cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 25-07-2016
Executado por Rafael (administrador) em RAFAEL-PC (26-07-2016 18:26:14)
Executando a partir de C:\Users\Rafael\Downloads
Perfis Carregados: Rafael (Perfis Disponíveis: Rafael)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Trend Corp.) C:\Program Files\TData\TData.exe
(WFini LIMITED) C:\ProgramData\zwinpz\WFini.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [gmsd_br_520] => [X]
HKLM\...\Run: [gmsd_br_520b] => [X]
HKLM\...\Run: [gmsd_br_523] => [X]
HKLM\...\Run: [gmsd_br_523b] => [X]
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2015-04-20] (Caixa Economica Federal)
HKU\S-1-5-21-1761859656-3504061498-1352619132-1000\...\MountPoints2: {06129e40-f9d2-11e5-9b19-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-1761859656-3504061498-1352619132-1000\...\MountPoints2: {6faa0976-5264-11e6-abc4-24f5aa4d0203} - H:\CorelLauncher.exe
HKU\S-1-5-21-1761859656-3504061498-1352619132-1000\...\MountPoints2: {bfce88c9-981b-11e4-afe0-50b7c3cbcd9d} - F:\SETUP.EXE
HKU\S-1-5-21-1761859656-3504061498-1352619132-1000\...\MountPoints2: {ea51081d-a3cc-11e4-a196-50b7c3cbcd9d} - F:\LG_PC_Programs.exe
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES\GbPlugin\gbiehcef.dll [1824608 2015-04-20] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll Nenhum Arquivo
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{613F3C7E-AB65-4565-A8FD-685674D87EE8}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_e30037d0¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaITQbQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8wVQ4IGYTvFJdJGYYvFFdISIVwVQ9ISIYNVU3vmoXvFM9GqYVNUI3wGYGwVM4J6IYvmo9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM9IWYTwVRdJCoXvFI4IWYWwVw4IGYUNVU9J6ISwVI4ISk3vFI9I6oVwVU3vCIWwVxdJaYVNVNdImIYNVE4Jmk3vFE4ISIWwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbFaYTwVVdJCIYNVRdJqYVvFM9IaYTvFM9JCk3wVw4ICIXvmldJCISNVRdIqYXNVQ9I6k3NVM4IGYUwVRdJ6IYwVVdJqYXwVI4JaQIwV5dJGYNvmE9JrFbMnMbQGMVNGt8MaN9MaN5MHFbMnVoN9I4ATsux81cMo1bMo0exnwfyXFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQEySIkyDU9AJ%3D%3D¶m2=NGZ5MqN4Max4Nt%3D%3D
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv3&uid=S2TAJ5ED705137_ST500LM012HN-M500MBB&tm=1432766655
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 0x00
HKU\S-1-5-21-1761859656-3504061498-1352619132-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1432427749&z=9637d82c1e9b766d62098c6g4z4c9obz7ofm9mez9o&from=slbnew&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137&q={searchTerms}
HKU\S-1-5-21-1761859656-3504061498-1352619132-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_e30037d0¶m1=ArFaIWVoNqArQGMVHFFoNqAqBbFaITQbQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8wVQ4IGYTvFJdJGYYvFFdISIVwVQ9ISIYNVU3vmoXvFM9GqYVNUI3wGYGwVM4J6IYvmo9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM9IWYTwVRdJCoXvFI4IWYWwVw4IGYUNVU9J6ISwVI4ISk3vFI9I6oVwVU3vCIWwVxdJaYVNVNdImIYNVE4Jmk3vFE4ISIWwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbFaYTwVVdJCIYNVRdJqYVvFM9IaYTvFM9JCk3wVw4ICIXvmldJCISNVRdIqYXNVQ9I6k3NVM4IGYUwVRdJ6IYwVVdJqYXwVI4JaQIwV5dJGYNvmE9JrFbMnMbQGMVNGt8MaN9MaN5MHFbMnVoN9I4ATsux81cMo1bMo0exnwfyXFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQEySIkyDU9AJ%3D%3D¶m2=NGZ5MqN4Max4Nt%3D%3D
HKU\S-1-5-21-1761859656-3504061498-1352619132-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv3&uid=S2TAJ5ED705137_ST500LM012HN-M500MBB&tm=1432766655
HKU\S-1-5-21-1761859656-3504061498-1352619132-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1432427749&z=9637d82c1e9b766d62098c6g4z4c9obz7ofm9mez9o&from=slbnew&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137&q={searchTerms}
HKU\S-1-5-21-1761859656-3504061498-1352619132-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_49¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutByE0FyD0A0AyE0DtDtBtDtA0AzzyByCtN0D0Tzu0StCyEtAyDtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyE0A0D0A0EtA0F0BtGyD0AtAyBtGtDzz0DtBtGtDyB0A0EtGtBtA0DzzyDyB0A0AzyyBtA0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtA0AtA0B0B0DyCtG0FyCtAzztGyEtBzz0AtG0B0F0B0BtGzz0CyE0EtB0CtAtA0B0BtDyC2QtN0A0LzutB%26cr%3D362223331%26a%3Dwncy_gmmedply_15_49%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_e30037d0¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITQbQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8wVQ4IGYTvFJdJGYYvFFdISIVwVQ9ISIYNVU3vmoXvFM9GqYVNUI3wGYGwVM4J6IYvmo9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM9IWYTwVRdJCoXvFI4IWYWwVw4IGYUNVU9J6ISwVI4ISk3vFI9I6oVwVU3vCIWwVxdJaYVNVNdImIYNVE4Jmk3vFE4ISIWwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbFaYTwVVdJCIYNVRdJqYVvFM9IaYTvFM9JCk3wVw4ICIXvmldJCISNVRdIqYXNVQ9I6k3NVM4IGYUwVRdJ6IYwVVdJqYXwVI4JaQIwV5dJGYNvmE9JrFbMnMbQGMVNGt8MaN9MaN5MHFbMnVoN9I4ATsux81cMo1bMo0exnwfyXFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQEySIkyDU9AJ%3D%3D¶m2=NGFaMqp7MqN6NJ%3D%3D&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_e30037d0¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITQbQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8wVQ4IGYTvFJdJGYYvFFdISIVwVQ9ISIYNVU3vmoXvFM9GqYVNUI3wGYGwVM4J6IYvmo9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM9IWYTwVRdJCoXvFI4IWYWwVw4IGYUNVU9J6ISwVI4ISk3vFI9I6oVwVU3vCIWwVxdJaYVNVNdImIYNVE4Jmk3vFE4ISIWwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbFaYTwVVdJCIYNVRdJqYVvFM9IaYTvFM9JCk3wVw4ICIXvmldJCISNVRdIqYXNVQ9I6k3NVM4IGYUwVRdJ6IYwVVdJqYXwVI4JaQIwV5dJGYNvmE9JrFbMnMbQGMVNGt8MaN9MaN5MHFbMnVoN9I4ATsux81cMo1bMo0exnwfyXFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQEySIkyDU9AJ%3D%3D¶m2=NGFaMqp7MqN6NJ%3D%3D&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137&version=2.3.0.8724&pid=414031160&tid=422&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1761859656-3504061498-1352619132-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_e30037d0¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITQbQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8wVQ4IGYTvFJdJGYYvFFdISIVwVQ9ISIYNVU3vmoXvFM9GqYVNUI3wGYGwVM4J6IYvmo9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM9IWYTwVRdJCoXvFI4IWYWwVw4IGYUNVU9J6ISwVI4ISk3vFI9I6oVwVU3vCIWwVxdJaYVNVNdImIYNVE4Jmk3vFE4ISIWwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbFaYTwVVdJCIYNVRdJqYVvFM9IaYTvFM9JCk3wVw4ICIXvmldJCISNVRdIqYXNVQ9I6k3NVM4IGYUwVRdJ6IYwVVdJqYXwVI4JaQIwV5dJGYNvmE9JrFbMnMbQGMVNGt8MaN9MaN5MHFbMnVoN9I4ATsux81cMo1bMo0exnwfyXFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQEySIkyDU9AJ%3D%3D¶m2=NGFaMqp7MqN6NJ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1761859656-3504061498-1352619132-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=xy_e30037d0¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITQbQGR7xTVoN9IAy7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8wVQ4IGYTvFJdJGYYvFFdISIVwVQ9ISIYNVU3vmoXvFM9GqYVNUI3wGYGwVM4J6IYvmo9GqUNNos3wCIYwVA9JmIVwVA9ISITwVI9GqUNNFM3wGQENEVcGCIXwVQ9ImIWwVA9J6ILNFdcIaUXNEBcGqQANFdcFCk8NoM9IWYTwVRdJCoXvFI4IWYWwVw4IGYUNVU9J6ISwVI4ISk3vFI9I6oVwVU3vCIWwVxdJaYVNVNdImIYNVE4Jmk3vFE4ISIWwVJbFCILNF9cIqUXNolcEqULNopcGWUIvmFbFaYTwVVdJCIYNVRdJqYVvFM9IaYTvFM9JCk3wVw4ICIXvmldJCISNVRdIqYXNVQ9I6k3NVM4IGYUwVRdJ6IYwVVdJqYXwVI4JaQIwV5dJGYNvmE9JrFbMnMbQGMVNGt8MaN9MaN5MHFbMnVoN9I4ATsux81cMo1bMo0exnwfyXFbMn0aC6AoxrFaIWBfNHFbMn0aQGMVE7ofAT06xbFbJqxoNpQEySIkyDU9AJ%3D%3D¶m2=NGFaMqp7MqN6NJ%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1761859656-3504061498-1352619132-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_gmmedply_15_49¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutByE0FyD0A0AyE0DtDtBtDtA0AzzyByCtN0D0Tzu0StCyEtAyDtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyE0A0D0A0EtA0F0BtGyD0AtAyBtGtDzz0DtBtGtDyB0A0EtGtBtA0DzzyDyB0A0AzyyBtA0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtA0AtA0B0B0DyCtG0FyCtAzztGyEtBzz0AtG0B0F0B0BtGzz0CyE0EtB0CtAtA0B0BtDyC2QtN0A0LzutB%26cr%3D362223331%26a%3Dwncy_gmmedply_15_49%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1761859656-3504061498-1352619132-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=install_ie&utm_content=ds&from=slbnew&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137&ts=1432427873&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1761859656-3504061498-1352619132-1000 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1761859656-3504061498-1352619132-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=install_ie&utm_content=ds&from=slbnew&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137&ts=1432427873&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1761859656-3504061498-1352619132-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=install_ie&utm_content=ds&from=slbnew&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137&ts=1432427873&type=default&q={searchTerms}
BHO: Sem Nome -> {2395B860-45E4-42fd-96E6-50BA597C1C42} -> Nenhum Arquivo
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll [2015-04-20] (Caixa Economica Federal)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1432427749&z=9637d82c1e9b766d62098c6g4z4c9obz7ofm9mez9o&from=slbnew&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137

FireFox:
========
FF ProfilePath: C:\Users\Rafael\AppData\Roaming\Profiles\vu6fyu47.default
FF NewTab: hxxp://www.youndoo.com/?z=b71392692bfe6a433190282g9zeqeb0w2o6m6b6t6g&from=pmr&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137&type=hp
FF DefaultSearchEngine: youndoo
FF SelectedSearchEngine: youndoo
FF Homepage: hxxp://www.youndoo.com/?z=b71392692bfe6a433190282g9zeqeb0w2o6m6b6t6g&from=pmr&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137&type=hp
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\cfggpe0x.default\searchplugins\Yahoo Powered.xml [2016-06-27]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Profiles\vu6fyu47.default\searchplugins\sjmx0e3t.xml [2016-07-14]
FF SearchPlugin: C:\Users\Rafael\AppData\Roaming\Profiles\vu6fyu47.default\searchplugins\Yahoo Powered.xml [2016-06-27]
FF Extension: GsearchFinder - C:\Users\Rafael\AppData\Roaming\Profiles\vu6fyu47.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-07-14]
FF HKLM\...\Firefox\Extensions: [{2395B860-45E4-42fd-96E6-50BA597C1C42}] - C:\Program Files\shopperz\Firefox => não encontrado (a)

Chrome:
=======
CHR HomePage: gregugitulestogagh -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR StartupUrls: gregugitulestogagh -> "hxxp://www.google.com.br/","hxxp://www.mystartsearch.com/?type=hp&ts=1432427749&z=9637d82c1e9b766d62098c6g4z4c9obz7ofm9mez9o&from=slbnew&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137","hxxp://www.mystartsearch.com/?type=hppp&ts=1432427831&z=89e423a3dfa85a274de62c1g5z4c8ofz3o4m3bao9z&from=slbnew&uid=ST500LM012XHN-M500MBB_S2TAJ5ED705137"
CHR Session Restore: gregugitulestogagh -> está habilitado.
CHR Profile: C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-23]
CHR Extension: (Google Docs) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (Google Drive) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google Search) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Planilhas do Google) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-23]
CHR Extension: (Documentos Google off-line) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-06-28]
CHR Extension: (Gmail) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-27]
CHR HKU\S-1-5-21-1761859656-3504061498-1352619132-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S4 Alterdata Updater; C:\Program Files\Alterdata\Updater\bin\AlterdataAutoUpdate.exe [218656 2015-05-11] (Alterdata Software)
S4 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [185472 2012-10-15] (Atheros Commnucations) [Arquivo não assinado]
S2 ctsAgentsht.exe; C:\Program Files\Coerdiiedqamerly\ctsAgentsht.exe [738992 2016-07-14] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1138368 2016-06-22] (Disc Soft Ltd)
S4 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [593392 2015-06-25] (SEIKO EPSON CORPORATION)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-15] (SEIKO EPSON CORPORATION)
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 TDataSvr; C:\Program Files\TData\TData.exe [211144 2016-07-18] (Trend Corp.)
R2 WdMan; C:\ProgramData\zwinpz\WFini.exe [613608 2016-07-18] (WFini LIMITED)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-11-21] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [13716208 2016-06-30] (Zemana Ltd.)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-10-15] (Atheros) [Arquivo não assinado]
S2 1938b941; "C:\Windows\system32\rundll32.exe" "c:\Program Files\TerminusDefender\TerminusDefender.dll",serv
S2 gybelenu; C:\Users\Rafael\AppData\Roaming\42AF3700-1432427675-11E3-8B6F-DC941D433800\jnst5ED8.tmp [X]
S2 gyrovono; C:\Users\Rafael\AppData\Roaming\42AF3700-1432427675-11E3-8B6F-DC941D433800\nsvF95E.tmp [X]
S4 NetTcpHandler; C:\Users\Rafael\AppData\Roaming\NetService\netservice.exe -start [X]
S2 nohobymu; C:\Users\Rafael\AppData\Roaming\42AF3700-1432427675-11E3-8B6F-DC941D433800\hnso8435.tmp [X]
S4 Sed; C:\Users\Rafael\AppData\Roaming\ntsvc\ntsvc.exe [X]
S2 Update Edu App; "C:\Program Files\Edu App\updateEduApp.exe" [X]
S2 Util Edu App; "C:\Program Files\Edu App\bin\utilEduApp.exe" [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2012-04-10] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2012-04-10] (Advanced Micro Devices)
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35968 2012-10-15] (Atheros)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2239488 2012-04-19] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [299648 2012-10-15] (Atheros)
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [98432 2012-10-15] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25728 2012-10-15] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [148096 2012-10-15] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60544 2012-10-15] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [264704 2012-10-15] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [469632 2012-10-15] (Atheros)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-07-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-07-25] (Disc Soft Ltd)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [281968 2012-10-08] (ELAN Microelectronics Corp.)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-09-03] (GAS Tecnologia)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2015-06-06] (GAS Tecnologia)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [324152 2016-07-25] (Duplex Secure Ltd.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2016-07-24] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2016-07-24] (Zemana Ltd.)
R1 {6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}Gw; C:\Windows\System32\drivers\{6dd55e9a-3d06-4d70-b5e7-05fc3e0a3d66}Gw.sys [43144 2015-05-23] (StdLib)
S3 catchme; \??\C:\Users\Rafael\AppData\Local\Temp\catchme.sys [X]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
S1 ssfilterdrv; system32\drivers\ssfilterdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


Publicité


Signaler le contenu de ce document

Publicité