Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-01-2017
Executado por Adleer Sirotheau (administrador) em SONY (15-01-2017 15:08:20)
Executando a partir de C:\Users\Adleer Sirotheau\Downloads
Perfis Carregados: Adleer Sirotheau (Perfis Disponíveis: Adleer Sirotheau)
Platform: Windows 7 Home Premium (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(SaveSense) C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
() C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
() C:\Program Files (x86)\SmarThru Office\LegacyLauncher.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Samsung) C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Lightcomm) C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DLL-files.com) C:\Program Files (x86)\DLL-Files.com Client\DLLFilesClient.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [788640 2011-02-24] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-02-24] (Atheros Commnucations)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [STO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [86016 2008-01-25] ()
HKLM-x32\...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\LegacyLauncher.exe [77824 2008-01-25] ()
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\samsung\panelmgr\SSMMgr.exe [692224 2011-03-14] ()
HKLM-x32\...\Run: [NSCSysTrayUI] => C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe [270336 2009-04-09] (Samsung)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GSMEjector] => C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856 2011-05-20] (Lightcomm)
HKLM-x32\...\Run: [mbot_br_118] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-01-13] (Banco do Brasil)
Winlogon\Notify\ GbPluginIsg: C:\Program Files (x86)\GbPlugin\gbiehIsg.dll [2012-06-01] (Infoseg - Senasp)
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\Run: [PriceMeterW] => "C:\Users\Adleer Sirotheau\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {85f977fd-5b40-11e3-a394-6427379bebe0} - F:\Autorun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {8b2cbebc-1045-11e3-8bc2-6427379bebe0} - E:\AutoRun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {8b532bdf-f64b-11e2-aa64-6427379bebe0} - E:\AutoRun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {cd0e0a56-2e2a-11e3-8d28-6427379bebe0} - E:\LaunchU3.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {d678a05b-f72f-11e3-96a8-e91c06ffa2c7} - E:\iLinker.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {de65b85e-f624-11e2-a606-6427379bebe0} - E:\AutoRun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {de65b86c-f624-11e2-a606-6427379bebe0} - E:\AutoRun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {e1b27fde-f6c8-11e2-adee-6427379bebe0} - E:\AutoRun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {eb022148-8049-11e3-a8b6-00a0c6000000} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.bat
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {eeb5a626-2ced-11e3-8b67-6427379bebe0} - E:\MotoCastSetup.exe -a
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1836928 2015-01-13] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\Program Files (x86)\GbPlugin\gbiehisg.dll [597504 2012-06-01] (Infoseg - Senasp)
Startup: C:\Users\Adleer Sirotheau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Officejet Pro 8600.lnk [2017-01-15]
ShortcutTarget: Monitorar alertas de tinta - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53751;https=127.0.0.1:53751;
ProxyServer: [S-1-5-21-2252684816-1157628736-3161286079-1000] => 192.168.65.1:3128
AutoConfigURL: [S-1-5-21-2252684816-1157628736-3161286079-1000] => hxxp://10.1.0.10/wpad.pac
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 10.0.0.1
Tcpip\..\Interfaces\{498F4EC0-7C2D-45ED-909B-186E1DF6635D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9CA38B4A-DC62-4DC7-B138-6CC2E0624945}: [DhcpNameServer] 192.168.66.11
Tcpip\..\Interfaces\{D2E4A122-9F35-4EF2-A4D7-7B11E970DE53}: [DhcpNameServer] 8.8.8.8 10.0.0.1
ManualProxies: 0hxxp://10.1.0.10/wpad.pac
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
URLSearchHook: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 - (Sem Nome) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Nenhum Arquivo
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=B9B691F0-A6C9-463F-A865-A3D7CDB4CE32&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> DefaultScope {B9284A70-5BC2-49C6-9062-BD37E5AC12EE} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> Web URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.iminent.com/?appId=B9B691F0-A6C9-463F-A865-A3D7CDB4CE32&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> {B9284A70-5BC2-49C6-9062-BD37E5AC12EE} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-07] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll => Nenhum Arquivo
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-07] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: SaveSense -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> C:\Program Files (x86)\SaveSense\SaveSenseIE.dll [2013-10-28] (SaveSense)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-02-24] (Atheros Commnucations)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll => Nenhum Arquivo
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-01-13] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540015} -> C:\Program Files (x86)\GbPlugin\gbiehisg.dll [2012-06-01] (Infoseg - Senasp)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} hxxp://www.sony.co.in/HP/script/supt/VaioInfo.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2014-05-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2014-05-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2014-05-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: (Anti-Banner) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2014-05-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2014-05-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-25] [não assinado]
FF HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-07] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Nenhum Arquivo]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2013-12-10] (SaveSense)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2013-12-10] (SaveSense)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2252684816-1157628736-3161286079-1000: gastecnologia.com.br/sf/bb -> C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-04-14] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-2252684816-1157628736-3161286079-1000: gastecnologia.com.br/sf/gas64 -> C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-2252684816-1157628736-3161286079-1000: gastecnologia.com.br/sf/isg -> C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\npsf_isg.dll [2012-12-06] (GAS Tecnologia)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com.br/"
CHR Profile: C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default [2017-01-15]
CHR Extension: (GBBD Infoseg - Senasp) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\acglkpfaolcjghoenkgkmbboccpgdcmg [2014-04-21]
CHR Extension: (Conselheiro de URLs da Kaspersky) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-21]
CHR Extension: (MySocialShortcut) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkhngaioieemngifhcjghfankkmbpca [2017-01-15]
CHR Extension: (Dinheiro seguro) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-21]
CHR Extension: (Teclado virtual) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-21]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2015-03-20]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-01-29]
CHR Extension: (Anti-Banner) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [acglkpfaolcjghoenkgkmbboccpgdcmg] - C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\isg\sf.crx [2013-10-07]
CHR HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-02-24] (Atheros) [Arquivo não assinado]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [73376 2011-02-24] (Atheros Commnucations) [Arquivo não assinado]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [579896 2015-04-29] (GAS Tecnologia)
S2 GSMEjector; C:\Windows\SysWOW64\GSMSrvEjector.exe [620032 2011-05-20] () [Arquivo não assinado]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2011-04-17] (Realsil Microelectronics Inc.) [Arquivo não assinado]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Arquivo não assinado]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [231936 2012-02-05] (Samsung Electronics Co., Ltd.) [Arquivo não assinado]
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-12-10] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-12-10] (SaveSense)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-04-16] (Samsung Electronics)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO) [Arquivo não assinado]
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-26] (Kaspersky Lab ZAO)
S3 Olicard160net; C:\Windows\System32\DRIVERS\Olicard160Usbnet.sys [138752 2009-12-11] (TCT International Mobile Ltd)
S3 Olicard160ser; C:\Windows\System32\DRIVERS\Olicard160ser.sys [119680 2010-04-07] (Olivetti)
S3 OLICARD160USB; C:\Windows\System32\Drivers\Olicard160Usb.sys [25088 2010-06-10] (Windows (R) Codename Longhorn DDK provider)
S3 Spring; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [110336 2014-06-16] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-15 15:08 - 2017-01-15 15:08 - 00033700 _____ C:\Users\Adleer Sirotheau\Downloads\FRST.txt
2017-01-15 15:07 - 2017-01-15 15:08 - 00000000 ____D C:\FRST
2017-01-15 15:06 - 2017-01-15 15:06 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\DLL-files.com
2017-01-15 15:06 - 2017-01-15 15:06 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\DFXCT
2017-01-15 15:05 - 2017-01-15 15:05 - 00001089 _____ C:\Users\Public\Desktop\DLL-Files.com Client.lnk
2017-01-15 15:05 - 2017-01-15 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL-Files.com Client
2017-01-15 15:05 - 2017-01-15 15:05 - 00000000 ____D C:\Program Files (x86)\DLL-Files.com Client
2017-01-15 15:03 - 2017-01-15 15:04 - 02419200 _____ (Farbar) C:\Users\Adleer Sirotheau\Downloads\FRST64.exe
2017-01-15 15:01 - 2017-01-15 15:03 - 02729024 _____ (DLL-Files.com Client ) C:\Users\Adleer Sirotheau\Downloads\clientsetup_d-0.exe
2017-01-15 12:31 - 2017-01-15 12:31 - 00000222 _____ C:\Users\Adleer Sirotheau\Desktop\Age of Empires II HD Edition.url
2017-01-15 12:25 - 2017-01-15 12:25 - 00000000 ___RD C:\Users\Adleer Sirotheau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-01-13 00:50 - 2017-01-15 12:31 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-13 00:07 - 2017-01-13 00:08 - 00006731 _____ C:\Users\Adleer Sirotheau\Downloads\index (1).php
2017-01-12 17:00 - 2017-01-12 17:00 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Local\Chromium
2017-01-11 10:41 - 2017-01-11 10:41 - 00000000 _____ C:\Users\Adleer Sirotheau\AppData\Local\{3EA93397-F324-4521-872A-AC356DFA4A00}
2017-01-10 20:30 - 2017-01-10 20:30 - 00032895 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310589204688.pdf
2017-01-05 12:33 - 2017-01-05 12:33 - 02407830 _____ (GAS Tecnologia ) C:\Users\Adleer Sirotheau\Downloads\Não confirmado 45178.crdownload
2017-01-05 12:29 - 2017-01-05 12:29 - 01605752 _____ (GAS Tecnologia ) C:\Users\Adleer Sirotheau\Downloads\gbpbbwr.exe
2017-01-05 12:23 - 2017-01-05 12:25 - 03153968 _____ (Banco do Brasil SA) C:\Users\Adleer Sirotheau\Downloads\DiagnosticoBB (5).exe
2016-12-29 11:57 - 2016-12-29 11:57 - 00048640 _____ C:\Users\Adleer Sirotheau\Downloads\CONTAS DOS VALORES PARA LIBERAÇÃO.doc
2016-12-27 11:55 - 2016-12-27 11:55 - 00430952 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura (1).pdf
2016-12-22 14:36 - 2016-12-22 14:36 - 00019839 _____ C:\Users\Adleer Sirotheau\Downloads\pedido de liberação de valores.docx
2016-12-22 13:48 - 2016-12-22 13:48 - 00007911 _____ C:\Users\Adleer Sirotheau\Downloads\documento20160487991443.pdf
2016-12-15 12:01 - 2016-12-15 12:01 - 00113849 _____ C:\Users\Adleer Sirotheau\Downloads\texto_2993493.pdf
2016-12-15 11:59 - 2016-12-15 11:59 - 00024792 _____ C:\Users\Adleer Sirotheau\Downloads\texto_3062701.RTF
2016-12-14 12:23 - 2016-12-14 12:23 - 00032895 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310029213393.pdf
2016-12-13 21:18 - 2016-12-13 21:20 - 06683227 _____ C:\Users\Adleer Sirotheau\Downloads\AÇÃO CAUTELAR BLOQUEIO DE VERBAS DO MUNICIPIO PARA GARANTIR PAGAMENTO DOS SERVIDORES PUBLICOS.docx
2016-12-12 01:03 - 2016-12-12 01:03 - 00138948 _____ C:\Users\Adleer Sirotheau\Downloads\12-60.2015.6.26.0000.PDF
2016-12-12 00:56 - 2016-12-12 00:56 - 00180423 _____ C:\Users\Adleer Sirotheau\Downloads\168164_1_1_000000003210.pdf
2016-12-09 13:50 - 2016-12-09 13:50 - 00515674 _____ C:\Users\Adleer Sirotheau\Downloads\AC009915(Eleições 2012.Recurso Eleitoral.AIJE. PARTIDO DA SOCIAL DEMOCRACIA BRASILEIRA COLIGAÇÃO PARA MARAVILHA CONTINUAR NO CAMINHO CERTO)Documento.tif
2016-12-06 14:46 - 2016-12-06 14:46 - 00015637 _____ C:\Users\Adleer Sirotheau\Documents\Corrupção de menores - júri.docx
2016-12-06 14:30 - 2016-12-06 14:31 - 00792220 _____ C:\Users\Adleer Sirotheau\Downloads\22138-71236-1-SM.pdf
2016-12-06 14:28 - 2016-12-06 14:28 - 00096256 _____ C:\Users\Adleer Sirotheau\Downloads\946-3452-1-PB.doc
2016-12-06 12:17 - 2016-12-06 13:44 - 00006830 _____ C:\Users\Adleer Sirotheau\Downloads\default.asp
2016-12-06 09:12 - 2016-12-06 09:12 - 00008758 _____ C:\Users\Adleer Sirotheau\Downloads\processo00064119820148140003.pdf
2016-12-06 00:36 - 2016-12-06 00:36 - 00028608 _____ C:\Users\Adleer Sirotheau\Downloads\Boleto.htm
2016-12-06 00:36 - 2016-12-06 00:36 - 00028608 _____ C:\Users\Adleer Sirotheau\Documents\Boleto unimed - dezembro de 2016.html
2016-12-02 10:02 - 2016-12-02 10:02 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 51811 E 51931 - 2016 - COORDENADORIA BAIXO AMAZONAS - QUADRO DE LOTAÇÃO - NOV 2016 (1).doc
2016-12-02 09:53 - 2016-12-02 09:53 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 51811 E 51931 - 2016 - COORDENADORIA BAIXO AMAZONAS - QUADRO DE LOTAÇÃO - NOV 2016.doc
2016-12-01 23:14 - 2016-12-01 23:14 - 00039936 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLO Nº 42882 - PORTARIAS RETROATIVAS DR. ADLER CALDERARO SIROTHEAU (2).doc
2016-12-01 23:13 - 2016-12-01 23:13 - 00038912 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLO Nº 50507 - SUBSTITUIÇÃO DRA. IONE MISSAE - DIA 25.10.2016 (1).doc
2016-12-01 23:07 - 2016-12-01 23:07 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 52376 - 51390 E 51944 - 2016 - COORDENADORIA BAIXO AMAZONAS - DESIGANÇÕES - MÊS NACIONAL DO TRIBUNAL DO JÚRI - PJ SANTARÉM (2).doc
2016-12-01 23:07 - 2016-12-01 23:07 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 52376 - 51390 E 51944 - 2016 - COORDENADORIA BAIXO AMAZONAS - DESIGANÇÕES - MÊS NACIONAL DO TRIBUNAL DO JÚRI - PJ SANTARÉM (1).doc
2016-12-01 23:03 - 2016-12-01 23:03 - 00038912 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLO Nº 50507 - SUBSTITUIÇÃO DRA. IONE MISSAE - DIA 25.10.2016.doc
2016-12-01 23:02 - 2016-12-01 23:02 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 52376 - 51390 E 51944 - 2016 - COORDENADORIA BAIXO AMAZONAS - DESIGANÇÕES - MÊS NACIONAL DO TRIBUNAL DO JÚRI - PJ SANTARÉM.doc
2016-12-01 18:13 - 2016-12-01 18:13 - 00134156 _____ C:\Users\Adleer Sirotheau\Downloads\LADILSON DE MELO SERIQUE - Progressao ao aberto INDEFERIDO, NOVA CONDENAÇÃO.rtf
2016-12-01 18:12 - 2016-12-01 18:13 - 00146746 _____ C:\Users\Adleer Sirotheau\Downloads\CLEIFE CORDEIRO TAVARES - Progressao ao aberto.rtf
2016-12-01 17:14 - 2016-12-01 17:14 - 00174081 _____ C:\Users\Adleer Sirotheau\Downloads\Manual de compras diretas TCU.pdf
2016-12-01 16:50 - 2016-12-01 16:50 - 00128128 _____ C:\Users\Adleer Sirotheau\Downloads\processo00011415920158140003.pdf
2016-11-22 12:03 - 2016-11-22 12:03 - 00069120 _____ C:\Users\Adleer Sirotheau\Downloads\2016-REPRE-conduta-vedada-exoneração-de-servidores-contratados-após-eleição-1 (Reparado).doc
2016-11-21 10:18 - 2016-11-21 10:18 - 00037300 _____ C:\Users\Adleer Sirotheau\Downloads\08.Quadro Lotação Promotores-Agosto 2016.docx
2016-11-08 15:56 - 2016-11-08 15:56 - 00024551 _____ C:\Users\Adleer Sirotheau\Downloads\Minuta de Recomendação Transição de Governo.docx
2016-11-08 15:51 - 2016-11-08 15:51 - 00118272 _____ C:\Users\Adleer Sirotheau\Downloads\RECOMENDAÇÃO SOBRE PATRIMONIO MUNICIPAL.doc
2016-10-26 12:15 - 2016-11-01 11:12 - 00139269 _____ C:\Users\Adleer Sirotheau\Documents\EXCELENTÍSSIMO SENHOR DOUTOR JUIZ DE DIREITO DA COMARCA DE ALENQUER.docx
2016-10-25 13:22 - 2016-10-25 13:22 - 00002104 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-10-25 13:22 - 2016-10-25 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-10-24 19:52 - 2016-10-24 19:52 - 00077888 _____ C:\Users\Adleer Sirotheau\Documents\Boleto unimed mês de outubro de 2016.pdf
2016-10-24 19:32 - 2016-10-24 19:32 - 00077888 _____ C:\Users\Adleer Sirotheau\Downloads\TELMA MARIA CALDERARO SIROTHEAU (3).pdf
2016-10-24 12:22 - 2016-10-24 12:22 - 00037230 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310015181594.pdf
2016-10-24 12:17 - 2016-10-24 12:17 - 00033150 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310011200776.pdf
2016-10-21 10:22 - 2016-10-21 10:22 - 00034048 _____ C:\Users\Adleer Sirotheau\Downloads\download (10).docx
2016-10-19 22:43 - 2016-10-19 22:43 - 00209408 _____ C:\Users\Adleer Sirotheau\Downloads\ACP.SALARIO.doc
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-15 15:01 - 2013-07-22 14:17 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-15 14:48 - 2014-02-18 22:44 - 00000320 _____ C:\Windows\Tasks\MySearchDial.job
2017-01-15 14:44 - 2014-02-18 22:11 - 00000320 _____ C:\Windows\Tasks\Digital Sites.job
2017-01-15 14:31 - 2013-12-10 00:21 - 00000952 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2017-01-15 14:21 - 2013-12-10 00:21 - 00000320 _____ C:\Windows\Tasks\SaveSense.job
2017-01-15 14:21 - 2013-10-12 00:38 - 00000320 _____ C:\Windows\Tasks\Funmoods.job
2017-01-15 12:33 - 2009-07-14 01:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-15 12:33 - 2009-07-14 01:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-15 12:32 - 2009-07-14 14:55 - 00668086 _____ C:\Windows\system32\prfh0416.dat
2017-01-15 12:32 - 2009-07-14 14:55 - 00132184 _____ C:\Windows\system32\prfc0416.dat
2017-01-15 12:32 - 2009-07-14 02:13 - 01534494 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-15 12:32 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-01-15 12:31 - 2013-12-31 17:00 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-15 12:28 - 2013-07-23 08:27 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2017-01-15 12:28 - 2013-07-23 08:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-01-15 12:26 - 2013-07-26 09:36 - 00000156 _____ C:\Windows\ODBC.INI
2017-01-15 12:25 - 2014-10-02 15:05 - 00000936 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2017-01-15 12:25 - 2014-10-02 15:05 - 00000932 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2017-01-15 12:25 - 2013-12-10 00:21 - 00000948 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2017-01-15 12:25 - 2013-07-29 22:26 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-01-15 12:25 - 2013-07-22 14:08 - 00000035 _____ C:\Users\Todos os Usuários\AtherosServiceConfig.ini
2017-01-15 12:25 - 2013-07-22 14:08 - 00000035 _____ C:\ProgramData\AtherosServiceConfig.ini
2017-01-15 12:25 - 2013-07-22 09:59 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Bluetooth Folder
2017-01-15 12:25 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-13 14:40 - 2013-11-04 14:43 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Alenquer
2017-01-13 00:05 - 2013-08-26 13:08 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\LocalLow\HPAppData
2017-01-13 00:00 - 2014-01-01 02:17 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-01-13 00:00 - 2014-01-01 02:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-12 17:01 - 2015-10-30 23:16 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Local\Steam
2017-01-11 12:09 - 2013-07-22 19:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-11 12:09 - 2013-07-22 14:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 12:09 - 2013-07-22 14:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 12:09 - 2013-07-22 14:17 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 12:09 - 2013-07-22 14:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 12:00 - 2013-08-26 10:34 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Local\CrashDumps
2017-01-05 12:34 - 2014-01-16 12:38 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2017-01-05 12:34 - 2014-01-16 12:38 - 00000000 ____D C:\ProgramData\Temp
2017-01-02 18:21 - 2013-07-22 14:05 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\Atheros
2016-12-18 08:50 - 2013-07-26 20:45 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 08:50 - 2013-07-26 20:45 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-18 08:50 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Tasks
2016-12-16 16:44 - 2013-07-22 07:52 - 00000000 ___RD C:\Users\Adleer Sirotheau\Documents
2016-12-16 16:39 - 2015-05-25 18:01 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Execução Penal e Controle Externo
2016-12-16 16:34 - 2015-05-27 09:46 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Modelos Interceptação Evelin
==================== Arquivos na raiz de alguns diretórios =======
2014-09-01 05:18 - 2014-09-01 05:18 - 0002086 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\RADCPJ
2014-10-02 15:06 - 2014-10-02 15:06 - 1497504 _____ (browser) C:\Users\Adleer Sirotheau\AppData\Roaming\RADCPJ.exe
2013-07-29 22:25 - 2014-02-17 22:51 - 0029446 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins000.dat
2014-02-17 22:51 - 2014-02-17 22:50 - 0720082 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins000.exe
2013-10-07 16:45 - 2013-10-07 16:45 - 0009294 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins001.dat
2013-10-07 16:45 - 2013-10-07 16:45 - 0717985 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins001.exe
2013-09-16 22:00 - 2016-03-04 10:55 - 0000344 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\WB.CFG
2013-08-25 21:34 - 2013-08-25 21:34 - 0430107 _____ () C:\Users\Adleer Sirotheau\AppData\Local\funmoods_speedial_v9.0.10.crx
2017-01-11 10:41 - 2017-01-11 10:41 - 0000000 _____ () C:\Users\Adleer Sirotheau\AppData\Local\{3EA93397-F324-4521-872A-AC356DFA4A00}
2016-07-04 10:11 - 2016-07-04 10:11 - 0000000 _____ () C:\Users\Adleer Sirotheau\AppData\Local\{D0A6CF13-4ABF-4455-B1B8-92139D652585}
2016-08-21 00:31 - 2016-08-21 00:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-07-22 14:08 - 2017-01-15 12:25 - 0000035 _____ () C:\ProgramData\AtherosServiceConfig.ini
2014-09-14 20:03 - 2014-09-14 20:03 - 0014304 _____ () C:\ProgramData\Duplicaterecord.js
2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2013-08-25 18:31 - 2013-08-25 20:49 - 0001659 _____ () C:\ProgramData\hpzinstall.log
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\Duplicaterecord.js
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\Duplicaterecord.js
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
Alguns arquivos em TEMP:
====================
C:\Users\Adleer Sirotheau\AppData\Local\Temp\041013_d.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\041013_y.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\180713_d.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\180713_y.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_d.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_f.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_p.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_y.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\29182uninstall.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\BackupSetup.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\cd-frozen-uma-aventura-congelante-a-trilha-sonora-gratis.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\frozen-uma-aventura-congelante--trilha.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1056.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF123E.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF125C.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF149F.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1B62.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1CD7.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1DB3.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF27F0.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF406.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF4EEF.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5112.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5239.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF526.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5342.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF53B1.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF545B.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5536.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF57E7.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF6109.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF62FF.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF63E6.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF6619.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF6F0C.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF75EF.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF7767.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF793A.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8116.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8D9F.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8DC.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8FC6.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF9310.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF9561.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF984A.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF9F5A.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFA00A.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFA77B.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAA63.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAAB0.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAB8B.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAFBB.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB159.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB32D.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB531.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB589.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB79D.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB80D.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB93D.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFBB86.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFBD6B.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFBE83.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC316.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC611.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC91E.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC95C.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFD088.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFDA7B.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFDC5C.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFDE9.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE075.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE09.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE093.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE787.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE8DD.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFEC38.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFEFEF.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFF700.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFF942.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFF982.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFFE1.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFFED.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\hao123br-distribution.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\ICReinstall_MediaPlayerSetup.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\LollipopInstaller.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\MotoCast_Installer_1.1.26.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\pm.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\setup.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install_silent(1).exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install_silent(2).exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install_silent.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\Sqlite3.dll
C:\Users\Adleer Sirotheau\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Adleer Sirotheau\AppData\Local\Temp\swt-win32-3448.dll
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-01-13 01:33
==================== Fim de FRST.txt ============================
Executado por Adleer Sirotheau (administrador) em SONY (15-01-2017 15:08:20)
Executando a partir de C:\Users\Adleer Sirotheau\Downloads
Perfis Carregados: Adleer Sirotheau (Perfis Disponíveis: Adleer Sirotheau)
Platform: Windows 7 Home Premium (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(SaveSense) C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
() C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
() C:\Program Files (x86)\SmarThru Office\LegacyLauncher.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Samsung) C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Lightcomm) C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DLL-files.com) C:\Program Files (x86)\DLL-Files.com Client\DLLFilesClient.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [788640 2011-02-24] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-02-24] (Atheros Commnucations)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [STO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [86016 2008-01-25] ()
HKLM-x32\...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\LegacyLauncher.exe [77824 2008-01-25] ()
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\samsung\panelmgr\SSMMgr.exe [692224 2011-03-14] ()
HKLM-x32\...\Run: [NSCSysTrayUI] => C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe [270336 2009-04-09] (Samsung)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GSMEjector] => C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856 2011-05-20] (Lightcomm)
HKLM-x32\...\Run: [mbot_br_118] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-01-13] (Banco do Brasil)
Winlogon\Notify\ GbPluginIsg: C:\Program Files (x86)\GbPlugin\gbiehIsg.dll [2012-06-01] (Infoseg - Senasp)
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\Run: [PriceMeterW] => "C:\Users\Adleer Sirotheau\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {85f977fd-5b40-11e3-a394-6427379bebe0} - F:\Autorun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {8b2cbebc-1045-11e3-8bc2-6427379bebe0} - E:\AutoRun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {8b532bdf-f64b-11e2-aa64-6427379bebe0} - E:\AutoRun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {cd0e0a56-2e2a-11e3-8d28-6427379bebe0} - E:\LaunchU3.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {d678a05b-f72f-11e3-96a8-e91c06ffa2c7} - E:\iLinker.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {de65b85e-f624-11e2-a606-6427379bebe0} - E:\AutoRun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {de65b86c-f624-11e2-a606-6427379bebe0} - E:\AutoRun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {e1b27fde-f6c8-11e2-adee-6427379bebe0} - E:\AutoRun.exe
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {eb022148-8049-11e3-a8b6-00a0c6000000} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.bat
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {eeb5a626-2ced-11e3-8b67-6427379bebe0} - E:\MotoCastSetup.exe -a
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1836928 2015-01-13] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\Program Files (x86)\GbPlugin\gbiehisg.dll [597504 2012-06-01] (Infoseg - Senasp)
Startup: C:\Users\Adleer Sirotheau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Officejet Pro 8600.lnk [2017-01-15]
ShortcutTarget: Monitorar alertas de tinta - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53751;https=127.0.0.1:53751;
ProxyServer: [S-1-5-21-2252684816-1157628736-3161286079-1000] => 192.168.65.1:3128
AutoConfigURL: [S-1-5-21-2252684816-1157628736-3161286079-1000] => hxxp://10.1.0.10/wpad.pac
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 10.0.0.1
Tcpip\..\Interfaces\{498F4EC0-7C2D-45ED-909B-186E1DF6635D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9CA38B4A-DC62-4DC7-B138-6CC2E0624945}: [DhcpNameServer] 192.168.66.11
Tcpip\..\Interfaces\{D2E4A122-9F35-4EF2-A4D7-7B11E970DE53}: [DhcpNameServer] 8.8.8.8 10.0.0.1
ManualProxies: 0hxxp://10.1.0.10/wpad.pac
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
URLSearchHook: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 - (Sem Nome) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Nenhum Arquivo
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=B9B691F0-A6C9-463F-A865-A3D7CDB4CE32&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> DefaultScope {B9284A70-5BC2-49C6-9062-BD37E5AC12EE} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> Web URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.iminent.com/?appId=B9B691F0-A6C9-463F-A865-A3D7CDB4CE32&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> {B9284A70-5BC2-49C6-9062-BD37E5AC12EE} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-07] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll => Nenhum Arquivo
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-07] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: SaveSense -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> C:\Program Files (x86)\SaveSense\SaveSenseIE.dll [2013-10-28] (SaveSense)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-02-24] (Atheros Commnucations)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll => Nenhum Arquivo
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-01-13] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540015} -> C:\Program Files (x86)\GbPlugin\gbiehisg.dll [2012-06-01] (Infoseg - Senasp)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} hxxp://www.sony.co.in/HP/script/supt/VaioInfo.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2014-05-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2014-05-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2014-05-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: (Anti-Banner) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2014-05-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2014-05-20] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-25] [não assinado]
FF HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-07] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Nenhum Arquivo]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2013-12-10] (SaveSense)
FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2013-12-10] (SaveSense)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2252684816-1157628736-3161286079-1000: gastecnologia.com.br/sf/bb -> C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-04-14] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-2252684816-1157628736-3161286079-1000: gastecnologia.com.br/sf/gas64 -> C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-2252684816-1157628736-3161286079-1000: gastecnologia.com.br/sf/isg -> C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\npsf_isg.dll [2012-12-06] (GAS Tecnologia)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://google.com.br/"
CHR Profile: C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default [2017-01-15]
CHR Extension: (GBBD Infoseg - Senasp) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\acglkpfaolcjghoenkgkmbboccpgdcmg [2014-04-21]
CHR Extension: (Conselheiro de URLs da Kaspersky) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-21]
CHR Extension: (MySocialShortcut) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkhngaioieemngifhcjghfankkmbpca [2017-01-15]
CHR Extension: (Dinheiro seguro) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-21]
CHR Extension: (Teclado virtual) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-21]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2015-03-20]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-01-29]
CHR Extension: (Anti-Banner) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [acglkpfaolcjghoenkgkmbboccpgdcmg] - C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\isg\sf.crx [2013-10-07]
CHR HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2013-07-29]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-10-02]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-02-24] (Atheros) [Arquivo não assinado]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [73376 2011-02-24] (Atheros Commnucations) [Arquivo não assinado]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [579896 2015-04-29] (GAS Tecnologia)
S2 GSMEjector; C:\Windows\SysWOW64\GSMSrvEjector.exe [620032 2011-05-20] () [Arquivo não assinado]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2011-04-17] (Realsil Microelectronics Inc.) [Arquivo não assinado]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Arquivo não assinado]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [231936 2012-02-05] (Samsung Electronics Co., Ltd.) [Arquivo não assinado]
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-12-10] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-12-10] (SaveSense)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-04-16] (Samsung Electronics)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO) [Arquivo não assinado]
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-26] (Kaspersky Lab ZAO)
S3 Olicard160net; C:\Windows\System32\DRIVERS\Olicard160Usbnet.sys [138752 2009-12-11] (TCT International Mobile Ltd)
S3 Olicard160ser; C:\Windows\System32\DRIVERS\Olicard160ser.sys [119680 2010-04-07] (Olivetti)
S3 OLICARD160USB; C:\Windows\System32\Drivers\Olicard160Usb.sys [25088 2010-06-10] (Windows (R) Codename Longhorn DDK provider)
S3 Spring; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [110336 2014-06-16] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-15 15:08 - 2017-01-15 15:08 - 00033700 _____ C:\Users\Adleer Sirotheau\Downloads\FRST.txt
2017-01-15 15:07 - 2017-01-15 15:08 - 00000000 ____D C:\FRST
2017-01-15 15:06 - 2017-01-15 15:06 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\DLL-files.com
2017-01-15 15:06 - 2017-01-15 15:06 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\DFXCT
2017-01-15 15:05 - 2017-01-15 15:05 - 00001089 _____ C:\Users\Public\Desktop\DLL-Files.com Client.lnk
2017-01-15 15:05 - 2017-01-15 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL-Files.com Client
2017-01-15 15:05 - 2017-01-15 15:05 - 00000000 ____D C:\Program Files (x86)\DLL-Files.com Client
2017-01-15 15:03 - 2017-01-15 15:04 - 02419200 _____ (Farbar) C:\Users\Adleer Sirotheau\Downloads\FRST64.exe
2017-01-15 15:01 - 2017-01-15 15:03 - 02729024 _____ (DLL-Files.com Client ) C:\Users\Adleer Sirotheau\Downloads\clientsetup_d-0.exe
2017-01-15 12:31 - 2017-01-15 12:31 - 00000222 _____ C:\Users\Adleer Sirotheau\Desktop\Age of Empires II HD Edition.url
2017-01-15 12:25 - 2017-01-15 12:25 - 00000000 ___RD C:\Users\Adleer Sirotheau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-01-13 00:50 - 2017-01-15 12:31 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-13 00:07 - 2017-01-13 00:08 - 00006731 _____ C:\Users\Adleer Sirotheau\Downloads\index (1).php
2017-01-12 17:00 - 2017-01-12 17:00 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Local\Chromium
2017-01-11 10:41 - 2017-01-11 10:41 - 00000000 _____ C:\Users\Adleer Sirotheau\AppData\Local\{3EA93397-F324-4521-872A-AC356DFA4A00}
2017-01-10 20:30 - 2017-01-10 20:30 - 00032895 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310589204688.pdf
2017-01-05 12:33 - 2017-01-05 12:33 - 02407830 _____ (GAS Tecnologia ) C:\Users\Adleer Sirotheau\Downloads\Não confirmado 45178.crdownload
2017-01-05 12:29 - 2017-01-05 12:29 - 01605752 _____ (GAS Tecnologia ) C:\Users\Adleer Sirotheau\Downloads\gbpbbwr.exe
2017-01-05 12:23 - 2017-01-05 12:25 - 03153968 _____ (Banco do Brasil SA) C:\Users\Adleer Sirotheau\Downloads\DiagnosticoBB (5).exe
2016-12-29 11:57 - 2016-12-29 11:57 - 00048640 _____ C:\Users\Adleer Sirotheau\Downloads\CONTAS DOS VALORES PARA LIBERAÇÃO.doc
2016-12-27 11:55 - 2016-12-27 11:55 - 00430952 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura (1).pdf
2016-12-22 14:36 - 2016-12-22 14:36 - 00019839 _____ C:\Users\Adleer Sirotheau\Downloads\pedido de liberação de valores.docx
2016-12-22 13:48 - 2016-12-22 13:48 - 00007911 _____ C:\Users\Adleer Sirotheau\Downloads\documento20160487991443.pdf
2016-12-15 12:01 - 2016-12-15 12:01 - 00113849 _____ C:\Users\Adleer Sirotheau\Downloads\texto_2993493.pdf
2016-12-15 11:59 - 2016-12-15 11:59 - 00024792 _____ C:\Users\Adleer Sirotheau\Downloads\texto_3062701.RTF
2016-12-14 12:23 - 2016-12-14 12:23 - 00032895 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310029213393.pdf
2016-12-13 21:18 - 2016-12-13 21:20 - 06683227 _____ C:\Users\Adleer Sirotheau\Downloads\AÇÃO CAUTELAR BLOQUEIO DE VERBAS DO MUNICIPIO PARA GARANTIR PAGAMENTO DOS SERVIDORES PUBLICOS.docx
2016-12-12 01:03 - 2016-12-12 01:03 - 00138948 _____ C:\Users\Adleer Sirotheau\Downloads\12-60.2015.6.26.0000.PDF
2016-12-12 00:56 - 2016-12-12 00:56 - 00180423 _____ C:\Users\Adleer Sirotheau\Downloads\168164_1_1_000000003210.pdf
2016-12-09 13:50 - 2016-12-09 13:50 - 00515674 _____ C:\Users\Adleer Sirotheau\Downloads\AC009915(Eleições 2012.Recurso Eleitoral.AIJE. PARTIDO DA SOCIAL DEMOCRACIA BRASILEIRA COLIGAÇÃO PARA MARAVILHA CONTINUAR NO CAMINHO CERTO)Documento.tif
2016-12-06 14:46 - 2016-12-06 14:46 - 00015637 _____ C:\Users\Adleer Sirotheau\Documents\Corrupção de menores - júri.docx
2016-12-06 14:30 - 2016-12-06 14:31 - 00792220 _____ C:\Users\Adleer Sirotheau\Downloads\22138-71236-1-SM.pdf
2016-12-06 14:28 - 2016-12-06 14:28 - 00096256 _____ C:\Users\Adleer Sirotheau\Downloads\946-3452-1-PB.doc
2016-12-06 12:17 - 2016-12-06 13:44 - 00006830 _____ C:\Users\Adleer Sirotheau\Downloads\default.asp
2016-12-06 09:12 - 2016-12-06 09:12 - 00008758 _____ C:\Users\Adleer Sirotheau\Downloads\processo00064119820148140003.pdf
2016-12-06 00:36 - 2016-12-06 00:36 - 00028608 _____ C:\Users\Adleer Sirotheau\Downloads\Boleto.htm
2016-12-06 00:36 - 2016-12-06 00:36 - 00028608 _____ C:\Users\Adleer Sirotheau\Documents\Boleto unimed - dezembro de 2016.html
2016-12-02 10:02 - 2016-12-02 10:02 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 51811 E 51931 - 2016 - COORDENADORIA BAIXO AMAZONAS - QUADRO DE LOTAÇÃO - NOV 2016 (1).doc
2016-12-02 09:53 - 2016-12-02 09:53 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 51811 E 51931 - 2016 - COORDENADORIA BAIXO AMAZONAS - QUADRO DE LOTAÇÃO - NOV 2016.doc
2016-12-01 23:14 - 2016-12-01 23:14 - 00039936 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLO Nº 42882 - PORTARIAS RETROATIVAS DR. ADLER CALDERARO SIROTHEAU (2).doc
2016-12-01 23:13 - 2016-12-01 23:13 - 00038912 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLO Nº 50507 - SUBSTITUIÇÃO DRA. IONE MISSAE - DIA 25.10.2016 (1).doc
2016-12-01 23:07 - 2016-12-01 23:07 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 52376 - 51390 E 51944 - 2016 - COORDENADORIA BAIXO AMAZONAS - DESIGANÇÕES - MÊS NACIONAL DO TRIBUNAL DO JÚRI - PJ SANTARÉM (2).doc
2016-12-01 23:07 - 2016-12-01 23:07 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 52376 - 51390 E 51944 - 2016 - COORDENADORIA BAIXO AMAZONAS - DESIGANÇÕES - MÊS NACIONAL DO TRIBUNAL DO JÚRI - PJ SANTARÉM (1).doc
2016-12-01 23:03 - 2016-12-01 23:03 - 00038912 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLO Nº 50507 - SUBSTITUIÇÃO DRA. IONE MISSAE - DIA 25.10.2016.doc
2016-12-01 23:02 - 2016-12-01 23:02 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 52376 - 51390 E 51944 - 2016 - COORDENADORIA BAIXO AMAZONAS - DESIGANÇÕES - MÊS NACIONAL DO TRIBUNAL DO JÚRI - PJ SANTARÉM.doc
2016-12-01 18:13 - 2016-12-01 18:13 - 00134156 _____ C:\Users\Adleer Sirotheau\Downloads\LADILSON DE MELO SERIQUE - Progressao ao aberto INDEFERIDO, NOVA CONDENAÇÃO.rtf
2016-12-01 18:12 - 2016-12-01 18:13 - 00146746 _____ C:\Users\Adleer Sirotheau\Downloads\CLEIFE CORDEIRO TAVARES - Progressao ao aberto.rtf
2016-12-01 17:14 - 2016-12-01 17:14 - 00174081 _____ C:\Users\Adleer Sirotheau\Downloads\Manual de compras diretas TCU.pdf
2016-12-01 16:50 - 2016-12-01 16:50 - 00128128 _____ C:\Users\Adleer Sirotheau\Downloads\processo00011415920158140003.pdf
2016-11-22 12:03 - 2016-11-22 12:03 - 00069120 _____ C:\Users\Adleer Sirotheau\Downloads\2016-REPRE-conduta-vedada-exoneração-de-servidores-contratados-após-eleição-1 (Reparado).doc
2016-11-21 10:18 - 2016-11-21 10:18 - 00037300 _____ C:\Users\Adleer Sirotheau\Downloads\08.Quadro Lotação Promotores-Agosto 2016.docx
2016-11-08 15:56 - 2016-11-08 15:56 - 00024551 _____ C:\Users\Adleer Sirotheau\Downloads\Minuta de Recomendação Transição de Governo.docx
2016-11-08 15:51 - 2016-11-08 15:51 - 00118272 _____ C:\Users\Adleer Sirotheau\Downloads\RECOMENDAÇÃO SOBRE PATRIMONIO MUNICIPAL.doc
2016-10-26 12:15 - 2016-11-01 11:12 - 00139269 _____ C:\Users\Adleer Sirotheau\Documents\EXCELENTÍSSIMO SENHOR DOUTOR JUIZ DE DIREITO DA COMARCA DE ALENQUER.docx
2016-10-25 13:22 - 2016-10-25 13:22 - 00002104 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-10-25 13:22 - 2016-10-25 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-10-24 19:52 - 2016-10-24 19:52 - 00077888 _____ C:\Users\Adleer Sirotheau\Documents\Boleto unimed mês de outubro de 2016.pdf
2016-10-24 19:32 - 2016-10-24 19:32 - 00077888 _____ C:\Users\Adleer Sirotheau\Downloads\TELMA MARIA CALDERARO SIROTHEAU (3).pdf
2016-10-24 12:22 - 2016-10-24 12:22 - 00037230 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310015181594.pdf
2016-10-24 12:17 - 2016-10-24 12:17 - 00033150 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310011200776.pdf
2016-10-21 10:22 - 2016-10-21 10:22 - 00034048 _____ C:\Users\Adleer Sirotheau\Downloads\download (10).docx
2016-10-19 22:43 - 2016-10-19 22:43 - 00209408 _____ C:\Users\Adleer Sirotheau\Downloads\ACP.SALARIO.doc
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-15 15:01 - 2013-07-22 14:17 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-15 14:48 - 2014-02-18 22:44 - 00000320 _____ C:\Windows\Tasks\MySearchDial.job
2017-01-15 14:44 - 2014-02-18 22:11 - 00000320 _____ C:\Windows\Tasks\Digital Sites.job
2017-01-15 14:31 - 2013-12-10 00:21 - 00000952 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
2017-01-15 14:21 - 2013-12-10 00:21 - 00000320 _____ C:\Windows\Tasks\SaveSense.job
2017-01-15 14:21 - 2013-10-12 00:38 - 00000320 _____ C:\Windows\Tasks\Funmoods.job
2017-01-15 12:33 - 2009-07-14 01:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-15 12:33 - 2009-07-14 01:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-15 12:32 - 2009-07-14 14:55 - 00668086 _____ C:\Windows\system32\prfh0416.dat
2017-01-15 12:32 - 2009-07-14 14:55 - 00132184 _____ C:\Windows\system32\prfc0416.dat
2017-01-15 12:32 - 2009-07-14 02:13 - 01534494 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-15 12:32 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-01-15 12:31 - 2013-12-31 17:00 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-15 12:28 - 2013-07-23 08:27 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2017-01-15 12:28 - 2013-07-23 08:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-01-15 12:26 - 2013-07-26 09:36 - 00000156 _____ C:\Windows\ODBC.INI
2017-01-15 12:25 - 2014-10-02 15:05 - 00000936 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2017-01-15 12:25 - 2014-10-02 15:05 - 00000932 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2017-01-15 12:25 - 2013-12-10 00:21 - 00000948 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
2017-01-15 12:25 - 2013-07-29 22:26 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-01-15 12:25 - 2013-07-22 14:08 - 00000035 _____ C:\Users\Todos os Usuários\AtherosServiceConfig.ini
2017-01-15 12:25 - 2013-07-22 14:08 - 00000035 _____ C:\ProgramData\AtherosServiceConfig.ini
2017-01-15 12:25 - 2013-07-22 09:59 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Bluetooth Folder
2017-01-15 12:25 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-13 14:40 - 2013-11-04 14:43 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Alenquer
2017-01-13 00:05 - 2013-08-26 13:08 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\LocalLow\HPAppData
2017-01-13 00:00 - 2014-01-01 02:17 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-01-13 00:00 - 2014-01-01 02:17 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-12 17:01 - 2015-10-30 23:16 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Local\Steam
2017-01-11 12:09 - 2013-07-22 19:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-11 12:09 - 2013-07-22 14:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 12:09 - 2013-07-22 14:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 12:09 - 2013-07-22 14:17 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 12:09 - 2013-07-22 14:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 12:00 - 2013-08-26 10:34 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Local\CrashDumps
2017-01-05 12:34 - 2014-01-16 12:38 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2017-01-05 12:34 - 2014-01-16 12:38 - 00000000 ____D C:\ProgramData\Temp
2017-01-02 18:21 - 2013-07-22 14:05 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\Atheros
2016-12-18 08:50 - 2013-07-26 20:45 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 08:50 - 2013-07-26 20:45 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-18 08:50 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Tasks
2016-12-16 16:44 - 2013-07-22 07:52 - 00000000 ___RD C:\Users\Adleer Sirotheau\Documents
2016-12-16 16:39 - 2015-05-25 18:01 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Execução Penal e Controle Externo
2016-12-16 16:34 - 2015-05-27 09:46 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Modelos Interceptação Evelin
==================== Arquivos na raiz de alguns diretórios =======
2014-09-01 05:18 - 2014-09-01 05:18 - 0002086 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\RADCPJ
2014-10-02 15:06 - 2014-10-02 15:06 - 1497504 _____ (browser) C:\Users\Adleer Sirotheau\AppData\Roaming\RADCPJ.exe
2013-07-29 22:25 - 2014-02-17 22:51 - 0029446 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins000.dat
2014-02-17 22:51 - 2014-02-17 22:50 - 0720082 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins000.exe
2013-10-07 16:45 - 2013-10-07 16:45 - 0009294 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins001.dat
2013-10-07 16:45 - 2013-10-07 16:45 - 0717985 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins001.exe
2013-09-16 22:00 - 2016-03-04 10:55 - 0000344 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\WB.CFG
2013-08-25 21:34 - 2013-08-25 21:34 - 0430107 _____ () C:\Users\Adleer Sirotheau\AppData\Local\funmoods_speedial_v9.0.10.crx
2017-01-11 10:41 - 2017-01-11 10:41 - 0000000 _____ () C:\Users\Adleer Sirotheau\AppData\Local\{3EA93397-F324-4521-872A-AC356DFA4A00}
2016-07-04 10:11 - 2016-07-04 10:11 - 0000000 _____ () C:\Users\Adleer Sirotheau\AppData\Local\{D0A6CF13-4ABF-4455-B1B8-92139D652585}
2016-08-21 00:31 - 2016-08-21 00:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-07-22 14:08 - 2017-01-15 12:25 - 0000035 _____ () C:\ProgramData\AtherosServiceConfig.ini
2014-09-14 20:03 - 2014-09-14 20:03 - 0014304 _____ () C:\ProgramData\Duplicaterecord.js
2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2013-08-25 18:31 - 2013-08-25 20:49 - 0001659 _____ () C:\ProgramData\hpzinstall.log
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\Duplicaterecord.js
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\Duplicaterecord.js
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
Alguns arquivos em TEMP:
====================
C:\Users\Adleer Sirotheau\AppData\Local\Temp\041013_d.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\041013_y.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\180713_d.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\180713_y.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_d.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_f.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_p.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_y.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\29182uninstall.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\BackupSetup.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\cd-frozen-uma-aventura-congelante-a-trilha-sonora-gratis.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\frozen-uma-aventura-congelante--trilha.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1056.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF123E.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF125C.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF149F.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1B62.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1CD7.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1DB3.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF27F0.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF406.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF4EEF.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5112.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5239.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF526.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5342.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF53B1.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF545B.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5536.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF57E7.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF6109.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF62FF.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF63E6.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF6619.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF6F0C.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF75EF.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF7767.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF793A.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8116.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8D9F.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8DC.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8FC6.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF9310.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF9561.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF984A.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF9F5A.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFA00A.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFA77B.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAA63.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAAB0.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAB8B.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAFBB.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB159.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB32D.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB531.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB589.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB79D.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB80D.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB93D.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFBB86.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFBD6B.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFBE83.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC316.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC611.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC91E.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC95C.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFD088.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFDA7B.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFDC5C.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFDE9.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE075.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE09.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE093.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE787.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE8DD.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFEC38.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFEFEF.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFF700.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFF942.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFF982.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFFE1.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFFED.EXE
C:\Users\Adleer Sirotheau\AppData\Local\Temp\hao123br-distribution.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\ICReinstall_MediaPlayerSetup.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\LollipopInstaller.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\MotoCast_Installer_1.1.26.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\pm.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\setup.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install_silent(1).exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install_silent(2).exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install_silent.exe
C:\Users\Adleer Sirotheau\AppData\Local\Temp\Sqlite3.dll
C:\Users\Adleer Sirotheau\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Adleer Sirotheau\AppData\Local\Temp\swt-win32-3448.dll
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-01-13 01:33
==================== Fim de FRST.txt ============================