 2016-04-11 20:55 - 2016-04-11 20:55 - 00000668 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-04-11 20:55 - 2016-04-11 20:55 - 00000668 __RSH C:\ProgramData\ntuser.pol 2016-04-11 20:54 - 2016-04-11 22:02 - 00000000 ____D C:\Users\Felipe\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-04-11 20:54 - 2016-04-11 21:42 - 00000000 ____D C:\Program Files\Screenify 2016-04-11 20:53 - 2016-04-11 20:54 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-04-11 20:52 - 2016-04-11 21:13 - 15793935 _____ C:\Users\Felipe\Downloads\asus-x53u-web-camera-driver 2016-04-10 22:44 - 2011-03-09 20:07 - 06332520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\rtsuvc.sys 2016-04-10 22:32 - 2016-04-10 22:32 - 00031832 _____ (Phoenix Technologies) C:\Windows\system32\Drivers\DrvAgent32.sys 2016-04-10 22:32 - 2016-04-10 22:32 - 00000000 ____D C:\Users\Felipe\AppData\Local\eSupport.com 2016-04-10 22:32 - 2016-04-10 22:32 - 00000000 ____D C:\Program Files\eSupport.com 2016-04-10 16:11 - 2016-04-10 16:28 - 00000000 ____D C:\Users\Felipe\Downloads\Martinho da Vila - Definitivo 2016-04-10 12:34 - 2016-04-10 13:36 - 00000000 ____D C:\Users\Felipe\Downloads\Quim Barreiros - Dar ao Apito 2012 2016-04-10 11:34 - 2016-04-10 12:01 - 00000000 ____D C:\Users\Felipe\Downloads\QUIM BARREIROS 2016-04-08 11:05 - 2016-04-08 11:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Macromedia 2016-04-08 11:05 - 2016-04-08 11:05 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Adobe 2016-04-08 11:05 - 2016-04-08 11:05 - 00000000 ____D C:\Users\Felipe\AppData\Local\Macromedia 2016-04-08 11:03 - 2016-04-08 11:06 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksGameManager 2016-04-08 11:03 - 2016-04-08 11:06 - 00000000 ____D C:\ProgramData\BlueStacksGameManager 2016-04-08 11:03 - 2016-04-08 11:03 - 00001701 _____ C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk 2016-04-08 11:03 - 2016-04-08 11:03 - 00001677 _____ C:\Users\Public\Desktop\BlueStacks.lnk 2016-04-08 11:00 - 2016-04-08 11:02 - 00000000 ____D C:\Program Files\BlueStacks 2016-04-08 11:00 - 2016-04-08 11:01 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacks 2016-04-08 11:00 - 2016-04-08 11:01 - 00000000 ____D C:\ProgramData\BlueStacks 2016-04-08 10:59 - 2016-04-11 17:17 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup 2016-04-08 10:59 - 2016-04-11 17:17 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-04-08 10:59 - 2016-04-08 10:59 - 00000000 ____D C:\Users\Felipe\AppData\Local\Bluestacks 2016-04-08 10:38 - 2016-04-08 10:38 - 00000000 ____D C:\Users\Felipe\Desktop\RENDER 2016-04-08 10:34 - 2016-04-08 10:55 - 311681768 _____ (BlueStack Systems Inc.) C:\Users\Felipe\Downloads\BlueStacks2_native.exe 2016-04-08 10:30 - 2016-04-08 10:30 - 00000000 ____D C:\Users\Felipe\Desktop\Nova pasta 2016-04-05 12:30 - 2016-04-05 12:30 - 00137728 _____ C:\Windows\9b5e5585d25ad04e83f5891085baf225.exe 2016-03-31 23:01 - 2016-03-31 23:10 - 00000000 ____D C:\Users\Felipe\AppData\Local\Mozilla 2016-03-31 23:01 - 2016-03-31 23:04 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Mozilla 2016-03-31 22:56 - 2016-03-31 22:56 - 00242240 _____ C:\Users\Felipe\Desktop\Firefox Setup Stub 45.0.1.exe 2016-03-28 23:48 - 2016-03-28 23:58 - 13614856 _____ C:\Users\Felipe\Downloads\Another Love (Zwette Edit).m4a 2016-03-16 19:50 - 2016-03-16 19:51 - 00000000 ____D C:\Users\Felipe\Downloads\Drake - Hotline Bling [Hip-Hop & Rap] Single 2015 [iTunes Plus M4A AAC] [UJ.rip] 2016-02-20 16:31 - 2016-02-21 18:14 - 00000000 ____D C:\Users\Felipe\Downloads\Maze Runner The Scorch Trails (2015) 2016-02-10 17:03 - 2016-04-11 16:15 - 00000000 ___SD C:\Users\Felipe\AppData\LocalLow\Temp 2016-02-04 22:35 - 2016-02-12 21:40 - 00000000 ____D C:\Users\Felipe\AppData\Local\NFS Underground 2 2016-02-04 22:34 - 2016-02-04 22:34 - 00001250 _____ C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Need for Speed Underground 2.lnk 2016-02-04 22:34 - 2016-02-04 22:34 - 00001226 _____ C:\Users\Felipe\Desktop\Need for Speed Underground 2.lnk 2016-02-04 22:34 - 2016-02-04 22:34 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-02-04 22:32 - 2016-02-04 22:32 - 00000000 ____D C:\Program Files\EA GAMES 2016-02-04 18:44 - 2016-02-04 18:44 - 00000000 ____D C:\Users\Felipe\Tracing 2016-02-04 18:39 - 2016-04-11 21:29 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Skype 2016-02-04 18:38 - 2016-03-20 13:15 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-02-04 18:38 - 2016-03-20 13:15 - 00000000 ____D C:\ProgramData\Skype 2016-02-04 18:38 - 2016-02-04 18:39 - 00000000 ___RD C:\Program Files\Skype 2016-02-04 18:38 - 2016-02-04 18:38 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk 2016-02-04 18:38 - 2016-02-04 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-02-04 18:38 - 2016-02-04 18:38 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-02-01 20:45 - 2016-03-29 00:05 - 00000000 ____D C:\Users\Felipe\Downloads\Water LP _ Exclusive Remix 2016-02-01 20:44 - 2016-02-01 20:44 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\RPEng 2016-02-01 20:44 - 2016-02-01 20:44 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\BitTorrent 2016-02-01 20:43 - 2016-04-11 21:58 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\uTorrent 2016-02-01 15:56 - 2016-02-01 15:56 - 00000000 ____D C:\Users\Felipe\Desktop\jairo 2016-01-26 17:00 - 2016-01-26 17:20 - 2048196608 _____ C:\Users\Felipe\Desktop\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso 2016-01-26 16:55 - 2016-01-26 16:55 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\Trimble Connect for SketchUp 2016-01-26 16:54 - 2016-01-26 16:54 - 00002170 _____ C:\Users\Public\Desktop\Style Builder 2016.lnk 2016-01-26 16:54 - 2016-01-26 16:54 - 00002084 _____ C:\Users\Public\Desktop\LayOut 2016.lnk 2016-01-26 16:54 - 2016-01-26 16:54 - 00001999 _____ C:\Users\Public\Desktop\SketchUp 2016.lnk 2016-01-26 16:54 - 2016-01-26 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2016 2016-01-26 16:48 - 2016-01-26 16:50 - 123613456 _____ (Trimble Navigation Limited) C:\Users\Felipe\Desktop\SketchUpMake-pt-BR.exe 2016-01-26 16:47 - 2016-01-26 16:47 - 00000000 ____D C:\Users\Felipe\AppData\Roaming\SketchUp 2016-01-26 16:44 - 2016-01-26 16:44 - 00000000 ____D C:\Users\Todos os Usuários\Reprise 2016-01-26 16:44 - 2016-01-26 16:44 - 00000000 ____D C:\ProgramData\Reprise 2016-01-26 16:43 - 2016-01-26 16:55 - 00000000 ____D C:\Program Files\SketchUp 2016-01-26 16:43 - 2016-01-26 16:43 - 00000000 ____D C:\Users\Todos os Usuários\SketchUp 2016-01-26 16:43 - 2016-01-26 16:43 - 00000000 ____D C:\ProgramData\SketchUp 2016-01-26 16:42 - 2016-01-26 16:42 - 00134710 _____ C:\Users\Felipe\Desktop\gdm_servicos.rbz 2016-01-26 16:39 - 2016-01-26 16:41 - 116578232 _____ (Trimble Navigation Limited) C:\Users\Felipe\Desktop\SketchUpMake-en.exe 2016-01-26 16:21 - 2016-01-26 16:23 - 134043360 _____ (Trimble Navigation Limited) C:\Users\Felipe\Desktop\SketchUpMake-pt-BR-x64.exe 2016-01-25 18:15 - 2016-01-25 18:15 - 00000000 _____ C:\Users\Felipe\AppData\Local\{9934DA03-AC93-4457-AA6F-A2D2584B89A6} 2016-01-15 15:48 - 2016-01-15 15:48 - 00000000 ____D C:\Users\Felipe\Desktop\RENDERS ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-04-12 04:24 - 2015-11-10 18:42 - 00002032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-12 04:24 - 2015-11-10 18:42 - 00002026 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-04-11 23:00 - 2009-07-14 01:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-11 23:00 - 2009-07-14 01:34 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-11 22:30 - 2015-11-19 19:13 - 00000000 __SHD C:\Users\Felipe\IntelGraphicsProfiles 2016-04-11 21:50 - 2015-11-09 22:08 - 00000000 ____D C:\Users\Felipe\AppData\Local\Apps\2.0 2016-04-11 21:50 - 2015-11-09 21:15 - 00000000 ____D C:\Users\Felipe 2016-04-11 21:24 - 2015-11-09 21:50 - 00000000 ____D C:\Users\Todos os Usuários\Intel 2016-04-11 21:24 - 2015-11-09 21:50 - 00000000 ____D C:\ProgramData\Intel 2016-04-11 21:04 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf 2016-04-11 21:03 - 2015-11-09 21:22 - 00000000 ____D C:\Windows\system32\appmgmt 2016-04-11 20:55 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\GroupPolicy 2016-04-10 22:44 - 2015-11-09 21:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-04-10 22:44 - 2015-11-09 21:56 - 00000000 ____D C:\Program Files\Realtek 2016-04-08 11:02 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries 2016-04-05 14:47 - 2015-11-09 21:19 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-05 14:47 - 2009-07-14 05:31 - 00705268 _____ C:\Windows\system32\prfh0416.dat 2016-04-05 14:47 - 2009-07-14 05:31 - 00147108 _____ C:\Windows\system32\prfc0416.dat ==================== Arquivos na raiz de alguns diretórios ======= 2015-11-09 22:09 - 2015-11-09 22:14 - 6420480 _____ () C:\Program Files\GUT8B20.tmp 2016-04-11 21:04 - 2016-04-11 21:10 - 6504960 _____ () C:\Users\Felipe\AppData\Roaming\agent.dat 2016-04-11 21:03 - 2016-04-11 21:09 - 0054272 _____ () C:\Users\Felipe\AppData\Roaming\ApplicationHosting.dat 2016-04-11 21:04 - 2016-04-11 21:05 - 0002467 _____ () C:\Users\Felipe\AppData\Roaming\Bubble Dock.boostrap.log 2016-04-11 21:08 - 2016-04-11 21:10 - 0002219 _____ () C:\Users\Felipe\AppData\Roaming\Bubble Dock.installation.log 2016-04-11 21:04 - 2016-04-11 21:10 - 0065424 _____ () C:\Users\Felipe\AppData\Roaming\Config.xml 2016-04-11 21:24 - 2016-02-24 06:18 - 1085440 _____ () C:\Users\Felipe\AppData\Roaming\delCalendarReg.exe 2016-04-11 21:10 - 2016-04-11 21:05 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\Don-Stock.exe 2016-04-11 21:10 - 2016-04-11 21:10 - 1626416 _____ () C:\Users\Felipe\AppData\Roaming\Don-Stock.tst 2016-04-11 21:01 - 2016-04-11 21:01 - 0848437 _____ () C:\Users\Felipe\AppData\Roaming\Doubleis.bin 2016-04-11 21:09 - 2016-04-11 21:05 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\DuoCanlight.exe 2016-04-11 21:09 - 2016-04-11 21:09 - 0072699 _____ () C:\Users\Felipe\AppData\Roaming\DuoCanlight.tst 2016-04-11 21:04 - 2016-04-11 20:58 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\Hat-Fax.exe 2016-04-11 21:04 - 2016-04-11 21:04 - 1626416 _____ () C:\Users\Felipe\AppData\Roaming\Hat-Fax.tst 2016-04-11 21:08 - 2016-04-11 21:08 - 0848437 _____ () C:\Users\Felipe\AppData\Roaming\Holdtam.bin 2016-04-11 21:22 - 2015-11-25 15:31 - 1100288 _____ () C:\Users\Felipe\AppData\Roaming\HomePage.exe 2016-04-11 20:58 - 2016-04-11 21:05 - 0078801 _____ () C:\Users\Felipe\AppData\Roaming\inst.lat 2016-04-11 20:58 - 2016-04-11 21:06 - 0015408 _____ () C:\Users\Felipe\AppData\Roaming\InstallationConfiguration.xml 2016-04-11 20:58 - 2016-04-11 21:05 - 0127488 _____ () C:\Users\Felipe\AppData\Roaming\Installer.dat 2016-04-11 21:03 - 2016-04-11 20:58 - 1015808 _____ () C:\Users\Felipe\AppData\Roaming\Istansoft.exe 2016-04-11 21:03 - 2016-04-11 21:03 - 0072699 _____ () C:\Users\Felipe\AppData\Roaming\Istansoft.tst 2016-04-11 21:03 - 2016-04-11 21:09 - 0126464 _____ () C:\Users\Felipe\AppData\Roaming\lobby.dat 2016-04-11 21:04 - 2016-04-11 21:10 - 0018432 _____ () C:\Users\Felipe\AppData\Roaming\Main.dat 2016-04-11 21:03 - 2016-04-11 21:10 - 0005568 _____ () C:\Users\Felipe\AppData\Roaming\md.xml 2016-04-11 21:22 - 2016-04-01 14:51 - 1917952 _____ () C:\Users\Felipe\AppData\Roaming\msiql.exe 2016-04-11 21:04 - 2016-04-11 21:10 - 0126464 _____ () C:\Users\Felipe\AppData\Roaming\noah.dat 2016-04-11 21:13 - 2016-04-11 21:13 - 0000030 _____ () C:\Users\Felipe\AppData\Roaming\Selection Tools.installation.log 2016-04-11 21:04 - 2016-03-31 11:32 - 1747456 _____ () C:\Users\Felipe\AppData\Roaming\service.exe 2016-04-11 21:09 - 2016-04-11 22:55 - 2767872 _____ (TODO: ) C:\Users\Felipe\AppData\Roaming\svrupg.exe 2016-04-11 21:11 - 2016-04-11 21:11 - 0001150 _____ () C:\Users\Felipe\AppData\Roaming\uninstall_temp.ico 2016-04-11 21:23 - 2016-04-11 21:23 - 0016815 _____ () C:\Users\Felipe\AppData\Roaming\webad.xml 2016-04-11 21:05 - 2016-04-11 21:05 - 0000194 _____ () C:\Users\Felipe\AppData\Roaming\WindApp.boostrap.log 2016-04-11 21:09 - 2016-04-11 21:12 - 0000060 _____ () C:\Users\Felipe\AppData\Roaming\WindApp.installation.log 2016-04-11 20:59 - 2015-12-10 15:43 - 0600312 _____ () C:\Users\Felipe\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe 2016-04-11 21:26 - 2016-04-11 21:26 - 0333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nsd50EB.tmp 2016-04-11 21:24 - 2016-04-11 21:23 - 0333506 _____ (AnySend.com) C:\Users\Felipe\AppData\Local\nss1A90.tmp 2016-01-25 18:15 - 2016-01-25 18:15 - 0000000 _____ () C:\Users\Felipe\AppData\Local\{9934DA03-AC93-4457-AA6F-A2D2584B89A6} 2016-04-11 21:12 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe 2016-04-11 21:14 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe 2016-04-11 21:10 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe 2016-04-11 21:08 - 2016-04-01 14:51 - 1917952 _____ () C:\ProgramData\msiql.exe 2016-04-11 21:04 - 2016-03-31 11:32 - 1747456 _____ () C:\ProgramData\service.exe 2016-04-11 21:09 - 2016-04-11 22:55 - 0016815 _____ () C:\ProgramData\webad.xml Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\delCalendarReg.exe C:\ProgramData\HomePage.exe C:\ProgramData\LightGate.exe C:\ProgramData\msiql.exe C:\ProgramData\service.exe C:\Users\Todos os Usuários\delCalendarReg.exe C:\Users\Todos os Usuários\HomePage.exe C:\Users\Todos os Usuários\LightGate.exe C:\Users\Todos os Usuários\msiql.exe C:\Users\Todos os Usuários\service.exe Alguns arquivos em TEMP: ==================== C:\Users\Felipe\AppData\Local\Temp\3Q3U9IOLXS.exe C:\Users\Felipe\AppData\Local\Temp\9KFHQDTUOH.exe C:\Users\Felipe\AppData\Local\Temp\9X15OZJFR2.exe C:\Users\Felipe\AppData\Local\Temp\AO0LQDKOIU.exe C:\Users\Felipe\AppData\Local\Temp\Browser_V5.6.11466.7_r_4728_(Build1603281525).exe C:\Users\Felipe\AppData\Local\Temp\J9QPOTKCQ5.exe C:\Users\Felipe\AppData\Local\Temp\JKFARMJCDJ.exe C:\Users\Felipe\AppData\Local\Temp\JRAVLQTTW7.exe C:\Users\Felipe\AppData\Local\Temp\P20LZMRT8Q.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-04-08 09:12 ==================== Fim de FRST.txt ============================