Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by jerson (administrator) on VIDA (25-09-2015 11:24:23)
Running from C:\Users\jerson\Downloads
Loaded Profiles: jerson (Available Profiles: jerson)
Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Users\jerson\AppData\Local\Crsoft\crsvc.exe
() C:\Users\jerson\AppData\Roaming\DNSHelper\DNSSVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(QNT) C:\Users\jerson\AppData\Roaming\NetService\netservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-31] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1896320 2015-08-19] (Banco do Brasil)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-24]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-24]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\jerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2015-08-27]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2F1D105C-50AE-411D-95B5-983C64BF88D6}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv3&uid=S32SJ5AF805400_ST1000LM024HN-M101MBB&tm=1442709775
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv3&uid=S32SJ5AF805400_ST1000LM024HN-M101MBB&tm=1442709775
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1119460738-191548075-3182123001-1001 -> {5E05225F-3794-4201-A4F4-7D7F38F7F63C} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-18] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1119460738-191548075-3182123001-1001: gastecnologia.com.br/sf/bb -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-01-13] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1119460738-191548075-3182123001-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-01-13] (GAS Tecnologia)
Chrome:
=======
CHR Profile: C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11]
CHR Extension: (Google Docs) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11]
CHR Extension: (Google Drive) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-11]
CHR Extension: (YouTube) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-11]
CHR Extension: (Google Search) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-11]
CHR Extension: (Planilhas do Google) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11]
CHR Extension: (Documentos Google off-line) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-01]
CHR Extension: (EasyCalendar) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-09-24]
CHR Extension: (Protector Web – Confiável proteção contra phishing) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko [2015-09-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-11]
CHR Extension: (Gmail) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR Profile: C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Apresentações) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-06]
CHR Extension: (Google Docs) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-06]
CHR Extension: (Google Drive) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-06]
CHR Extension: (YouTube) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-06]
CHR Extension: (Google Search) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-06]
CHR Extension: (Planilhas do Google) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-06]
CHR Extension: (Protector Web – Confiável proteção contra phishing) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko [2015-08-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-06]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]
CHR Extension: (Gmail) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-06]
CHR HKU\S-1-5-21-1119460738-191548075-3182123001-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 Crashhd; C:\Users\jerson\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] ()
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DNSSVC; C:\Users\jerson\AppData\Roaming\DNSHelper\DNSSVC.exe [142792 2015-09-07] ()
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-12] (GAS Tecnologia)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 NetTcpHandler; C:\Users\jerson\AppData\Roaming\NetService\netservice.exe [211824 2015-03-20] (QNT)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
S3 GENERICDRV; C:\Users\jerson\AppData\Roaming\PCDr\Downloads\amifldrv64.sys [15400 2015-07-03] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-15] (Synaptics Incorporated)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
U2 McMPFSvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-25 11:24 - 2015-09-25 11:25 - 00024938 _____ C:\Users\jerson\Downloads\FRST.txt
2015-09-25 11:23 - 2015-09-25 11:24 - 00000000 ____D C:\FRST
2015-09-25 11:22 - 2015-09-25 11:22 - 02192384 _____ (Farbar) C:\Users\jerson\Downloads\FRST64.exe
2015-09-25 11:22 - 2015-09-25 11:22 - 01695744 _____ (Farbar) C:\Users\jerson\Downloads\FRST.exe
2015-09-25 09:09 - 2015-09-25 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-24 20:42 - 2015-09-24 20:42 - 00000000 ___RD C:\Users\jerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-09-24 16:03 - 2015-09-24 16:03 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-24 15:56 - 2015-09-24 16:01 - 00000000 ____D C:\AdwCleaner
2015-09-24 15:55 - 2015-09-24 15:55 - 00001201 _____ C:\Users\jerson\Desktop\AdwCleaner.exe - Atalho.lnk
2015-09-24 15:52 - 2015-09-24 15:52 - 01662976 _____ C:\Users\jerson\Downloads\AdwCleaner.exe
2015-09-24 15:46 - 2015-09-24 15:46 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-24 14:37 - 2015-09-24 14:37 - 00000000 ____D C:\Users\jerson\AppData\Local\Crsoft
2015-09-24 14:35 - 2015-09-24 14:36 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-09-24 14:22 - 2015-09-24 14:22 - 00000000 ____D C:\Users\jerson\Documents\patch-SND
2015-09-24 14:08 - 2015-09-24 14:08 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2015-09-24 14:07 - 2015-09-24 15:39 - 00000000 ____D C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2015-09-24 13:55 - 2015-09-24 19:32 - 00000000 ____D C:\Users\jerson\Documents\Add-in Express
2015-09-24 13:55 - 2015-09-24 14:06 - 00000000 ____D C:\Users\Todos os Usuários\WinZip
2015-09-24 13:55 - 2015-09-24 14:06 - 00000000 ____D C:\Users\jerson\AppData\Local\WinZip
2015-09-24 13:55 - 2015-09-24 14:06 - 00000000 ____D C:\ProgramData\WinZip
2015-09-24 13:55 - 2015-09-24 13:55 - 00002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-09-24 13:55 - 2015-09-24 13:55 - 00002307 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-09-24 13:55 - 2015-09-24 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-09-24 13:55 - 2015-09-24 13:55 - 00000000 ____D C:\Program Files\WinZip
2015-09-24 13:53 - 2015-09-24 13:53 - 00714376 _____ (WinZip Computing, S.L.) C:\Users\jerson\Downloads\winzip19-pp.exe
2015-09-24 13:53 - 2015-09-24 13:53 - 00000000 ____D C:\Users\Todos os Usuários\UniqueId
2015-09-24 13:53 - 2015-09-24 13:53 - 00000000 ____D C:\ProgramData\UniqueId
2015-09-24 13:47 - 2015-09-24 13:47 - 57042590 _____ C:\Users\jerson\Downloads\SpyHunter.4.17.6.4336.baixedetudo.net.rar
2015-09-24 13:19 - 2015-09-24 13:22 - 00000000 ____D C:\Users\jerson\OneDrive
2015-09-24 13:12 - 2015-09-24 13:12 - 00611230 _____ C:\Users\jerson\Downloads\SpyHunter 4 Crack e Serial__15460_i1672692476_il1551093.rar
2015-09-19 21:43 - 2015-09-19 21:43 - 00000000 ____D C:\Users\jerson\AppData\Roaming\shortCutStore
2015-09-19 21:43 - 2015-09-19 21:43 - 00000000 _____ C:\autoexec.bat
2015-09-16 16:46 - 2015-09-16 16:47 - 02443776 _____ (Flash BOX) C:\Users\jerson\Downloads\Adobe_Flash_Player 2015.exe
2015-09-16 14:24 - 2015-09-16 14:24 - 02818560 _____ (Flash tolls) C:\Users\jerson\Downloads\Adobe Flash Player 2015 .exe
2015-09-16 14:24 - 2015-09-16 14:24 - 02818560 _____ (Flash tolls) C:\Users\jerson\Downloads\Adobe Flash Player 2015 (1).exe
2015-09-10 20:09 - 2015-09-10 20:09 - 00686858 _____ C:\Users\jerson\Downloads\Adobe_Flash_Player 2015_.exe
2015-09-08 21:06 - 2015-09-02 23:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 21:06 - 2015-09-02 23:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 21:06 - 2015-09-02 15:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 21:06 - 2015-09-02 14:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 21:06 - 2015-07-22 11:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 21:06 - 2015-07-22 10:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 21:06 - 2015-07-17 11:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 21:06 - 2015-07-17 11:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 21:06 - 2015-07-03 18:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-08 21:06 - 2015-07-03 11:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-08 21:06 - 2015-06-27 08:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 21:05 - 2015-07-13 16:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-08 21:05 - 2015-07-10 16:06 - 00118272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-08 21:05 - 2015-07-09 13:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-08 21:05 - 2015-06-19 14:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-08 20:54 - 2015-09-08 20:54 - 00000000 ____D C:\Users\jerson\AppData\Roaming\DNSHelper
2015-09-08 18:10 - 2015-08-26 23:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 18:10 - 2015-08-26 15:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 18:10 - 2015-08-26 15:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 18:10 - 2015-08-26 15:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 18:10 - 2015-08-26 15:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-08 18:10 - 2015-08-26 11:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 18:10 - 2015-08-26 11:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 18:10 - 2015-08-26 11:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 18:10 - 2015-08-26 11:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-08 18:10 - 2015-08-26 11:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 18:10 - 2015-08-26 11:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 18:10 - 2015-08-26 11:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 18:10 - 2015-08-22 15:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 18:10 - 2015-08-22 14:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 18:10 - 2015-08-22 14:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-08 18:10 - 2015-08-22 14:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 18:10 - 2015-08-22 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-08 18:10 - 2015-08-22 13:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 18:10 - 2015-08-22 13:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-08 18:10 - 2015-08-22 13:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 18:10 - 2015-08-22 13:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-08 18:10 - 2015-08-22 13:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-08 18:10 - 2015-07-30 14:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 18:10 - 2015-07-30 13:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 18:09 - 2015-09-01 23:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 18:09 - 2015-09-01 23:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 18:09 - 2015-09-01 23:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 18:09 - 2015-09-01 23:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 18:09 - 2015-09-01 23:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 18:09 - 2015-08-22 14:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 18:09 - 2015-08-22 14:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 18:09 - 2015-08-22 13:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-08 18:09 - 2015-08-22 13:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-08 18:09 - 2015-08-22 13:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-08 18:09 - 2015-08-22 13:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-08 18:09 - 2015-08-22 13:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 18:09 - 2015-08-22 13:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 18:09 - 2015-08-22 13:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 18:09 - 2015-08-22 13:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 18:09 - 2015-08-22 13:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-08 18:09 - 2015-08-22 13:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-08 18:09 - 2015-08-22 13:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 18:09 - 2015-08-22 13:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 18:09 - 2015-08-22 13:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-08 18:09 - 2015-08-22 13:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 18:09 - 2015-08-22 13:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 18:09 - 2015-08-22 12:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-08 18:09 - 2015-08-22 12:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-08 18:09 - 2015-08-03 18:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 18:09 - 2015-08-03 18:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 18:09 - 2015-08-01 11:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 18:09 - 2015-08-01 00:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-08 18:09 - 2015-08-01 00:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-08 18:09 - 2015-08-01 00:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 18:09 - 2015-08-01 00:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-08 18:09 - 2015-08-01 00:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-08 18:09 - 2015-07-22 11:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 18:09 - 2015-07-22 11:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-08 18:09 - 2015-07-22 11:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 18:09 - 2015-07-22 11:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 18:09 - 2015-07-18 15:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-08 18:09 - 2015-07-18 15:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-08 18:09 - 2015-07-18 15:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-08 18:09 - 2015-07-18 15:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-08 18:09 - 2015-07-14 00:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-01 17:18 - 2015-09-01 17:18 - 00529002 _____ C:\Users\jerson\Downloads\Apresentação AEEL_ Equacionamento do déficit de 2013_v25-08-2015.pptx
2015-09-01 00:04 - 2015-09-01 00:04 - 00000000 ____D C:\Users\jerson\AppData\Roaming\Sun
2015-09-01 00:04 - 2015-09-01 00:04 - 00000000 ____D C:\Users\jerson\.oracle_jre_usage
2015-08-31 22:29 - 2015-09-18 12:58 - 00000136 _____ C:\Windows\ODBC.INI
2015-08-27 10:20 - 2015-08-27 10:20 - 00000000 ____D C:\Users\jerson\Documents\Blocos de Anotações do OneNote
2015-08-26 09:38 - 2015-08-26 09:38 - 05604405 _____ C:\Users\jerson\Downloads\tratamento de dados_I.pptx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-25 11:21 - 2014-03-18 07:07 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-25 11:21 - 2014-03-18 06:29 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2015-09-25 11:21 - 2014-03-18 06:29 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2015-09-25 11:17 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-25 10:08 - 2014-09-10 01:59 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-09-25 10:08 - 2014-09-10 01:29 - 01658861 _____ C:\Windows\WindowsUpdate.log
2015-09-25 09:39 - 2015-06-11 18:06 - 00001086 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-25 09:12 - 2014-10-02 17:50 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1119460738-191548075-3182123001-1001
2015-09-25 09:10 - 2014-10-02 17:56 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{493CFB94-3AAD-4238-AD3C-6B8C2D7EE423}
2015-09-25 09:09 - 2015-06-11 18:06 - 00001082 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-24 19:55 - 2014-10-02 17:44 - 00000000 ____D C:\Users\jerson\AppData\Local\Packages
2015-09-24 16:03 - 2014-10-02 18:13 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-09-24 16:02 - 2013-08-22 11:46 - 00062916 _____ C:\Windows\setupact.log
2015-09-24 16:02 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-24 16:01 - 2014-10-02 17:44 - 00000000 ____D C:\Users\jerson
2015-09-24 16:01 - 2013-08-22 10:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-09-24 14:37 - 2015-04-26 22:24 - 00000000 ____D C:\Users\jerson\AppData\Roaming\RunDir
2015-09-24 14:36 - 2014-09-10 01:44 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-24 14:27 - 2014-03-18 02:55 - 00102360 _____ C:\Windows\PFRO.log
2015-09-24 13:28 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-24 13:26 - 2015-08-06 11:07 - 00085504 ___SH C:\Users\jerson\Downloads\Thumbs.db
2015-09-24 13:19 - 2015-04-15 21:04 - 00000000 ___RD C:\Users\jerson\OneDrive.old
2015-09-24 13:11 - 2014-10-07 14:36 - 00000000 ____D C:\Users\jerson\AppData\Local\CrashDumps
2015-09-23 14:17 - 2015-04-15 20:59 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-23 09:40 - 2015-06-11 18:09 - 00002367 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 08:49 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-22 00:30 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-19 21:54 - 2015-08-07 13:46 - 00001493 _____ C:\Users\jerson\Desktop\Pessoa 1 - Chrome.lnk
2015-09-19 19:06 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2015-09-17 21:34 - 2015-06-11 18:06 - 00004058 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 21:34 - 2015-06-11 18:06 - 00003822 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 12:29 - 2015-07-25 13:14 - 00037888 ___SH C:\Users\jerson\Desktop\Thumbs.db
2015-09-14 22:18 - 2015-07-17 10:57 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 22:18 - 2015-07-17 10:57 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-13 14:12 - 2014-10-02 20:34 - 00000000 ____D C:\Users\jerson\AppData\Local\Google
2015-09-12 07:45 - 2015-04-15 21:04 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1119460738-191548075-3182123001-1001
2015-09-11 14:00 - 2014-10-06 21:16 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 21:41 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
2015-09-08 20:43 - 2013-08-22 11:44 - 00382968 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-08 20:40 - 2014-03-18 06:44 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 20:40 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-03 19:35 - 2014-09-10 01:57 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-01 00:05 - 2015-01-13 11:46 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2015-09-01 00:05 - 2015-01-13 11:46 - 00000000 ____D C:\ProgramData\Oracle
2015-09-01 00:04 - 2015-01-13 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 00:04 - 2015-01-13 11:46 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-01 00:03 - 2015-01-13 11:46 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-30 18:31 - 2015-04-27 00:07 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-08-30 18:31 - 2015-04-27 00:07 - 00000286 __RSH C:\ProgramData\ntuser.pol
2015-08-30 18:20 - 2014-10-02 18:13 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-08-30 18:20 - 2014-10-02 18:13 - 00000000 ____D C:\ProgramData\GbPlugin
2015-08-26 18:37 - 2014-10-06 21:16 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2015-02-24 15:13 - 2015-02-24 15:13 - 0016730 _____ () C:\Users\jerson\AppData\Roaming\unins000.dat
2015-02-24 15:13 - 2015-02-24 15:13 - 0815826 _____ () C:\Users\jerson\AppData\Roaming\unins000.exe
2014-09-10 01:21 - 2014-09-10 01:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-10 01:43 - 2014-09-10 01:44 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-10 01:39 - 2014-09-10 01:40 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-10 01:40 - 2014-09-10 01:41 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-10 01:41 - 2014-09-10 01:43 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-10 01:39 - 2014-09-10 01:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
C:\Users\jerson\AppData\Local\Temp\2503.exe
C:\Users\jerson\AppData\Local\Temp\6074.exe
C:\Users\jerson\AppData\Local\Temp\8FFD427E-F52C-37D3-608D-352F36983F31.dll
C:\Users\jerson\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\jerson\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\jerson\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\jerson\AppData\Local\Temp\jue1FD6.exe
C:\Users\jerson\AppData\Local\Temp\jue345A.exe
C:\Users\jerson\AppData\Local\Temp\jue8691.exe
C:\Users\jerson\AppData\Local\Temp\jue87E9.exe
C:\Users\jerson\AppData\Local\Temp\jueDEB5.exe
C:\Users\jerson\AppData\Local\Temp\jueE7A8.exe
C:\Users\jerson\AppData\Local\Temp\OfficeSetup.exe
C:\Users\jerson\AppData\Local\Temp\setup32.exe
C:\Users\jerson\AppData\Local\Temp\SetupHomeStudentRetail.x86.pt-BR_HomeStudentRetail_T6DVH-NMKV4-Q8DWF-HHGGP-27GKR_act_1_.exe
C:\Users\jerson\AppData\Local\Temp\UninstallModule.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-15 04:51
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by jerson (2015-09-25 11:26:01)
Running from C:\Users\jerson\Downloads
Windows 8.1 Single Language (X64) (2014-10-02 20:44:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1119460738-191548075-3182123001-500 - Administrator - Disabled)
Convidado (S-1-5-21-1119460738-191548075-3182123001-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1119460738-191548075-3182123001-1003 - Limited - Enabled)
jerson (S-1-5-21-1119460738-191548075-3182123001-1001 - Administrator - Enabled) => C:\Users\jerson
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Antivírus e antispyware da McAfee (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivírus e antispyware da McAfee (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Atualizações da NVIDIA 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.1 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}) (Version: 1.2.1004.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.0 - Receita Federal do Brasil)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
Microsoft Office Home and Student 2013 - pt-br (HKLM\...\HomeStudentRetail - pt-br) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.0.2 - )
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
NVIDIA Driver de gráficos 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Painel de controle da NVIDIA 332.91 (Version: 332.91 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1119460738-191548075-3182123001-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1119460738-191548075-3182123001-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1119460738-191548075-3182123001-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
==================== Restore Points =========================
16-09-2015 20:46:18 Ponto de Verificação Agendado
22-09-2015 00:29:07 Windows Update
24-09-2015 14:07:56 Installed SpyHunter
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 10:25 - 2015-02-16 08:42 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10793A99-7443-41EA-BACA-CCB4EF007EF7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {11C62962-816E-4A02-8C4E-466787434FFA} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1119460738-191548075-3182123001-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {1509F537-C726-40D1-BFE8-2E6EA96295E9} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {1665A985-15F0-4414-86C2-8E300F2641B3} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-15] (Synaptics Incorporated)
Task: {1914EAB0-634D-40FA-A5A3-F5EAF691FCCF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {1CC72466-1AE1-4700-B4FA-17968D2A5642} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {326C39F5-5C9F-4963-8033-D36239A55883} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {4E8A9320-F98A-4E28-BEB5-57FB1E429257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {575D4C04-42C2-4C04-AFE9-81CA7E5FD5C6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {6181AD3A-38AE-473F-8299-FF358E121820} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7C325A8B-1E4E-4061-A312-D049D00FF4F9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {9D59D850-01F3-47EA-888E-D3B06064FA4E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {AA2614E1-BFE1-4DFC-89BD-88706DCD47CC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {C5EAA7FE-ADAF-48CD-AF3E-FAC0A3A674C1} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {D090188A-590C-40C5-896E-6E38ADFE2C74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {F806380B-085D-4E39-88D0-5B0F69893D9F} - System32\Tasks\{26D58E4B-C847-4162-A9C0-5D1737753DA1} => pcalua.exe -a C:\Users\jerson\AppData\Roaming\luckysearches\UninstallManager.exe -c -ptid=cmi
Task: {FF895FEE-B03F-4DEA-949F-372139BE14D4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-04-15 20:59 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-24 14:37 - 2015-09-24 09:25 - 00185800 _____ () C:\Users\jerson\AppData\Local\Crsoft\crsvc.exe
2015-09-08 20:54 - 2015-09-07 08:06 - 00142792 _____ () C:\Users\jerson\AppData\Roaming\DNSHelper\DNSSVC.exe
2014-09-10 01:53 - 2014-03-24 09:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-10 01:44 - 2013-12-10 12:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-10 01:40 - 2013-03-05 00:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-02-26 14:07 - 2015-02-09 14:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-09-10 02:00 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 14:07 - 2014-02-18 16:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-09-23 09:40 - 2015-09-18 19:13 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libglesv2.dll
2015-09-23 09:40 - 2015-09-18 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libegl.dll
2015-05-18 14:27 - 2015-05-18 14:27 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-09-23 09:40 - 2015-09-18 19:13 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Windows\System32:E41D071A_Bb.gbp
AlternateDataStreams: C:\Users\jerson\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\bb.com.br -> hxxps://seg.bb.com.br
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1119460738-191548075-3182123001-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img11.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "SmartWeb"
HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"
HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{16A97211-4DA1-4167-B883-F7FE7B414A91}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{7655EE73-CEC9-432A-AD87-E5C16AE569B1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A979CBDB-FD98-4769-BC21-1A922B3E5FC7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{CA8453C1-B531-49DF-B5A5-8E2E4CE613BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8DD95855-0056-4BB1-A071-8874A0B2883D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2F82027F-C66D-4833-BDB2-4D7EDB81024B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5909F9A8-A112-4454-B948-F96D3233BB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{56045E3C-3BFA-475C-B79B-0CF20E95BF06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{80709ABF-8931-4353-A2DB-4B4F36C7090B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EA6292C1-8FCD-4EC1-B87B-99AEE5E56B7E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7724A3D6-28F6-4920-8093-8208EC3FE9F4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B1F95657-248C-4D6E-98D6-10CA5EB62E2C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8AA947B7-6C4B-4D53-B1AB-5CE3EE60A0D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{65C9985E-AE2F-4EF2-AAD0-A54E8E53F0B4}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5545D00B-1620-4E53-872A-99CB309E9066}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{F0FD1715-DF56-4CF6-A783-64CC9A89929D}] => (Allow) C:\Users\jerson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{6DCC3FC3-B9F0-491D-9BAB-3ABBB2AD806A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2015 09:17:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: BtvStack.exe, versão: 8.0.1.314, carimbo de data/hora: 0x52cd12be
Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000142
Deslocamento da falha: 0x00000000000ec4e0
ID do processo com falha: 0xcc8
Hora de início do aplicativo com falha: 0xBtvStack.exe0
Caminho do aplicativo com falha: BtvStack.exe1
Caminho do módulo com falha: BtvStack.exe2
ID do Relatório: BtvStack.exe3
Nome completo do pacote com falha: BtvStack.exe4
ID do aplicativo relativo ao pacote com falha: BtvStack.exe5
Error: (09/25/2015 09:16:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: taskhost.exe, versão: 6.3.9600.17415, carimbo de data/hora: 0x545040f5
Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000142
Deslocamento da falha: 0x00000000000ec4e0
ID do processo com falha: 0x13e4
Hora de início do aplicativo com falha: 0xtaskhost.exe0
Caminho do aplicativo com falha: taskhost.exe1
Caminho do módulo com falha: taskhost.exe2
ID do Relatório: taskhost.exe3
Nome completo do pacote com falha: taskhost.exe4
ID do aplicativo relativo ao pacote com falha: taskhost.exe5
Error: (09/24/2015 06:38:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/24/2015 05:01:59 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (09/24/2015 02:32:08 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: AUTORIDADE NT)
Description: There was an error with the Windows Location Provider database
Error: (09/24/2015 01:24:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: vida)
Description: windows_ie_ac_0013
Error: (09/24/2015 01:24:04 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: vida)
Description: oice_15_974fa576_32c1d314_30733
Error: (09/24/2015 01:23:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa OpenFiles.Windows.exe versão 1.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
ID do Processo: 1290
Hora de Início: 01d0f6e549519ab4
Hora de Término: 4294967295
Caminho do Aplicativo: C:\Program Files\WindowsApps\62307pauljohn.RARFileOpener_1.0.0.0_neutral__7sv5v3m8wq0b2\OpenFiles.Windows.exe
ID do Relatório: 929b4d0e-62d8-11e5-82ab-38b1db974814
Nome completo do pacote com falha: 62307pauljohn.RARFileOpener_1.0.0.0_neutral__7sv5v3m8wq0b2
ID do aplicativo relativo ao pacote com falha: App
Error: (09/24/2015 01:23:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: vida)
Description: O aplicativo 62307pauljohn.RARFileOpener_1.0.0.0_neutral__7sv5v3m8wq0b2+App não foi iniciado dentro do tempo alocado.
Error: (09/24/2015 01:11:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: NvBackend.exe, versão: 11.10.11.1, carimbo de data/hora: 0x52ddc011
Nome do módulo com falha: nvspcap.dll_unloaded, versão: 11.10.11.1, carimbo de data/hora: 0x52dde0cc
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0000c292
ID do processo com falha: 0x15c0
Hora de início do aplicativo com falha: 0xNvBackend.exe0
Caminho do aplicativo com falha: NvBackend.exe1
Caminho do módulo com falha: NvBackend.exe2
ID do Relatório: NvBackend.exe3
Nome completo do pacote com falha: NvBackend.exe4
ID do aplicativo relativo ao pacote com falha: NvBackend.exe5
System errors:
=============
Error: (09/25/2015 09:10:42 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (09/24/2015 09:47:45 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (09/24/2015 08:06:02 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (09/24/2015 07:01:22 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (09/24/2015 04:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
%%2
Error: (09/24/2015 04:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
%%2
Error: (09/24/2015 04:03:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
%%2
Error: (09/24/2015 04:03:42 PM) (Source: DCOM) (EventID: 10016) (User: vida)
Description: específico do aplicativoLocalIniciar{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}vidajersonS-1-5-21-1119460738-191548075-3182123001-1001LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (09/24/2015 04:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço My Dell Client Framework devido ao seguinte erro:
%%1053
Error: (09/24/2015 04:03:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço My Dell Client Framework.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 29%
Total physical RAM: 8095.82 MB
Available physical RAM: 5704.54 MB
Total Virtual: 9375.82 MB
Available Virtual: 6573.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:921.33 GB) (Free:856.72 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.45 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:8.79 GB) (Free:0.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D8AD88CD)
Partition: GPT.
==================== End of Addition.txt ============================
Ran by jerson (administrator) on VIDA (25-09-2015 11:24:23)
Running from C:\Users\jerson\Downloads
Loaded Profiles: jerson (Available Profiles: jerson)
Platform: Windows 8.1 Single Language (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Users\jerson\AppData\Local\Crsoft\crsvc.exe
() C:\Users\jerson\AppData\Roaming\DNSHelper\DNSSVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(QNT) C:\Users\jerson\AppData\Roaming\NetService\netservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.6.1008.0\McCSPServiceHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-31] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Atheros Communications)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1896320 2015-08-19] (Banco do Brasil)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-24]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-24]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\jerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2015-08-27]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2F1D105C-50AE-411D-95B5-983C64BF88D6}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv3&uid=S32SJ5AF805400_ST1000LM024HN-M101MBB&tm=1442709775
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv3&uid=S32SJ5AF805400_ST1000LM024HN-M101MBB&tm=1442709775
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1119460738-191548075-3182123001-1001 -> {5E05225F-3794-4201-A4F4-7D7F38F7F63C} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-18] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-08-21] (McAfee, Inc.)
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1119460738-191548075-3182123001-1001: gastecnologia.com.br/sf/bb -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-01-13] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1119460738-191548075-3182123001-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-01-13] (GAS Tecnologia)
Chrome:
=======
CHR Profile: C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11]
CHR Extension: (Google Docs) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11]
CHR Extension: (Google Drive) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-11]
CHR Extension: (YouTube) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-11]
CHR Extension: (Google Search) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-11]
CHR Extension: (Planilhas do Google) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11]
CHR Extension: (Documentos Google off-line) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-01]
CHR Extension: (EasyCalendar) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-09-24]
CHR Extension: (Protector Web – Confiável proteção contra phishing) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko [2015-09-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-24]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-11]
CHR Extension: (Gmail) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR Profile: C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Apresentações) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-06]
CHR Extension: (Google Docs) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-06]
CHR Extension: (Google Drive) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-06]
CHR Extension: (YouTube) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-06]
CHR Extension: (Google Search) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-06]
CHR Extension: (Planilhas do Google) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-06]
CHR Extension: (Protector Web – Confiável proteção contra phishing) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko [2015-08-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-06]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]
CHR Extension: (Gmail) - C:\Users\jerson\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-06]
CHR HKU\S-1-5-21-1119460738-191548075-3182123001-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows (R) Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 Crashhd; C:\Users\jerson\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] ()
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DNSSVC; C:\Users\jerson\AppData\Roaming\DNSHelper\DNSSVC.exe [142792 2015-09-07] ()
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-12] (GAS Tecnologia)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 NetTcpHandler; C:\Users\jerson\AppData\Roaming\NetService\netservice.exe [211824 2015-03-20] (QNT)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
S3 GENERICDRV; C:\Users\jerson\AppData\Roaming\PCDr\Downloads\amifldrv64.sys [15400 2015-07-03] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [41200 2014-01-15] (Synaptics Incorporated)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
U2 McMPFSvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-25 11:24 - 2015-09-25 11:25 - 00024938 _____ C:\Users\jerson\Downloads\FRST.txt
2015-09-25 11:23 - 2015-09-25 11:24 - 00000000 ____D C:\FRST
2015-09-25 11:22 - 2015-09-25 11:22 - 02192384 _____ (Farbar) C:\Users\jerson\Downloads\FRST64.exe
2015-09-25 11:22 - 2015-09-25 11:22 - 01695744 _____ (Farbar) C:\Users\jerson\Downloads\FRST.exe
2015-09-25 09:09 - 2015-09-25 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-09-24 20:42 - 2015-09-24 20:42 - 00000000 ___RD C:\Users\jerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-09-24 16:03 - 2015-09-24 16:03 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-24 15:56 - 2015-09-24 16:01 - 00000000 ____D C:\AdwCleaner
2015-09-24 15:55 - 2015-09-24 15:55 - 00001201 _____ C:\Users\jerson\Desktop\AdwCleaner.exe - Atalho.lnk
2015-09-24 15:52 - 2015-09-24 15:52 - 01662976 _____ C:\Users\jerson\Downloads\AdwCleaner.exe
2015-09-24 15:46 - 2015-09-24 15:46 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-24 14:37 - 2015-09-24 14:37 - 00000000 ____D C:\Users\jerson\AppData\Local\Crsoft
2015-09-24 14:35 - 2015-09-24 14:36 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-09-24 14:22 - 2015-09-24 14:22 - 00000000 ____D C:\Users\jerson\Documents\patch-SND
2015-09-24 14:08 - 2015-09-24 14:08 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2015-09-24 14:07 - 2015-09-24 15:39 - 00000000 ____D C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2015-09-24 13:55 - 2015-09-24 19:32 - 00000000 ____D C:\Users\jerson\Documents\Add-in Express
2015-09-24 13:55 - 2015-09-24 14:06 - 00000000 ____D C:\Users\Todos os Usuários\WinZip
2015-09-24 13:55 - 2015-09-24 14:06 - 00000000 ____D C:\Users\jerson\AppData\Local\WinZip
2015-09-24 13:55 - 2015-09-24 14:06 - 00000000 ____D C:\ProgramData\WinZip
2015-09-24 13:55 - 2015-09-24 13:55 - 00002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-09-24 13:55 - 2015-09-24 13:55 - 00002307 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-09-24 13:55 - 2015-09-24 13:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-09-24 13:55 - 2015-09-24 13:55 - 00000000 ____D C:\Program Files\WinZip
2015-09-24 13:53 - 2015-09-24 13:53 - 00714376 _____ (WinZip Computing, S.L.) C:\Users\jerson\Downloads\winzip19-pp.exe
2015-09-24 13:53 - 2015-09-24 13:53 - 00000000 ____D C:\Users\Todos os Usuários\UniqueId
2015-09-24 13:53 - 2015-09-24 13:53 - 00000000 ____D C:\ProgramData\UniqueId
2015-09-24 13:47 - 2015-09-24 13:47 - 57042590 _____ C:\Users\jerson\Downloads\SpyHunter.4.17.6.4336.baixedetudo.net.rar
2015-09-24 13:19 - 2015-09-24 13:22 - 00000000 ____D C:\Users\jerson\OneDrive
2015-09-24 13:12 - 2015-09-24 13:12 - 00611230 _____ C:\Users\jerson\Downloads\SpyHunter 4 Crack e Serial__15460_i1672692476_il1551093.rar
2015-09-19 21:43 - 2015-09-19 21:43 - 00000000 ____D C:\Users\jerson\AppData\Roaming\shortCutStore
2015-09-19 21:43 - 2015-09-19 21:43 - 00000000 _____ C:\autoexec.bat
2015-09-16 16:46 - 2015-09-16 16:47 - 02443776 _____ (Flash BOX) C:\Users\jerson\Downloads\Adobe_Flash_Player 2015.exe
2015-09-16 14:24 - 2015-09-16 14:24 - 02818560 _____ (Flash tolls) C:\Users\jerson\Downloads\Adobe Flash Player 2015 .exe
2015-09-16 14:24 - 2015-09-16 14:24 - 02818560 _____ (Flash tolls) C:\Users\jerson\Downloads\Adobe Flash Player 2015 (1).exe
2015-09-10 20:09 - 2015-09-10 20:09 - 00686858 _____ C:\Users\jerson\Downloads\Adobe_Flash_Player 2015_.exe
2015-09-08 21:06 - 2015-09-02 23:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 21:06 - 2015-09-02 23:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-08 21:06 - 2015-09-02 15:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 21:06 - 2015-09-02 14:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-08 21:06 - 2015-07-22 11:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-08 21:06 - 2015-07-22 10:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-08 21:06 - 2015-07-17 11:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-08 21:06 - 2015-07-17 11:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-08 21:06 - 2015-07-03 18:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-08 21:06 - 2015-07-03 11:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-08 21:06 - 2015-06-27 08:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-08 21:05 - 2015-07-13 16:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-08 21:05 - 2015-07-10 16:06 - 00118272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-08 21:05 - 2015-07-09 13:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-08 21:05 - 2015-06-19 14:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-08 20:54 - 2015-09-08 20:54 - 00000000 ____D C:\Users\jerson\AppData\Roaming\DNSHelper
2015-09-08 18:10 - 2015-08-26 23:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 18:10 - 2015-08-26 15:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-08 18:10 - 2015-08-26 15:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-08 18:10 - 2015-08-26 15:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-08 18:10 - 2015-08-26 15:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-08 18:10 - 2015-08-26 11:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 18:10 - 2015-08-26 11:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 18:10 - 2015-08-26 11:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 18:10 - 2015-08-26 11:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-08 18:10 - 2015-08-26 11:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 18:10 - 2015-08-26 11:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 18:10 - 2015-08-26 11:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 18:10 - 2015-08-22 15:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 18:10 - 2015-08-22 14:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 18:10 - 2015-08-22 14:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-08 18:10 - 2015-08-22 14:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 18:10 - 2015-08-22 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-08 18:10 - 2015-08-22 13:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 18:10 - 2015-08-22 13:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-08 18:10 - 2015-08-22 13:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 18:10 - 2015-08-22 13:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-08 18:10 - 2015-08-22 13:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-08 18:10 - 2015-07-30 14:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 18:10 - 2015-07-30 13:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-08 18:09 - 2015-09-01 23:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 18:09 - 2015-09-01 23:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 18:09 - 2015-09-01 23:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 18:09 - 2015-09-01 23:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-08 18:09 - 2015-09-01 23:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-08 18:09 - 2015-08-22 14:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 18:09 - 2015-08-22 14:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 18:09 - 2015-08-22 13:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-08 18:09 - 2015-08-22 13:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-08 18:09 - 2015-08-22 13:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-08 18:09 - 2015-08-22 13:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-08 18:09 - 2015-08-22 13:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 18:09 - 2015-08-22 13:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 18:09 - 2015-08-22 13:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 18:09 - 2015-08-22 13:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 18:09 - 2015-08-22 13:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-08 18:09 - 2015-08-22 13:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-08 18:09 - 2015-08-22 13:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-08 18:09 - 2015-08-22 13:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-08 18:09 - 2015-08-22 13:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-08 18:09 - 2015-08-22 13:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 18:09 - 2015-08-22 13:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 18:09 - 2015-08-22 12:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-08 18:09 - 2015-08-22 12:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-08 18:09 - 2015-08-03 18:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 18:09 - 2015-08-03 18:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-08 18:09 - 2015-08-01 11:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 18:09 - 2015-08-01 00:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-08 18:09 - 2015-08-01 00:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-08 18:09 - 2015-08-01 00:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 18:09 - 2015-08-01 00:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-08 18:09 - 2015-08-01 00:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-08 18:09 - 2015-07-22 11:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-08 18:09 - 2015-07-22 11:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-08 18:09 - 2015-07-22 11:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-08 18:09 - 2015-07-22 11:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 18:09 - 2015-07-18 15:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-08 18:09 - 2015-07-18 15:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-08 18:09 - 2015-07-18 15:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-08 18:09 - 2015-07-18 15:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-08 18:09 - 2015-07-14 00:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-01 17:18 - 2015-09-01 17:18 - 00529002 _____ C:\Users\jerson\Downloads\Apresentação AEEL_ Equacionamento do déficit de 2013_v25-08-2015.pptx
2015-09-01 00:04 - 2015-09-01 00:04 - 00000000 ____D C:\Users\jerson\AppData\Roaming\Sun
2015-09-01 00:04 - 2015-09-01 00:04 - 00000000 ____D C:\Users\jerson\.oracle_jre_usage
2015-08-31 22:29 - 2015-09-18 12:58 - 00000136 _____ C:\Windows\ODBC.INI
2015-08-27 10:20 - 2015-08-27 10:20 - 00000000 ____D C:\Users\jerson\Documents\Blocos de Anotações do OneNote
2015-08-26 09:38 - 2015-08-26 09:38 - 05604405 _____ C:\Users\jerson\Downloads\tratamento de dados_I.pptx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-25 11:21 - 2014-03-18 07:07 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-25 11:21 - 2014-03-18 06:29 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2015-09-25 11:21 - 2014-03-18 06:29 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2015-09-25 11:17 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-25 10:08 - 2014-09-10 01:59 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-09-25 10:08 - 2014-09-10 01:29 - 01658861 _____ C:\Windows\WindowsUpdate.log
2015-09-25 09:39 - 2015-06-11 18:06 - 00001086 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-25 09:12 - 2014-10-02 17:50 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1119460738-191548075-3182123001-1001
2015-09-25 09:10 - 2014-10-02 17:56 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{493CFB94-3AAD-4238-AD3C-6B8C2D7EE423}
2015-09-25 09:09 - 2015-06-11 18:06 - 00001082 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-24 19:55 - 2014-10-02 17:44 - 00000000 ____D C:\Users\jerson\AppData\Local\Packages
2015-09-24 16:03 - 2014-10-02 18:13 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-09-24 16:02 - 2013-08-22 11:46 - 00062916 _____ C:\Windows\setupact.log
2015-09-24 16:02 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-24 16:01 - 2014-10-02 17:44 - 00000000 ____D C:\Users\jerson
2015-09-24 16:01 - 2013-08-22 10:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-09-24 14:37 - 2015-04-26 22:24 - 00000000 ____D C:\Users\jerson\AppData\Roaming\RunDir
2015-09-24 14:36 - 2014-09-10 01:44 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-24 14:27 - 2014-03-18 02:55 - 00102360 _____ C:\Windows\PFRO.log
2015-09-24 13:28 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-24 13:26 - 2015-08-06 11:07 - 00085504 ___SH C:\Users\jerson\Downloads\Thumbs.db
2015-09-24 13:19 - 2015-04-15 21:04 - 00000000 ___RD C:\Users\jerson\OneDrive.old
2015-09-24 13:11 - 2014-10-07 14:36 - 00000000 ____D C:\Users\jerson\AppData\Local\CrashDumps
2015-09-23 14:17 - 2015-04-15 20:59 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-23 09:40 - 2015-06-11 18:09 - 00002367 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 08:49 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-22 00:30 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-19 21:54 - 2015-08-07 13:46 - 00001493 _____ C:\Users\jerson\Desktop\Pessoa 1 - Chrome.lnk
2015-09-19 19:06 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2015-09-17 21:34 - 2015-06-11 18:06 - 00004058 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 21:34 - 2015-06-11 18:06 - 00003822 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 12:29 - 2015-07-25 13:14 - 00037888 ___SH C:\Users\jerson\Desktop\Thumbs.db
2015-09-14 22:18 - 2015-07-17 10:57 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-14 22:18 - 2015-07-17 10:57 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-13 14:12 - 2014-10-02 20:34 - 00000000 ____D C:\Users\jerson\AppData\Local\Google
2015-09-12 07:45 - 2015-04-15 21:04 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1119460738-191548075-3182123001-1001
2015-09-11 14:00 - 2014-10-06 21:16 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 21:41 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
2015-09-08 20:43 - 2013-08-22 11:44 - 00382968 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-08 20:40 - 2014-03-18 06:44 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 20:40 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-03 19:35 - 2014-09-10 01:57 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-01 00:05 - 2015-01-13 11:46 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2015-09-01 00:05 - 2015-01-13 11:46 - 00000000 ____D C:\ProgramData\Oracle
2015-09-01 00:04 - 2015-01-13 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 00:04 - 2015-01-13 11:46 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-01 00:03 - 2015-01-13 11:46 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-30 18:31 - 2015-04-27 00:07 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-08-30 18:31 - 2015-04-27 00:07 - 00000286 __RSH C:\ProgramData\ntuser.pol
2015-08-30 18:20 - 2014-10-02 18:13 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-08-30 18:20 - 2014-10-02 18:13 - 00000000 ____D C:\ProgramData\GbPlugin
2015-08-26 18:37 - 2014-10-06 21:16 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2015-02-24 15:13 - 2015-02-24 15:13 - 0016730 _____ () C:\Users\jerson\AppData\Roaming\unins000.dat
2015-02-24 15:13 - 2015-02-24 15:13 - 0815826 _____ () C:\Users\jerson\AppData\Roaming\unins000.exe
2014-09-10 01:21 - 2014-09-10 01:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-10 01:43 - 2014-09-10 01:44 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-10 01:39 - 2014-09-10 01:40 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-10 01:40 - 2014-09-10 01:41 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-10 01:41 - 2014-09-10 01:43 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-10 01:39 - 2014-09-10 01:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
C:\Users\jerson\AppData\Local\Temp\2503.exe
C:\Users\jerson\AppData\Local\Temp\6074.exe
C:\Users\jerson\AppData\Local\Temp\8FFD427E-F52C-37D3-608D-352F36983F31.dll
C:\Users\jerson\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\jerson\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\jerson\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\jerson\AppData\Local\Temp\jue1FD6.exe
C:\Users\jerson\AppData\Local\Temp\jue345A.exe
C:\Users\jerson\AppData\Local\Temp\jue8691.exe
C:\Users\jerson\AppData\Local\Temp\jue87E9.exe
C:\Users\jerson\AppData\Local\Temp\jueDEB5.exe
C:\Users\jerson\AppData\Local\Temp\jueE7A8.exe
C:\Users\jerson\AppData\Local\Temp\OfficeSetup.exe
C:\Users\jerson\AppData\Local\Temp\setup32.exe
C:\Users\jerson\AppData\Local\Temp\SetupHomeStudentRetail.x86.pt-BR_HomeStudentRetail_T6DVH-NMKV4-Q8DWF-HHGGP-27GKR_act_1_.exe
C:\Users\jerson\AppData\Local\Temp\UninstallModule.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-15 04:51
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by jerson (2015-09-25 11:26:01)
Running from C:\Users\jerson\Downloads
Windows 8.1 Single Language (X64) (2014-10-02 20:44:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-1119460738-191548075-3182123001-500 - Administrator - Disabled)
Convidado (S-1-5-21-1119460738-191548075-3182123001-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1119460738-191548075-3182123001-1003 - Limited - Enabled)
jerson (S-1-5-21-1119460738-191548075-3182123001-1001 - Administrator - Enabled) => C:\Users\jerson
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Antivírus e antispyware da McAfee (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivírus e antispyware da McAfee (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Atualizações da NVIDIA 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.1 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}) (Version: 1.2.1004.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.0 - Receita Federal do Brasil)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
Microsoft Office Home and Student 2013 - pt-br (HKLM\...\HomeStudentRetail - pt-br) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Módulo de Segurança - Banco do Brasil (HKLM-x32\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.12.0.2 - )
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
NVIDIA Driver de gráficos 332.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.91 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Painel de controle da NVIDIA 332.91 (Version: 332.91 - NVIDIA Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1119460738-191548075-3182123001-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1119460738-191548075-3182123001-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\jerson\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1119460738-191548075-3182123001-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
==================== Restore Points =========================
16-09-2015 20:46:18 Ponto de Verificação Agendado
22-09-2015 00:29:07 Windows Update
24-09-2015 14:07:56 Installed SpyHunter
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 10:25 - 2015-02-16 08:42 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10793A99-7443-41EA-BACA-CCB4EF007EF7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {11C62962-816E-4A02-8C4E-466787434FFA} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1119460738-191548075-3182123001-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {1509F537-C726-40D1-BFE8-2E6EA96295E9} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {1665A985-15F0-4414-86C2-8E300F2641B3} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-15] (Synaptics Incorporated)
Task: {1914EAB0-634D-40FA-A5A3-F5EAF691FCCF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {1CC72466-1AE1-4700-B4FA-17968D2A5642} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {326C39F5-5C9F-4963-8033-D36239A55883} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {4E8A9320-F98A-4E28-BEB5-57FB1E429257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {575D4C04-42C2-4C04-AFE9-81CA7E5FD5C6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {6181AD3A-38AE-473F-8299-FF358E121820} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7C325A8B-1E4E-4061-A312-D049D00FF4F9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {9D59D850-01F3-47EA-888E-D3B06064FA4E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {AA2614E1-BFE1-4DFC-89BD-88706DCD47CC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {C5EAA7FE-ADAF-48CD-AF3E-FAC0A3A674C1} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {D090188A-590C-40C5-896E-6E38ADFE2C74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {F806380B-085D-4E39-88D0-5B0F69893D9F} - System32\Tasks\{26D58E4B-C847-4162-A9C0-5D1737753DA1} => pcalua.exe -a C:\Users\jerson\AppData\Roaming\luckysearches\UninstallManager.exe -c -ptid=cmi
Task: {FF895FEE-B03F-4DEA-949F-372139BE14D4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-04-15 20:59 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-24 14:37 - 2015-09-24 09:25 - 00185800 _____ () C:\Users\jerson\AppData\Local\Crsoft\crsvc.exe
2015-09-08 20:54 - 2015-09-07 08:06 - 00142792 _____ () C:\Users\jerson\AppData\Roaming\DNSHelper\DNSSVC.exe
2014-09-10 01:53 - 2014-03-24 09:30 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-10 01:44 - 2013-12-10 12:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-10 01:40 - 2013-03-05 00:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-02-26 14:07 - 2015-02-09 14:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-09-10 02:00 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 14:07 - 2014-02-18 16:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-09-23 09:40 - 2015-09-18 19:13 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libglesv2.dll
2015-09-23 09:40 - 2015-09-18 19:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libegl.dll
2015-05-18 14:27 - 2015-05-18 14:27 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-09-23 09:40 - 2015-09-18 19:13 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Windows\System32:E41D071A_Bb.gbp
AlternateDataStreams: C:\Users\jerson\OneDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\bb.com.br -> hxxps://seg.bb.com.br
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1119460738-191548075-3182123001-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img11.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "SmartWeb"
HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"
HKU\S-1-5-21-1119460738-191548075-3182123001-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{16A97211-4DA1-4167-B883-F7FE7B414A91}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{7655EE73-CEC9-432A-AD87-E5C16AE569B1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A979CBDB-FD98-4769-BC21-1A922B3E5FC7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{CA8453C1-B531-49DF-B5A5-8E2E4CE613BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8DD95855-0056-4BB1-A071-8874A0B2883D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2F82027F-C66D-4833-BDB2-4D7EDB81024B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5909F9A8-A112-4454-B948-F96D3233BB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{56045E3C-3BFA-475C-B79B-0CF20E95BF06}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{80709ABF-8931-4353-A2DB-4B4F36C7090B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EA6292C1-8FCD-4EC1-B87B-99AEE5E56B7E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7724A3D6-28F6-4920-8093-8208EC3FE9F4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B1F95657-248C-4D6E-98D6-10CA5EB62E2C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8AA947B7-6C4B-4D53-B1AB-5CE3EE60A0D0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{65C9985E-AE2F-4EF2-AAD0-A54E8E53F0B4}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5545D00B-1620-4E53-872A-99CB309E9066}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{F0FD1715-DF56-4CF6-A783-64CC9A89929D}] => (Allow) C:\Users\jerson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{6DCC3FC3-B9F0-491D-9BAB-3ABBB2AD806A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2015 09:17:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: BtvStack.exe, versão: 8.0.1.314, carimbo de data/hora: 0x52cd12be
Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000142
Deslocamento da falha: 0x00000000000ec4e0
ID do processo com falha: 0xcc8
Hora de início do aplicativo com falha: 0xBtvStack.exe0
Caminho do aplicativo com falha: BtvStack.exe1
Caminho do módulo com falha: BtvStack.exe2
ID do Relatório: BtvStack.exe3
Nome completo do pacote com falha: BtvStack.exe4
ID do aplicativo relativo ao pacote com falha: BtvStack.exe5
Error: (09/25/2015 09:16:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: taskhost.exe, versão: 6.3.9600.17415, carimbo de data/hora: 0x545040f5
Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.17936, carimbo de data/hora: 0x55a68e0c
Código de exceção: 0xc0000142
Deslocamento da falha: 0x00000000000ec4e0
ID do processo com falha: 0x13e4
Hora de início do aplicativo com falha: 0xtaskhost.exe0
Caminho do aplicativo com falha: taskhost.exe1
Caminho do módulo com falha: taskhost.exe2
ID do Relatório: taskhost.exe3
Nome completo do pacote com falha: taskhost.exe4
ID do aplicativo relativo ao pacote com falha: taskhost.exe5
Error: (09/24/2015 06:38:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (09/24/2015 05:01:59 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (09/24/2015 02:32:08 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: AUTORIDADE NT)
Description: There was an error with the Windows Location Provider database
Error: (09/24/2015 01:24:05 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: vida)
Description: windows_ie_ac_0013
Error: (09/24/2015 01:24:04 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: vida)
Description: oice_15_974fa576_32c1d314_30733
Error: (09/24/2015 01:23:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa OpenFiles.Windows.exe versão 1.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
ID do Processo: 1290
Hora de Início: 01d0f6e549519ab4
Hora de Término: 4294967295
Caminho do Aplicativo: C:\Program Files\WindowsApps\62307pauljohn.RARFileOpener_1.0.0.0_neutral__7sv5v3m8wq0b2\OpenFiles.Windows.exe
ID do Relatório: 929b4d0e-62d8-11e5-82ab-38b1db974814
Nome completo do pacote com falha: 62307pauljohn.RARFileOpener_1.0.0.0_neutral__7sv5v3m8wq0b2
ID do aplicativo relativo ao pacote com falha: App
Error: (09/24/2015 01:23:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: vida)
Description: O aplicativo 62307pauljohn.RARFileOpener_1.0.0.0_neutral__7sv5v3m8wq0b2+App não foi iniciado dentro do tempo alocado.
Error: (09/24/2015 01:11:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: NvBackend.exe, versão: 11.10.11.1, carimbo de data/hora: 0x52ddc011
Nome do módulo com falha: nvspcap.dll_unloaded, versão: 11.10.11.1, carimbo de data/hora: 0x52dde0cc
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0000c292
ID do processo com falha: 0x15c0
Hora de início do aplicativo com falha: 0xNvBackend.exe0
Caminho do aplicativo com falha: NvBackend.exe1
Caminho do módulo com falha: NvBackend.exe2
ID do Relatório: NvBackend.exe3
Nome completo do pacote com falha: NvBackend.exe4
ID do aplicativo relativo ao pacote com falha: NvBackend.exe5
System errors:
=============
Error: (09/25/2015 09:10:42 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (09/24/2015 09:47:45 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (09/24/2015 08:06:02 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (09/24/2015 07:01:22 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (09/24/2015 04:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
%%2
Error: (09/24/2015 04:04:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
%%2
Error: (09/24/2015 04:03:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
%%2
Error: (09/24/2015 04:03:42 PM) (Source: DCOM) (EventID: 10016) (User: vida)
Description: específico do aplicativoLocalIniciar{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}vidajersonS-1-5-21-1119460738-191548075-3182123001-1001LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (09/24/2015 04:03:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço My Dell Client Framework devido ao seguinte erro:
%%1053
Error: (09/24/2015 04:03:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço My Dell Client Framework.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 29%
Total physical RAM: 8095.82 MB
Available physical RAM: 5704.54 MB
Total Virtual: 9375.82 MB
Available Virtual: 6573.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:921.33 GB) (Free:856.72 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.45 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:8.79 GB) (Free:0.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D8AD88CD)
Partition: GPT.
==================== End of Addition.txt ============================