cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:18-01-2016
Executado por Usuario (administrador) em MCR (20-01-2016 13:31:15)
Executando a partir de C:\Users\Usuario\Downloads
Perfis Carregados: Usuario (Perfis Disponíveis: Usuario)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Users\Usuario\AppData\Roaming\DNSHelper\DNSSVC.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Banco Bradesco S.A.) C:\Program Files (x86)\Scpad\scpVista.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-01] (Caixa Economica Federal)
HKU\S-1-5-21-1392616994-2572689134-1125829370-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1392616994-2572689134-1125829370-1000\...\Run: [GoogleChromeAutoLaunch_CF0D12F859BF15DAB73FDD0B7E1E013D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-1392616994-2572689134-1125829370-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\A3FB110AD80824E309242083833A556D.dll Start /DEFAULT
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
SSODL-x32: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Banco Bradesco S.A.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1867432 2015-09-01] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2015-12-30] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{11FE3855-56C2-4814-8A97-C73864F52DC6}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1392616994-2572689134-1125829370-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1392616994-2572689134-1125829370-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1392616994-2572689134-1125829370-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1392616994-2572689134-1125829370-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-1392616994-2572689134-1125829370-1000 -> {BEF6B70E-4D6F-4A4F-AEF8-D742B95E7D78} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1392616994-2572689134-1125829370-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files (x86)\Scpad\scpsssh2.dll [2012-10-24] (Banco Bradesco S.A.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-01] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2014-11-14] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-1392616994-2572689134-1125829370-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-02] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1392616994-2572689134-1125829370-1000: gastecnologia.com.br/sf/bb -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2014-08-15] (GAS Tecnologia)

Chrome:
=======
CHR StartupUrls: Profile 2 -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Versículos Bíblicos!) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbagchajdneafpeccmodcaofpcckhfia [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (WebSQL Cleaner) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffngmpmaobjpodfmlmoancnbjbgbhlcf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Google Hangouts) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-10-26]
CHR Extension: (Google Hangouts) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Sem Nome) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\peaohnmognilgkmjhkbpkbilkbedpfec [2015-12-06]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Cast) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-27]
CHR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-25]
CHR Extension: (scroll back to top) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pmopfkbilpnoidiclofkppbgppapnjeh [2016-01-01]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-16]
CHR Extension: (Adguard AdBlocker) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-01-16]
CHR Extension: (Google Cast) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-01-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-16]
CHR Extension: (scroll back to top) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pmopfkbilpnoidiclofkppbgppapnjeh [2016-01-16]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 DNSSVC; C:\Users\Usuario\AppData\Roaming\DNSHelper\DNSSVC.exe [142792 2015-09-07] ()
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-01-05] (TODO: ) [Arquivo não assinado]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-11-14] () [Arquivo não assinado]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2016-01-15] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
S2 NetDNS; C:\Users\Usuario\AppData\Roaming\NetTemp\SysDnsSvc.exe [185800 2015-09-30] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2009-03-25] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Arquivo não assinado]
R2 scpVista; C:\Program Files (x86)\Scpad\scpVista.exe [360624 2012-10-24] (Banco Bradesco S.A.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-16] ()
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-06-04] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2016-01-16] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [Arquivo não assinado]
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-09-02] (GAS Tecnologia LTDA)
U3 atp0nghe; não ImagePath
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S1 {55e37f1b-f94a-4899-be82-a947933c81bc}Gw64; system32\drivers\{55e37f1b-f94a-4899-be82-a947933c81bc}Gw64.sys [X]
S1 {79262599-aa35-4736-ba8a-b13db0191496}Gw64; system32\drivers\{79262599-aa35-4736-ba8a-b13db0191496}Gw64.sys [X]
S1 {83abc2fa-3a3b-44aa-97cf-b1ea0776baf1}Gw64; system32\drivers\{83abc2fa-3a3b-44aa-97cf-b1ea0776baf1}Gw64.sys [X]
S1 {84ae9a67-ced0-4a65-a1ef-fd57cbc5c0e8}Gw64; system32\drivers\{84ae9a67-ced0-4a65-a1ef-fd57cbc5c0e8}Gw64.sys [X]
S1 {d001005f-6b8d-49f3-a051-58bbafe759c3}Gw64; system32\drivers\{d001005f-6b8d-49f3-a051-58bbafe759c3}Gw64.sys [X]
S1 {f5230593-67d7-4f19-bcdc-c4f29bcc8e74}Gw64; system32\drivers\{f5230593-67d7-4f19-bcdc-c4f29bcc8e74}Gw64.sys [X]
S1 {f958abdb-efb6-4ba4-a88c-c3a7c4b7db85}Gw64; system32\drivers\{f958abdb-efb6-4ba4-a88c-c3a7c4b7db85}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-01-20 13:31 - 2016-01-20 13:32 - 00018817 _____ C:\Users\Usuario\Downloads\FRST.txt
2016-01-20 13:31 - 2016-01-20 13:31 - 00000000 ____D C:\FRST
2016-01-20 13:30 - 2016-01-20 13:30 - 02370560 _____ (Farbar) C:\Users\Usuario\Downloads\FRST64.exe
2016-01-20 13:29 - 2016-01-20 13:29 - 01721856 _____ (Farbar) C:\Users\Usuario\Downloads\FRST.exe
2016-01-20 13:00 - 2016-01-20 13:00 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-01-20 13:00 - 2016-01-20 13:00 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-01-20 13:00 - 2016-01-20 13:00 - 00000000 ____D C:\Program Files (x86)\osTip
2016-01-18 18:42 - 2016-01-18 18:42 - 00000849 _____ C:\Users\Public\Desktop\CamStudio.lnk
2016-01-18 18:42 - 2016-01-18 18:42 - 00000000 ____D C:\Program Files\CamStudio 2.7
2016-01-18 18:08 - 2016-01-18 18:14 - 00000000 ____D C:\Users\Usuario\Documents\ezvid
2016-01-18 18:08 - 2016-01-18 18:13 - 00005120 _____ C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-18 18:08 - 2016-01-18 18:08 - 00089821 _____ C:\Windows\unins000.dat
2016-01-18 18:08 - 2016-01-18 18:08 - 00000000 ____D C:\Users\Usuario\AppData\Local\ezvid,_inc
2016-01-18 18:08 - 2016-01-18 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid
2016-01-18 18:08 - 2016-01-18 16:55 - 00753847 _____ C:\Windows\unins000.exe
2016-01-18 18:08 - 2015-03-10 19:29 - 00462584 _____ (Bytescout) C:\Windows\SysWOW64\BytescoutScreenCapturing.dll
2016-01-18 18:08 - 2015-03-10 19:29 - 00360184 _____ (Bytescout) C:\Windows\SysWOW64\BytescoutScreenCapturingFilter.dll
2016-01-18 18:08 - 2015-03-10 19:29 - 00196344 _____ (Bytescout) C:\Windows\SysWOW64\BytescoutVideoMixerFilter.dll
2016-01-18 18:08 - 2013-04-07 17:09 - 00148992 _____ ( ) C:\Windows\system32\Lagarith.dll
2016-01-18 17:43 - 2016-01-18 18:08 - 00000000 ____D C:\Program Files (x86)\ezvid
2016-01-18 17:40 - 2016-01-18 17:42 - 00006420 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-18 16:52 - 2016-01-18 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft PC Gamer Demo
2016-01-17 13:28 - 2016-01-18 17:09 - 00000000 ____D C:\Users\Usuario\Desktop\POKEMON
2016-01-16 13:15 - 2016-01-16 13:15 - 03870410 _____ C:\Users\Usuario\Desktop\Email+E+Senha+Para+Ativar.zip-.zip
2016-01-16 13:14 - 2016-01-20 13:14 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 12633925-31ad-4b36-8fde-5a898541995c.job
2016-01-16 13:14 - 2016-01-16 13:42 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a45eda32-02b7-4047-9e40-40558bd87a22.job
2016-01-16 13:14 - 2016-01-16 13:14 - 00003582 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task a45eda32-02b7-4047-9e40-40558bd87a22
2016-01-16 13:14 - 2016-01-16 13:14 - 00003508 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 12633925-31ad-4b36-8fde-5a898541995c
2016-01-16 13:14 - 2016-01-16 13:14 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\SUPERAntiSpyware.com
2016-01-16 13:13 - 2016-01-16 13:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-16 13:13 - 2016-01-16 13:13 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-16 13:13 - 2016-01-16 13:13 - 00000000 ____D C:\Users\Todos os Usuários\SUPERAntiSpyware.com
2016-01-16 13:13 - 2016-01-16 13:13 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-16 13:13 - 2016-01-16 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-16 13:03 - 2016-01-16 13:07 - 24455920 _____ (SUPERAntiSpyware) C:\Users\Usuario\Downloads\SUPERAntiSpyware.exe
2016-01-16 12:30 - 2016-01-16 12:30 - 00000000 _____ C:\autoexec.bat
2016-01-16 12:24 - 2016-01-16 12:24 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-16 12:22 - 2016-01-16 12:22 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Usuario\Downloads\SpyHunter-Installer.exe
2016-01-16 11:48 - 2016-01-16 11:48 - 01754112 _____ C:\Users\Usuario\Downloads\AdwCleaner.exe
2016-01-16 10:59 - 2016-01-16 11:41 - 00000083 _____ C:\Users\Usuario\Desktop\Novo Documento de Texto.txt
2016-01-16 10:58 - 2016-01-16 10:58 - 00001739 ____R C:\Users\Usuario\Desktop\Yeabeats Browser.lnk
2016-01-15 20:00 - 2016-01-19 23:29 - 00000000 ____D C:\Users\Usuario\AppData\Local\CrashDumps
2016-01-15 10:26 - 2016-01-16 11:01 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-15 10:26 - 2016-01-15 10:45 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller
2016-01-15 10:26 - 2016-01-15 10:45 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-15 10:26 - 2016-01-15 10:31 - 20844104 _____ C:\Users\Usuario\Downloads\RogueKiller (1).exe
2016-01-15 10:21 - 2016-01-15 10:24 - 20844104 _____ C:\Users\Usuario\Downloads\RogueKiller.exe
2016-01-15 10:02 - 2016-01-15 10:02 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ProductData
2016-01-15 10:00 - 2016-01-15 10:02 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2016-01-15 10:00 - 2016-01-15 10:02 - 00000000 ____D C:\ProgramData\IObit
2016-01-15 10:00 - 2016-01-15 10:00 - 00002890 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Usuario
2016-01-15 10:00 - 2016-01-15 10:00 - 00001256 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2016-01-15 10:00 - 2016-01-15 10:00 - 00001232 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-01-15 10:00 - 2016-01-15 10:00 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\IObit
2016-01-15 10:00 - 2016-01-15 10:00 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\IObit
2016-01-15 10:00 - 2016-01-15 10:00 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2016-01-15 10:00 - 2016-01-15 10:00 - 00000000 ____D C:\ProgramData\ProductData
2016-01-15 10:00 - 2016-01-15 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-01-15 10:00 - 2016-01-15 10:00 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-15 09:56 - 2016-01-15 09:59 - 17091360 _____ (IObit) C:\Users\Usuario\Downloads\iobituninstaller-pro.exe
2016-01-15 09:54 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-01-15 09:54 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-01-15 09:50 - 2016-01-15 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2016-01-15 09:50 - 2016-01-15 10:10 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2016-01-15 09:50 - 2016-01-15 09:50 - 00000000 ____D C:\Users\Usuario\AppData\Local\Anvisoft
2016-01-15 09:46 - 2016-01-15 09:48 - 09394344 _____ (Anvisoft) C:\Users\Usuario\Downloads\astsetup.exe
2016-01-14 12:56 - 2016-01-14 07:46 - 02412032 _____ C:\Users\Todos os Usuários\msiql.exe
2016-01-14 12:56 - 2016-01-14 07:46 - 02412032 _____ C:\ProgramData\msiql.exe
2016-01-12 14:32 - 2016-01-12 14:32 - 00000000 ____D C:\Windows\19
2016-01-06 12:52 - 2016-01-16 12:05 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\uTorrent
2016-01-05 15:26 - 2016-01-16 10:58 - 00000000 ____D C:\Users\Todos os Usuários\AdobeCatchTemp
2016-01-05 15:26 - 2016-01-16 10:58 - 00000000 ____D C:\ProgramData\AdobeCatchTemp
2016-01-05 14:58 - 2016-01-08 18:28 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-01-05 14:58 - 2016-01-08 18:28 - 00000000 ____D C:\ProgramData\Windows Update
2015-12-31 16:23 - 2016-01-06 13:15 - 00000483 _____ C:\Users\Todos os Usuários\xcgui_debug.txt
2015-12-31 16:23 - 2016-01-06 13:15 - 00000483 _____ C:\ProgramData\xcgui_debug.txt
2015-12-31 16:05 - 2016-01-07 13:24 - 00004782 _____ C:\Users\Todos os Usuários\webad.xml
2015-12-31 16:05 - 2016-01-07 13:24 - 00004782 _____ C:\ProgramData\webad.xml
2015-12-26 14:25 - 2015-12-30 12:14 - 00000000 ____D C:\Users\Usuario\AppData\rundir
2015-12-25 17:11 - 2015-12-25 17:17 - 28167528 _____ (Simply Super Software ) C:\Users\Usuario\Downloads\trjsetup693.exe
2015-12-25 16:46 - 2015-12-25 16:46 - 00873488 _____ C:\Users\Usuario\Downloads\yet_another_cleaner_bxk (1).exe
2015-12-25 16:41 - 2016-01-16 14:13 - 00000124 _____ C:\Users\Usuario\Desktop\.url
2015-12-25 15:33 - 2015-12-25 15:34 - 00873488 _____ C:\Users\Usuario\Downloads\yet_another_cleaner_bxk.exe
2015-12-25 15:23 - 2015-12-25 15:25 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\NetTemp
2015-12-25 15:15 - 2015-12-25 15:15 - 00000000 ____D C:\Windows\erdnt
2015-12-25 15:03 - 2016-01-16 14:14 - 00002257 _____ C:\Users\Usuario\Desktop\Pessoa 1 - Chrome.lnk
2015-12-25 15:03 - 2016-01-16 10:58 - 00002305 ____R C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-25 15:03 - 2015-12-25 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-25 14:56 - 2016-01-20 13:01 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-25 14:56 - 2016-01-20 12:59 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-25 14:56 - 2015-12-25 14:56 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-25 14:56 - 2015-12-25 14:56 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-25 13:32 - 2015-12-30 16:52 - 00001771 _____ C:\Users\Usuario\AppData\Roaming\xcgui_debug.txt
2015-12-25 12:40 - 2016-01-15 09:43 - 00000000 ____D C:\Users\Todos os Usuários\System32
2015-12-25 12:40 - 2016-01-15 09:43 - 00000000 ____D C:\ProgramData\System32
2015-12-25 12:16 - 2015-12-28 21:13 - 01850880 _____ C:\Users\Todos os Usuários\ajkejjakdf.exe
2015-12-25 12:16 - 2015-12-28 21:13 - 01850880 _____ C:\ProgramData\ajkejjakdf.exe
2015-12-25 12:09 - 2015-12-25 12:09 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2015-12-25 12:04 - 2015-12-25 12:04 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\XBox
2015-12-25 12:03 - 2015-12-25 07:18 - 04540096 _____ (${COMPANY_NAME}) C:\Users\Usuario\AppData\Roaming\setup.exe@ver=1.0.0.0
2015-12-24 21:45 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2015-12-24 21:45 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2015-12-24 21:39 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2015-12-24 21:39 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2015-12-24 21:36 - 2015-12-24 15:56 - 01888256 _____ C:\Users\Todos os Usuários\carssc.exe
2015-12-24 21:36 - 2015-12-24 15:56 - 01888256 _____ C:\ProgramData\carssc.exe
2015-12-24 21:27 - 2015-12-25 14:41 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\LightGate
2015-12-24 21:24 - 2015-12-24 21:24 - 00621568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Usuario\AppData\Roaming\libeay32.dll
2015-12-24 21:24 - 2015-12-24 21:24 - 00162304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Usuario\AppData\Roaming\ssleay32.dll
2015-12-24 21:24 - 2015-12-10 08:39 - 01015808 _____ (d) C:\Users\Usuario\AppData\Roaming\download.exe
2015-12-24 21:23 - 2015-12-24 21:22 - 02983664 _____ C:\Users\Usuario\AppData\Roaming\adba157aa93d.exe
2015-12-24 21:22 - 2015-12-31 15:55 - 00000000 _____ C:\Users\Usuario\AppData\Roaming\webad.xml
2015-12-24 21:22 - 2015-12-23 07:13 - 04524576 _____ (${COMPANY_NAME}) C:\Users\Usuario\AppData\Roaming\Setup.exe
2015-12-24 21:21 - 2015-12-24 21:21 - 00000000 ____D C:\Users\Usuario\AppData\Local\Yeaplayer
2015-12-24 21:20 - 2015-11-14 21:06 - 02496403 _____ ( ) C:\Users\Usuario\AppData\Roaming\yeaplayer_51447.exe
2015-12-24 21:19 - 2015-12-24 15:56 - 01888256 _____ C:\Users\Usuario\AppData\Roaming\carssn.exe
2015-12-24 21:18 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Usuario\AppData\Roaming\upgsvr.exe
2015-12-24 21:18 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Todos os Usuários\upgsvr.exe
2015-12-24 21:18 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-01-20 13:31 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2016-01-20 13:05 - 2009-07-14 02:45 - 00017728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-20 13:05 - 2009-07-14 02:45 - 00017728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-20 12:58 - 2014-11-18 11:54 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-01-20 12:58 - 2014-11-14 08:50 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-20 12:58 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-19 22:44 - 2014-11-14 08:50 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-18 19:48 - 2015-11-05 16:27 - 00004509 _____ C:\Users\Usuario\AppData\Roaming\CamStudio.cfg
2016-01-18 19:48 - 2015-11-05 16:27 - 00000408 _____ C:\Users\Usuario\AppData\Roaming\CamShapes.ini
2016-01-18 19:48 - 2015-11-05 16:27 - 00000408 _____ C:\Users\Usuario\AppData\Roaming\CamLayout.ini
2016-01-18 19:48 - 2015-11-05 16:27 - 00000125 _____ C:\Users\Usuario\AppData\Roaming\Camdata.ini
2016-01-18 18:42 - 2015-11-07 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2016-01-18 18:07 - 2014-11-18 11:52 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2016-01-18 18:07 - 2014-11-18 11:52 - 00000000 ____D C:\ProgramData\Temp
2016-01-18 17:42 - 2009-07-14 15:55 - 01552538 _____ C:\Windows\system32\prfh0416.dat
2016-01-18 17:42 - 2009-07-14 15:55 - 00927120 _____ C:\Windows\system32\prfc0416.dat
2016-01-18 17:42 - 2009-07-14 03:13 - 00006420 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-18 17:40 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-01-17 20:07 - 2014-11-18 12:10 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\Scpad
2016-01-17 20:03 - 2009-07-14 03:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-17 16:16 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-17 13:28 - 2014-12-21 18:24 - 00000000 ____D C:\Users\Usuario\Desktop\Outras
2016-01-16 12:30 - 2014-11-14 08:45 - 00000000 ____D C:\Users\Usuario
2016-01-16 12:12 - 2014-11-15 12:09 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
2016-01-16 12:03 - 2015-01-14 14:58 - 00000000 ____D C:\AdwCleaner
2016-01-15 10:20 - 2014-11-14 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-01-15 10:20 - 2014-11-14 08:53 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-01-15 10:20 - 2014-11-14 08:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-15 10:13 - 2014-11-14 08:49 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-01-15 10:13 - 2014-11-14 08:49 - 00000000 ____D C:\ProgramData\Adobe
2016-01-15 10:12 - 2015-10-04 17:16 - 00000595 _____ C:\Windows\SysWOW64\nativelog.txt
2016-01-15 10:12 - 2015-09-26 22:27 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-01-15 10:09 - 2014-12-21 15:27 - 00000000 ____D C:\Users\Todos os Usuários\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-01-15 10:09 - 2014-12-21 15:27 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-01-15 10:05 - 2014-11-15 14:03 - 00000000 ____D C:\Users\Todos os Usuários\Freemake
2016-01-15 10:05 - 2014-11-15 14:03 - 00000000 ____D C:\ProgramData\Freemake
2016-01-13 17:05 - 2015-10-07 14:59 - 00000000 ____D C:\Users\Usuario\Documents\Nova pasta
2016-01-13 08:23 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-01-08 18:29 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-31 16:29 - 2015-01-28 22:52 - 00001828 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-12-31 16:29 - 2015-01-28 22:52 - 00001828 __RSH C:\ProgramData\ntuser.pol
2015-12-25 16:43 - 2015-01-17 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader Converter
2015-12-25 15:23 - 2015-09-19 12:34 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DNSHelper
2015-12-25 15:02 - 2014-11-14 08:49 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-25 14:55 - 2015-05-16 02:57 - 00000000 ____D C:\Users\Usuario\AppData\Local\Deployment
2015-12-25 14:28 - 2009-07-14 00:34 - 00000580 _____ C:\Windows\win.ini
2015-12-23 15:34 - 2014-11-14 08:45 - 00001557 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

==================== Arquivos na raiz de alguns diretórios =======

2015-12-24 21:23 - 2015-12-24 21:22 - 2983664 _____ () C:\Users\Usuario\AppData\Roaming\adba157aa93d.exe
2015-11-05 16:27 - 2016-01-18 19:48 - 0000125 _____ () C:\Users\Usuario\AppData\Roaming\Camdata.ini
2015-11-05 16:27 - 2016-01-18 19:48 - 0000408 _____ () C:\Users\Usuario\AppData\Roaming\CamLayout.ini
2015-11-05 16:27 - 2016-01-18 19:48 - 0000408 _____ () C:\Users\Usuario\AppData\Roaming\CamShapes.ini
2015-11-05 16:27 - 2016-01-18 19:48 - 0004509 _____ () C:\Users\Usuario\AppData\Roaming\CamStudio.cfg
2015-12-24 21:19 - 2015-12-24 15:56 - 1888256 _____ () C:\Users\Usuario\AppData\Roaming\carssn.exe
2015-12-24 21:24 - 2015-12-10 08:39 - 1015808 _____ (d) C:\Users\Usuario\AppData\Roaming\download.exe
2015-12-24 21:24 - 2015-12-24 21:24 - 0621568 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Usuario\AppData\Roaming\libeay32.dll
2015-12-24 21:22 - 2015-12-23 07:13 - 4524576 _____ (${COMPANY_NAME}) C:\Users\Usuario\AppData\Roaming\Setup.exe
2015-12-25 12:03 - 2015-12-25 07:18 - 4540096 _____ (${COMPANY_NAME}) C:\Users\Usuario\AppData\Roaming\setup.exe@ver=1.0.0.0
2015-12-24 21:24 - 2015-12-24 21:24 - 0162304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Usuario\AppData\Roaming\ssleay32.dll
2014-11-18 11:53 - 2014-11-18 11:53 - 0017085 _____ () C:\Users\Usuario\AppData\Roaming\unins000.dat
2014-11-18 11:53 - 2014-11-18 11:53 - 0815314 _____ () C:\Users\Usuario\AppData\Roaming\unins000.exe
2015-12-24 21:18 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\Usuario\AppData\Roaming\upgsvr.exe
2015-12-24 21:22 - 2015-12-31 15:55 - 0000000 _____ () C:\Users\Usuario\AppData\Roaming\webad.xml
2015-12-25 13:32 - 2015-12-30 16:52 - 0001771 _____ () C:\Users\Usuario\AppData\Roaming\xcgui_debug.txt
2015-12-24 21:20 - 2015-11-14 21:06 - 2496403 _____ ( ) C:\Users\Usuario\AppData\Roaming\yeaplayer_51447.exe
2016-01-18 18:08 - 2016-01-18 18:13 - 0005120 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-25 12:16 - 2015-12-28 21:13 - 1850880 _____ () C:\ProgramData\ajkejjakdf.exe
2015-01-18 16:34 - 2015-01-18 16:34 - 0000227 _____ () C:\ProgramData\bc.ini
2015-12-24 21:36 - 2015-12-24 15:56 - 1888256 _____ () C:\ProgramData\carssc.exe
2016-01-15 09:54 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2015-12-24 21:39 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-01-14 12:56 - 2016-01-14 07:46 - 2412032 _____ () C:\ProgramData\msiql.exe
2015-12-24 21:18 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-12-31 16:05 - 2016-01-07 13:24 - 0004782 _____ () C:\ProgramData\webad.xml
2015-12-31 16:23 - 2016-01-06 13:15 - 0000483 _____ () C:\ProgramData\xcgui_debug.txt
2015-12-24 21:45 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\ajkejjakdf.exe
C:\ProgramData\carssc.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msiql.exe
C:\ProgramData\upgsvr.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\ajkejjakdf.exe
C:\Users\Todos os Usuários\carssc.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\upgsvr.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe


Alguns arquivos em TEMP:
====================
C:\Users\Usuario\AppData\Local\Temp\6AF5.exe
C:\Users\Usuario\AppData\Local\Temp\amt_mysites123.exe
C:\Users\Usuario\AppData\Local\Temp\AxSFADownloader.exe
C:\Users\Usuario\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.9.107990.exe
C:\Users\Usuario\AppData\Local\Temp\cabex.dll
C:\Users\Usuario\AppData\Local\Temp\carssn.exe
C:\Users\Usuario\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Usuario\AppData\Local\Temp\ICReinstall_JSE_install_app-1435349974061.exe
C:\Users\Usuario\AppData\Local\Temp\ICReinstall_sengoku3.exe
C:\Users\Usuario\AppData\Local\Temp\iSafeDownloader.exe
C:\Users\Usuario\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Usuario\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Usuario\AppData\Local\Temp\LightGate.exe
C:\Users\Usuario\AppData\Local\Temp\Quarantine.exe
C:\Users\Usuario\AppData\Local\Temp\setup_685.exe
C:\Users\Usuario\AppData\Local\Temp\setup_768.exe
C:\Users\Usuario\AppData\Local\Temp\setup_ra.exe
C:\Users\Usuario\AppData\Local\Temp\soundplus-installer.exe
C:\Users\Usuario\AppData\Local\Temp\sqlite3.dll
C:\Users\Usuario\AppData\Local\Temp\Uninstall.exe
C:\Users\Usuario\AppData\Local\Temp\upgsvr.exe
C:\Users\Usuario\AppData\Local\Temp\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Usuario\AppData\Local\Temp\ytb.exe
C:\Users\Usuario\AppData\Local\Temp\ytdieamodc_amodc_inst.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-01-19 23:21

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité