Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 30-10-2016 Executado por VAN (administrador) em VAN-PC (01-11-2016 01:16:01) Executando a partir de C:\Users\VAN\Desktop Perfis Carregados: VAN (Perfis Disponíveis: VAN) Platform: Windows 7 Home Premium (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Beijing Fantasy Game Network Technology Co., Ltd.) C:\Program Files (x86)\Simcake\2.8.35.1800\SimcakeSvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (simplitec GmbH) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe (Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe (Somoto) C:\Users\VAN\AppData\Local\FilesFrog Update Checker\update_checker.exe () C:\Program Files (x86)\WeatherTool\2.0.1.5000028\WeatherService.exe (GOOBZO) C:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe (ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.5000028\weather_free.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (GOOBZO) C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10657\jsdrv.exe [2562048 2016-04-05] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9099440 2016-10-27] (AVAST Software) HKLM-x32\...\RunOnce: [Tokasakahoh] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\VAN\AppData\Roaming\Faneb" HKU\S-1-5-21-3685981435-3410721990-2421854054-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10657\jsdrv.exe [2562048 2016-04-05] () HKU\S-1-5-21-3685981435-3410721990-2421854054-1000\...\Run: [Chromium] => c:\users\van\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors) HKU\S-1-5-21-3685981435-3410721990-2421854054-1000\...\Run: [GoobzoYouTubeAccelerator] => C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe [2226120 2016-09-14] (GOOBZO) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-14] (AVAST Software) GroupPolicy: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 170.84.159.212 208.67.222.222 Tcpip\..\Interfaces\{05ED152E-44D3-432D-877F-E28F80C9065D}: [DhcpNameServer] 170.84.159.212 208.67.222.222 Tcpip\..\Interfaces\{6257924F-8852-4AAA-A8C9-316C54931A7A}: [DhcpNameServer] 192.168.250.236 172.16.136.40 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtB0DyD0ByB0AtBtAyEyDzztN0D0Tzu0StCyByCyDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0E0E0EyE0EtCtGtC0EyB0AtGyE0AtDtBtGyD0FzzyBtGzyyCtDyEtBtAtB0C0CyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyBtDtCyC0A0BtGyEyEyC0CtGyEyDtDtAtG0BtCyDtAtGyE0Azy0AtAzztC0B0AyB0BtC2QtN0A0LzuyE%26cr%3D1223931876%26a%3Dwbf_bxinw_16_44%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtB0DyD0ByB0AtBtAyEyDzztN0D0Tzu0StCyByCyDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0E0E0EyE0EtCtGtC0EyB0AtGyE0AtDtBtGyD0FzzyBtGzyyCtDyEtBtAtB0C0CyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyBtDtCyC0A0BtGyEyEyC0CtGyEyDtDtAtG0BtCyDtAtGyE0Azy0AtAzztC0B0AyB0BtC2QtN0A0LzuyE%26cr%3D1223931876%26a%3Dwbf_bxinw_16_44%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium HKU\S-1-5-21-3685981435-3410721990-2421854054-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtB0DyD0ByB0AtBtAyEyDzztN0D0Tzu0StCyByCyDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0E0E0EyE0EtCtGtC0EyB0AtGyE0AtDtBtGyD0FzzyBtGzyyCtDyEtBtAtB0C0CyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyBtDtCyC0A0BtGyEyEyC0CtGyEyDtDtAtG0BtCyDtAtGyE0Azy0AtAzztC0B0AyB0BtC2QtN0A0LzuyE%26cr%3D1223931876%26a%3Dwbf_bxinw_16_44%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_44¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtB0DyD0ByB0AtBtAyEyDzztN0D0Tzu0StCyByCyDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0E0E0EyE0EtCtGtC0EyB0AtGyE0AtDtBtGyD0FzzyBtGzyyCtDyEtBtAtB0C0CyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyBtDtCyC0A0BtGyEyEyC0CtGyEyDtDtAtG0BtCyDtAtGyE0Azy0AtAzztC0B0AyB0BtC2QtN0A0LzuyE%26cr%3D1223931876%26a%3Dwbf_bxinw_16_44%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_44¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtB0DyD0ByB0AtBtAyEyDzztN0D0Tzu0StCyByCyDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0E0E0EyE0EtCtGtC0EyB0AtGyE0AtDtBtGyD0FzzyBtGzyyCtDyEtBtAtB0C0CyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyBtDtCyC0A0BtGyEyEyC0CtGyEyDtDtAtG0BtCyDtAtGyE0Azy0AtAzztC0B0AyB0BtC2QtN0A0LzuyE%26cr%3D1223931876%26a%3Dwbf_bxinw_16_44%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_44¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtB0DyD0ByB0AtBtAyEyDzztN0D0Tzu0StCyByCyDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0E0E0EyE0EtCtGtC0EyB0AtGyE0AtDtBtGyD0FzzyBtGzyyCtDyEtBtAtB0C0CyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyBtDtCyC0A0BtGyEyEyC0CtGyEyDtDtAtG0BtCyDtAtGyE0Azy0AtAzztC0B0AyB0BtC2QtN0A0LzuyE%26cr%3D1223931876%26a%3Dwbf_bxinw_16_44%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_44¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtB0DyD0ByB0AtBtAyEyDzztN0D0Tzu0StCyByCyDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0E0E0EyE0EtCtGtC0EyB0AtGyE0AtDtBtGyD0FzzyBtGzyyCtDyEtBtAtB0C0CyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyBtDtCyC0A0BtGyEyEyC0CtGyEyDtDtAtG0BtCyDtAtGyE0Azy0AtAzztC0B0AyB0BtC2QtN0A0LzuyE%26cr%3D1223931876%26a%3Dwbf_bxinw_16_44%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3685981435-3410721990-2421854054-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_44¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtB0DyD0ByB0AtBtAyEyDzztN0D0Tzu0StCyByCyDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0E0E0EyE0EtCtGtC0EyB0AtGyE0AtDtBtGyD0FzzyBtGzyyCtDyEtBtAtB0C0CyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyBtDtCyC0A0BtGyEyEyC0CtGyEyDtDtAtG0BtCyDtAtGyE0Azy0AtAzztC0B0AyB0BtC2QtN0A0LzuyE%26cr%3D1223931876%26a%3Dwbf_bxinw_16_44%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} SearchScopes: HKU\S-1-5-21-3685981435-3410721990-2421854054-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_44¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtB0DyD0ByB0AtBtAyEyDzztN0D0Tzu0StCyByCyDtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0E0E0E0EyE0EtCtGtC0EyB0AtGyE0AtDtBtGyD0FzzyBtGzyyCtDyEtBtAtB0C0CyEtC0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzzyBtDtCyC0A0BtGyEyEyC0CtGyEyDtDtAtG0BtCyDtAtGyE0Azy0AtAzztC0B0AyB0BtC2QtN0A0LzuyE%26cr%3D1223931876%26a%3Dwbf_bxinw_16_44%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms} BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro3\ShopperPro364.dll [2016-04-05] () BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-11-01] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-11-01] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2016-09-14] (Oracle Corporation) BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro3\ShopperPro3.dll [2016-04-05] () BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-11-01] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2016-09-14] (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-01] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-01] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-01] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-01] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-11-01] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-01] (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2016-09-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2016-09-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-11-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\50bed4b356c1485d14\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\50bed4b356c1485d14\VLC\npvlc.dll [2016-06-01] (VideoLAN) Chrome: ======= CHR DefaultProfile: Profile 1 CHR DefaultSearchURL: Profile 1 -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Users\VAN\AppData\Local\Google\Chrome\User Data\Default [2016-09-14] CHR Profile: C:\Users\VAN\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-01] CHR Extension: (Google Drive) - C:\Users\VAN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-27] CHR Extension: (YouTube) - C:\Users\VAN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-27] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\VAN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-27] CHR Extension: (Gmail) - C:\Users\VAN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-27] CHR Extension: (Chrome Media Router) - C:\Users\VAN\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21] CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3685981435-3410721990-2421854054-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-14] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3064520 2016-10-08] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-07-27] (Intel Corporation) S2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [Arquivo não assinado] R2 SimcakeSVC; C:\Program Files (x86)\Simcake\2.8.35.1800\SimcakeSvc.exe [121632 1703-07-31] (Beijing Fantasy Game Network Technology Co., Ltd.) S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro3\spbiu.exe [1224704 2016-04-05] () [Arquivo não assinado] <==== ATENÇÃO R2 TheFreeWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.5000028\WeatherService.exe [156784 2016-08-11] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 YouTubeAcceleratorService; C:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe [1509320 2016-09-14] (GOOBZO) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-14] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-14] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-27] (REALiX(tm)) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2016-07-27] (Intel Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-07-27] (Intel Corporation) R2 memudrv; C:\Program Files (x86)\Simcake\Microvirt\MEmuHyperv\MEmuDrv.sys [260328 2016-01-16] (Microvirt Corporation) R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [413912 2016-07-27] (Realsil Semiconductor Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33960 2016-07-27] (Synaptics Incorporated) S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro3\spbiw.sys [43832 2016-04-05] () S2 SPDRIVER_1.42.1.10657; C:\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10657\jsdrv.sys [53040 2016-04-05] () ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-11-01 01:16 - 2016-11-01 01:16 - 00020934 _____ C:\Users\VAN\Desktop\FRST.txt 2016-11-01 01:15 - 2016-11-01 01:16 - 00000000 ____D C:\FRST 2016-11-01 01:15 - 2016-11-01 01:15 - 02408960 _____ (Farbar) C:\Users\VAN\Downloads\FRST64.exe 2016-11-01 01:15 - 2016-11-01 01:15 - 02408960 _____ (Farbar) C:\Users\VAN\Desktop\FRST64.exe 2016-11-01 01:11 - 2016-11-01 01:11 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2016-11-01 00:19 - 2016-11-01 00:19 - 00002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2016-11-01 00:19 - 2016-11-01 00:19 - 00002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2016-11-01 00:19 - 2016-11-01 00:19 - 00002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2016-11-01 00:19 - 2016-11-01 00:19 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2016-11-01 00:19 - 2016-11-01 00:19 - 00002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2016-11-01 00:19 - 2016-11-01 00:19 - 00002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2016-11-01 00:19 - 2016-11-01 00:19 - 00002322 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2016-11-01 00:19 - 2016-11-01 00:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016 2016-11-01 00:14 - 2016-11-01 01:11 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2016-11-01 00:14 - 2016-11-01 01:11 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-10-31 23:52 - 2016-10-31 23:52 - 14381616 _____ C:\Windows\MSYHBD.tt2 2016-10-31 23:52 - 2016-10-31 23:51 - 21543568 _____ C:\Windows\MSYH.tt2 2016-10-31 23:52 - 2016-10-31 23:50 - 21302624 _____ C:\Windows\MSJH.tt2 2016-10-31 23:52 - 2016-10-31 23:50 - 14343024 _____ C:\Windows\MSJHBD.tt2 2016-10-31 23:48 - 2016-10-31 23:48 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-10-31 23:37 - 2016-10-31 23:46 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS 2016-10-31 23:37 - 2016-10-31 23:45 - 00000000 ____D C:\Windows\AutoKMS 2016-10-31 23:36 - 2016-10-31 23:36 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Toolkit 2016-10-31 23:36 - 2016-10-31 23:36 - 00000000 ____D C:\ProgramData\Microsoft Toolkit 2016-10-31 23:20 - 2016-10-31 23:22 - 01595668 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-10-31 23:15 - 2009-11-25 17:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2016-10-31 23:15 - 2009-11-25 17:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2016-10-31 23:15 - 2009-11-25 17:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2016-10-31 23:15 - 2009-11-25 17:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2016-10-31 23:15 - 2009-11-25 17:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll 2016-10-31 23:15 - 2009-11-25 17:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe 2016-10-31 23:15 - 2009-11-25 17:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2016-10-31 23:15 - 2009-11-25 17:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll 2016-10-31 23:15 - 2009-11-25 17:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll 2016-10-31 23:15 - 2009-11-25 17:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2016-10-31 23:05 - 2016-10-31 23:05 - 00001225 _____ C:\Users\VAN\Desktop\League client alpha.lnk 2016-10-31 22:56 - 2016-10-31 21:54 - 01889856 _____ ( ) C:\Users\VAN\Desktop\Baixaki_microsoft-net-framework-4-0-30319-1.exe 2016-10-31 22:00 - 2016-10-31 22:31 - 43000506 _____ C:\Users\VAN\Downloads\Net framework 4.... POR MARCOS CH.rar 2016-10-31 21:58 - 2016-11-01 00:58 - 00000974 _____ C:\Windows\Tasks\Yahoo! Powered momoc.job 2016-10-31 21:57 - 2016-10-31 21:58 - 00017342 _____ C:\Users\VAN\AppData\Roaming\Faneb 2016-10-31 21:55 - 2016-10-31 23:13 - 00889416 _____ (Microsoft Corporation) C:\Users\VAN\Downloads\Baixaki_microsoft-net-framework-4-0-30319-1 [1].exe 2016-10-31 21:54 - 2016-10-31 21:54 - 01889856 _____ ( ) C:\Users\VAN\Downloads\Baixaki_microsoft-net-framework-4-0-30319-1.exe 2016-10-31 21:22 - 2016-10-31 21:44 - 50449456 _____ (Microsoft Corporation) C:\Users\VAN\Downloads\dotNetFx40_Full_x86_x64.exe 2016-10-31 16:07 - 2016-11-01 01:12 - 00002122 _____ C:\Users\VAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-10-31 16:07 - 2016-11-01 01:12 - 00000000 ___RD C:\Users\VAN\OneDrive 2016-10-31 16:07 - 2016-10-31 16:07 - 00002110 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-10-31 16:07 - 2016-10-31 16:07 - 00002110 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-10-31 16:07 - 2016-10-31 16:07 - 00002110 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-10-31 16:07 - 2016-10-31 16:07 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive 2016-10-31 16:07 - 2016-10-31 16:07 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-10-31 16:07 - 2016-10-31 16:07 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2016-10-31 15:16 - 2016-10-31 23:48 - 01804512 _____ C:\Windows\GABRIOLA.tt2 2016-10-31 15:14 - 2016-11-01 00:13 - 00000000 ____D C:\Program Files\Microsoft Office 2016-10-31 15:03 - 2016-10-31 21:49 - 00000000 ____D C:\Users\VAN\Desktop\Office 2016 Online 2016-10-31 15:02 - 2016-10-31 15:01 - 62024136 _____ C:\Users\VAN\Desktop\Office 2016 Online.rar 2016-10-31 15:01 - 2016-10-31 15:01 - 62024136 _____ C:\Users\VAN\Downloads\Office 2016 Online.rar 2016-10-31 14:32 - 2016-10-31 14:33 - 00000000 ____D C:\Users\VAN\Downloads\The Vampire Diaries - 7ª Temporada (2016) Dual Áudio 720p (By-LuanHarper) 2016-10-31 14:21 - 2016-10-31 15:06 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2016-10-31 14:21 - 2016-10-31 14:21 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2016-10-31 14:21 - 2016-10-31 14:21 - 00000000 ____D C:\Users\VAN\AppData\Local\Microsoft Help 2016-10-31 14:20 - 2016-10-31 15:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-10-30 17:33 - 2016-10-30 17:33 - 00281216 _____ C:\Windows\Minidump\103016-13306-01.dmp 2016-10-30 01:30 - 2016-10-30 01:31 - 25505304 _____ ( ) C:\Users\VAN\Downloads\AdbeRdr930_pt_BR.exe 2016-10-28 19:59 - 2016-10-28 19:59 - 03365678 _____ C:\Users\VAN\Downloads\qvt1 2016-10-28 19:59 - 2016-10-28 19:59 - 01993295 _____ C:\Users\VAN\Downloads\PDFdu_Rotate_PDF_setup.zip 2016-10-28 19:58 - 2016-10-28 19:58 - 00988529 _____ C:\Users\VAN\Downloads\dp1 2016-10-28 19:58 - 2016-10-28 19:58 - 00649051 _____ C:\Users\VAN\Downloads\recrutamento1 2016-10-21 18:48 - 2016-10-21 18:48 - 01894760 _____ ( ) C:\Users\VAN\Downloads\Baixaki_daemon-tools-lite.exe 2016-10-21 18:45 - 2016-10-21 18:45 - 00013839 _____ C:\Users\VAN\Downloads\asdfasdgas 2016-10-21 18:43 - 2016-10-21 18:43 - 00013839 _____ C:\Users\VAN\Downloads\crucios 2016-10-21 18:43 - 2016-10-21 18:43 - 00013839 _____ C:\Users\VAN\Downloads\b71a871e-68cb-4f23-994a-2eefb894f29f 2016-10-21 12:30 - 2016-10-21 14:03 - 00000000 ____D C:\Users\VAN\Desktop\Vionna 2016-10-21 12:25 - 2016-10-21 12:25 - 00281216 _____ C:\Windows\Minidump\102116-16723-01.dmp 2016-10-19 09:44 - 2016-10-19 09:45 - 02179850 _____ C:\Users\VAN\Downloads\Traketeo-Zumba---Nene-Malo-ZIN-56.3gp 2016-10-18 21:22 - 2016-10-18 21:22 - 00011989 _____ C:\Users\VAN\Downloads\dcat 2016-10-18 20:48 - 2016-10-18 20:48 - 00281272 _____ C:\Windows\Minidump\101816-19297-01.dmp 2016-10-16 14:54 - 2016-10-16 14:54 - 00434744 _____ C:\Users\VAN\Downloads\EDITAL VESTIBULAR UNCISAL 2017 - 10.10.2016.pdf 2016-10-14 22:54 - 2016-10-31 14:23 - 00000000 ____D C:\Users\VAN\Downloads\Piratas do Caribe 2 O Baú Da Morte 2016-10-14 20:53 - 2016-10-31 14:23 - 00000000 ____D C:\Users\VAN\Downloads\Piratas do Caribe 1 A Maldição Do Pérola Negra 2016-10-10 15:31 - 2016-08-15 18:27 - 00000000 ____D C:\Users\VAN\Downloads\CD PROMOCIONAL PEDRINHO PEGAÇÃO - AO VIVO EM ACARI-RN 2016-10-10 13:44 - 2016-09-29 01:11 - 00000000 ____D C:\Users\VAN\Downloads\__MACOSX 2016-10-09 19:07 - 2016-10-09 19:07 - 00000000 ____D C:\Users\VAN\Desktop\van 2016-10-08 01:10 - 2016-10-08 01:10 - 00334616 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll 2016-10-08 01:10 - 2016-10-08 01:10 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll 2016-10-08 01:09 - 2016-10-08 01:09 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll 2016-10-08 01:09 - 2016-10-08 01:09 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll 2016-10-08 01:09 - 2016-10-08 01:09 - 00244496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll 2016-10-08 01:08 - 2016-10-08 01:08 - 00394496 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll 2016-10-08 01:08 - 2016-10-08 01:08 - 00271104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll 2016-10-08 01:08 - 2016-10-08 01:08 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll 2016-10-03 22:22 - 2016-10-03 22:22 - 00000000 ____D C:\Users\VAN\AppData\Roaming\Nitro 2016-10-03 22:21 - 2016-10-03 22:24 - 00000000 ____D C:\Program Files\Nitro 2016-10-03 22:21 - 2016-10-03 22:21 - 00000000 ____D C:\Users\Todos os Usuários\Nitro 2016-10-03 22:21 - 2016-10-03 22:21 - 00000000 ____D C:\ProgramData\Nitro 2016-10-03 22:19 - 2016-10-03 22:19 - 00000000 ____D C:\Users\VAN\AppData\Roaming\Downloaded Installations 2016-10-03 22:12 - 2016-10-03 22:19 - 116558728 _____ (Nitro PDF Software) C:\Users\VAN\Downloads\nitro_pro10_x64.exe 2016-09-30 01:22 - 2016-10-22 01:04 - 00000000 ____D C:\Users\VAN\AppData\Roaming\Skype 2016-09-30 01:22 - 2016-10-21 16:32 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-09-30 01:22 - 2016-10-21 16:32 - 00000000 ____D C:\ProgramData\Skype 2016-09-30 01:22 - 2016-10-18 19:20 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-09-30 01:22 - 2016-09-30 01:22 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk 2016-09-30 01:22 - 2016-09-30 01:22 - 00000000 ____D C:\Users\VAN\Tracing 2016-09-30 01:22 - 2016-09-30 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-09-30 01:12 - 2016-09-30 01:15 - 41743488 _____ (Skype Technologies S.A.) C:\Users\VAN\Downloads\SkypeSetupFull.exe 2016-09-28 15:18 - 2016-09-28 15:18 - 02286133 _____ C:\Users\VAN\Documents\livroLdP.pdf 2016-09-27 20:36 - 2016-09-27 20:36 - 00003158 _____ C:\Windows\System32\Tasks\UNELEVATE_15944 2016-09-21 23:24 - 2016-09-21 23:26 - 00000000 ____D C:\Users\VAN\Downloads\Classic Rock Pack 2015 - www.musicasparabaixar.org 2016-09-20 20:13 - 2016-09-20 20:13 - 00021920 _____ C:\Users\VAN\Documents\aula2009.odt 2016-09-16 15:58 - 2016-09-16 15:58 - 00000735 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-09-16 01:16 - 2016-09-16 01:16 - 00000000 ____D C:\Users\VAN\AppData\Roaming\LibreOffice 2016-09-16 01:13 - 2016-09-16 01:13 - 00001554 _____ C:\Users\Public\Desktop\LibreOffice 5.2.lnk 2016-09-16 01:12 - 2016-09-16 01:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2 2016-09-16 01:11 - 2016-09-16 01:12 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5 2016-09-16 01:00 - 2016-09-16 01:09 - 221716480 _____ C:\Users\VAN\Downloads\LibreOffice_5.2.1_Win_x86.msi 2016-09-15 20:51 - 2016-09-15 20:51 - 00000000 ____D C:\Users\VAN\AppData\LocalLow\Oracle 2016-09-15 20:49 - 2016-09-15 20:49 - 00000000 ____D C:\Users\VAN\Documents\Picosmos 2016-09-15 20:38 - 2016-09-15 20:38 - 02539067 _____ C:\Users\VAN\Downloads\AtvdR W7 By PH Downs.rar 2016-09-14 12:07 - 2016-09-14 12:13 - 111040690 _____ C:\Users\VAN\Downloads\Aula de Ginástica - Derreta Gorduras com 20 min de AeroHiiT #7.avi 2016-09-14 11:32 - 2016-09-14 11:32 - 00000000 ____D C:\Users\VAN\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence 2016-09-14 11:27 - 2016-09-14 11:27 - 00000000 ____D C:\Users\VAN\AppData\Roaming\Picosmos 2016-09-14 11:27 - 2016-09-14 11:27 - 00000000 ____D C:\Users\VAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PicosmosTools 2016-09-14 11:27 - 2016-09-14 11:27 - 00000000 ____D C:\Program Files (x86)\PicosmosTools 2016-09-14 11:26 - 2016-09-14 11:26 - 00000000 ____D C:\Users\VAN\AppData\Local\fontconfig 2016-09-14 11:24 - 2016-09-14 11:35 - 00000000 ____D C:\Users\VAN\Documents\ConvertXtoVideo Ultimate 2016-09-14 11:20 - 2016-10-31 23:45 - 00000430 _____ C:\Windows\Tasks\simplitec Power Suite (Tray).job 2016-09-14 11:20 - 2016-09-15 20:30 - 00000374 _____ C:\Windows\Tasks\simplitec Power Suite.job 2016-09-14 11:20 - 2016-09-14 11:20 - 00002806 _____ C:\Windows\System32\Tasks\simplitec Power Suite (Tray) 2016-09-14 11:20 - 2016-09-14 11:20 - 00002746 _____ C:\Windows\System32\Tasks\simplitec Power Suite 2016-09-14 11:20 - 2016-09-14 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec 2016-09-14 11:19 - 2016-09-14 11:19 - 00000000 ____D C:\Users\Todos os Usuários\simplitec 2016-09-14 11:19 - 2016-09-14 11:19 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2016-09-14 11:19 - 2016-09-14 11:19 - 00000000 ____D C:\ProgramData\simplitec 2016-09-14 11:19 - 2016-09-14 11:19 - 00000000 ____D C:\ProgramData\Package Cache 2016-09-14 11:19 - 2016-09-14 11:19 - 00000000 ____D C:\Program Files (x86)\simplitec 2016-09-14 11:19 - 2016-06-03 18:16 - 00120200 _____ () C:\Windows\SysWOW64\DLLDEV32i.dll 2016-09-14 11:18 - 2016-09-14 11:25 - 00000000 ____D C:\FFOutput 2016-09-14 11:18 - 2016-09-14 11:21 - 00000000 ____D C:\Users\Todos os Usuários\VSO 2016-09-14 11:18 - 2016-09-14 11:21 - 00000000 ____D C:\ProgramData\VSO 2016-09-14 11:18 - 2016-09-14 11:18 - 00099384 _____ C:\Users\VAN\AppData\Roaming\inst.exe 2016-09-14 11:18 - 2016-09-14 11:18 - 00082816 _____ (VSO Software) C:\Users\VAN\AppData\Roaming\pcouffin.sys 2016-09-14 11:18 - 2016-09-14 11:18 - 00021212 _____ C:\Users\VAN\AppData\Roaming\ICSW_0F1F1C1H1T2Z0F1T1R2Z1F1C2U1V0F0StJ1V0C1F1G2X1P1C2Z0X2Z1F0V1L1Q1P1F.txt 2016-09-14 11:18 - 2016-09-14 11:18 - 00007859 _____ C:\Users\VAN\AppData\Roaming\pcouffin.cat 2016-09-14 11:18 - 2016-09-14 11:18 - 00000000 ____D C:\Users\VAN\Documents\PcSetup 2016-09-14 11:18 - 2016-09-14 11:18 - 00000000 ____D C:\Users\VAN\Documents\ConvertXtoVideo 2016-09-14 11:18 - 2016-09-14 11:18 - 00000000 ____D C:\Users\VAN\AppData\Roaming\Vso 2016-09-14 11:18 - 2016-09-14 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2016-09-14 11:18 - 2016-09-14 11:18 - 00000000 ____D C:\Program Files (x86)\VSO 2016-09-14 11:16 - 2016-09-14 11:16 - 47396880 _____ (Free Time Co., Ltd) C:\Users\VAN\Downloads\Baixaki_formatfactory [1].exe 2016-09-14 11:12 - 2016-10-30 03:03 - 00000000 ____D C:\Program Files (x86)\Corner Sunshine 2016-09-14 11:12 - 2016-09-14 12:12 - 00000000 ____D C:\Users\VAN\AppData\Roaming\Corner Sunshine 2016-09-14 11:12 - 2016-09-14 11:12 - 00000000 ____D C:\Users\Todos os Usuários\cosun 2016-09-14 11:12 - 2016-09-14 11:12 - 00000000 ____D C:\ProgramData\cosun 2016-09-14 11:11 - 2016-09-14 11:11 - 01611000 _____ (File Software ) C:\Users\VAN\Downloads\Baixaki_formatfactory.exe 2016-09-14 10:42 - 2016-09-14 10:49 - 58960493 _____ C:\Users\VAN\Downloads\Perder_Medidas_e_Afinar_a_Cintura_Aula_de_AeroHiit_3.mp4 2016-09-14 10:40 - 2016-10-25 01:09 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-09-14 10:40 - 2016-10-13 22:49 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys 2016-09-14 10:40 - 2016-09-22 17:36 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-09-14 10:40 - 2016-09-14 10:40 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2016-09-14 10:40 - 2016-09-14 10:40 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2016-09-14 10:40 - 2016-09-14 10:40 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2016-09-14 10:40 - 2016-09-14 10:40 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2016-09-14 10:40 - 2016-09-14 10:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2016-09-14 10:40 - 2016-09-14 10:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2016-09-14 10:40 - 2016-09-14 10:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-09-14 10:40 - 2016-09-14 10:40 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-09-14 10:40 - 2016-09-14 10:40 - 00000000 ____D C:\Users\VAN\AppData\Roaming\AVAST Software 2016-09-14 10:40 - 2016-09-14 10:40 - 00000000 ____D C:\Users\Todos os Usuários\Sun 2016-09-14 10:40 - 2016-09-14 10:40 - 00000000 ____D C:\ProgramData\Sun 2016-09-14 10:40 - 2016-09-14 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-09-14 10:40 - 2016-09-14 10:40 - 00000000 ____D C:\Program Files\Common Files\AV 2016-09-14 10:40 - 2016-09-14 10:40 - 00000000 ____D C:\Program Files (x86)\Java 2016-09-14 10:40 - 2016-09-14 10:39 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-09-14 10:40 - 2016-09-14 10:39 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-09-14 10:40 - 2016-09-14 10:39 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-09-14 10:40 - 2016-09-14 10:39 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-09-14 10:40 - 2016-09-14 10:39 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-09-14 10:39 - 2016-09-14 10:39 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-09-14 10:39 - 2016-09-14 10:39 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2016-09-14 10:39 - 2016-09-14 10:39 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-09-14 10:39 - 2016-09-14 10:39 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-09-14 10:36 - 2016-09-14 10:36 - 00000000 ____D C:\Users\VAN\AppData\LocalLow\Sun 2016-09-14 10:35 - 2016-10-31 23:46 - 00000000 ____D C:\Users\Todos os Usuários\TEMP 2016-09-14 10:35 - 2016-10-31 23:46 - 00000000 ____D C:\ProgramData\TEMP 2016-09-14 10:35 - 2016-09-15 20:32 - 00000000 ____D C:\Program Files (x86)\YouTube Accelerator 2016-09-14 10:35 - 2016-09-14 10:35 - 00172032 _____ (Jin Hui E-mail: jinhui@jcomsoft.com Web: hxxp://www.jcomsoft.com) C:\Windows\SysWOW64\AniGIF.ocx 2016-09-14 10:35 - 2016-09-14 10:35 - 00003434 _____ C:\Windows\System32\Tasks\YTAUpdate 2016-09-14 10:35 - 2016-09-14 10:35 - 00003248 _____ C:\Windows\System32\Tasks\YTAUpdate_logon 2016-09-14 10:35 - 2016-09-14 10:35 - 00003236 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart 2016-09-14 10:35 - 2016-09-14 10:35 - 00000000 ____D C:\Users\VAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 2016-09-14 10:35 - 2016-09-14 10:35 - 00000000 ____D C:\Users\VAN\AppData\Roaming\Genieo 2016-09-14 10:35 - 2016-09-14 10:35 - 00000000 ____D C:\Users\VAN\AppData\LocalLow\Goobzo 2016-09-14 10:35 - 2016-09-14 10:35 - 00000000 ____D C:\Users\VAN\AppData\Local\FilesFrog Update Checker 2016-09-14 10:35 - 2016-09-14 10:35 - 00000000 ____D C:\Users\Public\Documents\GOOBZO 2016-09-14 10:35 - 2016-09-14 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator 2016-09-14 10:34 - 2016-09-14 10:34 - 00002213 _____ C:\Users\VAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2016-09-14 10:34 - 2016-09-14 10:34 - 00000000 ____D C:\Users\VAN\AppData\Local\chromium 2016-09-14 10:33 - 2016-09-14 10:33 - 00004346 _____ C:\Windows\System32\Tasks\ShopperPro3 2016-09-14 10:33 - 2016-09-14 10:33 - 00004226 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_313431383234343731362d3737555a416c503257344a41 2016-09-14 10:33 - 2016-09-14 10:33 - 00003562 _____ C:\Windows\System32\Tasks\ShopperProJSUpd 2016-09-14 10:33 - 2016-09-14 10:33 - 00003490 _____ C:\Windows\System32\Tasks\SPDriver 2016-09-14 10:33 - 2016-09-14 10:33 - 00000000 ____D C:\Users\Todos os Usuários\ShopperPro3 2016-09-14 10:33 - 2016-09-14 10:33 - 00000000 ____D C:\Users\Public\Documents\ShopperPro3 2016-09-14 10:33 - 2016-09-14 10:33 - 00000000 ____D C:\ProgramData\ShopperPro3 2016-09-14 10:33 - 2016-09-14 10:33 - 00000000 ____D C:\Program Files\Common Files\ShopperPro3 2016-09-14 10:33 - 2016-09-14 10:33 - 00000000 ____D C:\Program Files (x86)\ShopperPro3 2016-09-14 10:32 - 2016-09-14 10:32 - 00003452 _____ C:\Windows\System32\Tasks\Inst_Rep 2016-09-14 10:30 - 2016-10-31 23:49 - 00000000 ____D C:\Users\VAN\AppData\Roaming\WeatherTool 2016-09-14 10:30 - 2016-10-31 21:58 - 00004000 _____ C:\Windows\System32\Tasks\Yahoo! Powered momoc 2016-09-14 10:30 - 2016-10-31 21:58 - 00001440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk 2016-09-14 10:30 - 2016-10-31 21:58 - 00000000 ____D C:\Users\VAN\AppData\Local\{6AF25CAE-4E5A-3016-23C2-15FE07AAE966} 2016-09-14 10:30 - 2016-10-31 21:57 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-09-14 10:30 - 2016-10-31 21:57 - 00000286 __RSH C:\ProgramData\ntuser.pol 2016-09-14 10:30 - 2016-10-31 01:30 - 00000000 ____D C:\Users\Todos os Usuários\{03B0C6D3-89F2-4C15-0F34-D25795765999} 2016-09-14 10:30 - 2016-10-31 01:30 - 00000000 ____D C:\ProgramData\{03B0C6D3-89F2-4C15-0F34-D25795765999} 2016-09-14 10:30 - 2016-09-18 05:57 - 00000000 ____D C:\Program Files\ByteFence 2016-09-14 10:30 - 2016-09-14 11:30 - 00000000 ____D C:\Users\VAN\AppData\Local\{6AAF5C14-4FFD-3162-24CB-16B0F819EB8E} 2016-09-14 10:30 - 2016-09-14 10:30 - 00000000 ____D C:\Users\Public\Documents\Tools 2016-09-14 10:30 - 2016-09-14 10:30 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-09-14 10:30 - 2016-09-14 10:30 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-09-14 10:30 - 2016-09-14 10:30 - 00000000 ____D C:\Program Files\AVAST Software 2016-09-14 10:30 - 2016-09-14 10:30 - 00000000 ____D C:\Program Files (x86)\WeatherTool 2016-09-14 10:29 - 2016-09-14 10:29 - 00769743 _____ ((c) Vitzo Limited ) C:\Users\VAN\Downloads\Baixaki_vdownloader [1].exe 2016-09-14 10:29 - 2016-09-14 10:29 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2016-09-14 10:29 - 2016-09-14 10:29 - 00000000 ____D C:\ProgramData\AVAST Software 2016-09-14 10:28 - 2016-09-14 10:28 - 01611000 _____ (File Software ) C:\Users\VAN\Downloads\Baixaki_vdownloader.exe 2016-09-09 22:44 - 2016-09-09 22:44 - 00281216 _____ C:\Windows\Minidump\090916-13182-01.dmp 2016-09-03 23:37 - 2016-09-03 23:37 - 00281216 _____ C:\Windows\Minidump\090316-11559-01.dmp 2016-09-03 12:10 - 2016-09-03 12:10 - 00053520 _____ C:\Users\VAN\Downloads\Res No 33-2008 Autoriza a oferta e o func. do Curso de Graduacao 2013 Licenciatura em Biologia- EAD..pdf 2016-08-30 13:33 - 2016-08-30 13:33 - 00081356 _____ C:\Users\VAN\Documents\vcnet1.pdf 2016-08-30 13:33 - 2016-08-30 13:33 - 00081115 _____ C:\Users\VAN\Documents\vcnet2.pdf 2016-08-29 18:01 - 2016-10-19 10:41 - 00000000 ____D C:\Users\VAN\AppData\Roaming\vlc 2016-08-29 18:01 - 2016-08-29 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-08-27 13:55 - 2016-08-27 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simcake 2016-08-27 13:53 - 2016-08-27 13:54 - 12903336 _____ (MEGA Limited) C:\Users\VAN\Downloads\MEGAsyncSetup.exe 2016-08-26 18:26 - 2016-08-26 18:26 - 00734815 _____ (Remote Mouse ) C:\Users\VAN\Downloads\RemoteMouse.exe 2016-08-26 18:26 - 2016-08-26 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Mouse 2016-08-26 18:26 - 2016-08-26 18:26 - 00000000 ____D C:\Program Files (x86)\Remote Mouse 2016-08-26 17:38 - 2016-10-31 23:45 - 00000354 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2016-08-26 17:38 - 2016-10-31 23:44 - 00002702 _____ C:\Windows\System32\Tasks\DriverToolkit Autorun 2016-08-26 17:24 - 2016-08-26 17:24 - 01077248 _____ C:\Windows\system32\AmRdrIco.icl 2016-08-26 17:24 - 2016-08-26 17:24 - 00090264 _____ (Alcor Micro, Corp.) C:\Windows\system32\Drivers\AmUStor.sys 2016-08-26 17:24 - 2016-08-26 17:24 - 00041841 _____ C:\Windows\system32\AmUStor.ini 2016-08-26 17:24 - 2016-08-26 17:24 - 00020632 _____ (Alcor Micro, Corp.) C:\Windows\system32\AmUStor2.dll 2016-08-26 17:24 - 2016-08-26 17:24 - 00000640 _____ C:\Windows\system32\VendorCmd6435.bin 2016-08-26 17:24 - 2016-08-26 17:24 - 00000032 _____ C:\Windows\system32\VendorCommand_MS1bit.bin 2016-08-26 17:24 - 2016-08-26 17:24 - 00000032 _____ C:\Windows\system32\VendorCmd6485.bin 2016-08-26 17:24 - 2016-08-26 17:24 - 00000032 _____ C:\Windows\system32\VendorCmd6465.bin 2016-08-26 17:24 - 2016-08-26 17:24 - 00000008 _____ C:\Windows\system32\CardDetect6485.bin 2016-08-26 17:24 - 2016-08-26 17:24 - 00000008 _____ C:\Windows\system32\CardDetect6420.bin 2016-08-26 17:24 - 2016-08-26 17:24 - 00000008 _____ C:\Windows\system32\CardDetect6366.bin 2016-08-26 17:24 - 2016-08-26 17:24 - 00000008 _____ C:\Windows\system32\CardDetect6362.bin 2016-08-26 17:24 - 2016-08-26 17:24 - 00000008 _____ C:\Windows\system32\CardDetect6361.bin 2016-08-26 17:24 - 2016-08-26 17:24 - 00000008 _____ C:\Windows\system32\CardDetect6339.bin 2016-08-26 17:20 - 2016-08-26 17:20 - 00000000 ____D C:\Users\VAN\AppData\Local\DriverToolkit 2016-08-26 17:20 - 2016-08-26 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit 2016-08-26 17:20 - 2016-08-26 17:20 - 00000000 ____D C:\Program Files (x86)\DriverToolkit 2016-08-26 17:19 - 2016-08-26 17:19 - 02449376 _____ (Megaify Software ) C:\Users\VAN\Downloads\DriverToolkitInstaller.exe 2016-08-26 01:58 - 2016-08-26 04:26 - 455790942 _____ C:\Users\VAN\Downloads\Classic Rock Pack 2015 - www.musicasparabaixar.org.rar 2016-08-25 19:59 - 2016-08-25 19:59 - 00000000 ____D C:\Users\VAN\psoul 2016-08-25 19:59 - 2016-08-25 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSoul 2016-08-25 19:58 - 2016-08-25 19:58 - 00000000 ____D C:\Program Files (x86)\PSoul 2016-08-25 19:46 - 2016-08-25 19:57 - 140234605 _____ (PSoul ) C:\Users\VAN\Downloads\setup-psoul.exe 2016-08-25 19:44 - 2016-08-25 19:44 - 01005568 _____ (Microsoft Corporation) C:\Users\VAN\Downloads\dotNetFx45_Full_setup.exe 2016-08-25 19:41 - 2016-08-25 19:41 - 00967168 _____ C:\Users\VAN\Downloads\PSoulLauncherSetup.msi 2016-08-25 16:41 - 2016-08-29 18:00 - 00000000 ____D C:\50bed4b356c1485d14 2016-08-25 16:35 - 2016-08-25 16:35 - 00000000 ____D C:\Users\VAN\Downloads\MEmu Download 2016-08-25 16:35 - 2016-08-25 16:35 - 00000000 ____D C:\Users\VAN\.MemuHyperv 2016-08-25 16:34 - 2016-08-27 13:55 - 00000000 ____D C:\Program Files (x86)\Simcake 2016-08-25 16:34 - 2016-08-25 16:35 - 00000000 ____D C:\Users\VAN\.android 2016-08-25 16:22 - 2016-08-25 16:22 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2016-08-25 16:22 - 2016-08-25 16:22 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-08-25 16:22 - 2016-08-25 16:22 - 00000000 ____D C:\Program Files\MSBuild 2016-08-25 16:22 - 2016-08-25 16:22 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-08-25 16:22 - 2016-08-25 16:22 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-08-25 16:21 - 2016-08-25 16:23 - 00196608 _____ C:\Windows\ocsetup_install_NetFx3.etl 2016-08-25 16:21 - 2016-08-25 16:23 - 00028463 _____ C:\Windows\ocsetup_cbs_install_NetFx3.txt 2016-08-25 16:19 - 2016-08-25 16:20 - 02300400 _____ (Beijing Fantasy Game Network Technology Co., Ltd.) C:\Users\VAN\Downloads\MEmuSetup.868347.exe 2016-08-25 16:15 - 2016-08-25 16:15 - 00003134 _____ C:\Windows\System32\Tasks\{55E44644-8FDB-4E85-9BB9-27D28C9FE7B6} 2016-08-25 16:09 - 2016-08-25 16:09 - 02959376 _____ (Microsoft Corporation) C:\Users\VAN\Downloads\dotnetfx35setup (1).exe 2016-08-25 16:04 - 2016-08-25 16:04 - 02869264 _____ (Microsoft Corporation) C:\Users\VAN\Downloads\dotNetFx35setup.exe 2016-08-25 15:51 - 2016-08-25 15:51 - 00000000 ____D C:\Users\VAN\AppData\Local\BlueStacksSetup 2016-08-25 15:51 - 2016-08-25 15:51 - 00000000 ____D C:\Users\VAN\AppData\Local\BlueStacks 2016-08-25 15:50 - 2016-08-25 15:51 - 03785056 _____ (BlueStack Systems, Inc.) C:\Users\VAN\Downloads\BlueStacks-ThinInstaller_0.6.3.0686.exe 2016-08-25 15:13 - 2016-08-25 15:28 - 319685088 _____ (BlueStack Systems Inc.) C:\Users\VAN\Downloads\BlueStacks2_native_6b1a6dc7b211e36d475fea991ca99253.exe 2016-08-23 13:26 - 2016-08-23 14:08 - 00000000 ____D C:\Users\VAN\Downloads\Minions (2015) BRrip Blu-Ray 1080p 5.1 Ch Dublado - AndreTPF 2016-08-23 13:25 - 2016-10-31 14:22 - 00000000 ____D C:\Users\VAN\AppData\LocalLow\uTorrent 2016-08-23 13:25 - 2016-08-23 13:25 - 00002591 _____ C:\Users\VAN\Desktop\µTorrent.lnk 2016-08-23 13:25 - 2016-08-23 13:25 - 00002591 _____ C:\Users\VAN\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-08-23 13:25 - 2016-08-23 13:25 - 00000000 ___SD C:\Users\VAN\AppData\LocalLow\Temp 2016-08-23 13:24 - 2016-10-31 22:56 - 00000000 ____D C:\Users\VAN\AppData\Roaming\uTorrent 2016-08-23 13:23 - 2016-08-23 13:23 - 02369536 _____ (BitTorrent Inc.) C:\Users\VAN\Downloads\uTorrent.exe 2016-08-05 22:19 - 2016-08-05 22:19 - 01903866 _____ C:\Users\VAN\Downloads\Microsoft.VCLibs.ARM.Debug.14.00.appx 2016-08-05 22:18 - 2016-08-05 22:20 - 26651473 _____ C:\Users\VAN\Downloads\PokemonGo-UWP_1.0.3.0_ARM_Debug.appx 2016-08-05 22:18 - 2016-08-05 22:19 - 07821489 _____ C:\Users\VAN\Downloads\Microsoft.NET.CoreRuntime.1.0.appx 2016-08-05 22:17 - 2016-08-05 22:20 - 31957524 _____ C:\Users\VAN\Downloads\PokemonGo-UWP_1.0.12.0_ARM_Debug.appx ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-11-01 01:11 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-11-01 00:18 - 2016-07-27 23:00 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-10-31 23:51 - 2009-07-29 13:49 - 00703080 _____ C:\Windows\system32\prfh0416.dat 2016-10-31 23:51 - 2009-07-29 13:49 - 00145866 _____ C:\Windows\system32\prfc0416.dat 2016-10-31 23:51 - 2009-07-14 03:13 - 01626900 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-31 23:51 - 2009-07-14 02:45 - 00014208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-10-31 23:51 - 2009-07-14 02:45 - 00014208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-10-31 23:51 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf 2016-10-31 23:48 - 2016-07-27 22:22 - 00002866 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (VAN) 2016-10-31 23:46 - 2016-07-27 22:47 - 00000000 __SHD C:\Users\VAN\IntelGraphicsProfiles 2016-10-31 23:45 - 2016-07-27 23:00 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-31 23:45 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-31 22:58 - 2016-07-27 22:22 - 00128072 _____ C:\Users\VAN\AppData\Local\GDIPFONTCACHEV1.DAT 2016-10-31 22:58 - 2009-07-14 02:45 - 00503712 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-31 16:07 - 2016-07-27 21:51 - 00000000 ____D C:\Users\VAN 2016-10-31 15:05 - 2009-07-14 05:45 - 00000000 ____D C:\Windows\ShellNew 2016-10-31 15:04 - 2009-07-14 00:34 - 00000387 _____ C:\Windows\win.ini 2016-10-30 17:33 - 2016-07-28 08:54 - 00000000 ____D C:\Windows\Minidump 2016-10-30 17:33 - 2016-07-28 08:53 - 435634273 _____ C:\Windows\MEMORY.DMP 2016-10-28 21:29 - 2016-07-27 23:00 - 00000000 ____D C:\Users\VAN\AppData\Local\Google 2016-10-21 19:21 - 2016-07-27 23:05 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-09 19:04 - 2016-07-27 23:29 - 00000000 ____D C:\Users\VAN\Desktop\jaca ==================== Arquivos na raiz de alguns diretórios ======= 2016-10-31 21:57 - 2016-10-31 21:58 - 0017342 _____ () C:\Users\VAN\AppData\Roaming\Faneb 2016-09-14 11:18 - 2016-09-14 11:18 - 0021212 _____ () C:\Users\VAN\AppData\Roaming\ICSW_0F1F1C1H1T2Z0F1T1R2Z1F1C2U1V0F0StJ1V0C1F1G2X1P1C2Z0X2Z1F0V1L1Q1P1F.txt 2016-09-14 11:18 - 2016-09-14 11:18 - 0099384 _____ () C:\Users\VAN\AppData\Roaming\inst.exe 2016-09-14 11:18 - 2016-09-14 11:18 - 0007859 _____ () C:\Users\VAN\AppData\Roaming\pcouffin.cat 2016-09-14 11:18 - 2016-09-14 11:18 - 0001167 _____ () C:\Users\VAN\AppData\Roaming\pcouffin.inf 2016-09-14 11:18 - 2016-09-14 11:18 - 0000055 _____ () C:\Users\VAN\AppData\Roaming\pcouffin.log 2016-09-14 11:18 - 2016-09-14 11:18 - 0082816 _____ (VSO Software) C:\Users\VAN\AppData\Roaming\pcouffin.sys Alguns arquivos em TEMP: ==================== C:\Users\VAN\AppData\Local\Temp\34509620.exe C:\Users\VAN\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\VAN\AppData\Local\Temp\cabex.dll C:\Users\VAN\AppData\Local\Temp\ClientToMobilePlatform.exe C:\Users\VAN\AppData\Local\Temp\Dotnet4.exe C:\Users\VAN\AppData\Local\Temp\ICReinstall_Jonas Esticado - Promocional - Ao Vivo no VillaMix - 2016.exe C:\Users\VAN\AppData\Local\Temp\InstallGenieo.exe C:\Users\VAN\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\VAN\AppData\Local\Temp\jreInstall.exe C:\Users\VAN\AppData\Local\Temp\s3.exe C:\Users\VAN\AppData\Local\Temp\simpliclean_2.4.6.195.exe C:\Users\VAN\AppData\Local\Temp\unelevate.exe C:\Users\VAN\AppData\Local\Temp\UpdateCheckerSetup.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-10-25 01:09 ==================== Fim de FRST.txt ============================