Publicité
Publicité
Commentaire : http://www.cjoint.com/c/GDotmlz52Ww
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-03-2017
Executado por User (administrador) em USER-PC (12-04-2017 15:01:44)
Executando a partir de C:\Users\User\Downloads
Perfis Carregados: User (Perfis Disponíveis: User)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft FoneLab\AppService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Tenorshare Co,Ltd) C:\Users\User\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.5000183\weather_lite.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Wondershare) C:\Program Files (x86)\Wondershare\Dr.Fone para iOS\iphoneRecovery_DrFoneForiOS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppClient.exe
() C:\Program Files (x86)\Wondershare\Dr.Fone para iOS\CrashService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-12] (AVAST Software)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888344 2016-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [Aiseesoft FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft FoneLab\AppService.exe [88024 2016-12-01] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-08-10] (Caixa Economica Federal)
HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\...\Run: [Chromium] => c:\users\user\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-12] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-12] (AVAST Software)
GroupPolicy: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 107.172.88.85 69.162.64.232
Tcpip\..\Interfaces\{827F76D0-2A80-46A2-A92F-24D8BA16BF07}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8853EA6-148F-435A-BC2D-694FF85B8418}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A8853EA6-148F-435A-BC2D-694FF85B8418}: [DhcpNameServer] 107.172.88.85 69.162.64.232
Tcpip\..\Interfaces\{B22D0C39-FA2E-49B7-88B9-85DE6BBD15E6}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic
HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3055871558-2611501432-2681443660-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3055871558-2611501432-2681443660-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-05] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-05] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-12] (AVAST Software)
BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-05] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 3nm7eri0.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3nm7eri0.default [2017-04-12]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3nm7eri0.default -> Yahoo! Powered
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3nm7eri0.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\3nm7eri0.default -> hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic
FF Keyword.URL: Mozilla\Firefox\Profiles\3nm7eri0.default -> user_pref("keyword.URL", true);
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3nm7eri0.default\searchplugins\yahoo! powered.xml [2017-04-12]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-12]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2017-01-05] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-05] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2017-01-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-03-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-03-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-04-12]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-12]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-12]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-12]
CHR Extension: (Documentos Google off-line) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-12]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-12]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-12]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-12] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-12] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [147936 2017-04-03] (Byte Technologies LLC)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-08-10] (GAS Tecnologia)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-13] ()
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-04-12] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 TenorshareWinAdService; C:\Users\User\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe [40448 2016-12-28] (Tenorshare Co,Ltd) [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
R2 WeatherLiteService; C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe [149136 2017-03-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone para iOS (Portuguese)\Library\DriverInstaller\DriverInstall.exe [119008 2017-04-10] (Wondershare)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-12] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-12] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-12] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-12] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [85552 2017-01-24] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-12] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-08-10] (GAS Tecnologia)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-28] (Intel Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-08-10] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-04-12] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-04-12 21:36 - 2017-04-12 21:36 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-04-12 21:36 - 2017-04-12 21:36 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-12 21:34 - 2017-04-12 21:34 - 00001704 _____ C:\Users\Public\Desktop\dr.fone toolkit para iOS.lnk
2017-04-12 21:33 - 2017-04-12 21:33 - 00001432 _____ C:\Users\Public\Desktop\Aiseesoft FoneLab.lnk
2017-04-12 21:33 - 2017-04-12 21:33 - 00000000 ____D C:\Users\User\AppData\Local\Aiseesoft Studio
2017-04-12 21:33 - 2017-04-12 21:33 - 00000000 ____D C:\Users\Todos os Usuários\Aiseesoft Studio
2017-04-12 21:33 - 2017-04-12 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2017-04-12 21:33 - 2017-04-12 21:33 - 00000000 ____D C:\ProgramData\Aiseesoft Studio
2017-04-12 21:33 - 2017-04-12 21:33 - 00000000 ____D C:\Program Files (x86)\Aiseesoft Studio
2017-04-12 21:32 - 2017-04-12 21:36 - 14749120 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64.exe
2017-04-12 21:32 - 2017-04-12 21:33 - 01269096 _____ (Kadamefu ) C:\Users\User\Downloads\CD 14 FEST CAR - NOVO PROGRESSO-PA.exe
2017-04-12 21:30 - 2017-04-12 21:30 - 00001162 _____ C:\Users\Public\Desktop\PhoneRescue.lnk
2017-04-12 21:30 - 2017-04-12 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2017-04-12 21:30 - 2017-04-12 21:30 - 00000000 ____D C:\Program Files (x86)\iMobie
2017-04-12 21:27 - 2017-04-12 21:27 - 00001024 _____ C:\.rnd
2017-04-12 21:27 - 2017-04-12 21:27 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2017-04-12 21:27 - 2017-04-12 21:27 - 00000000 ___HD C:\Program Files (x86)\Diebold
2017-04-12 21:27 - 2017-04-12 21:27 - 00000000 ____D C:\Program Files\Diebold
2017-04-12 21:27 - 2017-04-12 20:39 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-04-12 21:27 - 2016-06-16 18:43 - 00036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2017-04-12 21:27 - 2016-06-16 18:43 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2017-04-12 21:27 - 2016-06-08 18:43 - 00097376 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2017-04-12 21:26 - 2017-04-12 21:27 - 00003352 _____ C:\Windows\System32\Tasks\DllKitPRO
2017-04-12 21:26 - 2017-04-12 21:26 - 01164944 _____ C:\Users\User\Downloads\drfone_setup_full1579 (3).exe
2017-04-12 21:26 - 2017-04-12 21:26 - 01164944 _____ C:\Users\User\Downloads\drfone_setup_full1579 (2).exe
2017-04-12 21:26 - 2017-04-12 21:26 - 00000000 ____D C:\Users\User\Downloads\vcruntime140
2017-04-12 21:26 - 2017-04-12 21:26 - 00000000 ____D C:\Users\User\AppData\Local\{003ACA6A-C058-424D-B955-A82DE5375C64}
2017-04-12 21:25 - 2017-04-12 21:26 - 01164944 _____ C:\Users\User\Downloads\drfone_setup_full1579 (1).exe
2017-04-12 21:25 - 2017-04-12 21:25 - 00001029 _____ C:\Users\User\Desktop\Dll Kit Pro.lnk
2017-04-12 21:25 - 2017-04-12 21:25 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Kit Pro
2017-04-12 21:25 - 2016-01-30 11:04 - 00000000 ____D C:\Users\User\Downloads\CD Festa Automotiva 2016 (Gilberto & Duarth)
2017-04-12 21:23 - 2017-04-12 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-04-12 21:23 - 2017-04-12 21:33 - 00000000 ____D C:\Users\Todos os Usuários\Wondershare
2017-04-12 21:23 - 2017-04-12 21:33 - 00000000 ____D C:\ProgramData\Wondershare
2017-04-12 21:23 - 2017-04-12 21:33 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-04-12 21:23 - 2017-04-12 21:23 - 00001318 _____ C:\Users\Public\Desktop\Wondershare Dr.Fone para iOS.lnk
2017-04-12 21:23 - 2017-04-12 21:23 - 00000000 ___HD C:\Program Files (x86)\Dr.Fone_Temp
2017-04-12 21:23 - 2017-04-12 20:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Wondershare
2017-04-12 21:23 - 2017-01-12 11:45 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2017-04-12 21:23 - 2017-01-12 11:45 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\Drivers\libusb0.sys
2017-04-12 21:23 - 2015-02-27 10:35 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2017-04-12 21:21 - 2017-04-12 21:22 - 00047223 _____ C:\Users\User\Downloads\vcruntime140.zip
2017-04-12 21:21 - 2017-04-12 21:21 - 00000000 ___HD C:\tenorshare_iphone data recover
2017-04-12 21:21 - 2017-04-12 21:21 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2017-04-12 21:21 - 2017-04-12 21:21 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2017-04-12 21:21 - 2017-04-12 20:40 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-04-12 21:21 - 2017-04-12 20:40 - 00000000 ____D C:\ProgramData\GbPlugin
2017-04-12 21:21 - 2017-04-12 20:40 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-04-12 21:20 - 2017-04-12 21:32 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-04-12 21:20 - 2017-04-12 21:21 - 01164944 _____ C:\Users\User\Downloads\drfone_setup_full1579.exe
2017-04-12 21:20 - 2017-04-12 21:20 - 01256080 _____ C:\Users\User\Downloads\drfone-for-ios_setup_full2445.exe
2017-04-12 21:19 - 2017-04-12 21:26 - 00000000 ____D C:\Users\User\AppData\Roaming\DFXCT
2017-04-12 21:19 - 2017-04-12 21:19 - 00001129 _____ C:\Users\Public\Desktop\DLL-Files.com Client.lnk
2017-04-12 21:19 - 2017-04-12 21:19 - 00000000 ____D C:\Users\User\AppData\Roaming\DLL-files.com
2017-04-12 21:19 - 2017-04-12 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL-Files.com Client
2017-04-12 21:18 - 2017-04-12 21:25 - 00000000 ____D C:\Program Files (x86)\DllKitPRO
2017-04-12 21:18 - 2017-04-12 21:19 - 00000000 ____D C:\Program Files (x86)\DLL-Files.com Client
2017-04-12 21:17 - 2017-04-12 21:18 - 02891312 _____ (CAIXA) C:\Users\User\Downloads\GBPCEF.exe
2017-04-12 21:16 - 2017-04-12 21:16 - 65606077 _____ C:\Users\User\Downloads\CD Festa Automotiva 2016 Gilberto Duarth.RAR
2017-04-12 21:16 - 2017-04-12 21:16 - 00904176 _____ C:\Users\User\Downloads\dllkit-setup.exe
2017-04-12 21:16 - 2017-04-12 21:16 - 00000000 ____D C:\Users\User\AppData\Local\iMobie_Inc
2017-04-12 21:15 - 2017-04-12 21:16 - 02786824 _____ (DLL-Files.com Client ) C:\Users\User\Downloads\clientsetup_d-0.exe
2017-04-12 21:15 - 2017-04-12 21:15 - 00000000 ____D C:\Users\User\AppData\Roaming\iMobie
2017-04-12 21:11 - 2017-04-12 21:11 - 00019093 _____ C:\Users\User\Downloads\audioclip-1492132444000-11776.mp4
2017-04-12 21:11 - 2017-04-12 21:11 - 00019093 _____ C:\Users\User\Downloads\audioclip-1492132444000-11776 (2).mp4
2017-04-12 21:11 - 2017-04-12 21:11 - 00019093 _____ C:\Users\User\Downloads\audioclip-1492132444000-11776 (1).mp4
2017-04-12 21:10 - 2017-04-12 21:29 - 27618088 _____ (Aiseesoft Studio ) C:\Users\User\Downloads\Setup_pt_Aiseesoft_FoneLab.exe
2017-04-12 21:09 - 2017-04-12 21:38 - 00000000 ____D C:\Users\User\Downloads\CD 14° FEST CAR - NOVO PROGRESSO-PA
2017-04-12 21:09 - 2017-04-12 21:09 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-04-12 21:09 - 2017-04-12 21:09 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-04-12 21:09 - 2017-04-12 21:09 - 00000000 ____D C:\Users\User\AppData\Local\Apple
2017-04-12 21:09 - 2017-04-12 21:09 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-04-12 21:09 - 2017-04-12 20:51 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
2017-04-12 21:07 - 2017-04-12 21:07 - 01041944 _____ (iMobie Inc.) C:\Users\User\Downloads\phonerescue-setup.exe
2017-04-12 21:07 - 2017-04-12 20:49 - 00000000 ____D C:\Users\Todos os Usuários\Apple Computer
2017-04-12 21:07 - 2017-04-12 20:49 - 00000000 ____D C:\ProgramData\Apple Computer
2017-04-12 21:06 - 2017-04-12 21:07 - 00000000 ____D C:\Program Files\Bonjour
2017-04-12 21:06 - 2017-04-12 21:07 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-04-12 21:05 - 2017-04-12 21:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-04-12 21:04 - 2017-04-12 21:06 - 00000000 ____D C:\Users\Todos os Usuários\Apple
2017-04-12 21:04 - 2017-04-12 21:06 - 00000000 ____D C:\ProgramData\Apple
2017-04-12 21:02 - 2017-04-12 20:41 - 257659208 _____ (Apple Inc.) C:\Users\User\Downloads\iTunes64Setup.exe
2017-04-12 20:58 - 2017-04-12 21:01 - 14749120 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64 (1).exe
2017-04-12 20:57 - 2017-04-12 15:00 - 02424832 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-04-12 20:56 - 2017-04-12 20:56 - 00000000 ____D C:\Users\Todos os Usuários\ByteFence
2017-04-12 20:56 - 2017-04-12 20:56 - 00000000 ____D C:\ProgramData\ByteFence
2017-04-12 20:54 - 2017-04-12 21:26 - 00000000 ____D C:\Users\User\AppData\Roaming\WeatherTool
2017-04-12 20:54 - 2017-04-12 20:54 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-04-12 20:54 - 2017-04-12 20:54 - 00000000 ____D C:\Users\Public\Documents\Guid
2017-04-12 20:54 - 2017-04-12 20:54 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2017-04-12 20:53 - 2017-04-12 20:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2017-04-12 20:52 - 2017-04-12 20:52 - 90080626 _____ C:\Users\User\Downloads\CD 14 FEST CAR - NOVO PROGRESSO-PA.RAR
2017-04-12 20:52 - 2017-04-12 20:52 - 01269096 _____ (Kadamefu ) C:\Users\User\Downloads\CD Festa Automotiva 2016 Gilberto Duarth (1).exe
2017-04-12 20:51 - 2017-04-12 20:51 - 01269096 _____ (Kadamefu ) C:\Users\User\Downloads\CD Festa Automotiva 2016 Gilberto Duarth.exe
2017-04-12 20:50 - 2017-04-12 20:50 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-04-12 20:50 - 2017-04-12 20:50 - 00000000 ____D C:\Users\User\Documents\Wondershare Dr.Fone for iOS
2017-04-12 20:50 - 2017-04-12 20:50 - 00000000 ____D C:\Users\User\AppData\Roaming\HMYGSetting
2017-04-12 20:50 - 2017-04-12 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-12 20:49 - 2017-04-12 20:50 - 00000000 ____D C:\Program Files\iTunes
2017-04-12 20:49 - 2017-04-12 20:49 - 00000000 ____D C:\Program Files\iPod
2017-04-12 20:47 - 2017-04-12 20:43 - 00000000 ___HD C:\Wondershare_DrFone_Tool_Backup
2017-04-12 20:47 - 2017-04-12 20:43 - 00000000 ____D C:\Users\User\AppData\Local\chromium
2017-04-12 20:46 - 2017-04-12 20:46 - 00001049 _____ C:\Users\Public\Desktop\Booking.com.lnk
2017-04-12 20:46 - 2017-04-12 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com
2017-04-12 20:45 - 2017-04-12 20:46 - 00000000 ____D C:\Program Files (x86)\Booking.com
2017-04-12 20:45 - 2017-04-12 20:45 - 00003364 _____ C:\Windows\System32\Tasks\ByteFence
2017-04-12 20:44 - 2017-04-12 21:31 - 00000000 ____D C:\Tenorshare
2017-04-12 20:43 - 2017-04-12 21:10 - 00000000 ____D C:\Program Files\ByteFence
2017-04-12 20:43 - 2017-04-12 20:55 - 00000000 ____D C:\Wondershare_DrFone_temp
2017-04-12 20:42 - 2017-04-12 20:42 - 00000000 ____D C:\Users\User\.android
2017-04-12 20:41 - 2017-04-12 20:40 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-12 20:40 - 2017-04-12 20:40 - 00000000 ____D C:\Users\Todos os Usuários\SWCUTemp
2017-04-12 20:40 - 2017-04-12 20:40 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-12 20:39 - 2017-04-12 20:39 - 00004340 _____ C:\Windows\System32\Tasks\Yahoo! Powered tosel
2017-04-12 20:39 - 2017-04-12 20:39 - 00000000 ____D C:\Users\Todos os Usuários\{73E4B687-F9A6-3C41-7F60-A203E52229CD}
2017-04-12 20:39 - 2017-04-12 20:39 - 00000000 ____D C:\ProgramData\{73E4B687-F9A6-3C41-7F60-A203E52229CD}
2017-04-12 20:38 - 2017-04-12 20:43 - 00000000 ____D C:\Users\User\AppData\Local\{1AA62CFA-3E0E-4042-5396-65AA77FE9932}
2017-04-12 20:38 - 2017-04-12 20:38 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-04-12 20:38 - 2017-04-12 20:38 - 00000286 __RSH C:\ProgramData\ntuser.pol
2017-04-12 15:01 - 2017-04-12 15:02 - 00027094 _____ C:\Users\User\Downloads\FRST.txt
2017-04-12 15:01 - 2017-04-12 15:01 - 00000000 ____D C:\FRST
2017-03-23 17:59 - 2017-01-24 07:54 - 00085552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-03-23 17:39 - 2017-03-23 17:39 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-15 12:55 - 2017-03-15 12:55 - 00000000 ___SD C:\Users\User\Documents\Minhas fontes de dados
2017-03-15 12:06 - 2017-03-15 12:06 - 00000017 _____ C:\Users\User\AppData\Local\resmon.resmoncfg
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-04-12 21:26 - 2017-01-24 07:51 - 00000000 ____D C:\Users\User\Documents\WebCam Media
2017-04-12 21:11 - 2017-01-24 08:01 - 00000000 ____D C:\Program Files (x86)\UltData
2017-04-12 21:03 - 2017-01-05 13:12 - 00000000 ____D C:\Users\User\AppData\Local\Google
2017-04-12 20:57 - 2017-01-05 13:16 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-12 20:56 - 2017-01-05 12:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-04-12 20:56 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-12 20:56 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-12 20:55 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-12 20:52 - 2017-01-24 08:36 - 00000157 _____ C:\Users\User\Documents\CAIXA INTERNET BANKING E FACEBOOK DA VITORIA.txt
2017-04-12 20:44 - 2017-01-24 07:44 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup
2017-04-12 20:44 - 2017-01-24 07:44 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-04-12 20:44 - 2009-07-14 14:55 - 00663804 _____ C:\Windows\system32\prfh0416.dat
2017-04-12 20:44 - 2009-07-14 14:55 - 00128094 _____ C:\Windows\system32\prfc0416.dat
2017-04-12 20:44 - 2009-07-14 02:13 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-12 20:44 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-04-12 20:43 - 2017-01-05 13:10 - 00110432 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-12 20:43 - 2017-01-05 12:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-04-12 20:41 - 2017-01-24 08:34 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-12 20:41 - 2017-01-24 07:48 - 00000198 _____ C:\Windows\Tasks\AutoKMS.job
2017-04-12 20:41 - 2017-01-05 13:05 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-12 20:39 - 2017-01-24 08:34 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-12 20:39 - 2017-01-24 08:34 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-12 20:39 - 2017-01-24 08:34 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-12 20:39 - 2017-01-24 08:34 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-12 20:39 - 2017-01-05 13:06 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1483632387
2017-04-12 20:39 - 2017-01-05 13:05 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-12 20:39 - 2017-01-05 13:05 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-12 20:39 - 2017-01-05 12:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2017-04-12 20:39 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-12 20:39 - 2009-07-14 01:45 - 00411080 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 20:38 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-12 20:38 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-03-23 18:02 - 2017-01-05 13:00 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2017-03-23 17:47 - 2017-01-05 13:05 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2017-03-23 17:42 - 2017-01-05 13:16 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-23 17:42 - 2017-01-05 13:16 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-23 17:36 - 2009-07-14 02:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-15 12:06 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Registration
2017-03-15 10:06 - 2017-01-05 13:04 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2017-03-15 10:06 - 2017-01-05 13:04 - 00000000 ____D C:\ProgramData\AVAST Software
==================== Arquivos na raiz de alguns diretórios =======
2017-01-05 13:02 - 2012-06-06 17:17 - 0043256 _____ () C:\Program Files\oemlogo.bmp
2017-03-15 12:06 - 2017-03-15 12:06 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
Alguns arquivos em TEMP:
====================
2017-04-12 20:52 - 2017-04-12 20:52 - 0015872 _____ () C:\Users\User\AppData\Local\Temp\efsh6ugt.dll
2017-04-12 20:40 - 2017-04-12 21:04 - 257659208 _____ (Apple Inc.) C:\Users\User\AppData\Local\Temp\iTunesLatest.exe
2017-03-29 22:50 - 2017-03-29 22:50 - 1128792 _____ (Google Inc.) C:\Users\User\AppData\Local\Temp\{F2546CA4-658B-4C65-8CE5-33B6F705E757}-GoogleUpdateSetup.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-03-23 18:31
==================== Fim de FRST.txt ============================
Executado por User (administrador) em USER-PC (12-04-2017 15:01:44)
Executando a partir de C:\Users\User\Downloads
Perfis Carregados: User (Perfis Disponíveis: User)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft FoneLab\AppService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Tenorshare Co,Ltd) C:\Users\User\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.5000183\weather_lite.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Wondershare) C:\Program Files (x86)\Wondershare\Dr.Fone para iOS\iphoneRecovery_DrFoneForiOS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppClient.exe
() C:\Program Files (x86)\Wondershare\Dr.Fone para iOS\CrashService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-12] (AVAST Software)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888344 2016-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\PhoneRescue\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [Aiseesoft FoneLabAppService] => C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft FoneLab\AppService.exe [88024 2016-12-01] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-08-10] (Caixa Economica Federal)
HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\...\Run: [Chromium] => c:\users\user\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-12] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-12] (AVAST Software)
GroupPolicy: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 107.172.88.85 69.162.64.232
Tcpip\..\Interfaces\{827F76D0-2A80-46A2-A92F-24D8BA16BF07}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8853EA6-148F-435A-BC2D-694FF85B8418}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A8853EA6-148F-435A-BC2D-694FF85B8418}: [DhcpNameServer] 107.172.88.85 69.162.64.232
Tcpip\..\Interfaces\{B22D0C39-FA2E-49B7-88B9-85DE6BBD15E6}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic
HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3055871558-2611501432-2681443660-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3055871558-2611501432-2681443660-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-05] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-05] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-12] (AVAST Software)
BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-05] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 3nm7eri0.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3nm7eri0.default [2017-04-12]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3nm7eri0.default -> Yahoo! Powered
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\3nm7eri0.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\3nm7eri0.default -> hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_sumsca_17_15¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtD0B0FzyyBtDyCyDyEzy0FyEyEtD0CtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyEtDzz0D0B0CyEtGtByEyDtBtG0D0AzzzztGyCyD0BtBtGyE0D0C0EyDtAtCtByEtCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzztB0E0CyCyB0DtG0EtByD0AtGyEyC0BtBtGzz0CtD0EtG0CyD0F0DtCtD0EyBtD0CtDtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCzztA%26cr%3D385381798%26a%3Dwbf_sumsca_17_15%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic
FF Keyword.URL: Mozilla\Firefox\Profiles\3nm7eri0.default -> user_pref("keyword.URL", true);
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\3nm7eri0.default\searchplugins\yahoo! powered.xml [2017-04-12]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-12]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2017-01-05] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-05] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2017-01-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-03-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-03-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-04-12]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-12]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-12]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-12]
CHR Extension: (Documentos Google off-line) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-12]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-12]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-12]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3055871558-2611501432-2681443660-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-12] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-12] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [147936 2017-04-03] (Byte Technologies LLC)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-08-10] (GAS Tecnologia)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-13] ()
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-04-12] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 TenorshareWinAdService; C:\Users\User\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe [40448 2016-12-28] (Tenorshare Co,Ltd) [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
R2 WeatherLiteService; C:\Program Files (x86)\WeatherTool\2.0.1.5000183\WeatherService.exe [149136 2017-03-31] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare)
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone para iOS (Portuguese)\Library\DriverInstaller\DriverInstall.exe [119008 2017-04-10] (Wondershare)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-12] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-12] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-12] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-12] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [85552 2017-01-24] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-12] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-12] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-12] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-08-10] (GAS Tecnologia)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-28] (Intel Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-08-10] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-04-12] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-04-12 21:36 - 2017-04-12 21:36 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-04-12 21:36 - 2017-04-12 21:36 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-12 21:34 - 2017-04-12 21:34 - 00001704 _____ C:\Users\Public\Desktop\dr.fone toolkit para iOS.lnk
2017-04-12 21:33 - 2017-04-12 21:33 - 00001432 _____ C:\Users\Public\Desktop\Aiseesoft FoneLab.lnk
2017-04-12 21:33 - 2017-04-12 21:33 - 00000000 ____D C:\Users\User\AppData\Local\Aiseesoft Studio
2017-04-12 21:33 - 2017-04-12 21:33 - 00000000 ____D C:\Users\Todos os Usuários\Aiseesoft Studio
2017-04-12 21:33 - 2017-04-12 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2017-04-12 21:33 - 2017-04-12 21:33 - 00000000 ____D C:\ProgramData\Aiseesoft Studio
2017-04-12 21:33 - 2017-04-12 21:33 - 00000000 ____D C:\Program Files (x86)\Aiseesoft Studio
2017-04-12 21:32 - 2017-04-12 21:36 - 14749120 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64.exe
2017-04-12 21:32 - 2017-04-12 21:33 - 01269096 _____ (Kadamefu ) C:\Users\User\Downloads\CD 14 FEST CAR - NOVO PROGRESSO-PA.exe
2017-04-12 21:30 - 2017-04-12 21:30 - 00001162 _____ C:\Users\Public\Desktop\PhoneRescue.lnk
2017-04-12 21:30 - 2017-04-12 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2017-04-12 21:30 - 2017-04-12 21:30 - 00000000 ____D C:\Program Files (x86)\iMobie
2017-04-12 21:27 - 2017-04-12 21:27 - 00001024 _____ C:\.rnd
2017-04-12 21:27 - 2017-04-12 21:27 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2017-04-12 21:27 - 2017-04-12 21:27 - 00000000 ___HD C:\Program Files (x86)\Diebold
2017-04-12 21:27 - 2017-04-12 21:27 - 00000000 ____D C:\Program Files\Diebold
2017-04-12 21:27 - 2017-04-12 20:39 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-04-12 21:27 - 2016-06-16 18:43 - 00036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2017-04-12 21:27 - 2016-06-16 18:43 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2017-04-12 21:27 - 2016-06-08 18:43 - 00097376 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2017-04-12 21:26 - 2017-04-12 21:27 - 00003352 _____ C:\Windows\System32\Tasks\DllKitPRO
2017-04-12 21:26 - 2017-04-12 21:26 - 01164944 _____ C:\Users\User\Downloads\drfone_setup_full1579 (3).exe
2017-04-12 21:26 - 2017-04-12 21:26 - 01164944 _____ C:\Users\User\Downloads\drfone_setup_full1579 (2).exe
2017-04-12 21:26 - 2017-04-12 21:26 - 00000000 ____D C:\Users\User\Downloads\vcruntime140
2017-04-12 21:26 - 2017-04-12 21:26 - 00000000 ____D C:\Users\User\AppData\Local\{003ACA6A-C058-424D-B955-A82DE5375C64}
2017-04-12 21:25 - 2017-04-12 21:26 - 01164944 _____ C:\Users\User\Downloads\drfone_setup_full1579 (1).exe
2017-04-12 21:25 - 2017-04-12 21:25 - 00001029 _____ C:\Users\User\Desktop\Dll Kit Pro.lnk
2017-04-12 21:25 - 2017-04-12 21:25 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Kit Pro
2017-04-12 21:25 - 2016-01-30 11:04 - 00000000 ____D C:\Users\User\Downloads\CD Festa Automotiva 2016 (Gilberto & Duarth)
2017-04-12 21:23 - 2017-04-12 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-04-12 21:23 - 2017-04-12 21:33 - 00000000 ____D C:\Users\Todos os Usuários\Wondershare
2017-04-12 21:23 - 2017-04-12 21:33 - 00000000 ____D C:\ProgramData\Wondershare
2017-04-12 21:23 - 2017-04-12 21:33 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-04-12 21:23 - 2017-04-12 21:23 - 00001318 _____ C:\Users\Public\Desktop\Wondershare Dr.Fone para iOS.lnk
2017-04-12 21:23 - 2017-04-12 21:23 - 00000000 ___HD C:\Program Files (x86)\Dr.Fone_Temp
2017-04-12 21:23 - 2017-04-12 20:43 - 00000000 ____D C:\Users\User\AppData\Roaming\Wondershare
2017-04-12 21:23 - 2017-01-12 11:45 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2017-04-12 21:23 - 2017-01-12 11:45 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\Drivers\libusb0.sys
2017-04-12 21:23 - 2015-02-27 10:35 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2017-04-12 21:21 - 2017-04-12 21:22 - 00047223 _____ C:\Users\User\Downloads\vcruntime140.zip
2017-04-12 21:21 - 2017-04-12 21:21 - 00000000 ___HD C:\tenorshare_iphone data recover
2017-04-12 21:21 - 2017-04-12 21:21 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2017-04-12 21:21 - 2017-04-12 21:21 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2017-04-12 21:21 - 2017-04-12 20:40 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-04-12 21:21 - 2017-04-12 20:40 - 00000000 ____D C:\ProgramData\GbPlugin
2017-04-12 21:21 - 2017-04-12 20:40 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-04-12 21:20 - 2017-04-12 21:32 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2017-04-12 21:20 - 2017-04-12 21:21 - 01164944 _____ C:\Users\User\Downloads\drfone_setup_full1579.exe
2017-04-12 21:20 - 2017-04-12 21:20 - 01256080 _____ C:\Users\User\Downloads\drfone-for-ios_setup_full2445.exe
2017-04-12 21:19 - 2017-04-12 21:26 - 00000000 ____D C:\Users\User\AppData\Roaming\DFXCT
2017-04-12 21:19 - 2017-04-12 21:19 - 00001129 _____ C:\Users\Public\Desktop\DLL-Files.com Client.lnk
2017-04-12 21:19 - 2017-04-12 21:19 - 00000000 ____D C:\Users\User\AppData\Roaming\DLL-files.com
2017-04-12 21:19 - 2017-04-12 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL-Files.com Client
2017-04-12 21:18 - 2017-04-12 21:25 - 00000000 ____D C:\Program Files (x86)\DllKitPRO
2017-04-12 21:18 - 2017-04-12 21:19 - 00000000 ____D C:\Program Files (x86)\DLL-Files.com Client
2017-04-12 21:17 - 2017-04-12 21:18 - 02891312 _____ (CAIXA) C:\Users\User\Downloads\GBPCEF.exe
2017-04-12 21:16 - 2017-04-12 21:16 - 65606077 _____ C:\Users\User\Downloads\CD Festa Automotiva 2016 Gilberto Duarth.RAR
2017-04-12 21:16 - 2017-04-12 21:16 - 00904176 _____ C:\Users\User\Downloads\dllkit-setup.exe
2017-04-12 21:16 - 2017-04-12 21:16 - 00000000 ____D C:\Users\User\AppData\Local\iMobie_Inc
2017-04-12 21:15 - 2017-04-12 21:16 - 02786824 _____ (DLL-Files.com Client ) C:\Users\User\Downloads\clientsetup_d-0.exe
2017-04-12 21:15 - 2017-04-12 21:15 - 00000000 ____D C:\Users\User\AppData\Roaming\iMobie
2017-04-12 21:11 - 2017-04-12 21:11 - 00019093 _____ C:\Users\User\Downloads\audioclip-1492132444000-11776.mp4
2017-04-12 21:11 - 2017-04-12 21:11 - 00019093 _____ C:\Users\User\Downloads\audioclip-1492132444000-11776 (2).mp4
2017-04-12 21:11 - 2017-04-12 21:11 - 00019093 _____ C:\Users\User\Downloads\audioclip-1492132444000-11776 (1).mp4
2017-04-12 21:10 - 2017-04-12 21:29 - 27618088 _____ (Aiseesoft Studio ) C:\Users\User\Downloads\Setup_pt_Aiseesoft_FoneLab.exe
2017-04-12 21:09 - 2017-04-12 21:38 - 00000000 ____D C:\Users\User\Downloads\CD 14° FEST CAR - NOVO PROGRESSO-PA
2017-04-12 21:09 - 2017-04-12 21:09 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-04-12 21:09 - 2017-04-12 21:09 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-04-12 21:09 - 2017-04-12 21:09 - 00000000 ____D C:\Users\User\AppData\Local\Apple
2017-04-12 21:09 - 2017-04-12 21:09 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-04-12 21:09 - 2017-04-12 20:51 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
2017-04-12 21:07 - 2017-04-12 21:07 - 01041944 _____ (iMobie Inc.) C:\Users\User\Downloads\phonerescue-setup.exe
2017-04-12 21:07 - 2017-04-12 20:49 - 00000000 ____D C:\Users\Todos os Usuários\Apple Computer
2017-04-12 21:07 - 2017-04-12 20:49 - 00000000 ____D C:\ProgramData\Apple Computer
2017-04-12 21:06 - 2017-04-12 21:07 - 00000000 ____D C:\Program Files\Bonjour
2017-04-12 21:06 - 2017-04-12 21:07 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-04-12 21:05 - 2017-04-12 21:06 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-04-12 21:04 - 2017-04-12 21:06 - 00000000 ____D C:\Users\Todos os Usuários\Apple
2017-04-12 21:04 - 2017-04-12 21:06 - 00000000 ____D C:\ProgramData\Apple
2017-04-12 21:02 - 2017-04-12 20:41 - 257659208 _____ (Apple Inc.) C:\Users\User\Downloads\iTunes64Setup.exe
2017-04-12 20:58 - 2017-04-12 21:01 - 14749120 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64 (1).exe
2017-04-12 20:57 - 2017-04-12 15:00 - 02424832 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-04-12 20:56 - 2017-04-12 20:56 - 00000000 ____D C:\Users\Todos os Usuários\ByteFence
2017-04-12 20:56 - 2017-04-12 20:56 - 00000000 ____D C:\ProgramData\ByteFence
2017-04-12 20:54 - 2017-04-12 21:26 - 00000000 ____D C:\Users\User\AppData\Roaming\WeatherTool
2017-04-12 20:54 - 2017-04-12 20:54 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-04-12 20:54 - 2017-04-12 20:54 - 00000000 ____D C:\Users\Public\Documents\Guid
2017-04-12 20:54 - 2017-04-12 20:54 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2017-04-12 20:53 - 2017-04-12 20:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2017-04-12 20:52 - 2017-04-12 20:52 - 90080626 _____ C:\Users\User\Downloads\CD 14 FEST CAR - NOVO PROGRESSO-PA.RAR
2017-04-12 20:52 - 2017-04-12 20:52 - 01269096 _____ (Kadamefu ) C:\Users\User\Downloads\CD Festa Automotiva 2016 Gilberto Duarth (1).exe
2017-04-12 20:51 - 2017-04-12 20:51 - 01269096 _____ (Kadamefu ) C:\Users\User\Downloads\CD Festa Automotiva 2016 Gilberto Duarth.exe
2017-04-12 20:50 - 2017-04-12 20:50 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-04-12 20:50 - 2017-04-12 20:50 - 00000000 ____D C:\Users\User\Documents\Wondershare Dr.Fone for iOS
2017-04-12 20:50 - 2017-04-12 20:50 - 00000000 ____D C:\Users\User\AppData\Roaming\HMYGSetting
2017-04-12 20:50 - 2017-04-12 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-12 20:49 - 2017-04-12 20:50 - 00000000 ____D C:\Program Files\iTunes
2017-04-12 20:49 - 2017-04-12 20:49 - 00000000 ____D C:\Program Files\iPod
2017-04-12 20:47 - 2017-04-12 20:43 - 00000000 ___HD C:\Wondershare_DrFone_Tool_Backup
2017-04-12 20:47 - 2017-04-12 20:43 - 00000000 ____D C:\Users\User\AppData\Local\chromium
2017-04-12 20:46 - 2017-04-12 20:46 - 00001049 _____ C:\Users\Public\Desktop\Booking.com.lnk
2017-04-12 20:46 - 2017-04-12 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com
2017-04-12 20:45 - 2017-04-12 20:46 - 00000000 ____D C:\Program Files (x86)\Booking.com
2017-04-12 20:45 - 2017-04-12 20:45 - 00003364 _____ C:\Windows\System32\Tasks\ByteFence
2017-04-12 20:44 - 2017-04-12 21:31 - 00000000 ____D C:\Tenorshare
2017-04-12 20:43 - 2017-04-12 21:10 - 00000000 ____D C:\Program Files\ByteFence
2017-04-12 20:43 - 2017-04-12 20:55 - 00000000 ____D C:\Wondershare_DrFone_temp
2017-04-12 20:42 - 2017-04-12 20:42 - 00000000 ____D C:\Users\User\.android
2017-04-12 20:41 - 2017-04-12 20:40 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-12 20:40 - 2017-04-12 20:40 - 00000000 ____D C:\Users\Todos os Usuários\SWCUTemp
2017-04-12 20:40 - 2017-04-12 20:40 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-12 20:39 - 2017-04-12 20:39 - 00004340 _____ C:\Windows\System32\Tasks\Yahoo! Powered tosel
2017-04-12 20:39 - 2017-04-12 20:39 - 00000000 ____D C:\Users\Todos os Usuários\{73E4B687-F9A6-3C41-7F60-A203E52229CD}
2017-04-12 20:39 - 2017-04-12 20:39 - 00000000 ____D C:\ProgramData\{73E4B687-F9A6-3C41-7F60-A203E52229CD}
2017-04-12 20:38 - 2017-04-12 20:43 - 00000000 ____D C:\Users\User\AppData\Local\{1AA62CFA-3E0E-4042-5396-65AA77FE9932}
2017-04-12 20:38 - 2017-04-12 20:38 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-04-12 20:38 - 2017-04-12 20:38 - 00000286 __RSH C:\ProgramData\ntuser.pol
2017-04-12 15:01 - 2017-04-12 15:02 - 00027094 _____ C:\Users\User\Downloads\FRST.txt
2017-04-12 15:01 - 2017-04-12 15:01 - 00000000 ____D C:\FRST
2017-03-23 17:59 - 2017-01-24 07:54 - 00085552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-03-23 17:39 - 2017-03-23 17:39 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-15 12:55 - 2017-03-15 12:55 - 00000000 ___SD C:\Users\User\Documents\Minhas fontes de dados
2017-03-15 12:06 - 2017-03-15 12:06 - 00000017 _____ C:\Users\User\AppData\Local\resmon.resmoncfg
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-04-12 21:26 - 2017-01-24 07:51 - 00000000 ____D C:\Users\User\Documents\WebCam Media
2017-04-12 21:11 - 2017-01-24 08:01 - 00000000 ____D C:\Program Files (x86)\UltData
2017-04-12 21:03 - 2017-01-05 13:12 - 00000000 ____D C:\Users\User\AppData\Local\Google
2017-04-12 20:57 - 2017-01-05 13:16 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-12 20:56 - 2017-01-05 12:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-04-12 20:56 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-12 20:56 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-12 20:55 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-12 20:52 - 2017-01-24 08:36 - 00000157 _____ C:\Users\User\Documents\CAIXA INTERNET BANKING E FACEBOOK DA VITORIA.txt
2017-04-12 20:44 - 2017-01-24 07:44 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup
2017-04-12 20:44 - 2017-01-24 07:44 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-04-12 20:44 - 2009-07-14 14:55 - 00663804 _____ C:\Windows\system32\prfh0416.dat
2017-04-12 20:44 - 2009-07-14 14:55 - 00128094 _____ C:\Windows\system32\prfc0416.dat
2017-04-12 20:44 - 2009-07-14 02:13 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-12 20:44 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-04-12 20:43 - 2017-01-05 13:10 - 00110432 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-12 20:43 - 2017-01-05 12:40 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-04-12 20:41 - 2017-01-24 08:34 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-12 20:41 - 2017-01-24 07:48 - 00000198 _____ C:\Windows\Tasks\AutoKMS.job
2017-04-12 20:41 - 2017-01-05 13:05 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-12 20:40 - 2017-01-05 13:05 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-12 20:39 - 2017-01-24 08:34 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-12 20:39 - 2017-01-24 08:34 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-12 20:39 - 2017-01-24 08:34 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-12 20:39 - 2017-01-24 08:34 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-12 20:39 - 2017-01-05 13:06 - 00003896 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1483632387
2017-04-12 20:39 - 2017-01-05 13:05 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-12 20:39 - 2017-01-05 13:05 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-12 20:39 - 2017-01-05 12:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2017-04-12 20:39 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-12 20:39 - 2009-07-14 01:45 - 00411080 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 20:38 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-12 20:38 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-03-23 18:02 - 2017-01-05 13:00 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2017-03-23 17:47 - 2017-01-05 13:05 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2017-03-23 17:42 - 2017-01-05 13:16 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-23 17:42 - 2017-01-05 13:16 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-23 17:36 - 2009-07-14 02:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-15 12:06 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Registration
2017-03-15 10:06 - 2017-01-05 13:04 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2017-03-15 10:06 - 2017-01-05 13:04 - 00000000 ____D C:\ProgramData\AVAST Software
==================== Arquivos na raiz de alguns diretórios =======
2017-01-05 13:02 - 2012-06-06 17:17 - 0043256 _____ () C:\Program Files\oemlogo.bmp
2017-03-15 12:06 - 2017-03-15 12:06 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
Alguns arquivos em TEMP:
====================
2017-04-12 20:52 - 2017-04-12 20:52 - 0015872 _____ () C:\Users\User\AppData\Local\Temp\efsh6ugt.dll
2017-04-12 20:40 - 2017-04-12 21:04 - 257659208 _____ (Apple Inc.) C:\Users\User\AppData\Local\Temp\iTunesLatest.exe
2017-03-29 22:50 - 2017-03-29 22:50 - 1128792 _____ (Google Inc.) C:\Users\User\AppData\Local\Temp\{F2546CA4-658B-4C65-8CE5-33B6F705E757}-GoogleUpdateSetup.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-03-23 18:31
==================== Fim de FRST.txt ============================