Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 18-07-2017
Executado por Denis (administrador) em DENIS-PC (22-07-2017 19:00:40)
Executando a partir de C:\Users\Denis\Downloads
Perfis Carregados: Denis (Perfis Disponíveis: Denis)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
() C:\Users\Denis\AppData\Roaming\NetService\netservice.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Users\Denis\AppData\Roaming\WinNetSvc\WinNetSvc.exe
() C:\Users\Denis\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
() C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-12-15] (Synaptics Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [992304 2017-07-11] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-12-05] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2016-12-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3924256 2017-05-17] (IObit)
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: F - F:\LGAutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {007f309b-a4a7-11e3-a882-80ee7316646d} - F:\AutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {30fd1df7-430b-11e2-9ec8-80ee7316646d} - F:\LGAutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {3b8d0420-ccd0-11e3-864d-582c80139263} - F:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {4d522aee-3481-11e5-97d4-90302ee1b36a} - F:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {681bd7d0-9569-11e2-b67f-81b0d5bc731e} - G:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {8279e169-c7e5-11e2-a95e-8ea377553a16} - F:\AutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {8279e17c-c7e5-11e2-a95e-8ea377553a16} - F:\AutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {98149416-a3f2-11e4-b6a9-80ee7316646d} - F:\LGAutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1951968 2016-12-06] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-12-05] (Caixa Economica Federal)
GroupPolicy: Restrição - Chrome <==== ATENÇÃO
GroupPolicy\User: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49897;https=127.0.0.1:49897;
ProxyEnable: [S-1-5-21-2619486037-3001202520-2210169553-1000] => Proxy está habilitado.
ProxyServer: [S-1-5-21-2619486037-3001202520-2210169553-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
Winsock: Catalog5 01 C:\ProgramData\Windows\System32\Mswapi32.dll => Nenhum Arquivo
Winsock: Catalog5-x64 01 C:\ProgramData\Windows\System32\Mswapi64.dll [3302400 2017-07-18] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{02E88E35-F7EE-45AD-9D1A-469338203104}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{02E88E35-F7EE-45AD-9D1A-469338203104}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1D0E5CB6-BBE4-426B-AEF0-761148F9AD6C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{56232D71-5829-461A-8C0A-4A2B0962E7FB}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{695C0738-D813-4830-A32C-6FC6FDEE1095}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B5C79A3F-48D0-40E4-8588-0A2149902C63}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C57633A8-C3E6-4E7A-9EAF-A753D9C3509B}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{CC42C524-5732-4495-A6F5-133FAC9408C0}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131385245076583062&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131385245076583062&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=41UGC1M0T_MK5059GSXP&tm=1436476147
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=pt-br
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2619486037-3001202520-2210169553-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2619486037-3001202520-2210169553-1000 -> Web URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2619486037-3001202520-2210169553-1000 -> {150D4501-2AC9-4D3F-A724-21BDCF34981E} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2619486037-3001202520-2210169553-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-12-05] (Caixa Economica Federal)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2016-12-06] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2619486037-3001202520-2210169553-1000 -> Sem Nome - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Nenhum Arquivo
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-24] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2619486037-3001202520-2210169553-1000: gastecnologia.com.br/sf/uni -> C:\Users\Denis\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
Chrome:
=======
CHR HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Denis\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2017-07-22] (GAS Tecnologia)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [Arquivo não assinado]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [Arquivo não assinado]
R2 NetTcpHandler; C:\Users\Denis\AppData\Roaming\NetService\netservice.exe [173848 2015-06-12] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [Arquivo não assinado]
S3 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [168376 2016-05-05] (skype.cog.cc)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [992304 2017-07-11] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinNetSvc; C:\Users\Denis\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () <==== ATENÇÃO
R2 WMPNetworkAcSvc; C:\Users\Denis\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-16] () [Arquivo não assinado] <==== ATENÇÃO
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-07-22] (GAS Tecnologia)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-09-04] (GAS Tecnologia)
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2009-12-11] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
R3 SoilMC; C:\Windows\System32\Drivers\SoilMC.sys [13304 2009-12-03] (Systems Internals)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-04] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-07-22] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2017-03-22] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2017-03-22] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2017-03-22] (GAS Tecnologia)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-07-22 19:00 - 2017-07-22 19:02 - 00016770 _____ C:\Users\Denis\Downloads\FRST.txt
2017-07-22 18:58 - 2017-07-22 19:00 - 00000000 ____D C:\FRST
2017-07-22 18:57 - 2017-07-22 18:57 - 02382336 _____ (Farbar) C:\Users\Denis\Downloads\FRST64.exe
2017-07-22 18:52 - 2017-07-22 18:53 - 01778176 _____ (Farbar) C:\Users\Denis\Downloads\FRST.exe
2017-07-22 18:30 - 2017-07-22 18:30 - 00000000 ____H C:\asc_rdflag
2017-07-22 18:00 - 2017-07-22 18:19 - 00002226 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2017-07-22 18:00 - 2017-07-22 18:01 - 00003016 _____ C:\Windows\System32\Tasks\ASC10_PerformanceMonitor
2017-07-22 18:00 - 2017-07-22 18:00 - 00002820 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_Denis
2017-07-22 18:00 - 2017-07-22 18:00 - 00000000 ____D C:\Users\Todos os Usuários\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-07-22 18:00 - 2017-07-22 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-07-22 18:00 - 2017-07-22 18:00 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-07-22 17:59 - 2017-07-22 17:59 - 00000000 ____D C:\Program Files (x86)\IObit
2017-07-22 17:54 - 2017-07-22 17:58 - 39514624 _____ (IObit ) C:\Users\Denis\Downloads\advanced-systemcare-setup.exe
2017-07-22 17:45 - 2017-07-22 17:45 - 00013276 _____ C:\Users\Denis\Desktop\zoek - Atalho.lnk
2017-07-22 17:31 - 2017-07-22 18:33 - 00000002 _____ C:\runcheck.txt
2017-07-22 17:31 - 2017-07-22 17:31 - 00000000 ____D C:\zoek_backup
2017-07-22 17:30 - 2017-07-22 17:30 - 01309184 _____ C:\Users\Denis\Downloads\zoek.exe
2017-07-20 18:52 - 2017-07-20 18:52 - 00000000 ____D C:\Windows\system32\tmp
2017-07-20 18:50 - 2017-07-20 18:50 - 00000000 ____D C:\Users\Todos os Usuários\Windows
2017-07-20 18:50 - 2017-07-20 18:50 - 00000000 ____D C:\ProgramData\Windows
2017-07-18 13:30 - 2017-07-18 13:30 - 00535614 _____ C:\Users\Denis\Downloads\gilvaneide de lima lopes.pdf
2017-07-18 13:28 - 2017-07-18 13:29 - 00000997 _____ C:\Users\Denis\Downloads\Intima4724952321 (4).zip
2017-07-18 13:19 - 2017-07-18 13:19 - 00008111 _____ C:\Users\Denis\jfl.wsf
2017-07-18 13:17 - 2017-07-18 13:17 - 00008902 _____ C:\Users\Denis\Downloads\1500394587487.pdf
2017-07-18 13:12 - 2017-07-18 13:12 - 00000833 _____ C:\Users\Denis\Downloads\Install (1).zip
2017-07-18 13:07 - 2017-07-18 13:07 - 00000997 _____ C:\Users\Denis\Downloads\Intima4724952321 (3).zip
2017-07-18 13:07 - 2017-07-18 13:07 - 00000262 _____ C:\Users\Denis\AppData\Roaming\02976419
2017-07-18 13:06 - 2017-07-18 13:06 - 00000997 _____ C:\Users\Denis\Downloads\Intima4724952321 (2).zip
2017-07-18 13:04 - 2017-07-18 13:04 - 00000997 _____ C:\Users\Denis\Downloads\Intima4724952321.zip
2017-07-18 13:04 - 2017-07-18 13:04 - 00000997 _____ C:\Users\Denis\Downloads\Intima4724952321 (1).zip
2017-07-12 14:08 - 2017-05-03 12:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 14:08 - 2017-05-03 12:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-12 14:08 - 2017-03-22 23:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-12 14:07 - 2017-06-29 23:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 14:07 - 2017-06-29 23:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 14:07 - 2017-06-29 23:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 14:07 - 2017-06-29 23:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 14:07 - 2017-06-29 23:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 14:07 - 2017-06-29 23:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 14:07 - 2017-06-29 23:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 14:07 - 2017-06-29 23:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 14:07 - 2017-06-29 23:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 14:07 - 2017-06-29 23:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 14:07 - 2017-06-22 11:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 14:07 - 2017-06-15 17:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 14:07 - 2017-06-12 19:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 14:07 - 2017-06-12 19:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 14:07 - 2017-06-12 19:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 14:07 - 2017-06-12 19:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 14:07 - 2017-06-12 19:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 14:07 - 2017-06-12 19:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 14:07 - 2017-06-12 19:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 14:07 - 2017-06-12 19:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 14:07 - 2017-06-12 19:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 14:07 - 2017-06-12 19:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 14:07 - 2017-06-12 19:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 14:07 - 2017-06-12 19:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 14:07 - 2017-06-12 19:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 14:07 - 2017-06-12 19:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 14:07 - 2017-06-12 19:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 14:07 - 2017-06-12 19:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 14:07 - 2017-06-12 19:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 14:07 - 2017-06-12 19:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 14:07 - 2017-06-12 19:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 14:07 - 2017-06-10 12:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 14:07 - 2017-06-10 12:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 14:07 - 2017-06-09 12:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 14:07 - 2017-06-06 12:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 14:07 - 2017-06-06 12:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 14:07 - 2017-05-30 01:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 14:07 - 2017-05-30 01:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 14:07 - 2017-05-30 01:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 14:07 - 2017-05-21 01:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 14:07 - 2017-05-21 01:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 14:07 - 2017-05-16 12:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 14:07 - 2017-05-16 12:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 14:07 - 2017-05-16 12:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 14:06 - 2017-07-12 14:07 - 00758784 _____ (Adober Flsher) C:\Users\Denis\Downloads\AtuaIizacao FIash PIayer 23.7.exe
2017-07-11 16:52 - 2017-07-11 16:52 - 00334680 _____ C:\Users\Denis\Downloads\Install.zip
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-07-22 18:56 - 2009-07-14 01:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-22 18:56 - 2009-07-14 01:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-22 18:53 - 2016-03-20 21:05 - 00000000 ____D C:\Users\Denis\AppData\Roaming\WMPNetworkAcSvc
2017-07-22 18:48 - 2017-05-02 10:33 - 00028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-07-22 18:48 - 2016-06-20 22:12 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-07-22 18:48 - 2015-11-03 21:35 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2017-07-22 18:48 - 2014-07-09 11:47 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-07-22 18:48 - 2014-07-09 11:47 - 00000000 ____D C:\ProgramData\GbPlugin
2017-07-22 18:48 - 2014-07-09 11:47 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-07-22 18:48 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-22 18:43 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-22 18:36 - 2015-07-23 09:36 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-07-22 18:33 - 2015-10-24 17:22 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2017-07-22 18:33 - 2015-10-24 17:22 - 00000000 ____D C:\ProgramData\IObit
2017-07-22 18:30 - 2016-01-17 19:54 - 92192768 _____ C:\Windows\system32\config\software.iodefrag.bak
2017-07-22 18:30 - 2016-01-17 19:54 - 00315392 _____ C:\Windows\system32\config\default.iodefrag.bak
2017-07-22 18:30 - 2016-01-17 19:54 - 00028672 _____ C:\Windows\system32\config\security.iodefrag.bak
2017-07-22 18:30 - 2016-01-17 19:54 - 00024576 _____ C:\Windows\system32\config\sam.iodefrag.bak
2017-07-22 18:18 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-07-22 18:17 - 2016-12-09 16:48 - 00000000 ____D C:\Users\Denis\AppData\Roaming\MPC-HC
2017-07-22 18:01 - 2015-10-24 17:22 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2017-07-22 18:01 - 2015-10-24 17:22 - 00000000 ____D C:\Users\Denis\AppData\Roaming\IObit
2017-07-22 18:01 - 2015-10-24 17:22 - 00000000 ____D C:\Users\Denis\AppData\LocalLow\IObit
2017-07-22 18:01 - 2015-10-24 17:22 - 00000000 ____D C:\ProgramData\ProductData
2017-07-22 17:47 - 2016-12-12 20:43 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-22 17:37 - 2013-08-24 12:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-22 17:24 - 2016-12-12 20:18 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-22 08:52 - 2014-11-22 10:34 - 00001032 _____ C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-22 08:52 - 2012-11-19 13:43 - 00001002 _____ C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-07-20 18:50 - 2017-04-06 15:51 - 00000000 ____D C:\Users\Denis\AppData\Roaming\excdir
2017-07-18 17:26 - 2017-06-15 10:48 - 00000000 ____D C:\Users\Denis\Documents\molde
2017-07-18 13:19 - 2012-11-19 13:42 - 00000000 ____D C:\Users\Denis
2017-07-13 08:52 - 2009-07-14 01:45 - 00412648 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-13 08:49 - 2015-04-27 08:55 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-12 21:54 - 2014-09-11 15:36 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 21:50 - 2014-09-11 15:35 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 21:48 - 2012-11-19 17:08 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-07-09 19:46 - 2012-11-19 16:59 - 00000000 ____D C:\Users\Denis\AppData\Local\ElevatedDiagnostics
2017-06-30 13:37 - 2011-01-27 21:01 - 00706008 _____ C:\Windows\system32\prfh0416.dat
2017-06-30 13:37 - 2011-01-27 21:01 - 00147848 _____ C:\Windows\system32\prfc0416.dat
2017-06-30 13:37 - 2009-07-14 02:13 - 01635826 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-26 21:02 - 2016-12-12 20:43 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Arquivos na raiz de alguns diretórios =======
2016-12-12 20:25 - 2016-12-12 20:28 - 7065600 _____ () C:\Program Files (x86)\GUT3B4A.tmp
2016-12-12 20:18 - 2016-12-12 20:28 - 7065600 _____ () C:\Program Files (x86)\GUTD5F2.tmp
2016-12-12 20:22 - 2016-12-12 20:28 - 7065600 _____ () C:\Program Files (x86)\GUTF796.tmp
2017-07-18 13:07 - 2017-07-18 13:07 - 0000262 _____ () C:\Users\Denis\AppData\Roaming\02976419
2014-07-09 11:46 - 2014-09-23 21:08 - 0031216 _____ () C:\Users\Denis\AppData\Roaming\unins000.dat
2014-09-23 21:08 - 2014-09-23 21:08 - 0720082 _____ () C:\Users\Denis\AppData\Roaming\unins000.exe
2014-10-23 14:22 - 2015-07-09 17:46 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2013-08-24 12:31 - 2016-09-24 15:24 - 0004963 _____ () C:\ProgramData\hpzinstall.log
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\Duplicaterecord.js
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\Duplicaterecord.js
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
Alguns arquivos em TEMP:
====================
2017-07-22 17:31 - 2017-07-22 18:33 - 0476672 _____ () C:\Users\Denis\AppData\Local\Temp\7za.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0020480 _____ (E Dev) C:\Users\Denis\AppData\Local\Temp\DaS_21.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0388608 _____ (Trend Micro Inc.) C:\Users\Denis\AppData\Local\Temp\hijackthis.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0030720 _____ (NirSoft) C:\Users\Denis\AppData\Local\Temp\NirCmd.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0256512 _____ () C:\Users\Denis\AppData\Local\Temp\PEVZ.EXE
2017-07-22 17:31 - 2017-07-22 18:33 - 0069632 _____ () C:\Users\Denis\AppData\Local\Temp\remove.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0098816 _____ () C:\Users\Denis\AppData\Local\Temp\sed.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0057344 _____ (Optimum X) C:\Users\Denis\AppData\Local\Temp\shortcut.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0161792 _____ (SteelWerX) C:\Users\Denis\AppData\Local\Temp\swreg.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0217088 _____ (SteelWerX) C:\Users\Denis\AppData\Local\Temp\swxcacls.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0154232 _____ (Noël Danjou) C:\Users\Denis\AppData\Local\Temp\wget.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0024064 _____ () C:\Users\Denis\AppData\Local\Temp\zoek-delete.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-07-22 00:17
==================== Fim de FRST.txt ============================
Executado por Denis (administrador) em DENIS-PC (22-07-2017 19:00:40)
Executando a partir de C:\Users\Denis\Downloads
Perfis Carregados: Denis (Perfis Disponíveis: Denis)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
() C:\Users\Denis\AppData\Roaming\NetService\netservice.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Users\Denis\AppData\Roaming\WinNetSvc\WinNetSvc.exe
() C:\Users\Denis\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
() C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-12-15] (Synaptics Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [992304 2017-07-11] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-12-05] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2016-12-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3924256 2017-05-17] (IObit)
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: F - F:\LGAutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {007f309b-a4a7-11e3-a882-80ee7316646d} - F:\AutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {30fd1df7-430b-11e2-9ec8-80ee7316646d} - F:\LGAutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {3b8d0420-ccd0-11e3-864d-582c80139263} - F:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {4d522aee-3481-11e5-97d4-90302ee1b36a} - F:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {681bd7d0-9569-11e2-b67f-81b0d5bc731e} - G:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {8279e169-c7e5-11e2-a95e-8ea377553a16} - F:\AutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {8279e17c-c7e5-11e2-a95e-8ea377553a16} - F:\AutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\...\MountPoints2: {98149416-a3f2-11e4-b6a9-80ee7316646d} - F:\LGAutoRun.exe
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1951968 2016-12-06] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-12-05] (Caixa Economica Federal)
GroupPolicy: Restrição - Chrome <==== ATENÇÃO
GroupPolicy\User: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49897;https=127.0.0.1:49897;
ProxyEnable: [S-1-5-21-2619486037-3001202520-2210169553-1000] => Proxy está habilitado.
ProxyServer: [S-1-5-21-2619486037-3001202520-2210169553-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
Winsock: Catalog5 01 C:\ProgramData\Windows\System32\Mswapi32.dll => Nenhum Arquivo
Winsock: Catalog5-x64 01 C:\ProgramData\Windows\System32\Mswapi64.dll [3302400 2017-07-18] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{02E88E35-F7EE-45AD-9D1A-469338203104}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{02E88E35-F7EE-45AD-9D1A-469338203104}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1D0E5CB6-BBE4-426B-AEF0-761148F9AD6C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{56232D71-5829-461A-8C0A-4A2B0962E7FB}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{695C0738-D813-4830-A32C-6FC6FDEE1095}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B5C79A3F-48D0-40E4-8588-0A2149902C63}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C57633A8-C3E6-4E7A-9EAF-A753D9C3509B}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{CC42C524-5732-4495-A6F5-133FAC9408C0}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131385245076583062&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131385245076583062&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=41UGC1M0T_MK5059GSXP&tm=1436476147
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=pt-br
HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2619486037-3001202520-2210169553-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2619486037-3001202520-2210169553-1000 -> Web URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2619486037-3001202520-2210169553-1000 -> {150D4501-2AC9-4D3F-A724-21BDCF34981E} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2619486037-3001202520-2210169553-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-12-05] (Caixa Economica Federal)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2016-12-06] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-24] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2619486037-3001202520-2210169553-1000 -> Sem Nome - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Nenhum Arquivo
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-24] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2619486037-3001202520-2210169553-1000: gastecnologia.com.br/sf/uni -> C:\Users\Denis\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
Chrome:
=======
CHR HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2619486037-3001202520-2210169553-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Denis\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2017-07-22] (GAS Tecnologia)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [Arquivo não assinado]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [Arquivo não assinado]
R2 NetTcpHandler; C:\Users\Denis\AppData\Roaming\NetService\netservice.exe [173848 2015-06-12] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [Arquivo não assinado]
S3 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [168376 2016-05-05] (skype.cog.cc)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [992304 2017-07-11] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinNetSvc; C:\Users\Denis\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () <==== ATENÇÃO
R2 WMPNetworkAcSvc; C:\Users\Denis\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-16] () [Arquivo não assinado] <==== ATENÇÃO
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-07-22] (GAS Tecnologia)
R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-09-04] (GAS Tecnologia)
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2009-12-11] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
R3 SoilMC; C:\Windows\System32\Drivers\SoilMC.sys [13304 2009-12-03] (Systems Internals)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-04] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-07-22] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2017-03-22] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2017-03-22] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2017-03-22] (GAS Tecnologia)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-07-22 19:00 - 2017-07-22 19:02 - 00016770 _____ C:\Users\Denis\Downloads\FRST.txt
2017-07-22 18:58 - 2017-07-22 19:00 - 00000000 ____D C:\FRST
2017-07-22 18:57 - 2017-07-22 18:57 - 02382336 _____ (Farbar) C:\Users\Denis\Downloads\FRST64.exe
2017-07-22 18:52 - 2017-07-22 18:53 - 01778176 _____ (Farbar) C:\Users\Denis\Downloads\FRST.exe
2017-07-22 18:30 - 2017-07-22 18:30 - 00000000 ____H C:\asc_rdflag
2017-07-22 18:00 - 2017-07-22 18:19 - 00002226 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2017-07-22 18:00 - 2017-07-22 18:01 - 00003016 _____ C:\Windows\System32\Tasks\ASC10_PerformanceMonitor
2017-07-22 18:00 - 2017-07-22 18:00 - 00002820 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_Denis
2017-07-22 18:00 - 2017-07-22 18:00 - 00000000 ____D C:\Users\Todos os Usuários\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-07-22 18:00 - 2017-07-22 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-07-22 18:00 - 2017-07-22 18:00 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-07-22 17:59 - 2017-07-22 17:59 - 00000000 ____D C:\Program Files (x86)\IObit
2017-07-22 17:54 - 2017-07-22 17:58 - 39514624 _____ (IObit ) C:\Users\Denis\Downloads\advanced-systemcare-setup.exe
2017-07-22 17:45 - 2017-07-22 17:45 - 00013276 _____ C:\Users\Denis\Desktop\zoek - Atalho.lnk
2017-07-22 17:31 - 2017-07-22 18:33 - 00000002 _____ C:\runcheck.txt
2017-07-22 17:31 - 2017-07-22 17:31 - 00000000 ____D C:\zoek_backup
2017-07-22 17:30 - 2017-07-22 17:30 - 01309184 _____ C:\Users\Denis\Downloads\zoek.exe
2017-07-20 18:52 - 2017-07-20 18:52 - 00000000 ____D C:\Windows\system32\tmp
2017-07-20 18:50 - 2017-07-20 18:50 - 00000000 ____D C:\Users\Todos os Usuários\Windows
2017-07-20 18:50 - 2017-07-20 18:50 - 00000000 ____D C:\ProgramData\Windows
2017-07-18 13:30 - 2017-07-18 13:30 - 00535614 _____ C:\Users\Denis\Downloads\gilvaneide de lima lopes.pdf
2017-07-18 13:28 - 2017-07-18 13:29 - 00000997 _____ C:\Users\Denis\Downloads\Intima4724952321 (4).zip
2017-07-18 13:19 - 2017-07-18 13:19 - 00008111 _____ C:\Users\Denis\jfl.wsf
2017-07-18 13:17 - 2017-07-18 13:17 - 00008902 _____ C:\Users\Denis\Downloads\1500394587487.pdf
2017-07-18 13:12 - 2017-07-18 13:12 - 00000833 _____ C:\Users\Denis\Downloads\Install (1).zip
2017-07-18 13:07 - 2017-07-18 13:07 - 00000997 _____ C:\Users\Denis\Downloads\Intima4724952321 (3).zip
2017-07-18 13:07 - 2017-07-18 13:07 - 00000262 _____ C:\Users\Denis\AppData\Roaming\02976419
2017-07-18 13:06 - 2017-07-18 13:06 - 00000997 _____ C:\Users\Denis\Downloads\Intima4724952321 (2).zip
2017-07-18 13:04 - 2017-07-18 13:04 - 00000997 _____ C:\Users\Denis\Downloads\Intima4724952321.zip
2017-07-18 13:04 - 2017-07-18 13:04 - 00000997 _____ C:\Users\Denis\Downloads\Intima4724952321 (1).zip
2017-07-12 14:08 - 2017-05-03 12:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 14:08 - 2017-05-03 12:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 14:08 - 2017-05-03 10:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-12 14:08 - 2017-03-22 23:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-12 14:07 - 2017-06-29 23:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 14:07 - 2017-06-29 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 14:07 - 2017-06-29 23:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 14:07 - 2017-06-29 23:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 14:07 - 2017-06-29 23:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 14:07 - 2017-06-29 23:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 14:07 - 2017-06-29 23:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 14:07 - 2017-06-29 23:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 14:07 - 2017-06-29 23:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 14:07 - 2017-06-29 23:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 14:07 - 2017-06-29 23:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 14:07 - 2017-06-29 23:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 14:07 - 2017-06-22 11:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 14:07 - 2017-06-15 17:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 14:07 - 2017-06-12 19:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 14:07 - 2017-06-12 19:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 14:07 - 2017-06-12 19:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 14:07 - 2017-06-12 19:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 14:07 - 2017-06-12 19:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 14:07 - 2017-06-12 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 14:07 - 2017-06-12 19:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 14:07 - 2017-06-12 19:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 14:07 - 2017-06-12 19:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 14:07 - 2017-06-12 19:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 14:07 - 2017-06-12 19:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 14:07 - 2017-06-12 19:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 14:07 - 2017-06-12 19:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 14:07 - 2017-06-12 19:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 14:07 - 2017-06-12 19:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 14:07 - 2017-06-12 19:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 14:07 - 2017-06-12 19:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 14:07 - 2017-06-12 19:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 14:07 - 2017-06-12 19:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 14:07 - 2017-06-12 19:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 14:07 - 2017-06-12 19:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 14:07 - 2017-06-12 19:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 14:07 - 2017-06-10 12:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 14:07 - 2017-06-10 12:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 14:07 - 2017-06-09 12:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 14:07 - 2017-06-06 12:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 14:07 - 2017-06-06 12:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 14:07 - 2017-05-30 01:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 14:07 - 2017-05-30 01:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 14:07 - 2017-05-30 01:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 14:07 - 2017-05-21 01:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 14:07 - 2017-05-21 01:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 14:07 - 2017-05-16 12:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 14:07 - 2017-05-16 12:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 14:07 - 2017-05-16 12:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 14:06 - 2017-07-12 14:07 - 00758784 _____ (Adober Flsher) C:\Users\Denis\Downloads\AtuaIizacao FIash PIayer 23.7.exe
2017-07-11 16:52 - 2017-07-11 16:52 - 00334680 _____ C:\Users\Denis\Downloads\Install.zip
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-07-22 18:56 - 2009-07-14 01:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-22 18:56 - 2009-07-14 01:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-22 18:53 - 2016-03-20 21:05 - 00000000 ____D C:\Users\Denis\AppData\Roaming\WMPNetworkAcSvc
2017-07-22 18:48 - 2017-05-02 10:33 - 00028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-07-22 18:48 - 2016-06-20 22:12 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-07-22 18:48 - 2015-11-03 21:35 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2017-07-22 18:48 - 2014-07-09 11:47 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-07-22 18:48 - 2014-07-09 11:47 - 00000000 ____D C:\ProgramData\GbPlugin
2017-07-22 18:48 - 2014-07-09 11:47 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-07-22 18:48 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-22 18:43 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-22 18:36 - 2015-07-23 09:36 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-07-22 18:33 - 2015-10-24 17:22 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2017-07-22 18:33 - 2015-10-24 17:22 - 00000000 ____D C:\ProgramData\IObit
2017-07-22 18:30 - 2016-01-17 19:54 - 92192768 _____ C:\Windows\system32\config\software.iodefrag.bak
2017-07-22 18:30 - 2016-01-17 19:54 - 00315392 _____ C:\Windows\system32\config\default.iodefrag.bak
2017-07-22 18:30 - 2016-01-17 19:54 - 00028672 _____ C:\Windows\system32\config\security.iodefrag.bak
2017-07-22 18:30 - 2016-01-17 19:54 - 00024576 _____ C:\Windows\system32\config\sam.iodefrag.bak
2017-07-22 18:18 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-07-22 18:17 - 2016-12-09 16:48 - 00000000 ____D C:\Users\Denis\AppData\Roaming\MPC-HC
2017-07-22 18:01 - 2015-10-24 17:22 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2017-07-22 18:01 - 2015-10-24 17:22 - 00000000 ____D C:\Users\Denis\AppData\Roaming\IObit
2017-07-22 18:01 - 2015-10-24 17:22 - 00000000 ____D C:\Users\Denis\AppData\LocalLow\IObit
2017-07-22 18:01 - 2015-10-24 17:22 - 00000000 ____D C:\ProgramData\ProductData
2017-07-22 17:47 - 2016-12-12 20:43 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-22 17:37 - 2013-08-24 12:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-22 17:24 - 2016-12-12 20:18 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-22 08:52 - 2014-11-22 10:34 - 00001032 _____ C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-22 08:52 - 2012-11-19 13:43 - 00001002 _____ C:\Users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-07-20 18:50 - 2017-04-06 15:51 - 00000000 ____D C:\Users\Denis\AppData\Roaming\excdir
2017-07-18 17:26 - 2017-06-15 10:48 - 00000000 ____D C:\Users\Denis\Documents\molde
2017-07-18 13:19 - 2012-11-19 13:42 - 00000000 ____D C:\Users\Denis
2017-07-13 08:52 - 2009-07-14 01:45 - 00412648 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-13 08:49 - 2015-04-27 08:55 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-12 21:54 - 2014-09-11 15:36 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 21:50 - 2014-09-11 15:35 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 21:48 - 2012-11-19 17:08 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-07-09 19:46 - 2012-11-19 16:59 - 00000000 ____D C:\Users\Denis\AppData\Local\ElevatedDiagnostics
2017-06-30 13:37 - 2011-01-27 21:01 - 00706008 _____ C:\Windows\system32\prfh0416.dat
2017-06-30 13:37 - 2011-01-27 21:01 - 00147848 _____ C:\Windows\system32\prfc0416.dat
2017-06-30 13:37 - 2009-07-14 02:13 - 01635826 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-26 21:02 - 2016-12-12 20:43 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Arquivos na raiz de alguns diretórios =======
2016-12-12 20:25 - 2016-12-12 20:28 - 7065600 _____ () C:\Program Files (x86)\GUT3B4A.tmp
2016-12-12 20:18 - 2016-12-12 20:28 - 7065600 _____ () C:\Program Files (x86)\GUTD5F2.tmp
2016-12-12 20:22 - 2016-12-12 20:28 - 7065600 _____ () C:\Program Files (x86)\GUTF796.tmp
2017-07-18 13:07 - 2017-07-18 13:07 - 0000262 _____ () C:\Users\Denis\AppData\Roaming\02976419
2014-07-09 11:46 - 2014-09-23 21:08 - 0031216 _____ () C:\Users\Denis\AppData\Roaming\unins000.dat
2014-09-23 21:08 - 2014-09-23 21:08 - 0720082 _____ () C:\Users\Denis\AppData\Roaming\unins000.exe
2014-10-23 14:22 - 2015-07-09 17:46 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2013-08-24 12:31 - 2016-09-24 15:24 - 0004963 _____ () C:\ProgramData\hpzinstall.log
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\Duplicaterecord.js
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\Duplicaterecord.js
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
Alguns arquivos em TEMP:
====================
2017-07-22 17:31 - 2017-07-22 18:33 - 0476672 _____ () C:\Users\Denis\AppData\Local\Temp\7za.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0020480 _____ (E Dev) C:\Users\Denis\AppData\Local\Temp\DaS_21.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0388608 _____ (Trend Micro Inc.) C:\Users\Denis\AppData\Local\Temp\hijackthis.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0030720 _____ (NirSoft) C:\Users\Denis\AppData\Local\Temp\NirCmd.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0256512 _____ () C:\Users\Denis\AppData\Local\Temp\PEVZ.EXE
2017-07-22 17:31 - 2017-07-22 18:33 - 0069632 _____ () C:\Users\Denis\AppData\Local\Temp\remove.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0098816 _____ () C:\Users\Denis\AppData\Local\Temp\sed.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0057344 _____ (Optimum X) C:\Users\Denis\AppData\Local\Temp\shortcut.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0161792 _____ (SteelWerX) C:\Users\Denis\AppData\Local\Temp\swreg.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0217088 _____ (SteelWerX) C:\Users\Denis\AppData\Local\Temp\swxcacls.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0154232 _____ (Noël Danjou) C:\Users\Denis\AppData\Local\Temp\wget.exe
2017-07-22 17:31 - 2017-07-22 18:33 - 0024064 _____ () C:\Users\Denis\AppData\Local\Temp\zoek-delete.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-07-22 00:17
==================== Fim de FRST.txt ============================