Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 30-10-2016
Executado por Daire (administrador) em DAIRE-PC (02-11-2016 21:43:30)
Executando a partir de C:\Users\Daire\Downloads
Perfis Carregados: Daire (Perfis Disponíveis: Daire)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Spotify Ltd) C:\Users\Daire\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(BitTorrent Inc.) C:\Users\Daire\AppData\Roaming\uTorrent\uTorrent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(BitTorrent Inc.) C:\Users\Daire\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Daire\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Daire\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\setup_wm.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Spotify Ltd) C:\Users\Daire\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Daire\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Daire\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Daire\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4701184 2014-11-24] (VIA)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1842624 2016-09-30] (NVIDIA Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9099440 2016-10-27] (AVAST Software)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-08-25] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-08-10] (Caixa Economica Federal)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [Spotify Web Helper] => C:\Users\Daire\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-10-27] (Spotify Ltd)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [Spotify] => C:\Users\Daire\AppData\Roaming\Spotify\Spotify.exe [7039088 2016-10-27] (Spotify Ltd)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [uTorrent] => C:\Users\Daire\AppData\Roaming\uTorrent\uTorrent.exe [1977536 2016-10-06] (BitTorrent Inc.)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [Chromium] => "c:\users\daire\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\MountPoints2: {50c14514-8639-11e6-9dc6-eca86bbc3594} - G:\setup.exe
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\MountPoints2: {af1a9f6c-863c-11e6-a003-111111111111} - I:\setup.exe
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\MountPoints2: {af1a9f6f-863c-11e6-a003-111111111111} - I:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-09-25] (Microsoft Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-22] (AVAST Software)
GroupPolicy: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 8.8.8.8
Tcpip\..\Interfaces\{699F7C76-757C-42B1-9D15-6798E731A0D7}: [DhcpNameServer] 8.8.4.4 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1684180508-1464618877-3874987430-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1684180508-1464618877-3874987430-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: n9qx9uvr.default
FF ProfilePath: C:\Users\Daire\AppData\Roaming\Mozilla\Firefox\Profiles\n9qx9uvr.default [2016-10-28]
FF NewTab: Mozilla\Firefox\Profiles\n9qx9uvr.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\n9qx9uvr.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\n9qx9uvr.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\n9qx9uvr.default -> hxxps://www.google.com.br/?gfe_rd=cr&ei=lrjxV7nYM9WpxgSu04-YAQ&gws_rd=ssl
FF Keyword.URL: Mozilla\Firefox\Profiles\n9qx9uvr.default -> user_pref("keyword.URL", true);
FF SearchPlugin: C:\Users\Daire\AppData\Roaming\Mozilla\Firefox\Profiles\n9qx9uvr.default\searchplugins\yahoo! powered.xml [2016-09-29]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-22]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR Profile: C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default [2016-11-02]
CHR Extension: (Google Apresentações) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-22]
CHR Extension: (Google Docs) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-22]
CHR Extension: (Google Drive) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-22]
CHR Extension: (YouTube) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-22]
CHR Extension: (Avast SafePrice) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-24]
CHR Extension: (Planilhas do Google) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-22]
CHR Extension: (Documentos Google off-line) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
CHR Extension: (Avast Online Security) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-28]
CHR Extension: (wide awake theme) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghojamolcelbkfdejjhaliddkkhhpeb [2016-09-24]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-22]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2016-09-22]
CHR Extension: (Search Manager) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-11-02]
CHR Extension: (Gmail) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-22] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-08-10] (GAS Tecnologia)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [Arquivo não assinado]
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-09-22] () [Arquivo não assinado]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-30] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-14] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-29] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-29] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-08-10] (GAS Tecnologia)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-16] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-08-10] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-11-02] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-11-02 21:43 - 2016-11-02 21:44 - 00026823 _____ C:\Users\Daire\Downloads\FRST.txt
2016-11-02 21:43 - 2016-11-02 21:43 - 00000000 ____D C:\FRST
2016-11-02 21:42 - 2016-11-02 21:43 - 02408960 _____ (Farbar) C:\Users\Daire\Downloads\FRST64.exe
2016-11-02 21:37 - 2016-11-02 21:38 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2016-11-02 21:37 - 2016-11-02 21:37 - 00001943 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2016-11-02 17:07 - 2016-11-02 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2016-11-02 16:54 - 2016-11-02 16:54 - 00000000 ____D C:\Users\Daire\Documents\JA
2016-11-01 19:23 - 2016-11-01 19:23 - 00000000 ____D C:\Users\Daire\AppData\LocalLow\uTorrent
2016-10-30 18:26 - 2016-10-30 18:26 - 00575218 _____ C:\Users\Daire\Downloads\12793-70257-3-PB.pdf
2016-10-26 20:21 - 2016-10-30 15:43 - 00000000 ____D C:\Users\Daire\AppData\Roaming\Skype
2016-10-26 20:21 - 2016-10-26 20:21 - 00000000 ____D C:\Users\Daire\Tracing
2016-10-26 19:53 - 2016-10-30 15:43 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-10-26 19:53 - 2016-10-30 15:43 - 00000000 ____D C:\ProgramData\Skype
2016-10-26 19:46 - 2016-10-26 19:52 - 43760768 _____ (Skype Technologies S.A.) C:\Users\Daire\Downloads\SkypeSetupFull.exe
2016-10-23 18:49 - 2016-10-23 18:49 - 00300416 _____ C:\Windows\Minidump\102316-63118-01.dmp
2016-10-23 12:38 - 2016-10-23 12:38 - 00250788 _____ C:\Users\Daire\Documents\entrevista-semiestruturada.pdf
2016-10-22 21:42 - 2016-10-22 21:42 - 00063795 _____ C:\Users\Daire\Downloads\2029-2685-1-PB.pdf
2016-10-22 21:14 - 2016-10-22 21:14 - 03021234 _____ C:\Users\Daire\Downloads\dissertacao-mlm (1).pdf
2016-10-17 23:17 - 2016-10-17 23:17 - 01040578 _____ C:\Users\Daire\Desktop\1f25d74b-f42b-4cd1-bb41-6b92f565f333.mp4
2016-10-16 01:01 - 2016-10-16 01:01 - 00000000 ____D C:\4cdb01a366289510850bcf4c7e
2016-10-16 00:20 - 2016-10-16 00:20 - 01034556 _____ C:\Users\Daire\Downloads\Windows6.1-KB2999226-x64.msu
2016-10-16 00:20 - 2016-10-16 00:20 - 00000000 ____D C:\f4273f08ea600d5a754febe57f
2016-10-16 00:04 - 2016-10-16 00:05 - 14749120 _____ (Microsoft Corporation) C:\Users\Daire\Downloads\vc_redist.x64.exe
2016-10-15 23:48 - 2016-10-15 23:49 - 17837152 _____ C:\Users\Daire\Downloads\pcsx2-1.4.0-setup.exe
2016-10-15 20:25 - 2016-10-15 20:25 - 00000000 ____D C:\Users\Daire\AppData\Roaming\NVIDIA
2016-10-12 20:35 - 2016-10-12 21:42 - 341846558 _____ C:\Users\Daire\Downloads\Não confirmado 238096.crdownload
2016-10-12 19:05 - 2016-10-12 19:05 - 02114661 _____ C:\Users\Daire\Downloads\Fontes de informação-28.07.2013.pdf
2016-10-12 18:44 - 2016-10-12 18:47 - 15435419 _____ C:\Users\Daire\Downloads\ppsspp_win.zip
2016-10-12 15:42 - 2016-10-12 15:42 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2016-10-12 14:00 - 2016-10-12 14:00 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2016-10-12 14:00 - 2016-10-12 14:00 - 00001996 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2016-10-12 14:00 - 2016-10-12 14:00 - 00000000 ____D C:\Users\Daire\Documents\samsung
2016-10-12 14:00 - 2016-10-12 14:00 - 00000000 ____D C:\Users\Daire\AppData\Local\Samsung
2016-10-12 13:48 - 2016-10-12 14:00 - 00000000 ____D C:\Users\Daire\AppData\Roaming\Samsung
2016-10-12 13:48 - 2016-07-22 05:21 - 00164992 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2016-10-12 13:48 - 2016-07-22 05:21 - 00130688 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2016-10-12 13:31 - 2016-10-12 13:48 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-10-12 13:31 - 2016-10-12 13:47 - 00000000 ____D C:\Users\Todos os Usuários\Samsung
2016-10-12 13:31 - 2016-10-12 13:47 - 00000000 ____D C:\ProgramData\Samsung
2016-10-12 13:31 - 2016-10-12 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-10-12 13:31 - 2016-05-18 15:49 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2016-10-12 13:31 - 2016-05-18 15:49 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2016-10-12 13:22 - 2016-10-12 13:22 - 00000000 ____D C:\Users\Daire\AppData\Local\Downloaded Installations
2016-10-12 12:00 - 2016-10-12 12:14 - 71734912 _____ (Samsung Electronics Co., Ltd.) C:\Users\Daire\Downloads\KiesSetup.exe
2016-10-09 16:02 - 2016-10-09 16:02 - 00000000 ____D C:\Users\Daire\AppData\Local\HirezLauncherUI
2016-10-09 16:01 - 2016-10-09 16:01 - 00952608 _____ C:\Users\Daire\Downloads\44855-155111-2-PB.pdf
2016-10-09 16:00 - 2016-10-09 16:07 - 00000000 ____D C:\Users\Todos os Usuários\Hi-Rez Studios
2016-10-09 16:00 - 2016-10-09 16:07 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-10-09 16:00 - 2016-10-09 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-10-09 15:59 - 2016-11-01 19:22 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-10-09 14:51 - 2016-10-09 14:51 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-10-09 14:23 - 2016-10-09 14:23 - 00330625 _____ C:\Users\Daire\Documents\GRI Cap 8 Livro verde.pptx
2016-10-09 13:47 - 2016-10-09 13:47 - 00000000 ____D C:\Users\Daire\AppData\Local\Montaro
2016-10-09 13:47 - 2016-10-09 13:47 - 00000000 ____D C:\Users\Daire\AppData\Local\Crashpad
2016-10-09 12:45 - 2016-10-12 12:00 - 00000000 ____D C:\Users\Daire\Desktop\Bibliotecas universitárias
2016-10-09 12:41 - 2016-10-09 12:42 - 03021234 _____ C:\Users\Daire\Downloads\dissertacao-mlm.pdf
2016-10-09 12:41 - 2016-10-09 12:41 - 01101255 _____ C:\Users\Daire\Downloads\mata_ml_do_mar.pdf
2016-10-09 12:06 - 2016-10-09 12:06 - 00101019 _____ C:\Users\Daire\Downloads\6034-18526-1-SM.pdf
2016-10-09 10:58 - 2016-10-09 10:58 - 00000000 ____D C:\Program Files\WinRAR
2016-10-08 23:29 - 2016-11-02 17:08 - 00000000 ____D C:\Users\Daire\AppData\Roaming\vlc
2016-10-08 23:29 - 2016-10-08 23:34 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-10-08 23:29 - 2016-10-08 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-10-08 23:29 - 2016-10-08 23:29 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-10-03 06:37 - 2016-10-03 06:37 - 00000000 ____D C:\Temp
2016-10-03 04:20 - 2016-10-03 04:20 - 00300424 _____ C:\Windows\Minidump\100316-26442-01.dmp
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-11-02 21:43 - 2016-09-23 01:37 - 00000000 ____D C:\Users\Daire\AppData\Roaming\uTorrent
2016-11-02 21:37 - 2016-09-23 00:27 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-11-02 21:35 - 2016-09-29 00:35 - 00000000 ____D C:\Users\Todos os Usuários\{E0572534-6A15-AFF2-ECD3-31B07691BA7E}
2016-11-02 21:35 - 2016-09-29 00:35 - 00000000 ____D C:\ProgramData\{E0572534-6A15-AFF2-ECD3-31B07691BA7E}
2016-11-02 21:31 - 2016-09-22 01:26 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-02 20:50 - 2016-09-23 00:21 - 00000000 ____D C:\Users\Daire\AppData\Roaming\Spotify
2016-11-02 20:31 - 2016-08-30 23:17 - 00000000 ____D C:\Users\Daire\Documents\TCC Desenvolvimento
2016-11-02 18:05 - 2016-09-23 00:30 - 00000000 ____D C:\Users\Daire\AppData\Local\Spotify
2016-11-02 17:04 - 2016-01-31 15:24 - 00000000 ____D C:\Users\Daire\Documents\PCSX2
2016-11-02 14:21 - 2016-10-02 22:01 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-11-02 03:15 - 2016-09-23 01:36 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-02 01:45 - 2016-09-29 13:37 - 00000000 ____D C:\Users\Daire\AppData\Local\CrashDumps
2016-11-02 00:31 - 2016-09-22 01:26 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-01 19:30 - 2009-07-14 02:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:30 - 2009-07-14 02:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:23 - 2016-09-29 01:33 - 00000000 ___SD C:\Users\Daire\AppData\LocalLow\Temp
2016-11-01 19:22 - 2016-10-02 21:59 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-11-01 19:22 - 2016-10-02 21:59 - 00000000 ____D C:\ProgramData\GbPlugin
2016-11-01 19:22 - 2016-10-02 21:59 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-11-01 19:22 - 2016-09-24 20:08 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-11-01 19:22 - 2016-09-24 20:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-01 19:21 - 2016-09-22 00:55 - 00000358 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2016-11-01 19:21 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-31 21:47 - 2016-09-22 00:55 - 00002714 _____ C:\Windows\System32\Tasks\DriverToolkit Autorun
2016-10-31 21:30 - 2016-09-25 11:56 - 00000000 ____D C:\Users\Daire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-10-30 20:56 - 2016-04-10 23:04 - 00000000 ____D C:\Users\Daire\Documents\Projeto (TCC)
2016-10-29 23:44 - 2016-09-22 01:26 - 00000000 ____D C:\Users\Daire\AppData\Local\Google
2016-10-26 20:21 - 2016-09-21 23:32 - 00000000 ____D C:\Users\Daire
2016-10-25 02:16 - 2016-09-22 23:42 - 00000000 ____D C:\Users\Daire\AppData\Local\ElevatedDiagnostics
2016-10-24 20:35 - 2016-09-22 01:37 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 20:35 - 2016-09-22 01:37 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-24 09:01 - 2016-09-23 00:03 - 00000000 ____D C:\Windows\system32\MRT
2016-10-24 08:57 - 2016-09-23 00:03 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-24 08:56 - 2016-09-22 00:07 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-10-24 03:37 - 2016-09-22 23:00 - 01600212 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-24 03:37 - 2009-07-29 14:08 - 00705798 _____ C:\Windows\system32\prfh0416.dat
2016-10-24 03:37 - 2009-07-29 14:08 - 00147638 _____ C:\Windows\system32\prfc0416.dat
2016-10-24 03:37 - 2009-07-14 03:13 - 01645720 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-24 03:37 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-10-23 23:03 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
2016-10-23 18:49 - 2016-09-29 15:58 - 00000000 ____D C:\Windows\Minidump
2016-10-23 18:48 - 2016-09-29 15:58 - 946605606 _____ C:\Windows\MEMORY.DMP
2016-10-23 17:44 - 2016-09-25 18:10 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2016-10-23 13:06 - 2016-08-09 21:46 - 00000000 ____D C:\Users\Daire\Documents\Documentos igreja
2016-10-16 00:06 - 2016-09-22 23:01 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-10-16 00:06 - 2016-09-22 23:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-14 14:21 - 2016-09-23 00:24 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-14 14:21 - 2016-09-23 00:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-14 12:46 - 2016-09-22 23:58 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-10-12 13:31 - 2016-09-22 01:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-09 16:07 - 2016-09-16 01:06 - 00000000 ____D C:\Users\Daire\Documents\My Games
2016-10-09 15:16 - 2016-09-22 23:01 - 00000000 ____D C:\Users\Daire\AppData\Local\Microsoft Games
2016-10-09 11:25 - 2016-09-24 20:11 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-10-09 11:25 - 2016-09-24 20:10 - 00003782 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:25 - 2016-09-22 22:59 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2016-10-09 11:25 - 2016-09-22 22:59 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-09 11:24 - 2016-09-24 20:09 - 00003832 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:24 - 2016-09-24 20:09 - 00003770 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:24 - 2016-09-24 20:09 - 00003594 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:24 - 2016-09-24 20:08 - 00003832 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:24 - 2016-09-24 20:08 - 00003534 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:24 - 2016-09-24 20:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-09 11:24 - 2016-09-22 22:48 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-09 10:58 - 2016-09-22 00:06 - 00000000 ____D C:\Users\Daire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-09 10:58 - 2016-09-22 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-09 10:08 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-05 20:44 - 2009-07-14 03:08 - 00017644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-03 04:21 - 2016-09-22 00:06 - 00087272 _____ C:\Users\Daire\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-03 04:20 - 2009-07-14 02:45 - 00344696 _____ C:\Windows\system32\FNTCACHE.DAT
Alguns arquivos em TEMP:
====================
C:\Users\Daire\AppData\Local\Temp\ose00000.exe
C:\Users\Daire\AppData\Local\Temp\vlc-2.2.4-win32.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-10-23 22:53
==================== Fim de FRST.txt ============================
Executado por Daire (administrador) em DAIRE-PC (02-11-2016 21:43:30)
Executando a partir de C:\Users\Daire\Downloads
Perfis Carregados: Daire (Perfis Disponíveis: Daire)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Spotify Ltd) C:\Users\Daire\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(BitTorrent Inc.) C:\Users\Daire\AppData\Roaming\uTorrent\uTorrent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(BitTorrent Inc.) C:\Users\Daire\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Daire\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Daire\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\setup_wm.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Spotify Ltd) C:\Users\Daire\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Daire\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Daire\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Daire\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4701184 2014-11-24] (VIA)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1842624 2016-09-30] (NVIDIA Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9099440 2016-10-27] (AVAST Software)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318128 2016-08-25] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-08-10] (Caixa Economica Federal)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [Spotify Web Helper] => C:\Users\Daire\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-10-27] (Spotify Ltd)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [Spotify] => C:\Users\Daire\AppData\Roaming\Spotify\Spotify.exe [7039088 2016-10-27] (Spotify Ltd)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [uTorrent] => C:\Users\Daire\AppData\Roaming\uTorrent\uTorrent.exe [1977536 2016-10-06] (BitTorrent Inc.)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\Run: [Chromium] => "c:\users\daire\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\MountPoints2: {50c14514-8639-11e6-9dc6-eca86bbc3594} - G:\setup.exe
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\MountPoints2: {af1a9f6c-863c-11e6-a003-111111111111} - I:\setup.exe
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\...\MountPoints2: {af1a9f6f-863c-11e6-a003-111111111111} - I:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-09-25] (Microsoft Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-22] (AVAST Software)
GroupPolicy: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 8.8.8.8
Tcpip\..\Interfaces\{699F7C76-757C-42B1-9D15-6798E731A0D7}: [DhcpNameServer] 8.8.4.4 8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1684180508-1464618877-3874987430-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1684180508-1464618877-3874987430-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_40_rps_b2_rps¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0B0CtAyDzyyE0DyB0B0FtN0D0Tzu0StCyBtAtBtN1L2XzutAtFtByEtFtCyBtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAtCzyzz0BzyzzyDtGyC0ByD0EtGzztB0BtBtGyE0DyBtCtGyCyB0DzztDtAzz0A0E0BtA0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytByEtDyC0CyBtG0EtAtBzytGyE0AyB0FtGzz0BzztDtGzyzz0F0AyByCyEzzyDyDtD0E2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDtAzyyC%26cr%3D971184012%26a%3Dwbf_dmontlsfs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: n9qx9uvr.default
FF ProfilePath: C:\Users\Daire\AppData\Roaming\Mozilla\Firefox\Profiles\n9qx9uvr.default [2016-10-28]
FF NewTab: Mozilla\Firefox\Profiles\n9qx9uvr.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\n9qx9uvr.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\n9qx9uvr.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\n9qx9uvr.default -> hxxps://www.google.com.br/?gfe_rd=cr&ei=lrjxV7nYM9WpxgSu04-YAQ&gws_rd=ssl
FF Keyword.URL: Mozilla\Firefox\Profiles\n9qx9uvr.default -> user_pref("keyword.URL", true);
FF SearchPlugin: C:\Users\Daire\AppData\Roaming\Mozilla\Firefox\Profiles\n9qx9uvr.default\searchplugins\yahoo! powered.xml [2016-09-29]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-22]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-30] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-30] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR Profile: C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default [2016-11-02]
CHR Extension: (Google Apresentações) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-22]
CHR Extension: (Google Docs) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-22]
CHR Extension: (Google Drive) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-22]
CHR Extension: (YouTube) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-22]
CHR Extension: (Avast SafePrice) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-24]
CHR Extension: (Planilhas do Google) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-22]
CHR Extension: (Documentos Google off-line) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
CHR Extension: (Avast Online Security) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-28]
CHR Extension: (wide awake theme) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghojamolcelbkfdejjhaliddkkhhpeb [2016-09-24]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-22]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2016-09-22]
CHR Extension: (Search Manager) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-11-02]
CHR Extension: (Gmail) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\Daire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1684180508-1464618877-3874987430-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-22] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-08-10] (GAS Tecnologia)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [Arquivo não assinado]
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-09-22] () [Arquivo não assinado]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-30] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-14] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-29] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-29] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-08-10] (GAS Tecnologia)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-16] (NVIDIA Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-08-10] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-11-02] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-11-02 21:43 - 2016-11-02 21:44 - 00026823 _____ C:\Users\Daire\Downloads\FRST.txt
2016-11-02 21:43 - 2016-11-02 21:43 - 00000000 ____D C:\FRST
2016-11-02 21:42 - 2016-11-02 21:43 - 02408960 _____ (Farbar) C:\Users\Daire\Downloads\FRST64.exe
2016-11-02 21:37 - 2016-11-02 21:38 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2016-11-02 21:37 - 2016-11-02 21:37 - 00001943 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2016-11-02 17:07 - 2016-11-02 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2016-11-02 16:54 - 2016-11-02 16:54 - 00000000 ____D C:\Users\Daire\Documents\JA
2016-11-01 19:23 - 2016-11-01 19:23 - 00000000 ____D C:\Users\Daire\AppData\LocalLow\uTorrent
2016-10-30 18:26 - 2016-10-30 18:26 - 00575218 _____ C:\Users\Daire\Downloads\12793-70257-3-PB.pdf
2016-10-26 20:21 - 2016-10-30 15:43 - 00000000 ____D C:\Users\Daire\AppData\Roaming\Skype
2016-10-26 20:21 - 2016-10-26 20:21 - 00000000 ____D C:\Users\Daire\Tracing
2016-10-26 19:53 - 2016-10-30 15:43 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-10-26 19:53 - 2016-10-30 15:43 - 00000000 ____D C:\ProgramData\Skype
2016-10-26 19:46 - 2016-10-26 19:52 - 43760768 _____ (Skype Technologies S.A.) C:\Users\Daire\Downloads\SkypeSetupFull.exe
2016-10-23 18:49 - 2016-10-23 18:49 - 00300416 _____ C:\Windows\Minidump\102316-63118-01.dmp
2016-10-23 12:38 - 2016-10-23 12:38 - 00250788 _____ C:\Users\Daire\Documents\entrevista-semiestruturada.pdf
2016-10-22 21:42 - 2016-10-22 21:42 - 00063795 _____ C:\Users\Daire\Downloads\2029-2685-1-PB.pdf
2016-10-22 21:14 - 2016-10-22 21:14 - 03021234 _____ C:\Users\Daire\Downloads\dissertacao-mlm (1).pdf
2016-10-17 23:17 - 2016-10-17 23:17 - 01040578 _____ C:\Users\Daire\Desktop\1f25d74b-f42b-4cd1-bb41-6b92f565f333.mp4
2016-10-16 01:01 - 2016-10-16 01:01 - 00000000 ____D C:\4cdb01a366289510850bcf4c7e
2016-10-16 00:20 - 2016-10-16 00:20 - 01034556 _____ C:\Users\Daire\Downloads\Windows6.1-KB2999226-x64.msu
2016-10-16 00:20 - 2016-10-16 00:20 - 00000000 ____D C:\f4273f08ea600d5a754febe57f
2016-10-16 00:04 - 2016-10-16 00:05 - 14749120 _____ (Microsoft Corporation) C:\Users\Daire\Downloads\vc_redist.x64.exe
2016-10-15 23:48 - 2016-10-15 23:49 - 17837152 _____ C:\Users\Daire\Downloads\pcsx2-1.4.0-setup.exe
2016-10-15 20:25 - 2016-10-15 20:25 - 00000000 ____D C:\Users\Daire\AppData\Roaming\NVIDIA
2016-10-12 20:35 - 2016-10-12 21:42 - 341846558 _____ C:\Users\Daire\Downloads\Não confirmado 238096.crdownload
2016-10-12 19:05 - 2016-10-12 19:05 - 02114661 _____ C:\Users\Daire\Downloads\Fontes de informação-28.07.2013.pdf
2016-10-12 18:44 - 2016-10-12 18:47 - 15435419 _____ C:\Users\Daire\Downloads\ppsspp_win.zip
2016-10-12 15:42 - 2016-10-12 15:42 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2016-10-12 14:00 - 2016-10-12 14:00 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2016-10-12 14:00 - 2016-10-12 14:00 - 00001996 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2016-10-12 14:00 - 2016-10-12 14:00 - 00000000 ____D C:\Users\Daire\Documents\samsung
2016-10-12 14:00 - 2016-10-12 14:00 - 00000000 ____D C:\Users\Daire\AppData\Local\Samsung
2016-10-12 13:48 - 2016-10-12 14:00 - 00000000 ____D C:\Users\Daire\AppData\Roaming\Samsung
2016-10-12 13:48 - 2016-07-22 05:21 - 00164992 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2016-10-12 13:48 - 2016-07-22 05:21 - 00130688 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2016-10-12 13:31 - 2016-10-12 13:48 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-10-12 13:31 - 2016-10-12 13:47 - 00000000 ____D C:\Users\Todos os Usuários\Samsung
2016-10-12 13:31 - 2016-10-12 13:47 - 00000000 ____D C:\ProgramData\Samsung
2016-10-12 13:31 - 2016-10-12 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-10-12 13:31 - 2016-05-18 15:49 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2016-10-12 13:31 - 2016-05-18 15:49 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2016-10-12 13:22 - 2016-10-12 13:22 - 00000000 ____D C:\Users\Daire\AppData\Local\Downloaded Installations
2016-10-12 12:00 - 2016-10-12 12:14 - 71734912 _____ (Samsung Electronics Co., Ltd.) C:\Users\Daire\Downloads\KiesSetup.exe
2016-10-09 16:02 - 2016-10-09 16:02 - 00000000 ____D C:\Users\Daire\AppData\Local\HirezLauncherUI
2016-10-09 16:01 - 2016-10-09 16:01 - 00952608 _____ C:\Users\Daire\Downloads\44855-155111-2-PB.pdf
2016-10-09 16:00 - 2016-10-09 16:07 - 00000000 ____D C:\Users\Todos os Usuários\Hi-Rez Studios
2016-10-09 16:00 - 2016-10-09 16:07 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-10-09 16:00 - 2016-10-09 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-10-09 15:59 - 2016-11-01 19:22 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-10-09 14:51 - 2016-10-09 14:51 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-10-09 14:23 - 2016-10-09 14:23 - 00330625 _____ C:\Users\Daire\Documents\GRI Cap 8 Livro verde.pptx
2016-10-09 13:47 - 2016-10-09 13:47 - 00000000 ____D C:\Users\Daire\AppData\Local\Montaro
2016-10-09 13:47 - 2016-10-09 13:47 - 00000000 ____D C:\Users\Daire\AppData\Local\Crashpad
2016-10-09 12:45 - 2016-10-12 12:00 - 00000000 ____D C:\Users\Daire\Desktop\Bibliotecas universitárias
2016-10-09 12:41 - 2016-10-09 12:42 - 03021234 _____ C:\Users\Daire\Downloads\dissertacao-mlm.pdf
2016-10-09 12:41 - 2016-10-09 12:41 - 01101255 _____ C:\Users\Daire\Downloads\mata_ml_do_mar.pdf
2016-10-09 12:06 - 2016-10-09 12:06 - 00101019 _____ C:\Users\Daire\Downloads\6034-18526-1-SM.pdf
2016-10-09 10:58 - 2016-10-09 10:58 - 00000000 ____D C:\Program Files\WinRAR
2016-10-08 23:29 - 2016-11-02 17:08 - 00000000 ____D C:\Users\Daire\AppData\Roaming\vlc
2016-10-08 23:29 - 2016-10-08 23:34 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-10-08 23:29 - 2016-10-08 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-10-08 23:29 - 2016-10-08 23:29 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-10-03 06:37 - 2016-10-03 06:37 - 00000000 ____D C:\Temp
2016-10-03 04:20 - 2016-10-03 04:20 - 00300424 _____ C:\Windows\Minidump\100316-26442-01.dmp
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-11-02 21:43 - 2016-09-23 01:37 - 00000000 ____D C:\Users\Daire\AppData\Roaming\uTorrent
2016-11-02 21:37 - 2016-09-23 00:27 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-11-02 21:35 - 2016-09-29 00:35 - 00000000 ____D C:\Users\Todos os Usuários\{E0572534-6A15-AFF2-ECD3-31B07691BA7E}
2016-11-02 21:35 - 2016-09-29 00:35 - 00000000 ____D C:\ProgramData\{E0572534-6A15-AFF2-ECD3-31B07691BA7E}
2016-11-02 21:31 - 2016-09-22 01:26 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-02 20:50 - 2016-09-23 00:21 - 00000000 ____D C:\Users\Daire\AppData\Roaming\Spotify
2016-11-02 20:31 - 2016-08-30 23:17 - 00000000 ____D C:\Users\Daire\Documents\TCC Desenvolvimento
2016-11-02 18:05 - 2016-09-23 00:30 - 00000000 ____D C:\Users\Daire\AppData\Local\Spotify
2016-11-02 17:04 - 2016-01-31 15:24 - 00000000 ____D C:\Users\Daire\Documents\PCSX2
2016-11-02 14:21 - 2016-10-02 22:01 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-11-02 03:15 - 2016-09-23 01:36 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-02 01:45 - 2016-09-29 13:37 - 00000000 ____D C:\Users\Daire\AppData\Local\CrashDumps
2016-11-02 00:31 - 2016-09-22 01:26 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-01 19:30 - 2009-07-14 02:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:30 - 2009-07-14 02:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:23 - 2016-09-29 01:33 - 00000000 ___SD C:\Users\Daire\AppData\LocalLow\Temp
2016-11-01 19:22 - 2016-10-02 21:59 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-11-01 19:22 - 2016-10-02 21:59 - 00000000 ____D C:\ProgramData\GbPlugin
2016-11-01 19:22 - 2016-10-02 21:59 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-11-01 19:22 - 2016-09-24 20:08 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-11-01 19:22 - 2016-09-24 20:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-01 19:21 - 2016-09-22 00:55 - 00000358 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2016-11-01 19:21 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-31 21:47 - 2016-09-22 00:55 - 00002714 _____ C:\Windows\System32\Tasks\DriverToolkit Autorun
2016-10-31 21:30 - 2016-09-25 11:56 - 00000000 ____D C:\Users\Daire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-10-30 20:56 - 2016-04-10 23:04 - 00000000 ____D C:\Users\Daire\Documents\Projeto (TCC)
2016-10-29 23:44 - 2016-09-22 01:26 - 00000000 ____D C:\Users\Daire\AppData\Local\Google
2016-10-26 20:21 - 2016-09-21 23:32 - 00000000 ____D C:\Users\Daire
2016-10-25 02:16 - 2016-09-22 23:42 - 00000000 ____D C:\Users\Daire\AppData\Local\ElevatedDiagnostics
2016-10-24 20:35 - 2016-09-22 01:37 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 20:35 - 2016-09-22 01:37 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-24 09:01 - 2016-09-23 00:03 - 00000000 ____D C:\Windows\system32\MRT
2016-10-24 08:57 - 2016-09-23 00:03 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-24 08:56 - 2016-09-22 00:07 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-10-24 03:37 - 2016-09-22 23:00 - 01600212 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-24 03:37 - 2009-07-29 14:08 - 00705798 _____ C:\Windows\system32\prfh0416.dat
2016-10-24 03:37 - 2009-07-29 14:08 - 00147638 _____ C:\Windows\system32\prfc0416.dat
2016-10-24 03:37 - 2009-07-14 03:13 - 01645720 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-24 03:37 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-10-23 23:03 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
2016-10-23 18:49 - 2016-09-29 15:58 - 00000000 ____D C:\Windows\Minidump
2016-10-23 18:48 - 2016-09-29 15:58 - 946605606 _____ C:\Windows\MEMORY.DMP
2016-10-23 17:44 - 2016-09-25 18:10 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2016-10-23 13:06 - 2016-08-09 21:46 - 00000000 ____D C:\Users\Daire\Documents\Documentos igreja
2016-10-16 00:06 - 2016-09-22 23:01 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-10-16 00:06 - 2016-09-22 23:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-14 14:21 - 2016-09-23 00:24 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-14 14:21 - 2016-09-23 00:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-14 12:46 - 2016-09-22 23:58 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-10-12 13:31 - 2016-09-22 01:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-09 16:07 - 2016-09-16 01:06 - 00000000 ____D C:\Users\Daire\Documents\My Games
2016-10-09 15:16 - 2016-09-22 23:01 - 00000000 ____D C:\Users\Daire\AppData\Local\Microsoft Games
2016-10-09 11:25 - 2016-09-24 20:11 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-10-09 11:25 - 2016-09-24 20:10 - 00003782 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:25 - 2016-09-22 22:59 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2016-10-09 11:25 - 2016-09-22 22:59 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-09 11:24 - 2016-09-24 20:09 - 00003832 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:24 - 2016-09-24 20:09 - 00003770 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:24 - 2016-09-24 20:09 - 00003594 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:24 - 2016-09-24 20:08 - 00003832 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:24 - 2016-09-24 20:08 - 00003534 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-09 11:24 - 2016-09-24 20:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-09 11:24 - 2016-09-22 22:48 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-09 10:58 - 2016-09-22 00:06 - 00000000 ____D C:\Users\Daire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-09 10:58 - 2016-09-22 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-09 10:08 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-05 20:44 - 2009-07-14 03:08 - 00017644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-03 04:21 - 2016-09-22 00:06 - 00087272 _____ C:\Users\Daire\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-03 04:20 - 2009-07-14 02:45 - 00344696 _____ C:\Windows\system32\FNTCACHE.DAT
Alguns arquivos em TEMP:
====================
C:\Users\Daire\AppData\Local\Temp\ose00000.exe
C:\Users\Daire\AppData\Local\Temp\vlc-2.2.4-win32.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-10-23 22:53
==================== Fim de FRST.txt ============================