Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 21-08-2016 01
Executado por Andrielson Luiz (administrador) em ANDRIELSONLUIZ (21-08-2016 19:15:46)
Executando a partir de D:\Documentos Andrielson - Geral\Documentos\Downloads
Perfis Carregados: Andrielson Luiz & UpdatusUser (Perfis Disponíveis: Andrielson Luiz & UpdatusUser)
Platform: Windows 7 Professional (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
() C:\Users\Andrielson Luiz\Desktop\Nova pasta (5)\zsnesw.exe
() C:\Users\Andrielson Luiz\Desktop\Nova pasta (5)\zsnesw.exe
() C:\Users\Andrielson Luiz\Desktop\Nova pasta (5)\zsnesw.exe
(TweakBit) C:\Program Files (x86)\TweakBit\FixMyPC\FixMyPC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1924920 2015-06-04] (Baidu, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-09-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Baidu Bsr] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3072872 2014-10-23] (Baidu, Inc.)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-07-21] (Electronic Arts)
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\MountPoints2: {0950a831-3b53-11e3-96df-806e6f6e6963} - E:\starter.exe
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\MountPoints2: {213ec36e-3d97-11e3-bf6b-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\MountPoints2: {4103e2a1-0dc7-11e4-86c3-6cf049f0315b} - G:\LGAutoRun.exe
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\MountPoints2: {911eb0d5-ca2f-11e3-8d5e-6cf049f0315b} - G:\iLinker.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-28] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-28] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-28] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2013-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll [2015-06-04] (Baidu, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-28] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-28] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-28] ()
Startup: C:\Users\Andrielson Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-05-15]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50306;https=127.0.0.1:50306;
ProxyServer: [S-1-5-21-1068376010-1282295791-3652870389-1000] => http=127.0.0.1:50306;https=127.0.0.1:50306;
Hosts: 23.41.155.66 guardiao.itau.com.br # GbPlugin
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{D9A43DD8-C664-42DD-A58E-7F8D7A50A42D}: [DhcpNameServer] 192.168.3.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1068376010-1282295791-3652870389-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1068376010-1282295791-3652870389-1000 -> Web URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1068376010-1282295791-3652870389-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1068376010-1282295791-3652870389-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1068376010-1282295791-3652870389-1000 -> {BD12BA93-C30D-4E12-9B02-BEBA86E8A6C3} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09] (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-24] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09] (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-09-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-09-12] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-09-23] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-09-23] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-1068376010-1282295791-3652870389-1000: gastecnologia.com.br/sf/uni -> C:\Users\Andrielson Luiz\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-23] [não assinado]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.br/
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Google Drive) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-15]
CHR Extension: (YouTube) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-15]
CHR Extension: (Google Search) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-05-15]
CHR Extension: (GamingWonderland) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeojlpepoljdpaoiplnlhcfkoigijimc [2016-07-21]
CHR Extension: (avast! Ad Blocker) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd [2015-02-21]
CHR Extension: (Documentos Google off-line) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15]
CHR Extension: (Avast Online Security) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-21]
CHR Extension: (RealDownloader) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-02-21]
CHR Extension: (Meu Cupom Alerta) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmnlemaknpggcmokicejojodbojcdon [2016-08-04]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2015-03-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-15]
CHR Extension: (Search Manager) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-08-16]
CHR Extension: (Gmail) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [deonaifijhbfflmkhlbpbfplcpnagphf] - C:\Users\Andrielson Luiz\AppData\Local\CRE\deonaifijhbfflmkhlbpbfplcpnagphf.crx
CHR HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [deonaifijhbfflmkhlbpbfplcpnagphf] - C:\Users\Andrielson Luiz\AppData\Local\CRE\deonaifijhbfflmkhlbpbfplcpnagphf.crx
CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [kbmnlemaknpggcmokicejojodbojcdon] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [Arquivo não assinado]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe [2293632 2015-06-04] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdSandboxSrv64.exe [264736 2015-01-08] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [402536 2015-06-04] (Baidu, Inc.)
S3 BsrSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3072872 2014-10-23] (Baidu, Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-08] (Nero AG)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-07-21] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-03] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-10-23] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-10-23] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-10-23] ()
U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [116784 2015-06-04] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [24848 2015-06-04] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [201488 2015-06-04] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [59664 2015-06-04] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38160 2015-06-04] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [77520 2015-06-04] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [475504 2015-06-04] (Baidu, Inc.)
R3 BNmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BNmon64.sys [59200 2014-09-17] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [164016 2015-06-04] (Baidu, Inc.)
S4 bsrbc; C:\Windows\System32\drivers\bsrbc64.sys [54592 2014-10-19] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
S3 tapwp01; C:\Windows\System32\DRIVERS\tapwp01.sys [38216 2014-09-15] (The OpenVPN Project)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-15] (StdLib)
S3 AppProtectEx; \??\C:\Windows\System32\drivers\AppProtectEx.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\PC App Store\4.10.1.7752\PCFApiUtil64.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-21 19:15 - 2016-08-21 19:15 - 00000000 ____D C:\FRST
2016-08-21 18:55 - 2016-08-21 18:55 - 00000000 ____D C:\Windows\System32\Tasks\TweakBit
2016-08-21 18:54 - 2016-08-21 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2016-08-21 18:54 - 2016-08-21 18:54 - 00000000 ____D C:\Program Files (x86)\TweakBit
2016-08-21 18:37 - 2016-08-21 18:54 - 00001126 _____ C:\Users\Andrielson Luiz\Desktop\TweakBit FixMyPC.lnk
2016-08-21 18:37 - 2016-08-21 18:37 - 00000000 ____D C:\Users\Todos os Usuários\TweakBit
2016-08-21 18:37 - 2016-08-21 18:37 - 00000000 ____D C:\ProgramData\TweakBit
2016-08-21 16:08 - 2016-08-21 16:08 - 00000000 ____D C:\Users\Andrielson Luiz\Desktop\docs
2016-08-06 20:58 - 2016-08-21 15:24 - 00001943 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2016-08-06 20:58 - 2016-08-21 15:24 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2016-08-06 20:58 - 2016-08-06 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-21 19:13 - 2009-07-14 01:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-21 19:13 - 2009-07-14 01:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-21 19:07 - 2013-10-23 18:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-21 18:53 - 2013-10-25 16:16 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-21 18:48 - 2014-05-31 15:18 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-21 18:06 - 2014-09-24 20:45 - 00000000 ____D C:\Users\Todos os Usuários\BavSvc_exe
2016-08-21 18:06 - 2014-09-24 20:45 - 00000000 ____D C:\ProgramData\BavSvc_exe
2016-08-21 16:45 - 2016-06-04 19:35 - 00000000 ____D C:\Users\Andrielson Luiz\Desktop\Nova pasta (3)
2016-08-21 16:35 - 2016-06-07 21:20 - 00000000 ____D C:\Users\Andrielson Luiz\Desktop\Nova pasta (5)
2016-08-21 16:18 - 2014-02-04 15:49 - 00000000 ____D C:\Games
2016-08-21 15:24 - 2014-06-03 15:52 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-08-21 15:24 - 2014-06-03 15:51 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-08-21 15:01 - 2013-10-27 18:45 - 00000000 ____D C:\Users\Todos os Usuários\Origin
2016-08-21 15:01 - 2013-10-27 18:45 - 00000000 ____D C:\ProgramData\Origin
2016-08-21 11:48 - 2014-05-31 15:18 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-21 10:54 - 2015-06-17 16:14 - 00000700 _____ C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
2016-08-21 10:51 - 2009-07-29 12:58 - 03279866 _____ C:\Windows\system32\prfh0416.dat
2016-08-21 10:51 - 2009-07-29 12:58 - 02604816 _____ C:\Windows\system32\prfc0416.dat
2016-08-21 10:51 - 2009-07-14 02:13 - 00006466 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-21 10:44 - 2013-10-23 17:49 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-08-21 10:44 - 2013-10-23 17:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-21 10:44 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-20 21:00 - 2013-10-30 19:43 - 00004374 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{27EDB029-BD1A-4FDF-9338-A9F62D867015}
2016-08-19 10:23 - 2016-02-27 20:44 - 00000000 ____D C:\Users\Todos os Usuários\MEGAsync
2016-08-19 10:23 - 2016-02-27 20:44 - 00000000 ____D C:\ProgramData\MEGAsync
2016-08-15 15:31 - 2013-10-23 17:49 - 00000000 ____D C:\Users\UpdatusUser
2016-08-14 17:11 - 2014-06-03 15:57 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2016-08-14 17:11 - 2014-06-03 15:57 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-08-14 14:18 - 2014-06-03 15:57 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-08-08 17:50 - 2014-05-31 15:30 - 00002239 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 17:50 - 2014-05-31 15:30 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 18:46 - 2016-06-04 19:13 - 00000000 ____D C:\Users\Andrielson Luiz\Desktop\yudfutd
2016-08-06 21:11 - 2014-11-19 12:02 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-08-06 21:11 - 2014-11-19 12:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-06 20:54 - 2014-12-18 17:47 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-08-06 20:54 - 2014-12-18 17:47 - 00000000 ____D C:\ProgramData\GbPlugin
2016-08-06 20:50 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-06 20:46 - 2013-11-12 17:00 - 00001310 _____ C:\Users\Andrielson
2016-07-30 11:43 - 2014-05-31 15:18 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 11:43 - 2014-05-31 15:18 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 18:04 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-07-26 15:04 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-24 21:55 - 2016-05-22 16:01 - 00000378 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2016-07-22 10:15 - 2013-11-12 17:00 - 00000000 ____D C:\Users\Andrielson Luiz\AppData\Local\ElevatedDiagnostics
==================== Arquivos na raiz de alguns diretórios =======
2014-12-18 17:45 - 2014-12-18 17:46 - 0016035 _____ () C:\Users\Andrielson Luiz\AppData\Roaming\unins000.dat
2014-12-18 17:45 - 2014-12-18 17:45 - 0720082 _____ () C:\Users\Andrielson Luiz\AppData\Roaming\unins000.exe
2014-03-27 18:57 - 2014-03-31 12:57 - 0000111 _____ () C:\Users\Andrielson Luiz\AppData\Roaming\WB.CFG
2014-09-03 21:57 - 2014-09-03 21:57 - 0000152 _____ () C:\ProgramData\bc.ini
2014-09-24 19:40 - 2014-09-24 19:40 - 0014304 _____ () C:\ProgramData\Duplicaterecord.js
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\Duplicaterecord.js
C:\Users\Todos os Usuários\Duplicaterecord.js
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
Alguns arquivos em TEMP:
====================
C:\Users\Andrielson Luiz\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-08-16 16:43
==================== Fim de FRST.txt ============================
Executado por Andrielson Luiz (administrador) em ANDRIELSONLUIZ (21-08-2016 19:15:46)
Executando a partir de D:\Documentos Andrielson - Geral\Documentos\Downloads
Perfis Carregados: Andrielson Luiz & UpdatusUser (Perfis Disponíveis: Andrielson Luiz & UpdatusUser)
Platform: Windows 7 Professional (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
() C:\Users\Andrielson Luiz\Desktop\Nova pasta (5)\zsnesw.exe
() C:\Users\Andrielson Luiz\Desktop\Nova pasta (5)\zsnesw.exe
() C:\Users\Andrielson Luiz\Desktop\Nova pasta (5)\zsnesw.exe
(TweakBit) C:\Program Files (x86)\TweakBit\FixMyPC\FixMyPC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1924920 2015-06-04] (Baidu, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-09-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Baidu Bsr] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3072872 2014-10-23] (Baidu, Inc.)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-07-21] (Electronic Arts)
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\MountPoints2: {0950a831-3b53-11e3-96df-806e6f6e6963} - E:\starter.exe
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\MountPoints2: {213ec36e-3d97-11e3-bf6b-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\MountPoints2: {4103e2a1-0dc7-11e4-86c3-6cf049f0315b} - G:\LGAutoRun.exe
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\...\MountPoints2: {911eb0d5-ca2f-11e3-8d5e-6cf049f0315b} - G:\iLinker.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-28] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-28] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2016-07-28] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2013-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll [2015-06-04] (Baidu, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-28] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-28] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2016-07-28] ()
Startup: C:\Users\Andrielson Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-05-15]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50306;https=127.0.0.1:50306;
ProxyServer: [S-1-5-21-1068376010-1282295791-3652870389-1000] => http=127.0.0.1:50306;https=127.0.0.1:50306;
Hosts: 23.41.155.66 guardiao.itau.com.br # GbPlugin
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{D9A43DD8-C664-42DD-A58E-7F8D7A50A42D}: [DhcpNameServer] 192.168.3.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal
HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1068376010-1282295791-3652870389-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1068376010-1282295791-3652870389-1000 -> Web URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1068376010-1282295791-3652870389-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0C0FtAzz0BtGtBtD0EtAtG0A0EyCyDtGyByC0D0CtG0AtAyB0FtAtBzy0DtAtCzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D2042200859%26a%3Dwncy_adwrldint_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1068376010-1282295791-3652870389-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adwrldint_16_20¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzy0FtDtAtCyD0BtCyByDzztN0D0Tzu0StCyDzyyBtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0AyCzz0A0DyEzytGtBzytByDtGtDtD0AtAtGtBtDyE0CtGtDzztA0DtDtA0AyB0D0FtAtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyEyD0CtBtDyDtAtG0AtA0C0DtGyEyD0CzytGzytCyDzytG0FyDyDyE0CtCtDyC0BtB0EyE2QtN0A0LzuyE%26cr%3D1260185013%26a%3Dwncy_adwrldint_16_20%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1068376010-1282295791-3652870389-1000 -> {BD12BA93-C30D-4E12-9B02-BEBA86E8A6C3} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09] (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-24] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09] (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09] (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-09-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-09-12] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-09-23] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-09-23] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-1068376010-1282295791-3652870389-1000: gastecnologia.com.br/sf/uni -> C:\Users\Andrielson Luiz\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-23] [não assinado]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.br/
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Google Drive) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-15]
CHR Extension: (YouTube) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-15]
CHR Extension: (Google Search) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-05-15]
CHR Extension: (GamingWonderland) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeojlpepoljdpaoiplnlhcfkoigijimc [2016-07-21]
CHR Extension: (avast! Ad Blocker) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd [2015-02-21]
CHR Extension: (Documentos Google off-line) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-15]
CHR Extension: (Avast Online Security) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-21]
CHR Extension: (RealDownloader) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-02-21]
CHR Extension: (Meu Cupom Alerta) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmnlemaknpggcmokicejojodbojcdon [2016-08-04]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2015-03-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-15]
CHR Extension: (Search Manager) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-08-16]
CHR Extension: (Gmail) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Andrielson Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [deonaifijhbfflmkhlbpbfplcpnagphf] - C:\Users\Andrielson Luiz\AppData\Local\CRE\deonaifijhbfflmkhlbpbfplcpnagphf.crx
CHR HKU\S-1-5-21-1068376010-1282295791-3652870389-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [deonaifijhbfflmkhlbpbfplcpnagphf] - C:\Users\Andrielson Luiz\AppData\Local\CRE\deonaifijhbfflmkhlbpbfplcpnagphf.crx
CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [kbmnlemaknpggcmokicejojodbojcdon] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [Arquivo não assinado]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe [2293632 2015-06-04] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdSandboxSrv64.exe [264736 2015-01-08] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [402536 2015-06-04] (Baidu, Inc.)
S3 BsrSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3072872 2014-10-23] (Baidu, Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-08] (Nero AG)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-07-21] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-03] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-10-23] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-10-23] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-10-23] ()
U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [116784 2015-06-04] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [24848 2015-06-04] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [201488 2015-06-04] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [59664 2015-06-04] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38160 2015-06-04] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [77520 2015-06-04] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [475504 2015-06-04] (Baidu, Inc.)
R3 BNmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BNmon64.sys [59200 2014-09-17] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [164016 2015-06-04] (Baidu, Inc.)
S4 bsrbc; C:\Windows\System32\drivers\bsrbc64.sys [54592 2014-10-19] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
S3 tapwp01; C:\Windows\System32\DRIVERS\tapwp01.sys [38216 2014-09-15] (The OpenVPN Project)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-15] (StdLib)
S3 AppProtectEx; \??\C:\Windows\System32\drivers\AppProtectEx.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\PC App Store\4.10.1.7752\PCFApiUtil64.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-21 19:15 - 2016-08-21 19:15 - 00000000 ____D C:\FRST
2016-08-21 18:55 - 2016-08-21 18:55 - 00000000 ____D C:\Windows\System32\Tasks\TweakBit
2016-08-21 18:54 - 2016-08-21 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2016-08-21 18:54 - 2016-08-21 18:54 - 00000000 ____D C:\Program Files (x86)\TweakBit
2016-08-21 18:37 - 2016-08-21 18:54 - 00001126 _____ C:\Users\Andrielson Luiz\Desktop\TweakBit FixMyPC.lnk
2016-08-21 18:37 - 2016-08-21 18:37 - 00000000 ____D C:\Users\Todos os Usuários\TweakBit
2016-08-21 18:37 - 2016-08-21 18:37 - 00000000 ____D C:\ProgramData\TweakBit
2016-08-21 16:08 - 2016-08-21 16:08 - 00000000 ____D C:\Users\Andrielson Luiz\Desktop\docs
2016-08-06 20:58 - 2016-08-21 15:24 - 00001943 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2016-08-06 20:58 - 2016-08-21 15:24 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2016-08-06 20:58 - 2016-08-06 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-21 19:13 - 2009-07-14 01:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-21 19:13 - 2009-07-14 01:45 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-21 19:07 - 2013-10-23 18:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-21 18:53 - 2013-10-25 16:16 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-21 18:48 - 2014-05-31 15:18 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-21 18:06 - 2014-09-24 20:45 - 00000000 ____D C:\Users\Todos os Usuários\BavSvc_exe
2016-08-21 18:06 - 2014-09-24 20:45 - 00000000 ____D C:\ProgramData\BavSvc_exe
2016-08-21 16:45 - 2016-06-04 19:35 - 00000000 ____D C:\Users\Andrielson Luiz\Desktop\Nova pasta (3)
2016-08-21 16:35 - 2016-06-07 21:20 - 00000000 ____D C:\Users\Andrielson Luiz\Desktop\Nova pasta (5)
2016-08-21 16:18 - 2014-02-04 15:49 - 00000000 ____D C:\Games
2016-08-21 15:24 - 2014-06-03 15:52 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-08-21 15:24 - 2014-06-03 15:51 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-08-21 15:01 - 2013-10-27 18:45 - 00000000 ____D C:\Users\Todos os Usuários\Origin
2016-08-21 15:01 - 2013-10-27 18:45 - 00000000 ____D C:\ProgramData\Origin
2016-08-21 11:48 - 2014-05-31 15:18 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-21 10:54 - 2015-06-17 16:14 - 00000700 _____ C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
2016-08-21 10:51 - 2009-07-29 12:58 - 03279866 _____ C:\Windows\system32\prfh0416.dat
2016-08-21 10:51 - 2009-07-29 12:58 - 02604816 _____ C:\Windows\system32\prfc0416.dat
2016-08-21 10:51 - 2009-07-14 02:13 - 00006466 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-21 10:44 - 2013-10-23 17:49 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-08-21 10:44 - 2013-10-23 17:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-21 10:44 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-20 21:00 - 2013-10-30 19:43 - 00004374 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{27EDB029-BD1A-4FDF-9338-A9F62D867015}
2016-08-19 10:23 - 2016-02-27 20:44 - 00000000 ____D C:\Users\Todos os Usuários\MEGAsync
2016-08-19 10:23 - 2016-02-27 20:44 - 00000000 ____D C:\ProgramData\MEGAsync
2016-08-15 15:31 - 2013-10-23 17:49 - 00000000 ____D C:\Users\UpdatusUser
2016-08-14 17:11 - 2014-06-03 15:57 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2016-08-14 17:11 - 2014-06-03 15:57 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-08-14 14:18 - 2014-06-03 15:57 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-08-08 17:50 - 2014-05-31 15:30 - 00002239 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 17:50 - 2014-05-31 15:30 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 18:46 - 2016-06-04 19:13 - 00000000 ____D C:\Users\Andrielson Luiz\Desktop\yudfutd
2016-08-06 21:11 - 2014-11-19 12:02 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-08-06 21:11 - 2014-11-19 12:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-06 20:54 - 2014-12-18 17:47 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-08-06 20:54 - 2014-12-18 17:47 - 00000000 ____D C:\ProgramData\GbPlugin
2016-08-06 20:50 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-06 20:46 - 2013-11-12 17:00 - 00001310 _____ C:\Users\Andrielson
2016-07-30 11:43 - 2014-05-31 15:18 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 11:43 - 2014-05-31 15:18 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 18:04 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-07-26 15:04 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-24 21:55 - 2016-05-22 16:01 - 00000378 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2016-07-22 10:15 - 2013-11-12 17:00 - 00000000 ____D C:\Users\Andrielson Luiz\AppData\Local\ElevatedDiagnostics
==================== Arquivos na raiz de alguns diretórios =======
2014-12-18 17:45 - 2014-12-18 17:46 - 0016035 _____ () C:\Users\Andrielson Luiz\AppData\Roaming\unins000.dat
2014-12-18 17:45 - 2014-12-18 17:45 - 0720082 _____ () C:\Users\Andrielson Luiz\AppData\Roaming\unins000.exe
2014-03-27 18:57 - 2014-03-31 12:57 - 0000111 _____ () C:\Users\Andrielson Luiz\AppData\Roaming\WB.CFG
2014-09-03 21:57 - 2014-09-03 21:57 - 0000152 _____ () C:\ProgramData\bc.ini
2014-09-24 19:40 - 2014-09-24 19:40 - 0014304 _____ () C:\ProgramData\Duplicaterecord.js
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\Duplicaterecord.js
C:\Users\Todos os Usuários\Duplicaterecord.js
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
Alguns arquivos em TEMP:
====================
C:\Users\Andrielson Luiz\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-08-16 16:43
==================== Fim de FRST.txt ============================