Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 11-08-2016 01
Executado por user (administrador) em USER-PC (10-08-2016 21:35:00)
Executando a partir de C:\Users\user\Downloads
Perfis Carregados: user (Perfis Disponíveis: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\CashReminder\CashReminder.exe
() C:\Program Files (x86)\GOSafer\gosafer.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Cinema Plus v6V24.07) C:\Program Files (x86)\Cinema Plus v6V24.07\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-6.exe
(HD-QualityV26.11) C:\Program Files (x86)\HD-Quality-1.1V26.11\3c24290d-6b93-433c-966a-e87d020627f4-6.exe
(Cinema Plus v6V24.07) C:\Program Files (x86)\Cinema Plus v6V24.07\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-1-6.exe
(iWebar) C:\Program Files (x86)\iWebar\561b80ca-7167-4b6d-b8ae-29402c165074-6.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
() C:\Users\user\AppData\Local\motiontooltipGUI\motiontooltipGUI.exe
() C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe
(Object Browser) C:\Program Files (x86)\Sense\d80d7ad2-db5e-41b7-9711-9fc3797f8994-6.exe
() C:\Program Files (x86)\PopApp\livesspkerberosapi.exe
(Object Browser) C:\Program Files (x86)\Object Browser\af492049-29a1-4865-a6df-4e4c989978b8-6.exe
(Object Browser) C:\Program Files (x86)\Object Browser\33783b6c-75d7-4cf6-878c-683e60b42d19.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Baidu Inc.) C:\Program Files (x86)\PC App Store\5.0.1.8202\PCAppStoreSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5967\bastray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Windows\Temp\dgen.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Baidu Inc.) C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Search Snacks) C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe
() C:\Program Files (x86)\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\SupraSavingsService64.exe
() C:\Windows\taskmgr.exe
() C:\ProgramData\Ikaesumtregi\1.0.7.1\slagrago.exe
() C:\Program Files (x86)\WeatherTool\2.0.0.11102\WeatherService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.0.11102\weather.exe
() C:\Windows\wauctla.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Time Lapse Solutions) C:\ProgramData\vHAPHWTBU\yNwDRTi.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Ikaesumtregi\1.0.7.1\slagrago.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
() C:\Users\user\AppData\Local\motiontooltipGUI\contextualkeyboardx64.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
() C:\Program Files (x86)\eDealsPop\eDealsPop.exe
() C:\Program Files (x86)\eDealPop\eDealPop.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Baidu Inc.) C:\Program Files (x86)\PC App Store\5.0.1.8202\AppStoreDeskTool.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
() C:\Windows\SysWOW64\addonopen_64\addonopen_64.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
() C:\Windows\SysWOW64\BIOSCommandFreeware\BIOSCommandFreeware.exe
() C:\Windows\SysWOW64\ClipboardLogScreenshot\ClipboardLogScreenshot.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\CommandFilePrivacy\CommandFilePrivacy.exe
() C:\Windows\SysWOW64\CompileNativePython\CompileNativePython.exe
() C:\Windows\SysWOW64\ContextualDesktopWord\ContextualDesktopWord.exe
() C:\Windows\SysWOW64\driverqcapSched\driverqcapSched.exe
() C:\Windows\SysWOW64\MemoryMotionTooltip\MemoryMotionTooltip.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe
(Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe
(Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe
(Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [856800 2015-08-21] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [eDealsPop] => C:\Program Files (x86)\eDealsPop\eDealsPop.exe [7168 2014-07-17] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe [3211776 2014-09-30] ()
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [6144 2014-12-03] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2015-08-01] (NCSOFT Corporation)
HKLM-x32\...\Run: [PCAppStore_AppStoreDeskTool] => C:\Program Files (x86)\PC App Store\5.0.1.8202\AppStoreDeskTool.exe [849952 2014-12-18] (Baidu Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-01] (Caixa Economica Federal)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-27] (Facebook Inc.)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe [3211776 2014-09-30] ()
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [UnicoBrowser] => C:\Users\user\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224 2015-08-10] (The Unico Browser Authors)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Desktop Profile] => C:\Users\user\AppData\Roaming\dwmpro.exe [0 2015-07-16] ()
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [CrashService] => C:\Users\user\AppData\Local\UnicoBrowser\Application\crash_service.exe [326792 2015-08-10] ()
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\RunOnce: [Run_dregol] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\user\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD)
AppInit_DLLs: C:\Users\user\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\user\AppData\Local\Smartbar\Application\Resources\crdlil64.dll [77856 2014-11-02] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1867432 2015-09-01] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BavShx64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\Windows\system32\pfmshx_463.dll [2010-07-07] (Pismo Technic Inc.)
ShellIconOverlayIdentifiers-x32: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\Windows\SysWOW64\pfmshx_463.dll [2010-07-07] (Pismo Technic Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Profiles.vbs [2015-04-25] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-09-01]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
GroupPolicy-x32: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [S-1-5-21-2173916324-498683215-1709381490-1000] => Proxy está habilitado.
ProxyServer: [S-1-5-21-2173916324-498683215-1709381490-1000] => http=127.0.0.1:12759
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 189.6.0.72 189.6.0.71
Tcpip\..\Interfaces\{05A6E0AD-DB88-4BBA-AFBE-956AA5829D3F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{05A6E0AD-DB88-4BBA-AFBE-956AA5829D3F}: [DhcpNameServer] 189.6.0.72 189.6.0.71
ManualProxies: 1http=127.0.0.1:12393
Internet Explorer:
==================
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms}
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.search.yahoo.com/?fr=hp-ddc-bd&type=pr-bir-t4__alt__ddc_dsssyc_bd_com
URLSearchHook: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 - (Sem Nome) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Nenhum Arquivo
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_02&type=y&p={searchTerms}
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1eeK7l24Ey_peMn2wnP0QyCO5K5XmXCpPyor6rlPDxrIa1JvrIYUzWWC5jI6aMxK30tX8m4mryokNQ2MYl8wyhInquN1J2NpNna2O9kecBEYYlO-rKL-8kdCsOc5CE62R8p64e8jSgyIHimM6Rrt6tn1VUUDe8XBR_FGhdnfGxKe19H7C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> OldSearch URL = hxxp://searchsimple-a.akamaihd.net/?affID=t4&q={searchTerms}&r=675
SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://br.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-t4__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330117&octid=EB_ORIGINAL_CTID&ISID=MB8017637-E121-4913-BE97-78A9EB12BAA0&SearchSource=58&CUI=&UM=6&UP=SPA9A90DB8-4DEC-44FA-B211-3B923C5354C2&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll [2014-10-03] (Object Browser)
BHO: Sense -> {11111111-1111-1111-1111-110611191115} -> C:\Program Files (x86)\Sense\Sense-bho64.dll [2014-10-03] (Object Browser)
BHO: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll [2014-10-03] (iWebar)
BHO: MuvicEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO: SearchSnacks -> {7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} -> C:\Program Files\SearchSnacks\IE\SearchSnacksClientIE.dll [2014-05-13] (Search Snacks)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll => Nenhum Arquivo
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2014-09-30] (Goobzo Ltd.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: 2rs3 -> {10AD2C61-0898-4348-8600-14A342F22AC3} -> C:\Program Files (x86)\SupraSavings\2rs3.dll [2014-03-21] ()
BHO-x32: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho.dll [2014-10-03] (Object Browser)
BHO-x32: Sense -> {11111111-1111-1111-1111-110611191115} -> C:\Program Files (x86)\Sense\Sense-bho.dll [2014-10-03] (Object Browser)
BHO-x32: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll [2014-10-03] (iWebar)
BHO-x32: MuvicEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: SupraSavings -> {68f4dacb-10fa-ca10-ad7d-91b574356f1d} -> C:\Program Files\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\sgnahzzzax.dll [2014-07-08] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: SearchSnacks -> {7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} -> C:\Program Files (x86)\SearchSnacks\IE\SearchSnacksClientIE.dll [2014-05-13] (Search Snacks)
BHO-x32: Sem Nome -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> Nenhum Arquivo
BHO-x32: Sem Nome -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> Nenhum Arquivo
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2014-09-30] (Goobzo Ltd.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-01] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
Toolbar: HKLM - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
Toolbar: HKLM-x32 - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
IE Session Restore: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> está habilitado.
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-24] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-24] (globalUpdate)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2014-02-06] (SaveSense)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2014-02-06] (SaveSense)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: gastecnologia.com.br/sf/bb -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2014-05-15] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: gastecnologia.com.br/sf/cef -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF Extension: iWebar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default\extensions\ROUAILDE73397174@UXGZI17268980.com [2016-04-04] [não assinado]
FF Extension: Sense - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default\extensions\warnerroberts@hotmail.com [2016-04-04] [não assinado]
FF Extension: Object Browser - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2016-04-04] [não assinado]
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (dregol New Tab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2015-11-19]
CHR Extension: (Skype) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-25]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Quick start) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2015-11-19]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2015-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-09]
CHR Extension: (Ask Toolbar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop [2015-11-19]
CHR Extension: (Sem Nome) - C:\Users\user\AppData\Local\Christmas\Component [2016-08-10]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx
CHR HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2014-06-11]
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files (x86)\Iminent\Iminent.crx"
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx
StartMenuInternet: Google Chrome.LNCXXAXTB2GAFCKMAZMAQKNOW4 - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Opera:
=======
OPR Extension: (Photo Share Social) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\hopccneiddkchcaojojncochkmamjkhn [2014-12-21]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 addonopen_64; C:\Windows\SysWOW64\addonopen_64\addonopen_64.exe [83456 2015-01-16] () [Arquivo não assinado]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [Arquivo não assinado] <==== ATENÇÃO
R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.)
R2 BIOSCommandFreeware; C:\Windows\SysWOW64\BIOSCommandFreeware\BIOSCommandFreeware.exe [68096 2014-11-26] () [Arquivo não assinado]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CashReminder; C:\Program Files (x86)\CashReminder\CashReminder.exe [443840 2015-08-10] ()
R2 ClipboardLogScreenshot; C:\Windows\SysWOW64\ClipboardLogScreenshot\ClipboardLogScreenshot.exe [68096 2014-11-26] () [Arquivo não assinado]
R2 CommandFilePrivacy; C:\Windows\SysWOW64\CommandFilePrivacy\CommandFilePrivacy.exe [68096 2014-11-26] () [Arquivo não assinado]
R2 CompileNativePython; C:\Windows\SysWOW64\CompileNativePython\CompileNativePython.exe [68096 2014-11-26] () [Arquivo não assinado]
R2 ContextualDesktopWord; C:\Windows\SysWOW64\ContextualDesktopWord\ContextualDesktopWord.exe [68096 2014-11-26] () [Arquivo não assinado]
R2 driverqcapSched; C:\Windows\SysWOW64\driverqcapSched\driverqcapSched.exe [83456 2015-01-16] () [Arquivo não assinado]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-13] (GAS Tecnologia)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-24] (globalUpdate) [Arquivo não assinado] <==== ATENÇÃO
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-24] (globalUpdate) [Arquivo não assinado] <==== ATENÇÃO
S4 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-05-22] () [Arquivo não assinado]
R2 GOSafer; C:\Program Files (x86)\GOSafer\GOSafer.exe [443952 2015-03-13] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [Arquivo não assinado]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Arquivo não assinado]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
S4 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34328 2014-08-27] () [Arquivo não assinado] <==== ATENÇÃO
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
R2 MemoryMotionTooltip; C:\Windows\SysWOW64\MemoryMotionTooltip\MemoryMotionTooltip.exe [60965 2014-09-01] () [Arquivo não assinado]
R2 motiontooltipGUI.exe; C:\Users\user\AppData\Local\motiontooltipGUI\motiontooltipGUI.exe [169472 2015-09-21] () [Arquivo não assinado]
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-20] (Electronic Arts)
R2 pappService; C:\Program Files (x86)\PopApp\livesspkerberosapi.exe [187904 2015-09-21] () [Arquivo não assinado]
R2 PCAppStoreSvc_{PCAppStore_5.0.1.8202}; C:\Program Files (x86)\PC App Store\5.0.1.8202\PCAppStoreSvc.exe [571424 2014-12-18] (Baidu Inc.)
S2 ProtectMonitor; C:\Program Files\PCDApp\StartHelp.exe [77705 2014-06-09] () [Arquivo não assinado] <==== ATENÇÃO
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7806848 2016-05-27] (Reimage®)
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-06] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-06] (SaveSense)
R2 SparkSvc; C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe [97080 2016-03-05] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1372472 2015-09-23] (Baidu.com, Inc.)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-09-30] (ShopperPro)
R2 sssvc; C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe [274016 2014-05-13] (Search Snacks)
R2 SupraSavingsService64; C:\Program Files (x86)\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\SupraSavingsService64.exe [172544 2014-06-25] () [Arquivo não assinado]
R2 Task Manager Pro; C:\Windows\taskmgr.exe [16896 2015-07-29] () [Arquivo não assinado]
R2 Task Manager Pro; C:\Windows\SysWOW64\taskmgr.exe [227328 2010-11-21] (Microsoft Corporation)
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.0.11102\WeatherService.exe [152008 2015-11-30] ()
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [856800 2015-08-21] (GAS Tecnologia LTDA)
R2 wauctla Service; C:\Windows\wauctla.exe [1044480 2015-02-26] () [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 yNwDRTi; C:\ProgramData\vHAPHWTBU\yNwDRTi.exe [2726256 2014-11-23] (Time Lapse Solutions)
S2 BIOSDashboardFreeware.exe; C:\Users\user\AppData\Local\BIOSDashboardFreeware\BIOSDashboardFreeware.exe [X]
S2 BIOSGammaRuby.exe; C:\Users\user\AppData\Local\BIOSGammaRuby\BIOSGammaRuby.exe [X]
S2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [X]
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 ContextualDockQuick.exe; C:\Users\user\AppData\Local\ContextualDockQuick\ContextualDockQuick.exe [X]
S2 filedimsjobRec.exe; C:\Users\user\AppData\Local\filedimsjobRec\filedimsjobRec.exe [X]
S2 KernelMetafileWYSIWYG.exe; C:\Users\user\AppData\Local\KernelMetafileWYSIWYG\KernelMetafileWYSIWYG.exe [X]
S2 LogOSRecycle.exe; C:\Users\user\AppData\Local\LogOSRecycle\LogOSRecycle.exe [X]
S2 mydocskerberosRecovery.exe; C:\Users\user\AppData\Local\mydocskerberosRecovery\mydocskerberosRecovery.exe [X]
S2 OfficeRootWindows.exe; C:\Users\user\AppData\Local\OfficeRootWindows\OfficeRootWindows.exe [X]
S2 perftrackclbcatqProvider.exe; C:\Users\user\AppData\Local\perftrackclbcatqProvider\perftrackclbcatqProvider.exe [X]
S2 servervo; C:\Users\user\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATENÇÃO
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 crfilterdrv; C:\Windows\System32\drivers\crfilterdrv.sys [57160 2015-08-10] (Windows (R) Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R1 gosaferdrv; C:\Windows\System32\drivers\gosaferdrv.sys [51504 2015-01-19] (Windows (R) Win 7 DDK provider)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-08] (NetFilterSDK.com)
R1 pfmfs_463; C:\Windows\System32\Drivers\pfmfs_463.sys [249704 2010-07-07] (Pismo Technic Inc.)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2014-08-25] (YTDownloader)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-09-30] ()
R2 SPDRIVER_1.37.0.1323; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.sys [52584 2014-09-30] ()
R1 ssnfd; C:\Windows\System32\drivers\ssnfd.sys [58248 2014-05-13] (Search Snacks)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-03] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-08-10] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
R1 {24d08b5c-a3b3-4969-8c35-c8cd9a120697}w64; C:\Windows\System32\drivers\{24d08b5c-a3b3-4969-8c35-c8cd9a120697}w64.sys [48832 2014-11-28] (StdLib)
R1 {8fb17db9-fb10-4812-ae47-50cdd8254169}w64; C:\Windows\System32\drivers\{8fb17db9-fb10-4812-ae47-50cdd8254169}w64.sys [48832 2014-11-29] (StdLib)
R1 {90f4e807-c1e3-4ef0-952b-5051185ec331}w64; C:\Windows\System32\drivers\{90f4e807-c1e3-4ef0-952b-5051185ec331}w64.sys [48832 2014-11-27] (StdLib)
R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64; C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64.sys [61120 2014-09-01] (StdLib)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 cpuz134; \??\C:\Users\user\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-10 21:35 - 2016-08-10 21:35 - 00039432 _____ C:\Users\user\Downloads\FRST.txt
2016-08-10 21:34 - 2016-08-10 21:35 - 00000000 ____D C:\FRST
2016-08-10 21:34 - 2016-08-10 21:34 - 02393600 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2016-08-07 23:35 - 2016-08-07 23:46 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-08-07 23:30 - 2016-08-07 23:30 - 03204592 _____ (Blizzard Entertainment) C:\Users\user\Downloads\Hearthstone-Setup (2).exe
2016-07-31 02:11 - 2016-07-31 02:11 - 00276888 _____ C:\Windows\Minidump\073116-20404-01.dmp
2016-07-20 13:29 - 2016-07-20 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-07-20 13:29 - 2016-07-20 13:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-07-19 07:39 - 2016-07-20 13:42 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\LogMeIn Hamachi
2016-07-19 07:39 - 2016-07-20 13:42 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-07-19 07:39 - 2016-07-20 13:42 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-07-15 02:04 - 2016-07-15 02:04 - 00000000 ____D C:\Users\user\PkHonor
2016-07-15 02:03 - 2016-07-15 02:03 - 00001937 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PkHonor.lnk
2016-07-15 02:03 - 2016-07-15 02:03 - 00001913 _____ C:\Users\Public\Desktop\PkHonor.lnk
2016-07-15 02:03 - 2016-07-15 02:03 - 00000000 ____D C:\Users\user\Documents\My Games
2016-07-15 02:03 - 2016-07-15 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PkHonor
2016-07-15 02:02 - 2016-07-15 02:02 - 02853426 _____ (PkHonor) C:\Users\user\Downloads\PkHonor_Installer.exe
2016-07-15 00:22 - 2016-07-15 00:22 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-10 21:33 - 2014-06-13 10:58 - 00000000 ____D C:\Program Files\suprasavings
2016-08-10 21:25 - 2014-10-03 15:20 - 00004124 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-3.job
2016-08-10 21:25 - 2014-09-01 19:14 - 00000276 _____ C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00004478 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-4.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00003436 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-1.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002758 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-5_user.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002756 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-5_user.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002756 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-5.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002430 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-5_user.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002430 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-5.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002094 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-2.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00001350 _____ C:\Windows\Tasks\33783b6c-75d7-4cf6-878c-683e60b42d19.job
2016-08-10 21:23 - 2014-10-03 15:22 - 00002758 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-5.job
2016-08-10 21:23 - 2014-10-03 15:22 - 00002412 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-2.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00004462 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-4.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00004460 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-4.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00004142 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-6.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00003798 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-7.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00003748 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-1.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00003744 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-1.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00002414 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-2.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00000552 _____ C:\Windows\Tasks\f41a877f-30c9-408f-813d-d6ae8f105ca0.job
2016-08-10 21:22 - 2014-10-03 15:21 - 00004460 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-6.job
2016-08-10 21:22 - 2014-06-03 21:21 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-10 21:21 - 2014-10-03 15:21 - 00005168 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-11.job
2016-08-10 21:21 - 2014-10-03 15:21 - 00004462 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-6.job
2016-08-10 21:21 - 2014-10-03 15:21 - 00004126 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-7.job
2016-08-10 21:21 - 2014-10-03 15:21 - 00004124 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-7.job
2016-08-10 21:21 - 2014-10-03 15:21 - 00003454 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-3.job
2016-08-10 21:20 - 2015-06-11 11:19 - 00000616 _____ C:\Windows\Tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job
2016-08-10 21:20 - 2014-10-03 15:20 - 00005488 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-11.job
2016-08-10 21:20 - 2014-10-03 15:20 - 00005486 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-11.job
2016-08-10 21:13 - 2014-09-01 19:14 - 00000270 _____ C:\Windows\Tasks\SpeedUpMyPC Startup.job
2016-08-10 21:04 - 2015-07-24 18:04 - 00005520 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-6.job
2016-08-10 21:04 - 2015-07-24 18:04 - 00003140 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-1-6.job
2016-08-10 21:04 - 2015-04-12 00:04 - 00001318 _____ C:\Windows\Tasks\ext_coupons_notification_service.job
2016-08-10 21:04 - 2015-04-04 19:02 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2016-08-10 21:03 - 2013-09-24 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-08-10 21:02 - 2015-04-05 00:02 - 00001306 _____ C:\Windows\Tasks\web_disco_notification_service.job
2016-08-10 21:02 - 2015-04-04 18:02 - 00001288 _____ C:\Windows\Tasks\help4u_notification_service.job
2016-08-10 21:01 - 2014-11-04 22:01 - 00000288 _____ C:\Windows\Tasks\Groovorio.job
2016-08-10 21:00 - 2014-02-06 22:55 - 00000928 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2016-08-10 20:59 - 2014-11-26 16:59 - 00005514 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-6.job
2016-08-10 20:57 - 2013-09-24 11:19 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000UA.job
2016-08-10 20:55 - 2013-11-29 08:46 - 00000288 _____ C:\Windows\Tasks\UpdaterEX.job
2016-08-10 20:51 - 2016-02-22 14:04 - 00001968 _____ C:\Users\user\Desktop\Facebook.lnk
2016-08-10 20:51 - 2016-02-21 18:05 - 00001968 _____ C:\Users\user\Desktop\Youtube.lnk
2016-08-10 20:51 - 2016-02-21 18:04 - 00001968 _____ C:\Users\user\Desktop\Wikipedia.lnk
2016-08-10 20:51 - 2016-02-21 18:04 - 00001968 _____ C:\Users\user\Desktop\Hotmail.lnk
2016-08-10 20:51 - 2015-07-18 00:56 - 00002137 _____ C:\Users\user\Desktop\Google Chrome.lnk
2016-08-10 20:51 - 2015-04-12 11:44 - 00001968 _____ C:\Users\user\Desktop\Amazon.lnk
2016-08-10 20:50 - 2015-04-08 20:50 - 00001336 _____ C:\Windows\Tasks\shopping_blast_notification_service.job
2016-08-10 20:50 - 2015-04-08 20:50 - 00000698 _____ C:\Windows\Tasks\shopping_blast_updating_service.job
2016-08-10 20:42 - 2015-05-20 18:49 - 00003444 _____ C:\Windows\System32\Tasks\Ikaesumtregi
2016-08-10 20:42 - 2015-04-12 11:42 - 00000288 _____ C:\Windows\Tasks\Run_dregol.job
2016-08-10 20:41 - 2014-01-14 00:16 - 00000000 ____D C:\Users\user\AppData\Local\LogMeIn Hamachi
2016-08-10 20:39 - 2014-06-11 10:00 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-08-10 20:37 - 2015-11-01 11:37 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-08-10 20:37 - 2015-07-24 18:05 - 00002448 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-5.job
2016-08-10 20:37 - 2015-07-24 18:04 - 00005520 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-7.job
2016-08-10 20:37 - 2015-07-24 18:04 - 00003476 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-1-7.job
2016-08-10 20:37 - 2015-07-24 18:03 - 00005186 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-11.job
2016-08-10 20:37 - 2015-06-15 15:30 - 00000428 _____ C:\Windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job
2016-08-10 20:37 - 2015-06-11 11:19 - 00000000 ____D C:\Users\Todos os Usuários\ToolsUpdatePlatform
2016-08-10 20:37 - 2015-06-11 11:19 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform
2016-08-10 20:37 - 2015-04-12 00:04 - 00000680 _____ C:\Windows\Tasks\ext_coupons_updating_service.job
2016-08-10 20:37 - 2015-04-05 00:02 - 00000668 _____ C:\Windows\Tasks\web_disco_updating_service.job
2016-08-10 20:37 - 2015-04-04 18:02 - 00000650 _____ C:\Windows\Tasks\help4u_updating_service.job
2016-08-10 20:37 - 2014-11-26 17:00 - 00002442 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-5_user.job
2016-08-10 20:37 - 2014-11-26 17:00 - 00002442 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-5.job
2016-08-10 20:37 - 2014-11-26 16:59 - 00005178 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-7.job
2016-08-10 20:37 - 2014-11-26 16:59 - 00000642 _____ C:\Windows\Tasks\30a6c0dd-c016-4f3b-b1d9-68248a552061.job
2016-08-10 20:37 - 2014-11-26 16:57 - 00005180 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-11.job
2016-08-10 20:37 - 2014-11-26 16:57 - 00004490 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-3.job
2016-08-10 20:37 - 2014-10-03 15:20 - 00000986 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2016-08-10 20:37 - 2014-06-13 10:57 - 00000000 ____D C:\Program Files\PCDApp
2016-08-10 20:37 - 2014-02-06 22:55 - 00000924 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2016-08-10 20:36 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-10 20:35 - 2009-07-14 01:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-10 20:35 - 2009-07-14 01:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-10 19:57 - 2016-05-15 13:44 - 00001022 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000Core.job
2016-08-10 19:46 - 2015-05-06 19:33 - 00000000 ____D C:\Users\user\AppData\Roaming\WeatherTool
2016-08-10 18:57 - 2013-10-27 17:52 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000UA.job
2016-08-10 18:57 - 2013-10-27 17:52 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000Core.job
2016-08-10 18:08 - 2014-11-26 16:57 - 00000990 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2016-08-10 17:20 - 2013-10-05 01:37 - 00000024 _____ C:\Users\user\random.dat
2016-08-10 17:01 - 2014-06-29 11:58 - 00000024 _____ C:\Users\user\jagexappletviewer.preferences
2016-08-10 16:08 - 2014-06-29 10:41 - 00000043 _____ C:\Users\user\jagex_cl_runescape_LIVE.dat
2016-08-10 16:06 - 2013-09-24 11:19 - 00002184 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 23:42 - 2016-02-13 22:11 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2016-08-07 23:42 - 2016-02-13 22:05 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-07 23:32 - 2016-02-13 21:58 - 00000000 ____D C:\Users\Todos os Usuários\Battle.net
2016-08-07 23:32 - 2016-02-13 21:58 - 00000000 ____D C:\ProgramData\Battle.net
2016-08-05 21:19 - 2014-07-02 21:42 - 00000044 _____ C:\Users\user\jagex_cl_runescape_LIVE1.dat
2016-08-05 13:03 - 2014-11-26 16:58 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417031906
2016-08-05 13:03 - 2014-11-26 16:56 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-31 02:11 - 2016-01-16 17:31 - 516168505 _____ C:\Windows\MEMORY.DMP
2016-07-31 02:11 - 2014-12-17 14:20 - 00000000 ____D C:\Windows\Minidump
2016-07-30 17:49 - 2013-11-22 19:01 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-07-28 19:52 - 2016-05-15 13:44 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000Core
2016-07-28 19:52 - 2013-09-24 11:19 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000UA
2016-07-20 12:08 - 2014-01-27 17:25 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-07-19 22:59 - 2013-09-24 11:03 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-07-19 22:59 - 2013-09-24 11:03 - 00000000 ____D C:\ProgramData\Skype
2016-07-15 00:22 - 2014-06-03 21:21 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 00:22 - 2013-09-24 11:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 00:22 - 2013-09-24 11:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 17:22 - 2013-09-24 11:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 17:22 - 2013-09-24 11:26 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 17:08 - 2013-09-24 11:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-07-11 23:53 - 2014-12-24 13:14 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== Arquivos na raiz de alguns diretórios =======
2015-04-25 17:31 - 2015-07-16 04:35 - 0000000 _____ () C:\Users\user\AppData\Roaming\dwmpro.exe
2016-06-09 16:12 - 2016-06-09 16:12 - 26671784 _____ () C:\Users\user\AppData\Roaming\gameboxsetup.exe
2015-04-25 17:32 - 2015-07-16 01:50 - 0264653 _____ () C:\Users\user\AppData\Roaming\ndantif
2014-06-11 09:59 - 2014-06-11 10:06 - 0016349 _____ () C:\Users\user\AppData\Roaming\unins000.dat
2014-06-11 09:59 - 2014-06-11 10:05 - 0815314 _____ () C:\Users\user\AppData\Roaming\unins000.exe
2015-11-01 11:36 - 2015-11-01 11:36 - 0016505 _____ () C:\Users\user\AppData\Roaming\unins001.dat
2015-11-01 11:36 - 2015-11-01 11:36 - 0730322 _____ () C:\Users\user\AppData\Roaming\unins001.exe
2013-12-18 23:46 - 2014-12-09 23:01 - 0000241 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2014-12-01 21:12 - 2014-12-01 21:12 - 0000001 _____ () C:\Users\user\AppData\Local\DSI.DAT
2014-12-01 21:11 - 2014-12-01 21:11 - 0022528 _____ () C:\Users\user\AppData\Local\dsisetup2006840852.exe
2016-03-29 00:05 - 2016-03-29 00:06 - 0000000 _____ () C:\Users\user\AppData\Local\{086FE175-BC41-4208-B7FC-747FD2D61217}
2015-09-08 05:01 - 2015-09-08 05:02 - 0000000 _____ () C:\Users\user\AppData\Local\{11CE448D-5498-49F0-918E-68D64CC61684}
2014-12-09 00:19 - 2014-12-09 00:20 - 0000000 _____ () C:\Users\user\AppData\Local\{399E252E-9AD6-4F42-B254-2C20B47463D0}
2015-02-11 23:35 - 2015-02-11 23:35 - 0000000 _____ () C:\Users\user\AppData\Local\{6F82113B-9A2F-4EE2-B9FA-01A23A6FAAAC}
2014-11-17 09:43 - 2014-11-17 09:43 - 0000000 _____ () C:\Users\user\AppData\Local\{B25B63CC-2D7A-4012-A313-7E9F5CD1A245}
2015-02-01 23:35 - 2015-02-01 23:35 - 0000000 _____ () C:\Users\user\AppData\Local\{BF0475CE-C850-4522-BB8D-D3166D10B9AD}
2014-07-08 00:12 - 2014-07-08 00:12 - 0000000 _____ () C:\Users\user\AppData\Local\{E1B44337-5C49-4F98-B1ED-EB262D5CB175}
2015-03-10 21:26 - 2015-03-10 21:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-24 17:51 - 2015-03-06 17:29 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2015-09-23 12:01 - 2015-09-23 12:01 - 0000020 _____ () C:\ProgramData\nbc.ini
2015-06-14 15:25 - 2015-05-14 18:06 - 1029096 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\Duplicaterecord.js
C:\ProgramData\FileSplitUpLoad.dll
C:\ProgramData\WeatherMini.exe
C:\Users\Todos os Usuários\Duplicaterecord.js
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\WeatherMini.exe
C:\Users\user\alotic_preferences.dat
C:\Users\user\alotic_preferences2.dat
C:\Users\user\exoria_cl_exoria_LIVE.dat
C:\Users\user\feather_cl_DedicationX_Core.dat
C:\Users\user\feather_cl_Reprisal_Core.dat
C:\Users\user\keystore.dat
C:\Users\user\matrix_cl_Goodpk_LIVE.dat
C:\Users\user\matrix_cl_Goodpk_LIVE1.dat
C:\Users\user\matrix_cl_matrix_LIVE.dat
C:\Users\user\revx_cl_matrix_LIVE.dat
C:\Users\user\rn_cl_anarchy_LIVE.dat
C:\Users\user\systemid.dat
C:\Users\user\uid.dat
Alguns arquivos em TEMP:
====================
C:\Users\user\AppData\Local\Temp\10015.exe
C:\Users\user\AppData\Local\Temp\10464.exe
C:\Users\user\AppData\Local\Temp\1060.exe
C:\Users\user\AppData\Local\Temp\10634.exe
C:\Users\user\AppData\Local\Temp\10694.exe
C:\Users\user\AppData\Local\Temp\1078.exe
C:\Users\user\AppData\Local\Temp\10815.exe
C:\Users\user\AppData\Local\Temp\10874.exe
C:\Users\user\AppData\Local\Temp\11056.exe
C:\Users\user\AppData\Local\Temp\11172.exe
C:\Users\user\AppData\Local\Temp\11247.exe
C:\Users\user\AppData\Local\Temp\11252.exe
C:\Users\user\AppData\Local\Temp\11611.exe
C:\Users\user\AppData\Local\Temp\11613.exe
C:\Users\user\AppData\Local\Temp\11628.exe
C:\Users\user\AppData\Local\Temp\11773.exe
C:\Users\user\AppData\Local\Temp\12015.exe
C:\Users\user\AppData\Local\Temp\12491.exe
C:\Users\user\AppData\Local\Temp\12619.exe
C:\Users\user\AppData\Local\Temp\12918.exe
C:\Users\user\AppData\Local\Temp\12931.exe
C:\Users\user\AppData\Local\Temp\13352.exe
C:\Users\user\AppData\Local\Temp\13463.exe
C:\Users\user\AppData\Local\Temp\1350.exe
C:\Users\user\AppData\Local\Temp\14052.exe
C:\Users\user\AppData\Local\Temp\14056.exe
C:\Users\user\AppData\Local\Temp\14118.exe
C:\Users\user\AppData\Local\Temp\14281.exe
C:\Users\user\AppData\Local\Temp\1434306630.exe
C:\Users\user\AppData\Local\Temp\14834.exe
C:\Users\user\AppData\Local\Temp\1497.exe
C:\Users\user\AppData\Local\Temp\15010.exe
C:\Users\user\AppData\Local\Temp\15048.exe
C:\Users\user\AppData\Local\Temp\15168.exe
C:\Users\user\AppData\Local\Temp\15176.exe
C:\Users\user\AppData\Local\Temp\15233.exe
C:\Users\user\AppData\Local\Temp\15258.exe
C:\Users\user\AppData\Local\Temp\15365.exe
C:\Users\user\AppData\Local\Temp\15393.exe
C:\Users\user\AppData\Local\Temp\15524.exe
C:\Users\user\AppData\Local\Temp\1622.exe
C:\Users\user\AppData\Local\Temp\16290.exe
C:\Users\user\AppData\Local\Temp\16398.exe
C:\Users\user\AppData\Local\Temp\16556.exe
C:\Users\user\AppData\Local\Temp\1684.exe
C:\Users\user\AppData\Local\Temp\16987.exe
C:\Users\user\AppData\Local\Temp\17165.exe
C:\Users\user\AppData\Local\Temp\17237.exe
C:\Users\user\AppData\Local\Temp\17245.exe
C:\Users\user\AppData\Local\Temp\17712.exe
C:\Users\user\AppData\Local\Temp\17775.exe
C:\Users\user\AppData\Local\Temp\17779.exe
C:\Users\user\AppData\Local\Temp\17964.exe
C:\Users\user\AppData\Local\Temp\18113.exe
C:\Users\user\AppData\Local\Temp\18225.exe
C:\Users\user\AppData\Local\Temp\18346.exe
C:\Users\user\AppData\Local\Temp\18458.exe
C:\Users\user\AppData\Local\Temp\18876669-1650-4c82-9fe8-ec467308849d.exe
C:\Users\user\AppData\Local\Temp\1904.exe
C:\Users\user\AppData\Local\Temp\19374.exe
C:\Users\user\AppData\Local\Temp\19433.exe
C:\Users\user\AppData\Local\Temp\19628.exe
C:\Users\user\AppData\Local\Temp\20191.exe
C:\Users\user\AppData\Local\Temp\20285.exe
C:\Users\user\AppData\Local\Temp\21361.exe
C:\Users\user\AppData\Local\Temp\21417.exe
C:\Users\user\AppData\Local\Temp\21684.exe
C:\Users\user\AppData\Local\Temp\21725.exe
C:\Users\user\AppData\Local\Temp\21781.exe
C:\Users\user\AppData\Local\Temp\21813.exe
C:\Users\user\AppData\Local\Temp\21898.exe
C:\Users\user\AppData\Local\Temp\21971.exe
C:\Users\user\AppData\Local\Temp\22325.exe
C:\Users\user\AppData\Local\Temp\22522.exe
C:\Users\user\AppData\Local\Temp\22850.exe
C:\Users\user\AppData\Local\Temp\2290.exe
C:\Users\user\AppData\Local\Temp\22994.exe
C:\Users\user\AppData\Local\Temp\2309.exe
C:\Users\user\AppData\Local\Temp\23266.exe
C:\Users\user\AppData\Local\Temp\23635.exe
C:\Users\user\AppData\Local\Temp\24120.exe
C:\Users\user\AppData\Local\Temp\24285.exe
C:\Users\user\AppData\Local\Temp\24308.exe
C:\Users\user\AppData\Local\Temp\24384.exe
C:\Users\user\AppData\Local\Temp\24661.exe
C:\Users\user\AppData\Local\Temp\24783.exe
C:\Users\user\AppData\Local\Temp\24807.exe
C:\Users\user\AppData\Local\Temp\25043.exe
C:\Users\user\AppData\Local\Temp\25096.exe
C:\Users\user\AppData\Local\Temp\25221.exe
C:\Users\user\AppData\Local\Temp\25244.exe
C:\Users\user\AppData\Local\Temp\25914.exe
C:\Users\user\AppData\Local\Temp\26099.exe
C:\Users\user\AppData\Local\Temp\26141.exe
C:\Users\user\AppData\Local\Temp\26637.exe
C:\Users\user\AppData\Local\Temp\27297.exe
C:\Users\user\AppData\Local\Temp\27611.exe
C:\Users\user\AppData\Local\Temp\27857.exe
C:\Users\user\AppData\Local\Temp\27988.exe
C:\Users\user\AppData\Local\Temp\28031.exe
C:\Users\user\AppData\Local\Temp\28476.exe
C:\Users\user\AppData\Local\Temp\28498.exe
C:\Users\user\AppData\Local\Temp\28518.exe
C:\Users\user\AppData\Local\Temp\28966.exe
C:\Users\user\AppData\Local\Temp\29020.exe
C:\Users\user\AppData\Local\Temp\2903.exe
C:\Users\user\AppData\Local\Temp\29853.exe
C:\Users\user\AppData\Local\Temp\30772.exe
C:\Users\user\AppData\Local\Temp\30926.exe
C:\Users\user\AppData\Local\Temp\30998.exe
C:\Users\user\AppData\Local\Temp\31129.exe
C:\Users\user\AppData\Local\Temp\31384.exe
C:\Users\user\AppData\Local\Temp\31435.exe
C:\Users\user\AppData\Local\Temp\31599.exe
C:\Users\user\AppData\Local\Temp\32036.exe
C:\Users\user\AppData\Local\Temp\32041.exe
C:\Users\user\AppData\Local\Temp\32232.exe
C:\Users\user\AppData\Local\Temp\32247.exe
C:\Users\user\AppData\Local\Temp\32335.exe
C:\Users\user\AppData\Local\Temp\32389.exe
C:\Users\user\AppData\Local\Temp\32468.exe
C:\Users\user\AppData\Local\Temp\32495.exe
C:\Users\user\AppData\Local\Temp\3611.exe
C:\Users\user\AppData\Local\Temp\3965.exe
C:\Users\user\AppData\Local\Temp\4017.exe
C:\Users\user\AppData\Local\Temp\4353.exe
C:\Users\user\AppData\Local\Temp\4436.exe
C:\Users\user\AppData\Local\Temp\5079.exe
C:\Users\user\AppData\Local\Temp\556.exe
C:\Users\user\AppData\Local\Temp\5600.exe
C:\Users\user\AppData\Local\Temp\5772.exe
C:\Users\user\AppData\Local\Temp\5782.exe
C:\Users\user\AppData\Local\Temp\5888.exe
C:\Users\user\AppData\Local\Temp\6012.exe
C:\Users\user\AppData\Local\Temp\6165.exe
C:\Users\user\AppData\Local\Temp\6172.exe
C:\Users\user\AppData\Local\Temp\6310.exe
C:\Users\user\AppData\Local\Temp\6407.exe
C:\Users\user\AppData\Local\Temp\6772.exe
C:\Users\user\AppData\Local\Temp\6df64429-f63e-4780-a7d7-193abf41ec21.exe
C:\Users\user\AppData\Local\Temp\7128.exe
C:\Users\user\AppData\Local\Temp\7201.exe
C:\Users\user\AppData\Local\Temp\7479.exe
C:\Users\user\AppData\Local\Temp\7899.exe
C:\Users\user\AppData\Local\Temp\8061.exe
C:\Users\user\AppData\Local\Temp\8098.exe
C:\Users\user\AppData\Local\Temp\8123.exe
C:\Users\user\AppData\Local\Temp\8183.exe
C:\Users\user\AppData\Local\Temp\8855.exe
C:\Users\user\AppData\Local\Temp\8949.exe
C:\Users\user\AppData\Local\Temp\9014.exe
C:\Users\user\AppData\Local\Temp\9495.exe
C:\Users\user\AppData\Local\Temp\9542.exe
C:\Users\user\AppData\Local\Temp\9683.exe
C:\Users\user\AppData\Local\Temp\998.exe
C:\Users\user\AppData\Local\Temp\BitLordSetup.exe
C:\Users\user\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\user\AppData\Local\Temp\dsrsetup.exe
C:\Users\user\AppData\Local\Temp\ICReinstall_BitLordSetup.exe
C:\Users\user\AppData\Local\Temp\InstallHelper.exe
C:\Users\user\AppData\Local\Temp\proxy_vole3007057139579070223.dll
C:\Users\user\AppData\Local\Temp\proxy_vole4743929058331013762.dll
C:\Users\user\AppData\Local\Temp\proxy_vole4958976090729501861.dll
C:\Users\user\AppData\Local\Temp\proxy_vole5727372274035650330.dll
C:\Users\user\AppData\Local\Temp\proxy_vole8290826407297282896.dll
C:\Users\user\AppData\Local\Temp\ReimagePackage.exe
C:\Users\user\AppData\Local\Temp\res.dll
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\spark_install.exe
C:\Users\user\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\user\AppData\Local\Temp\ToggleMarkUntemp.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-07-30 17:42
==================== Fim de FRST.txt ============================
Executado por user (administrador) em USER-PC (10-08-2016 21:35:00)
Executando a partir de C:\Users\user\Downloads
Perfis Carregados: user (Perfis Disponíveis: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\CashReminder\CashReminder.exe
() C:\Program Files (x86)\GOSafer\gosafer.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Cinema Plus v6V24.07) C:\Program Files (x86)\Cinema Plus v6V24.07\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-6.exe
(HD-QualityV26.11) C:\Program Files (x86)\HD-Quality-1.1V26.11\3c24290d-6b93-433c-966a-e87d020627f4-6.exe
(Cinema Plus v6V24.07) C:\Program Files (x86)\Cinema Plus v6V24.07\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-1-6.exe
(iWebar) C:\Program Files (x86)\iWebar\561b80ca-7167-4b6d-b8ae-29402c165074-6.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
() C:\Users\user\AppData\Local\motiontooltipGUI\motiontooltipGUI.exe
() C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe
(Object Browser) C:\Program Files (x86)\Sense\d80d7ad2-db5e-41b7-9711-9fc3797f8994-6.exe
() C:\Program Files (x86)\PopApp\livesspkerberosapi.exe
(Object Browser) C:\Program Files (x86)\Object Browser\af492049-29a1-4865-a6df-4e4c989978b8-6.exe
(Object Browser) C:\Program Files (x86)\Object Browser\33783b6c-75d7-4cf6-878c-683e60b42d19.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Baidu Inc.) C:\Program Files (x86)\PC App Store\5.0.1.8202\PCAppStoreSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5967\bastray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Windows\Temp\dgen.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Baidu Inc.) C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Search Snacks) C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe
() C:\Program Files (x86)\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\SupraSavingsService64.exe
() C:\Windows\taskmgr.exe
() C:\ProgramData\Ikaesumtregi\1.0.7.1\slagrago.exe
() C:\Program Files (x86)\WeatherTool\2.0.0.11102\WeatherService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.0.11102\weather.exe
() C:\Windows\wauctla.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Time Lapse Solutions) C:\ProgramData\vHAPHWTBU\yNwDRTi.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Ikaesumtregi\1.0.7.1\slagrago.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
() C:\Users\user\AppData\Local\motiontooltipGUI\contextualkeyboardx64.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
() C:\Program Files (x86)\eDealsPop\eDealsPop.exe
() C:\Program Files (x86)\eDealPop\eDealPop.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Baidu Inc.) C:\Program Files (x86)\PC App Store\5.0.1.8202\AppStoreDeskTool.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
() C:\Windows\SysWOW64\addonopen_64\addonopen_64.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
() C:\Windows\SysWOW64\BIOSCommandFreeware\BIOSCommandFreeware.exe
() C:\Windows\SysWOW64\ClipboardLogScreenshot\ClipboardLogScreenshot.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\CommandFilePrivacy\CommandFilePrivacy.exe
() C:\Windows\SysWOW64\CompileNativePython\CompileNativePython.exe
() C:\Windows\SysWOW64\ContextualDesktopWord\ContextualDesktopWord.exe
() C:\Windows\SysWOW64\driverqcapSched\driverqcapSched.exe
() C:\Windows\SysWOW64\MemoryMotionTooltip\MemoryMotionTooltip.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe
(Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe
(Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe
(Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [856800 2015-08-21] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [eDealsPop] => C:\Program Files (x86)\eDealsPop\eDealsPop.exe [7168 2014-07-17] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe [3211776 2014-09-30] ()
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [6144 2014-12-03] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2015-08-01] (NCSOFT Corporation)
HKLM-x32\...\Run: [PCAppStore_AppStoreDeskTool] => C:\Program Files (x86)\PC App Store\5.0.1.8202\AppStoreDeskTool.exe [849952 2014-12-18] (Baidu Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-01] (Caixa Economica Federal)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-27] (Facebook Inc.)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe [3211776 2014-09-30] ()
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [UnicoBrowser] => C:\Users\user\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224 2015-08-10] (The Unico Browser Authors)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Desktop Profile] => C:\Users\user\AppData\Roaming\dwmpro.exe [0 2015-07-16] ()
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [CrashService] => C:\Users\user\AppData\Local\UnicoBrowser\Application\crash_service.exe [326792 2015-08-10] ()
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\RunOnce: [Run_dregol] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\user\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD)
AppInit_DLLs: C:\Users\user\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\user\AppData\Local\Smartbar\Application\Resources\crdlil64.dll [77856 2014-11-02] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD)
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1867432 2015-09-01] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BavShx64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\Windows\system32\pfmshx_463.dll [2010-07-07] (Pismo Technic Inc.)
ShellIconOverlayIdentifiers-x32: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\Windows\SysWOW64\pfmshx_463.dll [2010-07-07] (Pismo Technic Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Profiles.vbs [2015-04-25] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-09-01]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
GroupPolicy-x32: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [S-1-5-21-2173916324-498683215-1709381490-1000] => Proxy está habilitado.
ProxyServer: [S-1-5-21-2173916324-498683215-1709381490-1000] => http=127.0.0.1:12759
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 189.6.0.72 189.6.0.71
Tcpip\..\Interfaces\{05A6E0AD-DB88-4BBA-AFBE-956AA5829D3F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{05A6E0AD-DB88-4BBA-AFBE-956AA5829D3F}: [DhcpNameServer] 189.6.0.72 189.6.0.71
ManualProxies: 1http=127.0.0.1:12393
Internet Explorer:
==================
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms}
HKU\S-1-5-21-2173916324-498683215-1709381490-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.search.yahoo.com/?fr=hp-ddc-bd&type=pr-bir-t4__alt__ddc_dsssyc_bd_com
URLSearchHook: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 - (Sem Nome) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Nenhum Arquivo
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_02&type=y&p={searchTerms}
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1eeK7l24Ey_peMn2wnP0QyCO5K5XmXCpPyor6rlPDxrIa1JvrIYUzWWC5jI6aMxK30tX8m4mryokNQ2MYl8wyhInquN1J2NpNna2O9kecBEYYlO-rKL-8kdCsOc5CE62R8p64e8jSgyIHimM6Rrt6tn1VUUDe8XBR_FGhdnfGxKe19H7C&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> OldSearch URL = hxxp://searchsimple-a.akamaihd.net/?affID=t4&q={searchTerms}&r=675
SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://br.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-t4__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330117&octid=EB_ORIGINAL_CTID&ISID=MB8017637-E121-4913-BE97-78A9EB12BAA0&SearchSource=58&CUI=&UM=6&UP=SPA9A90DB8-4DEC-44FA-B211-3B923C5354C2&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll [2014-10-03] (Object Browser)
BHO: Sense -> {11111111-1111-1111-1111-110611191115} -> C:\Program Files (x86)\Sense\Sense-bho64.dll [2014-10-03] (Object Browser)
BHO: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll [2014-10-03] (iWebar)
BHO: MuvicEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO: SearchSnacks -> {7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} -> C:\Program Files\SearchSnacks\IE\SearchSnacksClientIE.dll [2014-05-13] (Search Snacks)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll => Nenhum Arquivo
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2014-09-30] (Goobzo Ltd.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: 2rs3 -> {10AD2C61-0898-4348-8600-14A342F22AC3} -> C:\Program Files (x86)\SupraSavings\2rs3.dll [2014-03-21] ()
BHO-x32: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho.dll [2014-10-03] (Object Browser)
BHO-x32: Sense -> {11111111-1111-1111-1111-110611191115} -> C:\Program Files (x86)\Sense\Sense-bho.dll [2014-10-03] (Object Browser)
BHO-x32: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll [2014-10-03] (iWebar)
BHO-x32: MuvicEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: SupraSavings -> {68f4dacb-10fa-ca10-ad7d-91b574356f1d} -> C:\Program Files\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\sgnahzzzax.dll [2014-07-08] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: SearchSnacks -> {7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} -> C:\Program Files (x86)\SearchSnacks\IE\SearchSnacksClientIE.dll [2014-05-13] (Search Snacks)
BHO-x32: Sem Nome -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> Nenhum Arquivo
BHO-x32: Sem Nome -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> Nenhum Arquivo
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2014-09-30] (Goobzo Ltd.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-01] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
Toolbar: HKLM - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
Toolbar: HKLM-x32 - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
IE Session Restore: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> está habilitado.
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-24] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-24] (globalUpdate)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2014-02-06] (SaveSense)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2014-02-06] (SaveSense)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: gastecnologia.com.br/sf/bb -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2014-05-15] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: gastecnologia.com.br/sf/cef -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF Extension: iWebar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default\extensions\ROUAILDE73397174@UXGZI17268980.com [2016-04-04] [não assinado]
FF Extension: Sense - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default\extensions\warnerroberts@hotmail.com [2016-04-04] [não assinado]
FF Extension: Object Browser - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2016-04-04] [não assinado]
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (dregol New Tab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2015-11-19]
CHR Extension: (Skype) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-25]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Quick start) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2015-11-19]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2015-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-09]
CHR Extension: (Ask Toolbar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop [2015-11-19]
CHR Extension: (Sem Nome) - C:\Users\user\AppData\Local\Christmas\Component [2016-08-10]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx
CHR HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2014-06-11]
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files (x86)\Iminent\Iminent.crx"
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx
StartMenuInternet: Google Chrome.LNCXXAXTB2GAFCKMAZMAQKNOW4 - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Opera:
=======
OPR Extension: (Photo Share Social) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\hopccneiddkchcaojojncochkmamjkhn [2014-12-21]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 addonopen_64; C:\Windows\SysWOW64\addonopen_64\addonopen_64.exe [83456 2015-01-16] () [Arquivo não assinado]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [Arquivo não assinado] <==== ATENÇÃO
R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.)
R2 BIOSCommandFreeware; C:\Windows\SysWOW64\BIOSCommandFreeware\BIOSCommandFreeware.exe [68096 2014-11-26] () [Arquivo não assinado]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CashReminder; C:\Program Files (x86)\CashReminder\CashReminder.exe [443840 2015-08-10] ()
R2 ClipboardLogScreenshot; C:\Windows\SysWOW64\ClipboardLogScreenshot\ClipboardLogScreenshot.exe [68096 2014-11-26] () [Arquivo não assinado]
R2 CommandFilePrivacy; C:\Windows\SysWOW64\CommandFilePrivacy\CommandFilePrivacy.exe [68096 2014-11-26] () [Arquivo não assinado]
R2 CompileNativePython; C:\Windows\SysWOW64\CompileNativePython\CompileNativePython.exe [68096 2014-11-26] () [Arquivo não assinado]
R2 ContextualDesktopWord; C:\Windows\SysWOW64\ContextualDesktopWord\ContextualDesktopWord.exe [68096 2014-11-26] () [Arquivo não assinado]
R2 driverqcapSched; C:\Windows\SysWOW64\driverqcapSched\driverqcapSched.exe [83456 2015-01-16] () [Arquivo não assinado]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-13] (GAS Tecnologia)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-24] (globalUpdate) [Arquivo não assinado] <==== ATENÇÃO
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-24] (globalUpdate) [Arquivo não assinado] <==== ATENÇÃO
S4 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-05-22] () [Arquivo não assinado]
R2 GOSafer; C:\Program Files (x86)\GOSafer\GOSafer.exe [443952 2015-03-13] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [Arquivo não assinado]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Arquivo não assinado]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
S4 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34328 2014-08-27] () [Arquivo não assinado] <==== ATENÇÃO
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
R2 MemoryMotionTooltip; C:\Windows\SysWOW64\MemoryMotionTooltip\MemoryMotionTooltip.exe [60965 2014-09-01] () [Arquivo não assinado]
R2 motiontooltipGUI.exe; C:\Users\user\AppData\Local\motiontooltipGUI\motiontooltipGUI.exe [169472 2015-09-21] () [Arquivo não assinado]
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-20] (Electronic Arts)
R2 pappService; C:\Program Files (x86)\PopApp\livesspkerberosapi.exe [187904 2015-09-21] () [Arquivo não assinado]
R2 PCAppStoreSvc_{PCAppStore_5.0.1.8202}; C:\Program Files (x86)\PC App Store\5.0.1.8202\PCAppStoreSvc.exe [571424 2014-12-18] (Baidu Inc.)
S2 ProtectMonitor; C:\Program Files\PCDApp\StartHelp.exe [77705 2014-06-09] () [Arquivo não assinado] <==== ATENÇÃO
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7806848 2016-05-27] (Reimage®)
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-06] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-06] (SaveSense)
R2 SparkSvc; C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe [97080 2016-03-05] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1372472 2015-09-23] (Baidu.com, Inc.)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-09-30] (ShopperPro)
R2 sssvc; C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe [274016 2014-05-13] (Search Snacks)
R2 SupraSavingsService64; C:\Program Files (x86)\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\SupraSavingsService64.exe [172544 2014-06-25] () [Arquivo não assinado]
R2 Task Manager Pro; C:\Windows\taskmgr.exe [16896 2015-07-29] () [Arquivo não assinado]
R2 Task Manager Pro; C:\Windows\SysWOW64\taskmgr.exe [227328 2010-11-21] (Microsoft Corporation)
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.0.11102\WeatherService.exe [152008 2015-11-30] ()
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [856800 2015-08-21] (GAS Tecnologia LTDA)
R2 wauctla Service; C:\Windows\wauctla.exe [1044480 2015-02-26] () [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 yNwDRTi; C:\ProgramData\vHAPHWTBU\yNwDRTi.exe [2726256 2014-11-23] (Time Lapse Solutions)
S2 BIOSDashboardFreeware.exe; C:\Users\user\AppData\Local\BIOSDashboardFreeware\BIOSDashboardFreeware.exe [X]
S2 BIOSGammaRuby.exe; C:\Users\user\AppData\Local\BIOSGammaRuby\BIOSGammaRuby.exe [X]
S2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [X]
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 ContextualDockQuick.exe; C:\Users\user\AppData\Local\ContextualDockQuick\ContextualDockQuick.exe [X]
S2 filedimsjobRec.exe; C:\Users\user\AppData\Local\filedimsjobRec\filedimsjobRec.exe [X]
S2 KernelMetafileWYSIWYG.exe; C:\Users\user\AppData\Local\KernelMetafileWYSIWYG\KernelMetafileWYSIWYG.exe [X]
S2 LogOSRecycle.exe; C:\Users\user\AppData\Local\LogOSRecycle\LogOSRecycle.exe [X]
S2 mydocskerberosRecovery.exe; C:\Users\user\AppData\Local\mydocskerberosRecovery\mydocskerberosRecovery.exe [X]
S2 OfficeRootWindows.exe; C:\Users\user\AppData\Local\OfficeRootWindows\OfficeRootWindows.exe [X]
S2 perftrackclbcatqProvider.exe; C:\Users\user\AppData\Local\perftrackclbcatqProvider\perftrackclbcatqProvider.exe [X]
S2 servervo; C:\Users\user\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATENÇÃO
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 crfilterdrv; C:\Windows\System32\drivers\crfilterdrv.sys [57160 2015-08-10] (Windows (R) Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R1 gosaferdrv; C:\Windows\System32\drivers\gosaferdrv.sys [51504 2015-01-19] (Windows (R) Win 7 DDK provider)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-08] (NetFilterSDK.com)
R1 pfmfs_463; C:\Windows\System32\Drivers\pfmfs_463.sys [249704 2010-07-07] (Pismo Technic Inc.)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2014-08-25] (YTDownloader)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-09-30] ()
R2 SPDRIVER_1.37.0.1323; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.sys [52584 2014-09-30] ()
R1 ssnfd; C:\Windows\System32\drivers\ssnfd.sys [58248 2014-05-13] (Search Snacks)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-03] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-08-10] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
R1 {24d08b5c-a3b3-4969-8c35-c8cd9a120697}w64; C:\Windows\System32\drivers\{24d08b5c-a3b3-4969-8c35-c8cd9a120697}w64.sys [48832 2014-11-28] (StdLib)
R1 {8fb17db9-fb10-4812-ae47-50cdd8254169}w64; C:\Windows\System32\drivers\{8fb17db9-fb10-4812-ae47-50cdd8254169}w64.sys [48832 2014-11-29] (StdLib)
R1 {90f4e807-c1e3-4ef0-952b-5051185ec331}w64; C:\Windows\System32\drivers\{90f4e807-c1e3-4ef0-952b-5051185ec331}w64.sys [48832 2014-11-27] (StdLib)
R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64; C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64.sys [61120 2014-09-01] (StdLib)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 cpuz134; \??\C:\Users\user\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-10 21:35 - 2016-08-10 21:35 - 00039432 _____ C:\Users\user\Downloads\FRST.txt
2016-08-10 21:34 - 2016-08-10 21:35 - 00000000 ____D C:\FRST
2016-08-10 21:34 - 2016-08-10 21:34 - 02393600 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2016-08-07 23:35 - 2016-08-07 23:46 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-08-07 23:30 - 2016-08-07 23:30 - 03204592 _____ (Blizzard Entertainment) C:\Users\user\Downloads\Hearthstone-Setup (2).exe
2016-07-31 02:11 - 2016-07-31 02:11 - 00276888 _____ C:\Windows\Minidump\073116-20404-01.dmp
2016-07-20 13:29 - 2016-07-20 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-07-20 13:29 - 2016-07-20 13:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-07-19 07:39 - 2016-07-20 13:42 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\LogMeIn Hamachi
2016-07-19 07:39 - 2016-07-20 13:42 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-07-19 07:39 - 2016-07-20 13:42 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-07-15 02:04 - 2016-07-15 02:04 - 00000000 ____D C:\Users\user\PkHonor
2016-07-15 02:03 - 2016-07-15 02:03 - 00001937 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PkHonor.lnk
2016-07-15 02:03 - 2016-07-15 02:03 - 00001913 _____ C:\Users\Public\Desktop\PkHonor.lnk
2016-07-15 02:03 - 2016-07-15 02:03 - 00000000 ____D C:\Users\user\Documents\My Games
2016-07-15 02:03 - 2016-07-15 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PkHonor
2016-07-15 02:02 - 2016-07-15 02:02 - 02853426 _____ (PkHonor) C:\Users\user\Downloads\PkHonor_Installer.exe
2016-07-15 00:22 - 2016-07-15 00:22 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-10 21:33 - 2014-06-13 10:58 - 00000000 ____D C:\Program Files\suprasavings
2016-08-10 21:25 - 2014-10-03 15:20 - 00004124 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-3.job
2016-08-10 21:25 - 2014-09-01 19:14 - 00000276 _____ C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00004478 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-4.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00003436 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-1.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002758 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-5_user.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002756 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-5_user.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002756 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-5.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002430 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-5_user.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002430 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-5.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00002094 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-2.job
2016-08-10 21:23 - 2014-10-03 15:23 - 00001350 _____ C:\Windows\Tasks\33783b6c-75d7-4cf6-878c-683e60b42d19.job
2016-08-10 21:23 - 2014-10-03 15:22 - 00002758 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-5.job
2016-08-10 21:23 - 2014-10-03 15:22 - 00002412 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-2.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00004462 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-4.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00004460 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-4.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00004142 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-6.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00003798 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-7.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00003748 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-1.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00003744 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-1.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00002414 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-2.job
2016-08-10 21:22 - 2014-10-03 15:22 - 00000552 _____ C:\Windows\Tasks\f41a877f-30c9-408f-813d-d6ae8f105ca0.job
2016-08-10 21:22 - 2014-10-03 15:21 - 00004460 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-6.job
2016-08-10 21:22 - 2014-06-03 21:21 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-10 21:21 - 2014-10-03 15:21 - 00005168 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-11.job
2016-08-10 21:21 - 2014-10-03 15:21 - 00004462 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-6.job
2016-08-10 21:21 - 2014-10-03 15:21 - 00004126 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-7.job
2016-08-10 21:21 - 2014-10-03 15:21 - 00004124 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-7.job
2016-08-10 21:21 - 2014-10-03 15:21 - 00003454 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-3.job
2016-08-10 21:20 - 2015-06-11 11:19 - 00000616 _____ C:\Windows\Tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job
2016-08-10 21:20 - 2014-10-03 15:20 - 00005488 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-11.job
2016-08-10 21:20 - 2014-10-03 15:20 - 00005486 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-11.job
2016-08-10 21:13 - 2014-09-01 19:14 - 00000270 _____ C:\Windows\Tasks\SpeedUpMyPC Startup.job
2016-08-10 21:04 - 2015-07-24 18:04 - 00005520 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-6.job
2016-08-10 21:04 - 2015-07-24 18:04 - 00003140 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-1-6.job
2016-08-10 21:04 - 2015-04-12 00:04 - 00001318 _____ C:\Windows\Tasks\ext_coupons_notification_service.job
2016-08-10 21:04 - 2015-04-04 19:02 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2016-08-10 21:03 - 2013-09-24 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-08-10 21:02 - 2015-04-05 00:02 - 00001306 _____ C:\Windows\Tasks\web_disco_notification_service.job
2016-08-10 21:02 - 2015-04-04 18:02 - 00001288 _____ C:\Windows\Tasks\help4u_notification_service.job
2016-08-10 21:01 - 2014-11-04 22:01 - 00000288 _____ C:\Windows\Tasks\Groovorio.job
2016-08-10 21:00 - 2014-02-06 22:55 - 00000928 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2016-08-10 20:59 - 2014-11-26 16:59 - 00005514 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-6.job
2016-08-10 20:57 - 2013-09-24 11:19 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000UA.job
2016-08-10 20:55 - 2013-11-29 08:46 - 00000288 _____ C:\Windows\Tasks\UpdaterEX.job
2016-08-10 20:51 - 2016-02-22 14:04 - 00001968 _____ C:\Users\user\Desktop\Facebook.lnk
2016-08-10 20:51 - 2016-02-21 18:05 - 00001968 _____ C:\Users\user\Desktop\Youtube.lnk
2016-08-10 20:51 - 2016-02-21 18:04 - 00001968 _____ C:\Users\user\Desktop\Wikipedia.lnk
2016-08-10 20:51 - 2016-02-21 18:04 - 00001968 _____ C:\Users\user\Desktop\Hotmail.lnk
2016-08-10 20:51 - 2015-07-18 00:56 - 00002137 _____ C:\Users\user\Desktop\Google Chrome.lnk
2016-08-10 20:51 - 2015-04-12 11:44 - 00001968 _____ C:\Users\user\Desktop\Amazon.lnk
2016-08-10 20:50 - 2015-04-08 20:50 - 00001336 _____ C:\Windows\Tasks\shopping_blast_notification_service.job
2016-08-10 20:50 - 2015-04-08 20:50 - 00000698 _____ C:\Windows\Tasks\shopping_blast_updating_service.job
2016-08-10 20:42 - 2015-05-20 18:49 - 00003444 _____ C:\Windows\System32\Tasks\Ikaesumtregi
2016-08-10 20:42 - 2015-04-12 11:42 - 00000288 _____ C:\Windows\Tasks\Run_dregol.job
2016-08-10 20:41 - 2014-01-14 00:16 - 00000000 ____D C:\Users\user\AppData\Local\LogMeIn Hamachi
2016-08-10 20:39 - 2014-06-11 10:00 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-08-10 20:37 - 2015-11-01 11:37 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-08-10 20:37 - 2015-07-24 18:05 - 00002448 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-5.job
2016-08-10 20:37 - 2015-07-24 18:04 - 00005520 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-7.job
2016-08-10 20:37 - 2015-07-24 18:04 - 00003476 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-1-7.job
2016-08-10 20:37 - 2015-07-24 18:03 - 00005186 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-11.job
2016-08-10 20:37 - 2015-06-15 15:30 - 00000428 _____ C:\Windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job
2016-08-10 20:37 - 2015-06-11 11:19 - 00000000 ____D C:\Users\Todos os Usuários\ToolsUpdatePlatform
2016-08-10 20:37 - 2015-06-11 11:19 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform
2016-08-10 20:37 - 2015-04-12 00:04 - 00000680 _____ C:\Windows\Tasks\ext_coupons_updating_service.job
2016-08-10 20:37 - 2015-04-05 00:02 - 00000668 _____ C:\Windows\Tasks\web_disco_updating_service.job
2016-08-10 20:37 - 2015-04-04 18:02 - 00000650 _____ C:\Windows\Tasks\help4u_updating_service.job
2016-08-10 20:37 - 2014-11-26 17:00 - 00002442 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-5_user.job
2016-08-10 20:37 - 2014-11-26 17:00 - 00002442 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-5.job
2016-08-10 20:37 - 2014-11-26 16:59 - 00005178 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-7.job
2016-08-10 20:37 - 2014-11-26 16:59 - 00000642 _____ C:\Windows\Tasks\30a6c0dd-c016-4f3b-b1d9-68248a552061.job
2016-08-10 20:37 - 2014-11-26 16:57 - 00005180 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-11.job
2016-08-10 20:37 - 2014-11-26 16:57 - 00004490 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-3.job
2016-08-10 20:37 - 2014-10-03 15:20 - 00000986 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2016-08-10 20:37 - 2014-06-13 10:57 - 00000000 ____D C:\Program Files\PCDApp
2016-08-10 20:37 - 2014-02-06 22:55 - 00000924 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2016-08-10 20:36 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-10 20:35 - 2009-07-14 01:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-10 20:35 - 2009-07-14 01:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-10 19:57 - 2016-05-15 13:44 - 00001022 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000Core.job
2016-08-10 19:46 - 2015-05-06 19:33 - 00000000 ____D C:\Users\user\AppData\Roaming\WeatherTool
2016-08-10 18:57 - 2013-10-27 17:52 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000UA.job
2016-08-10 18:57 - 2013-10-27 17:52 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000Core.job
2016-08-10 18:08 - 2014-11-26 16:57 - 00000990 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2016-08-10 17:20 - 2013-10-05 01:37 - 00000024 _____ C:\Users\user\random.dat
2016-08-10 17:01 - 2014-06-29 11:58 - 00000024 _____ C:\Users\user\jagexappletviewer.preferences
2016-08-10 16:08 - 2014-06-29 10:41 - 00000043 _____ C:\Users\user\jagex_cl_runescape_LIVE.dat
2016-08-10 16:06 - 2013-09-24 11:19 - 00002184 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 23:42 - 2016-02-13 22:11 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2016-08-07 23:42 - 2016-02-13 22:05 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-07 23:32 - 2016-02-13 21:58 - 00000000 ____D C:\Users\Todos os Usuários\Battle.net
2016-08-07 23:32 - 2016-02-13 21:58 - 00000000 ____D C:\ProgramData\Battle.net
2016-08-05 21:19 - 2014-07-02 21:42 - 00000044 _____ C:\Users\user\jagex_cl_runescape_LIVE1.dat
2016-08-05 13:03 - 2014-11-26 16:58 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417031906
2016-08-05 13:03 - 2014-11-26 16:56 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-31 02:11 - 2016-01-16 17:31 - 516168505 _____ C:\Windows\MEMORY.DMP
2016-07-31 02:11 - 2014-12-17 14:20 - 00000000 ____D C:\Windows\Minidump
2016-07-30 17:49 - 2013-11-22 19:01 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-07-28 19:52 - 2016-05-15 13:44 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000Core
2016-07-28 19:52 - 2013-09-24 11:19 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000UA
2016-07-20 12:08 - 2014-01-27 17:25 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-07-19 22:59 - 2013-09-24 11:03 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-07-19 22:59 - 2013-09-24 11:03 - 00000000 ____D C:\ProgramData\Skype
2016-07-15 00:22 - 2014-06-03 21:21 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 00:22 - 2013-09-24 11:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 00:22 - 2013-09-24 11:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 17:22 - 2013-09-24 11:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 17:22 - 2013-09-24 11:26 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 17:08 - 2013-09-24 11:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-07-11 23:53 - 2014-12-24 13:14 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== Arquivos na raiz de alguns diretórios =======
2015-04-25 17:31 - 2015-07-16 04:35 - 0000000 _____ () C:\Users\user\AppData\Roaming\dwmpro.exe
2016-06-09 16:12 - 2016-06-09 16:12 - 26671784 _____ () C:\Users\user\AppData\Roaming\gameboxsetup.exe
2015-04-25 17:32 - 2015-07-16 01:50 - 0264653 _____ () C:\Users\user\AppData\Roaming\ndantif
2014-06-11 09:59 - 2014-06-11 10:06 - 0016349 _____ () C:\Users\user\AppData\Roaming\unins000.dat
2014-06-11 09:59 - 2014-06-11 10:05 - 0815314 _____ () C:\Users\user\AppData\Roaming\unins000.exe
2015-11-01 11:36 - 2015-11-01 11:36 - 0016505 _____ () C:\Users\user\AppData\Roaming\unins001.dat
2015-11-01 11:36 - 2015-11-01 11:36 - 0730322 _____ () C:\Users\user\AppData\Roaming\unins001.exe
2013-12-18 23:46 - 2014-12-09 23:01 - 0000241 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2014-12-01 21:12 - 2014-12-01 21:12 - 0000001 _____ () C:\Users\user\AppData\Local\DSI.DAT
2014-12-01 21:11 - 2014-12-01 21:11 - 0022528 _____ () C:\Users\user\AppData\Local\dsisetup2006840852.exe
2016-03-29 00:05 - 2016-03-29 00:06 - 0000000 _____ () C:\Users\user\AppData\Local\{086FE175-BC41-4208-B7FC-747FD2D61217}
2015-09-08 05:01 - 2015-09-08 05:02 - 0000000 _____ () C:\Users\user\AppData\Local\{11CE448D-5498-49F0-918E-68D64CC61684}
2014-12-09 00:19 - 2014-12-09 00:20 - 0000000 _____ () C:\Users\user\AppData\Local\{399E252E-9AD6-4F42-B254-2C20B47463D0}
2015-02-11 23:35 - 2015-02-11 23:35 - 0000000 _____ () C:\Users\user\AppData\Local\{6F82113B-9A2F-4EE2-B9FA-01A23A6FAAAC}
2014-11-17 09:43 - 2014-11-17 09:43 - 0000000 _____ () C:\Users\user\AppData\Local\{B25B63CC-2D7A-4012-A313-7E9F5CD1A245}
2015-02-01 23:35 - 2015-02-01 23:35 - 0000000 _____ () C:\Users\user\AppData\Local\{BF0475CE-C850-4522-BB8D-D3166D10B9AD}
2014-07-08 00:12 - 2014-07-08 00:12 - 0000000 _____ () C:\Users\user\AppData\Local\{E1B44337-5C49-4F98-B1ED-EB262D5CB175}
2015-03-10 21:26 - 2015-03-10 21:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-24 17:51 - 2015-03-06 17:29 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2015-09-23 12:01 - 2015-09-23 12:01 - 0000020 _____ () C:\ProgramData\nbc.ini
2015-06-14 15:25 - 2015-05-14 18:06 - 1029096 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\Duplicaterecord.js
C:\ProgramData\FileSplitUpLoad.dll
C:\ProgramData\WeatherMini.exe
C:\Users\Todos os Usuários\Duplicaterecord.js
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\WeatherMini.exe
C:\Users\user\alotic_preferences.dat
C:\Users\user\alotic_preferences2.dat
C:\Users\user\exoria_cl_exoria_LIVE.dat
C:\Users\user\feather_cl_DedicationX_Core.dat
C:\Users\user\feather_cl_Reprisal_Core.dat
C:\Users\user\keystore.dat
C:\Users\user\matrix_cl_Goodpk_LIVE.dat
C:\Users\user\matrix_cl_Goodpk_LIVE1.dat
C:\Users\user\matrix_cl_matrix_LIVE.dat
C:\Users\user\revx_cl_matrix_LIVE.dat
C:\Users\user\rn_cl_anarchy_LIVE.dat
C:\Users\user\systemid.dat
C:\Users\user\uid.dat
Alguns arquivos em TEMP:
====================
C:\Users\user\AppData\Local\Temp\10015.exe
C:\Users\user\AppData\Local\Temp\10464.exe
C:\Users\user\AppData\Local\Temp\1060.exe
C:\Users\user\AppData\Local\Temp\10634.exe
C:\Users\user\AppData\Local\Temp\10694.exe
C:\Users\user\AppData\Local\Temp\1078.exe
C:\Users\user\AppData\Local\Temp\10815.exe
C:\Users\user\AppData\Local\Temp\10874.exe
C:\Users\user\AppData\Local\Temp\11056.exe
C:\Users\user\AppData\Local\Temp\11172.exe
C:\Users\user\AppData\Local\Temp\11247.exe
C:\Users\user\AppData\Local\Temp\11252.exe
C:\Users\user\AppData\Local\Temp\11611.exe
C:\Users\user\AppData\Local\Temp\11613.exe
C:\Users\user\AppData\Local\Temp\11628.exe
C:\Users\user\AppData\Local\Temp\11773.exe
C:\Users\user\AppData\Local\Temp\12015.exe
C:\Users\user\AppData\Local\Temp\12491.exe
C:\Users\user\AppData\Local\Temp\12619.exe
C:\Users\user\AppData\Local\Temp\12918.exe
C:\Users\user\AppData\Local\Temp\12931.exe
C:\Users\user\AppData\Local\Temp\13352.exe
C:\Users\user\AppData\Local\Temp\13463.exe
C:\Users\user\AppData\Local\Temp\1350.exe
C:\Users\user\AppData\Local\Temp\14052.exe
C:\Users\user\AppData\Local\Temp\14056.exe
C:\Users\user\AppData\Local\Temp\14118.exe
C:\Users\user\AppData\Local\Temp\14281.exe
C:\Users\user\AppData\Local\Temp\1434306630.exe
C:\Users\user\AppData\Local\Temp\14834.exe
C:\Users\user\AppData\Local\Temp\1497.exe
C:\Users\user\AppData\Local\Temp\15010.exe
C:\Users\user\AppData\Local\Temp\15048.exe
C:\Users\user\AppData\Local\Temp\15168.exe
C:\Users\user\AppData\Local\Temp\15176.exe
C:\Users\user\AppData\Local\Temp\15233.exe
C:\Users\user\AppData\Local\Temp\15258.exe
C:\Users\user\AppData\Local\Temp\15365.exe
C:\Users\user\AppData\Local\Temp\15393.exe
C:\Users\user\AppData\Local\Temp\15524.exe
C:\Users\user\AppData\Local\Temp\1622.exe
C:\Users\user\AppData\Local\Temp\16290.exe
C:\Users\user\AppData\Local\Temp\16398.exe
C:\Users\user\AppData\Local\Temp\16556.exe
C:\Users\user\AppData\Local\Temp\1684.exe
C:\Users\user\AppData\Local\Temp\16987.exe
C:\Users\user\AppData\Local\Temp\17165.exe
C:\Users\user\AppData\Local\Temp\17237.exe
C:\Users\user\AppData\Local\Temp\17245.exe
C:\Users\user\AppData\Local\Temp\17712.exe
C:\Users\user\AppData\Local\Temp\17775.exe
C:\Users\user\AppData\Local\Temp\17779.exe
C:\Users\user\AppData\Local\Temp\17964.exe
C:\Users\user\AppData\Local\Temp\18113.exe
C:\Users\user\AppData\Local\Temp\18225.exe
C:\Users\user\AppData\Local\Temp\18346.exe
C:\Users\user\AppData\Local\Temp\18458.exe
C:\Users\user\AppData\Local\Temp\18876669-1650-4c82-9fe8-ec467308849d.exe
C:\Users\user\AppData\Local\Temp\1904.exe
C:\Users\user\AppData\Local\Temp\19374.exe
C:\Users\user\AppData\Local\Temp\19433.exe
C:\Users\user\AppData\Local\Temp\19628.exe
C:\Users\user\AppData\Local\Temp\20191.exe
C:\Users\user\AppData\Local\Temp\20285.exe
C:\Users\user\AppData\Local\Temp\21361.exe
C:\Users\user\AppData\Local\Temp\21417.exe
C:\Users\user\AppData\Local\Temp\21684.exe
C:\Users\user\AppData\Local\Temp\21725.exe
C:\Users\user\AppData\Local\Temp\21781.exe
C:\Users\user\AppData\Local\Temp\21813.exe
C:\Users\user\AppData\Local\Temp\21898.exe
C:\Users\user\AppData\Local\Temp\21971.exe
C:\Users\user\AppData\Local\Temp\22325.exe
C:\Users\user\AppData\Local\Temp\22522.exe
C:\Users\user\AppData\Local\Temp\22850.exe
C:\Users\user\AppData\Local\Temp\2290.exe
C:\Users\user\AppData\Local\Temp\22994.exe
C:\Users\user\AppData\Local\Temp\2309.exe
C:\Users\user\AppData\Local\Temp\23266.exe
C:\Users\user\AppData\Local\Temp\23635.exe
C:\Users\user\AppData\Local\Temp\24120.exe
C:\Users\user\AppData\Local\Temp\24285.exe
C:\Users\user\AppData\Local\Temp\24308.exe
C:\Users\user\AppData\Local\Temp\24384.exe
C:\Users\user\AppData\Local\Temp\24661.exe
C:\Users\user\AppData\Local\Temp\24783.exe
C:\Users\user\AppData\Local\Temp\24807.exe
C:\Users\user\AppData\Local\Temp\25043.exe
C:\Users\user\AppData\Local\Temp\25096.exe
C:\Users\user\AppData\Local\Temp\25221.exe
C:\Users\user\AppData\Local\Temp\25244.exe
C:\Users\user\AppData\Local\Temp\25914.exe
C:\Users\user\AppData\Local\Temp\26099.exe
C:\Users\user\AppData\Local\Temp\26141.exe
C:\Users\user\AppData\Local\Temp\26637.exe
C:\Users\user\AppData\Local\Temp\27297.exe
C:\Users\user\AppData\Local\Temp\27611.exe
C:\Users\user\AppData\Local\Temp\27857.exe
C:\Users\user\AppData\Local\Temp\27988.exe
C:\Users\user\AppData\Local\Temp\28031.exe
C:\Users\user\AppData\Local\Temp\28476.exe
C:\Users\user\AppData\Local\Temp\28498.exe
C:\Users\user\AppData\Local\Temp\28518.exe
C:\Users\user\AppData\Local\Temp\28966.exe
C:\Users\user\AppData\Local\Temp\29020.exe
C:\Users\user\AppData\Local\Temp\2903.exe
C:\Users\user\AppData\Local\Temp\29853.exe
C:\Users\user\AppData\Local\Temp\30772.exe
C:\Users\user\AppData\Local\Temp\30926.exe
C:\Users\user\AppData\Local\Temp\30998.exe
C:\Users\user\AppData\Local\Temp\31129.exe
C:\Users\user\AppData\Local\Temp\31384.exe
C:\Users\user\AppData\Local\Temp\31435.exe
C:\Users\user\AppData\Local\Temp\31599.exe
C:\Users\user\AppData\Local\Temp\32036.exe
C:\Users\user\AppData\Local\Temp\32041.exe
C:\Users\user\AppData\Local\Temp\32232.exe
C:\Users\user\AppData\Local\Temp\32247.exe
C:\Users\user\AppData\Local\Temp\32335.exe
C:\Users\user\AppData\Local\Temp\32389.exe
C:\Users\user\AppData\Local\Temp\32468.exe
C:\Users\user\AppData\Local\Temp\32495.exe
C:\Users\user\AppData\Local\Temp\3611.exe
C:\Users\user\AppData\Local\Temp\3965.exe
C:\Users\user\AppData\Local\Temp\4017.exe
C:\Users\user\AppData\Local\Temp\4353.exe
C:\Users\user\AppData\Local\Temp\4436.exe
C:\Users\user\AppData\Local\Temp\5079.exe
C:\Users\user\AppData\Local\Temp\556.exe
C:\Users\user\AppData\Local\Temp\5600.exe
C:\Users\user\AppData\Local\Temp\5772.exe
C:\Users\user\AppData\Local\Temp\5782.exe
C:\Users\user\AppData\Local\Temp\5888.exe
C:\Users\user\AppData\Local\Temp\6012.exe
C:\Users\user\AppData\Local\Temp\6165.exe
C:\Users\user\AppData\Local\Temp\6172.exe
C:\Users\user\AppData\Local\Temp\6310.exe
C:\Users\user\AppData\Local\Temp\6407.exe
C:\Users\user\AppData\Local\Temp\6772.exe
C:\Users\user\AppData\Local\Temp\6df64429-f63e-4780-a7d7-193abf41ec21.exe
C:\Users\user\AppData\Local\Temp\7128.exe
C:\Users\user\AppData\Local\Temp\7201.exe
C:\Users\user\AppData\Local\Temp\7479.exe
C:\Users\user\AppData\Local\Temp\7899.exe
C:\Users\user\AppData\Local\Temp\8061.exe
C:\Users\user\AppData\Local\Temp\8098.exe
C:\Users\user\AppData\Local\Temp\8123.exe
C:\Users\user\AppData\Local\Temp\8183.exe
C:\Users\user\AppData\Local\Temp\8855.exe
C:\Users\user\AppData\Local\Temp\8949.exe
C:\Users\user\AppData\Local\Temp\9014.exe
C:\Users\user\AppData\Local\Temp\9495.exe
C:\Users\user\AppData\Local\Temp\9542.exe
C:\Users\user\AppData\Local\Temp\9683.exe
C:\Users\user\AppData\Local\Temp\998.exe
C:\Users\user\AppData\Local\Temp\BitLordSetup.exe
C:\Users\user\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe
C:\Users\user\AppData\Local\Temp\dsrsetup.exe
C:\Users\user\AppData\Local\Temp\ICReinstall_BitLordSetup.exe
C:\Users\user\AppData\Local\Temp\InstallHelper.exe
C:\Users\user\AppData\Local\Temp\proxy_vole3007057139579070223.dll
C:\Users\user\AppData\Local\Temp\proxy_vole4743929058331013762.dll
C:\Users\user\AppData\Local\Temp\proxy_vole4958976090729501861.dll
C:\Users\user\AppData\Local\Temp\proxy_vole5727372274035650330.dll
C:\Users\user\AppData\Local\Temp\proxy_vole8290826407297282896.dll
C:\Users\user\AppData\Local\Temp\ReimagePackage.exe
C:\Users\user\AppData\Local\Temp\res.dll
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\spark_install.exe
C:\Users\user\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\user\AppData\Local\Temp\ToggleMarkUntemp.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-07-30 17:42
==================== Fim de FRST.txt ============================