Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 11-08-2016 01 Executado por user (administrador) em USER-PC (10-08-2016 21:35:00) Executando a partir de C:\Users\user\Downloads Perfis Carregados: user (Perfis Disponíveis: user) Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 9 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files (x86)\CashReminder\CashReminder.exe () C:\Program Files (x86)\GOSafer\gosafer.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Cinema Plus v6V24.07) C:\Program Files (x86)\Cinema Plus v6V24.07\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-6.exe (HD-QualityV26.11) C:\Program Files (x86)\HD-Quality-1.1V26.11\3c24290d-6b93-433c-966a-e87d020627f4-6.exe (Cinema Plus v6V24.07) C:\Program Files (x86)\Cinema Plus v6V24.07\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-1-6.exe (iWebar) C:\Program Files (x86)\iWebar\561b80ca-7167-4b6d-b8ae-29402c165074-6.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe () C:\Users\user\AppData\Local\motiontooltipGUI\motiontooltipGUI.exe () C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe (Object Browser) C:\Program Files (x86)\Sense\d80d7ad2-db5e-41b7-9711-9fc3797f8994-6.exe () C:\Program Files (x86)\PopApp\livesspkerberosapi.exe (Object Browser) C:\Program Files (x86)\Object Browser\af492049-29a1-4865-a6df-4e4c989978b8-6.exe (Object Browser) C:\Program Files (x86)\Object Browser\33783b6c-75d7-4cf6-878c-683e60b42d19.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Baidu Inc.) C:\Program Files (x86)\PC App Store\5.0.1.8202\PCAppStoreSvc.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5967\bastray.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Windows\Temp\dgen.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe (Baidu Inc.) C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe (ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe (Search Snacks) C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe () C:\Program Files (x86)\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\SupraSavingsService64.exe () C:\Windows\taskmgr.exe () C:\ProgramData\Ikaesumtregi\1.0.7.1\slagrago.exe () C:\Program Files (x86)\WeatherTool\2.0.0.11102\WeatherService.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.0.11102\weather.exe () C:\Windows\wauctla.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (Time Lapse Solutions) C:\ProgramData\vHAPHWTBU\yNwDRTi.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe () C:\ProgramData\Ikaesumtregi\1.0.7.1\slagrago.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe () C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe () C:\Users\user\AppData\Local\motiontooltipGUI\contextualkeyboardx64.exe (Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe () C:\Program Files (x86)\eDealsPop\eDealsPop.exe () C:\Program Files (x86)\eDealPop\eDealPop.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Baidu Inc.) C:\Program Files (x86)\PC App Store\5.0.1.8202\AppStoreDeskTool.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe () C:\Windows\SysWOW64\addonopen_64\addonopen_64.exe (Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe () C:\Windows\SysWOW64\BIOSCommandFreeware\BIOSCommandFreeware.exe () C:\Windows\SysWOW64\ClipboardLogScreenshot\ClipboardLogScreenshot.exe (Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe () C:\Windows\SysWOW64\CommandFilePrivacy\CommandFilePrivacy.exe () C:\Windows\SysWOW64\CompileNativePython\CompileNativePython.exe () C:\Windows\SysWOW64\ContextualDesktopWord\ContextualDesktopWord.exe () C:\Windows\SysWOW64\driverqcapSched\driverqcapSched.exe () C:\Windows\SysWOW64\MemoryMotionTooltip\MemoryMotionTooltip.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe (Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe (Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe (Long Mile Solutions, LLC) C:\Program Files (x86)\speed browser\Application\browser.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [856800 2015-08-21] (GAS Tecnologia LTDA) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment) HKLM-x32\...\Run: [eDealsPop] => C:\Program Files (x86)\eDealsPop\eDealsPop.exe [7168 2014-07-17] () HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader) HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe [3211776 2014-09-30] () HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [6144 2014-12-03] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2015-08-01] (NCSOFT Corporation) HKLM-x32\...\Run: [PCAppStore_AppStoreDeskTool] => C:\Program Files (x86)\PC App Store\5.0.1.8202\AppStoreDeskTool.exe [849952 2014-12-18] (Baidu Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil) Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-01] (Caixa Economica Federal) HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG) HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-27] (Facebook Inc.) HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader) HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe [3211776 2014-09-30] () HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [UnicoBrowser] => C:\Users\user\AppData\Local\UnicoBrowser\Application\unicobrowser.exe [857224 2015-08-10] (The Unico Browser Authors) HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [Desktop Profile] => C:\Users\user\AppData\Roaming\dwmpro.exe [0 2015-07-16] () HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [CrashService] => C:\Users\user\AppData\Local\UnicoBrowser\Application\crash_service.exe [326792 2015-08-10] () HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation) HKU\S-1-5-21-2173916324-498683215-1709381490-1000\...\RunOnce: [Run_dregol] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\user\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat" AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245056 2014-12-10] (Client Connect LTD) AppInit_DLLs: C:\Users\user\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\user\AppData\Local\Smartbar\Application\Resources\crdlil64.dll [77856 2014-11-02] () AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215360 2014-12-10] (Client Connect LTD) IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1867432 2015-09-01] (Caixa Economica Federal) ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BavShx64.dll Nenhum Arquivo ShellIconOverlayIdentifiers: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\Windows\system32\pfmshx_463.dll [2010-07-07] (Pismo Technic Inc.) ShellIconOverlayIdentifiers-x32: [{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}] -> {4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B} => C:\Windows\SysWOW64\pfmshx_463.dll [2010-07-07] (Pismo Technic Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-25] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Profiles.vbs [2015-04-25] () Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2014-09-01] ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) GroupPolicy: Restrição - Chrome <======= ATENÇÃO GroupPolicy-x32: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [S-1-5-21-2173916324-498683215-1709381490-1000] => Proxy está habilitado. ProxyServer: [S-1-5-21-2173916324-498683215-1709381490-1000] => http=127.0.0.1:12759 Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 189.6.0.72 189.6.0.71 Tcpip\..\Interfaces\{05A6E0AD-DB88-4BBA-AFBE-956AA5829D3F}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{05A6E0AD-DB88-4BBA-AFBE-956AA5829D3F}: [DhcpNameServer] 189.6.0.72 189.6.0.71 ManualProxies: 1http=127.0.0.1:12393 Internet Explorer: ================== HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1413050204&from=bro&uid=ST3250310AS_6RYNQEE7&q={searchTerms} HKU\S-1-5-21-2173916324-498683215-1709381490-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.search.yahoo.com/?fr=hp-ddc-bd&type=pr-bir-t4__alt__ddc_dsssyc_bd_com URLSearchHook: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 - (Sem Nome) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Nenhum Arquivo SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_02&type=y&p={searchTerms} SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1eeK7l24Ey_peMn2wnP0QyCO5K5XmXCpPyor6rlPDxrIa1JvrIYUzWWC5jI6aMxK30tX8m4mryokNQ2MYl8wyhInquN1J2NpNna2O9kecBEYYlO-rKL-8kdCsOc5CE62R8p64e8jSgyIHimM6Rrt6tn1VUUDe8XBR_FGhdnfGxKe19H7C&q={searchTerms} SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> OldSearch URL = hxxp://searchsimple-a.akamaihd.net/?affID=t4&q={searchTerms}&r=675 SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://br.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-t4__alt__ddc_dss_bd_com&p={searchTerms} SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330117&octid=EB_ORIGINAL_CTID&ISID=MB8017637-E121-4913-BE97-78A9EB12BAA0&SearchSource=58&CUI=&UM=6&UP=SPA9A90DB8-4DEC-44FA-B211-3B923C5354C2&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll [2014-10-03] (Object Browser) BHO: Sense -> {11111111-1111-1111-1111-110611191115} -> C:\Program Files (x86)\Sense\Sense-bho64.dll [2014-10-03] (Object Browser) BHO: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll [2014-10-03] (iWebar) BHO: MuvicEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation) BHO: SearchSnacks -> {7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} -> C:\Program Files\SearchSnacks\IE\SearchSnacksClientIE.dll [2014-05-13] (Search Snacks) BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll => Nenhum Arquivo BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2014-09-30] (Goobzo Ltd.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation) BHO-x32: 2rs3 -> {10AD2C61-0898-4348-8600-14A342F22AC3} -> C:\Program Files (x86)\SupraSavings\2rs3.dll [2014-03-21] () BHO-x32: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho.dll [2014-10-03] (Object Browser) BHO-x32: Sense -> {11111111-1111-1111-1111-110611191115} -> C:\Program Files (x86)\Sense\Sense-bho.dll [2014-10-03] (Object Browser) BHO-x32: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll [2014-10-03] (iWebar) BHO-x32: MuvicEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO-x32: SupraSavings -> {68f4dacb-10fa-ca10-ad7d-91b574356f1d} -> C:\Program Files\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\sgnahzzzax.dll [2014-07-08] () BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation) BHO-x32: SearchSnacks -> {7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} -> C:\Program Files (x86)\SearchSnacks\IE\SearchSnacksClientIE.dll [2014-05-13] (Search Snacks) BHO-x32: Sem Nome -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> Nenhum Arquivo BHO-x32: Sem Nome -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> Nenhum Arquivo BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2014-09-30] (Goobzo Ltd.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-01] (Caixa Economica Federal) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation) Toolbar: HKLM - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) Toolbar: HKLM-x32 - Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation) IE Session Restore: HKU\S-1-5-21-2173916324-498683215-1709381490-1000 -> está habilitado. Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-24] (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-24] (globalUpdate) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2014-02-06] (SaveSense) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2014-02-06] (SaveSense) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-22] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: gastecnologia.com.br/sf/bb -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2014-05-15] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: gastecnologia.com.br/sf/cef -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-2173916324-498683215-1709381490-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia) FF Extension: iWebar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default\extensions\ROUAILDE73397174@UXGZI17268980.com [2016-04-04] [não assinado] FF Extension: Sense - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default\extensions\warnerroberts@hotmail.com [2016-04-04] [não assinado] FF Extension: Object Browser - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\wbg2iylv.default\extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2016-04-04] [não assinado] Chrome: ======= CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (dregol New Tab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2015-11-19] CHR Extension: (Skype) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-25] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Quick start) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2015-11-19] CHR Extension: (GBBD Banco do Brasil) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh [2015-11-19] CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-09] CHR Extension: (Ask Toolbar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljcgbedjplidkdjahbaalanadmjfgop [2015-11-19] CHR Extension: (Sem Nome) - C:\Users\user\AppData\Local\Christmas\Component [2016-08-10] CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx CHR HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2173916324-498683215-1709381490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\user\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2014-06-11] CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files (x86)\Iminent\Iminent.crx" CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-10-03] CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx StartMenuInternet: Google Chrome.LNCXXAXTB2GAFCKMAZMAQKNOW4 - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe Opera: ======= OPR Extension: (Photo Share Social) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\hopccneiddkchcaojojncochkmamjkhn [2014-12-21] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 addonopen_64; C:\Windows\SysWOW64\addonopen_64\addonopen_64.exe [83456 2015-01-16] () [Arquivo não assinado] R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) [Arquivo não assinado] <==== ATENÇÃO R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.) R2 BIOSCommandFreeware; C:\Windows\SysWOW64\BIOSCommandFreeware\BIOSCommandFreeware.exe [68096 2014-11-26] () [Arquivo não assinado] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 CashReminder; C:\Program Files (x86)\CashReminder\CashReminder.exe [443840 2015-08-10] () R2 ClipboardLogScreenshot; C:\Windows\SysWOW64\ClipboardLogScreenshot\ClipboardLogScreenshot.exe [68096 2014-11-26] () [Arquivo não assinado] R2 CommandFilePrivacy; C:\Windows\SysWOW64\CommandFilePrivacy\CommandFilePrivacy.exe [68096 2014-11-26] () [Arquivo não assinado] R2 CompileNativePython; C:\Windows\SysWOW64\CompileNativePython\CompileNativePython.exe [68096 2014-11-26] () [Arquivo não assinado] R2 ContextualDesktopWord; C:\Windows\SysWOW64\ContextualDesktopWord\ContextualDesktopWord.exe [68096 2014-11-26] () [Arquivo não assinado] R2 driverqcapSched; C:\Windows\SysWOW64\driverqcapSched\driverqcapSched.exe [83456 2015-01-16] () [Arquivo não assinado] R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-13] (GAS Tecnologia) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-24] (globalUpdate) [Arquivo não assinado] <==== ATENÇÃO S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-24] (globalUpdate) [Arquivo não assinado] <==== ATENÇÃO S4 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-05-22] () [Arquivo não assinado] R2 GOSafer; C:\Program Files (x86)\GOSafer\GOSafer.exe [443952 2015-03-13] () R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-11-03] (Hi-Rez Studios) [Arquivo não assinado] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Arquivo não assinado] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.) S4 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [34328 2014-08-27] () [Arquivo não assinado] <==== ATENÇÃO S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.) R2 MemoryMotionTooltip; C:\Windows\SysWOW64\MemoryMotionTooltip\MemoryMotionTooltip.exe [60965 2014-09-01] () [Arquivo não assinado] R2 motiontooltipGUI.exe; C:\Users\user\AppData\Local\motiontooltipGUI\motiontooltipGUI.exe [169472 2015-09-21] () [Arquivo não assinado] R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-20] (Electronic Arts) R2 pappService; C:\Program Files (x86)\PopApp\livesspkerberosapi.exe [187904 2015-09-21] () [Arquivo não assinado] R2 PCAppStoreSvc_{PCAppStore_5.0.1.8202}; C:\Program Files (x86)\PC App Store\5.0.1.8202\PCAppStoreSvc.exe [571424 2014-12-18] (Baidu Inc.) S2 ProtectMonitor; C:\Program Files\PCDApp\StartHelp.exe [77705 2014-06-09] () [Arquivo não assinado] <==== ATENÇÃO R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7806848 2016-05-27] (Reimage®) S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-06] (SaveSense) S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-06] (SaveSense) R2 SparkSvc; C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe [97080 2016-03-05] (Baidu Inc.) S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1372472 2015-09-23] (Baidu.com, Inc.) R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-09-30] (ShopperPro) R2 sssvc; C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe [274016 2014-05-13] (Search Snacks) R2 SupraSavingsService64; C:\Program Files (x86)\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\SupraSavingsService64.exe [172544 2014-06-25] () [Arquivo não assinado] R2 Task Manager Pro; C:\Windows\taskmgr.exe [16896 2015-07-29] () [Arquivo não assinado] R2 Task Manager Pro; C:\Windows\SysWOW64\taskmgr.exe [227328 2010-11-21] (Microsoft Corporation) R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.0.11102\WeatherService.exe [152008 2015-11-30] () R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [856800 2015-08-21] (GAS Tecnologia LTDA) R2 wauctla Service; C:\Windows\wauctla.exe [1044480 2015-02-26] () [Arquivo não assinado] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 yNwDRTi; C:\ProgramData\vHAPHWTBU\yNwDRTi.exe [2726256 2014-11-23] (Time Lapse Solutions) S2 BIOSDashboardFreeware.exe; C:\Users\user\AppData\Local\BIOSDashboardFreeware\BIOSDashboardFreeware.exe [X] S2 BIOSGammaRuby.exe; C:\Users\user\AppData\Local\BIOSGammaRuby\BIOSGammaRuby.exe [X] S2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [X] S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X] S2 ContextualDockQuick.exe; C:\Users\user\AppData\Local\ContextualDockQuick\ContextualDockQuick.exe [X] S2 filedimsjobRec.exe; C:\Users\user\AppData\Local\filedimsjobRec\filedimsjobRec.exe [X] S2 KernelMetafileWYSIWYG.exe; C:\Users\user\AppData\Local\KernelMetafileWYSIWYG\KernelMetafileWYSIWYG.exe [X] S2 LogOSRecycle.exe; C:\Users\user\AppData\Local\LogOSRecycle\LogOSRecycle.exe [X] S2 mydocskerberosRecovery.exe; C:\Users\user\AppData\Local\mydocskerberosRecovery\mydocskerberosRecovery.exe [X] S2 OfficeRootWindows.exe; C:\Users\user\AppData\Local\OfficeRootWindows\OfficeRootWindows.exe [X] S2 perftrackclbcatqProvider.exe; C:\Users\user\AppData\Local\perftrackclbcatqProvider\perftrackclbcatqProvider.exe [X] S2 servervo; C:\Users\user\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATENÇÃO ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 crfilterdrv; C:\Windows\System32\drivers\crfilterdrv.sys [57160 2015-08-10] (Windows (R) Win 7 DDK provider) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia) R1 gosaferdrv; C:\Windows\System32\drivers\gosaferdrv.sys [51504 2015-01-19] (Windows (R) Win 7 DDK provider) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-08] (NetFilterSDK.com) R1 pfmfs_463; C:\Windows\System32\Drivers\pfmfs_463.sys [249704 2010-07-07] (Pismo Technic Inc.) R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2014-08-25] (YTDownloader) R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-09-30] () R2 SPDRIVER_1.37.0.1323; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1323\jsdrv.sys [52584 2014-09-30] () R1 ssnfd; C:\Windows\System32\drivers\ssnfd.sys [58248 2014-05-13] (Search Snacks) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-03] (GAS Tecnologia LTDA) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-08-10] (GAS Tecnologia) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia) R1 {24d08b5c-a3b3-4969-8c35-c8cd9a120697}w64; C:\Windows\System32\drivers\{24d08b5c-a3b3-4969-8c35-c8cd9a120697}w64.sys [48832 2014-11-28] (StdLib) R1 {8fb17db9-fb10-4812-ae47-50cdd8254169}w64; C:\Windows\System32\drivers\{8fb17db9-fb10-4812-ae47-50cdd8254169}w64.sys [48832 2014-11-29] (StdLib) R1 {90f4e807-c1e3-4ef0-952b-5051185ec331}w64; C:\Windows\System32\drivers\{90f4e807-c1e3-4ef0-952b-5051185ec331}w64.sys [48832 2014-11-27] (StdLib) R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64; C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}w64.sys [61120 2014-09-01] (StdLib) S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 cpuz134; \??\C:\Users\user\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [X] S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-08-10 21:35 - 2016-08-10 21:35 - 00039432 _____ C:\Users\user\Downloads\FRST.txt 2016-08-10 21:34 - 2016-08-10 21:35 - 00000000 ____D C:\FRST 2016-08-10 21:34 - 2016-08-10 21:34 - 02393600 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2016-08-07 23:35 - 2016-08-07 23:46 - 00000000 ____D C:\Program Files (x86)\Hearthstone 2016-08-07 23:30 - 2016-08-07 23:30 - 03204592 _____ (Blizzard Entertainment) C:\Users\user\Downloads\Hearthstone-Setup (2).exe 2016-07-31 02:11 - 2016-07-31 02:11 - 00276888 _____ C:\Windows\Minidump\073116-20404-01.dmp 2016-07-20 13:29 - 2016-07-20 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2016-07-20 13:29 - 2016-07-20 13:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2016-07-19 07:39 - 2016-07-20 13:42 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\LogMeIn Hamachi 2016-07-19 07:39 - 2016-07-20 13:42 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi 2016-07-19 07:39 - 2016-07-20 13:42 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi 2016-07-15 02:04 - 2016-07-15 02:04 - 00000000 ____D C:\Users\user\PkHonor 2016-07-15 02:03 - 2016-07-15 02:03 - 00001937 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PkHonor.lnk 2016-07-15 02:03 - 2016-07-15 02:03 - 00001913 _____ C:\Users\Public\Desktop\PkHonor.lnk 2016-07-15 02:03 - 2016-07-15 02:03 - 00000000 ____D C:\Users\user\Documents\My Games 2016-07-15 02:03 - 2016-07-15 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PkHonor 2016-07-15 02:02 - 2016-07-15 02:02 - 02853426 _____ (PkHonor) C:\Users\user\Downloads\PkHonor_Installer.exe 2016-07-15 00:22 - 2016-07-15 00:22 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-08-10 21:33 - 2014-06-13 10:58 - 00000000 ____D C:\Program Files\suprasavings 2016-08-10 21:25 - 2014-10-03 15:20 - 00004124 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-3.job 2016-08-10 21:25 - 2014-09-01 19:14 - 00000276 _____ C:\Windows\Tasks\SpeedUpMyPC Maintenance.job 2016-08-10 21:23 - 2014-10-03 15:23 - 00004478 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-4.job 2016-08-10 21:23 - 2014-10-03 15:23 - 00003436 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-1.job 2016-08-10 21:23 - 2014-10-03 15:23 - 00002758 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-5_user.job 2016-08-10 21:23 - 2014-10-03 15:23 - 00002756 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-5_user.job 2016-08-10 21:23 - 2014-10-03 15:23 - 00002756 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-5.job 2016-08-10 21:23 - 2014-10-03 15:23 - 00002430 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-5_user.job 2016-08-10 21:23 - 2014-10-03 15:23 - 00002430 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-5.job 2016-08-10 21:23 - 2014-10-03 15:23 - 00002094 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-2.job 2016-08-10 21:23 - 2014-10-03 15:23 - 00001350 _____ C:\Windows\Tasks\33783b6c-75d7-4cf6-878c-683e60b42d19.job 2016-08-10 21:23 - 2014-10-03 15:22 - 00002758 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-5.job 2016-08-10 21:23 - 2014-10-03 15:22 - 00002412 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-2.job 2016-08-10 21:22 - 2014-10-03 15:22 - 00004462 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-4.job 2016-08-10 21:22 - 2014-10-03 15:22 - 00004460 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-4.job 2016-08-10 21:22 - 2014-10-03 15:22 - 00004142 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-6.job 2016-08-10 21:22 - 2014-10-03 15:22 - 00003798 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-7.job 2016-08-10 21:22 - 2014-10-03 15:22 - 00003748 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-1.job 2016-08-10 21:22 - 2014-10-03 15:22 - 00003744 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-1.job 2016-08-10 21:22 - 2014-10-03 15:22 - 00002414 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-2.job 2016-08-10 21:22 - 2014-10-03 15:22 - 00000552 _____ C:\Windows\Tasks\f41a877f-30c9-408f-813d-d6ae8f105ca0.job 2016-08-10 21:22 - 2014-10-03 15:21 - 00004460 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-6.job 2016-08-10 21:22 - 2014-06-03 21:21 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-10 21:21 - 2014-10-03 15:21 - 00005168 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-11.job 2016-08-10 21:21 - 2014-10-03 15:21 - 00004462 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-6.job 2016-08-10 21:21 - 2014-10-03 15:21 - 00004126 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-7.job 2016-08-10 21:21 - 2014-10-03 15:21 - 00004124 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-7.job 2016-08-10 21:21 - 2014-10-03 15:21 - 00003454 _____ C:\Windows\Tasks\af492049-29a1-4865-a6df-4e4c989978b8-3.job 2016-08-10 21:20 - 2015-06-11 11:19 - 00000616 _____ C:\Windows\Tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job 2016-08-10 21:20 - 2014-10-03 15:20 - 00005488 _____ C:\Windows\Tasks\561b80ca-7167-4b6d-b8ae-29402c165074-11.job 2016-08-10 21:20 - 2014-10-03 15:20 - 00005486 _____ C:\Windows\Tasks\d80d7ad2-db5e-41b7-9711-9fc3797f8994-11.job 2016-08-10 21:13 - 2014-09-01 19:14 - 00000270 _____ C:\Windows\Tasks\SpeedUpMyPC Startup.job 2016-08-10 21:04 - 2015-07-24 18:04 - 00005520 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-6.job 2016-08-10 21:04 - 2015-07-24 18:04 - 00003140 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-1-6.job 2016-08-10 21:04 - 2015-04-12 00:04 - 00001318 _____ C:\Windows\Tasks\ext_coupons_notification_service.job 2016-08-10 21:04 - 2015-04-04 19:02 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2016-08-10 21:03 - 2013-09-24 11:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2016-08-10 21:02 - 2015-04-05 00:02 - 00001306 _____ C:\Windows\Tasks\web_disco_notification_service.job 2016-08-10 21:02 - 2015-04-04 18:02 - 00001288 _____ C:\Windows\Tasks\help4u_notification_service.job 2016-08-10 21:01 - 2014-11-04 22:01 - 00000288 _____ C:\Windows\Tasks\Groovorio.job 2016-08-10 21:00 - 2014-02-06 22:55 - 00000928 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job 2016-08-10 20:59 - 2014-11-26 16:59 - 00005514 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-6.job 2016-08-10 20:57 - 2013-09-24 11:19 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000UA.job 2016-08-10 20:55 - 2013-11-29 08:46 - 00000288 _____ C:\Windows\Tasks\UpdaterEX.job 2016-08-10 20:51 - 2016-02-22 14:04 - 00001968 _____ C:\Users\user\Desktop\Facebook.lnk 2016-08-10 20:51 - 2016-02-21 18:05 - 00001968 _____ C:\Users\user\Desktop\Youtube.lnk 2016-08-10 20:51 - 2016-02-21 18:04 - 00001968 _____ C:\Users\user\Desktop\Wikipedia.lnk 2016-08-10 20:51 - 2016-02-21 18:04 - 00001968 _____ C:\Users\user\Desktop\Hotmail.lnk 2016-08-10 20:51 - 2015-07-18 00:56 - 00002137 _____ C:\Users\user\Desktop\Google Chrome.lnk 2016-08-10 20:51 - 2015-04-12 11:44 - 00001968 _____ C:\Users\user\Desktop\Amazon.lnk 2016-08-10 20:50 - 2015-04-08 20:50 - 00001336 _____ C:\Windows\Tasks\shopping_blast_notification_service.job 2016-08-10 20:50 - 2015-04-08 20:50 - 00000698 _____ C:\Windows\Tasks\shopping_blast_updating_service.job 2016-08-10 20:42 - 2015-05-20 18:49 - 00003444 _____ C:\Windows\System32\Tasks\Ikaesumtregi 2016-08-10 20:42 - 2015-04-12 11:42 - 00000288 _____ C:\Windows\Tasks\Run_dregol.job 2016-08-10 20:41 - 2014-01-14 00:16 - 00000000 ____D C:\Users\user\AppData\Local\LogMeIn Hamachi 2016-08-10 20:39 - 2014-06-11 10:00 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2016-08-10 20:37 - 2015-11-01 11:37 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2016-08-10 20:37 - 2015-07-24 18:05 - 00002448 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-5.job 2016-08-10 20:37 - 2015-07-24 18:04 - 00005520 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-7.job 2016-08-10 20:37 - 2015-07-24 18:04 - 00003476 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-1-7.job 2016-08-10 20:37 - 2015-07-24 18:03 - 00005186 _____ C:\Windows\Tasks\a3c8f6ce-25c6-4d34-8c3d-efd5ac441164-11.job 2016-08-10 20:37 - 2015-06-15 15:30 - 00000428 _____ C:\Windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job 2016-08-10 20:37 - 2015-06-11 11:19 - 00000000 ____D C:\Users\Todos os Usuários\ToolsUpdatePlatform 2016-08-10 20:37 - 2015-06-11 11:19 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform 2016-08-10 20:37 - 2015-04-12 00:04 - 00000680 _____ C:\Windows\Tasks\ext_coupons_updating_service.job 2016-08-10 20:37 - 2015-04-05 00:02 - 00000668 _____ C:\Windows\Tasks\web_disco_updating_service.job 2016-08-10 20:37 - 2015-04-04 18:02 - 00000650 _____ C:\Windows\Tasks\help4u_updating_service.job 2016-08-10 20:37 - 2014-11-26 17:00 - 00002442 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-5_user.job 2016-08-10 20:37 - 2014-11-26 17:00 - 00002442 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-5.job 2016-08-10 20:37 - 2014-11-26 16:59 - 00005178 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-7.job 2016-08-10 20:37 - 2014-11-26 16:59 - 00000642 _____ C:\Windows\Tasks\30a6c0dd-c016-4f3b-b1d9-68248a552061.job 2016-08-10 20:37 - 2014-11-26 16:57 - 00005180 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-11.job 2016-08-10 20:37 - 2014-11-26 16:57 - 00004490 _____ C:\Windows\Tasks\3c24290d-6b93-433c-966a-e87d020627f4-3.job 2016-08-10 20:37 - 2014-10-03 15:20 - 00000986 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2016-08-10 20:37 - 2014-06-13 10:57 - 00000000 ____D C:\Program Files\PCDApp 2016-08-10 20:37 - 2014-02-06 22:55 - 00000924 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job 2016-08-10 20:36 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-10 20:35 - 2009-07-14 01:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-10 20:35 - 2009-07-14 01:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-10 19:57 - 2016-05-15 13:44 - 00001022 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000Core.job 2016-08-10 19:46 - 2015-05-06 19:33 - 00000000 ____D C:\Users\user\AppData\Roaming\WeatherTool 2016-08-10 18:57 - 2013-10-27 17:52 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000UA.job 2016-08-10 18:57 - 2013-10-27 17:52 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000Core.job 2016-08-10 18:08 - 2014-11-26 16:57 - 00000990 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2016-08-10 17:20 - 2013-10-05 01:37 - 00000024 _____ C:\Users\user\random.dat 2016-08-10 17:01 - 2014-06-29 11:58 - 00000024 _____ C:\Users\user\jagexappletviewer.preferences 2016-08-10 16:08 - 2014-06-29 10:41 - 00000043 _____ C:\Users\user\jagex_cl_runescape_LIVE.dat 2016-08-10 16:06 - 2013-09-24 11:19 - 00002184 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-07 23:42 - 2016-02-13 22:11 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net 2016-08-07 23:42 - 2016-02-13 22:05 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-08-07 23:32 - 2016-02-13 21:58 - 00000000 ____D C:\Users\Todos os Usuários\Battle.net 2016-08-07 23:32 - 2016-02-13 21:58 - 00000000 ____D C:\ProgramData\Battle.net 2016-08-05 21:19 - 2014-07-02 21:42 - 00000044 _____ C:\Users\user\jagex_cl_runescape_LIVE1.dat 2016-08-05 13:03 - 2014-11-26 16:58 - 00003850 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417031906 2016-08-05 13:03 - 2014-11-26 16:56 - 00000000 ____D C:\Program Files (x86)\Opera 2016-07-31 02:11 - 2016-01-16 17:31 - 516168505 _____ C:\Windows\MEMORY.DMP 2016-07-31 02:11 - 2014-12-17 14:20 - 00000000 ____D C:\Windows\Minidump 2016-07-30 17:49 - 2013-11-22 19:01 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics 2016-07-28 19:52 - 2016-05-15 13:44 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000Core 2016-07-28 19:52 - 2013-09-24 11:19 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2173916324-498683215-1709381490-1000UA 2016-07-20 12:08 - 2014-01-27 17:25 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2016-07-19 22:59 - 2013-09-24 11:03 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-07-19 22:59 - 2013-09-24 11:03 - 00000000 ____D C:\ProgramData\Skype 2016-07-15 00:22 - 2014-06-03 21:21 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-15 00:22 - 2013-09-24 11:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-15 00:22 - 2013-09-24 11:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-12 17:22 - 2013-09-24 11:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-12 17:22 - 2013-09-24 11:26 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-12 17:08 - 2013-09-24 11:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-07-11 23:53 - 2014-12-24 13:14 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Arquivos na raiz de alguns diretórios ======= 2015-04-25 17:31 - 2015-07-16 04:35 - 0000000 _____ () C:\Users\user\AppData\Roaming\dwmpro.exe 2016-06-09 16:12 - 2016-06-09 16:12 - 26671784 _____ () C:\Users\user\AppData\Roaming\gameboxsetup.exe 2015-04-25 17:32 - 2015-07-16 01:50 - 0264653 _____ () C:\Users\user\AppData\Roaming\ndantif 2014-06-11 09:59 - 2014-06-11 10:06 - 0016349 _____ () C:\Users\user\AppData\Roaming\unins000.dat 2014-06-11 09:59 - 2014-06-11 10:05 - 0815314 _____ () C:\Users\user\AppData\Roaming\unins000.exe 2015-11-01 11:36 - 2015-11-01 11:36 - 0016505 _____ () C:\Users\user\AppData\Roaming\unins001.dat 2015-11-01 11:36 - 2015-11-01 11:36 - 0730322 _____ () C:\Users\user\AppData\Roaming\unins001.exe 2013-12-18 23:46 - 2014-12-09 23:01 - 0000241 _____ () C:\Users\user\AppData\Roaming\WB.CFG 2014-12-01 21:12 - 2014-12-01 21:12 - 0000001 _____ () C:\Users\user\AppData\Local\DSI.DAT 2014-12-01 21:11 - 2014-12-01 21:11 - 0022528 _____ () C:\Users\user\AppData\Local\dsisetup2006840852.exe 2016-03-29 00:05 - 2016-03-29 00:06 - 0000000 _____ () C:\Users\user\AppData\Local\{086FE175-BC41-4208-B7FC-747FD2D61217} 2015-09-08 05:01 - 2015-09-08 05:02 - 0000000 _____ () C:\Users\user\AppData\Local\{11CE448D-5498-49F0-918E-68D64CC61684} 2014-12-09 00:19 - 2014-12-09 00:20 - 0000000 _____ () C:\Users\user\AppData\Local\{399E252E-9AD6-4F42-B254-2C20B47463D0} 2015-02-11 23:35 - 2015-02-11 23:35 - 0000000 _____ () C:\Users\user\AppData\Local\{6F82113B-9A2F-4EE2-B9FA-01A23A6FAAAC} 2014-11-17 09:43 - 2014-11-17 09:43 - 0000000 _____ () C:\Users\user\AppData\Local\{B25B63CC-2D7A-4012-A313-7E9F5CD1A245} 2015-02-01 23:35 - 2015-02-01 23:35 - 0000000 _____ () C:\Users\user\AppData\Local\{BF0475CE-C850-4522-BB8D-D3166D10B9AD} 2014-07-08 00:12 - 2014-07-08 00:12 - 0000000 _____ () C:\Users\user\AppData\Local\{E1B44337-5C49-4F98-B1ED-EB262D5CB175} 2015-03-10 21:26 - 2015-03-10 21:26 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-10-24 17:51 - 2015-03-06 17:29 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js 2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll 2015-09-23 12:01 - 2015-09-23 12:01 - 0000020 _____ () C:\ProgramData\nbc.ini 2015-06-14 15:25 - 2015-05-14 18:06 - 1029096 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\Duplicaterecord.js C:\ProgramData\FileSplitUpLoad.dll C:\ProgramData\WeatherMini.exe C:\Users\Todos os Usuários\Duplicaterecord.js C:\Users\Todos os Usuários\FileSplitUpLoad.dll C:\Users\Todos os Usuários\WeatherMini.exe C:\Users\user\alotic_preferences.dat C:\Users\user\alotic_preferences2.dat C:\Users\user\exoria_cl_exoria_LIVE.dat C:\Users\user\feather_cl_DedicationX_Core.dat C:\Users\user\feather_cl_Reprisal_Core.dat C:\Users\user\keystore.dat C:\Users\user\matrix_cl_Goodpk_LIVE.dat C:\Users\user\matrix_cl_Goodpk_LIVE1.dat C:\Users\user\matrix_cl_matrix_LIVE.dat C:\Users\user\revx_cl_matrix_LIVE.dat C:\Users\user\rn_cl_anarchy_LIVE.dat C:\Users\user\systemid.dat C:\Users\user\uid.dat Alguns arquivos em TEMP: ==================== C:\Users\user\AppData\Local\Temp\10015.exe C:\Users\user\AppData\Local\Temp\10464.exe C:\Users\user\AppData\Local\Temp\1060.exe C:\Users\user\AppData\Local\Temp\10634.exe C:\Users\user\AppData\Local\Temp\10694.exe C:\Users\user\AppData\Local\Temp\1078.exe C:\Users\user\AppData\Local\Temp\10815.exe C:\Users\user\AppData\Local\Temp\10874.exe C:\Users\user\AppData\Local\Temp\11056.exe C:\Users\user\AppData\Local\Temp\11172.exe C:\Users\user\AppData\Local\Temp\11247.exe C:\Users\user\AppData\Local\Temp\11252.exe C:\Users\user\AppData\Local\Temp\11611.exe C:\Users\user\AppData\Local\Temp\11613.exe C:\Users\user\AppData\Local\Temp\11628.exe C:\Users\user\AppData\Local\Temp\11773.exe C:\Users\user\AppData\Local\Temp\12015.exe C:\Users\user\AppData\Local\Temp\12491.exe C:\Users\user\AppData\Local\Temp\12619.exe C:\Users\user\AppData\Local\Temp\12918.exe C:\Users\user\AppData\Local\Temp\12931.exe C:\Users\user\AppData\Local\Temp\13352.exe C:\Users\user\AppData\Local\Temp\13463.exe C:\Users\user\AppData\Local\Temp\1350.exe C:\Users\user\AppData\Local\Temp\14052.exe C:\Users\user\AppData\Local\Temp\14056.exe C:\Users\user\AppData\Local\Temp\14118.exe C:\Users\user\AppData\Local\Temp\14281.exe C:\Users\user\AppData\Local\Temp\1434306630.exe C:\Users\user\AppData\Local\Temp\14834.exe C:\Users\user\AppData\Local\Temp\1497.exe C:\Users\user\AppData\Local\Temp\15010.exe C:\Users\user\AppData\Local\Temp\15048.exe C:\Users\user\AppData\Local\Temp\15168.exe C:\Users\user\AppData\Local\Temp\15176.exe C:\Users\user\AppData\Local\Temp\15233.exe C:\Users\user\AppData\Local\Temp\15258.exe C:\Users\user\AppData\Local\Temp\15365.exe C:\Users\user\AppData\Local\Temp\15393.exe C:\Users\user\AppData\Local\Temp\15524.exe C:\Users\user\AppData\Local\Temp\1622.exe C:\Users\user\AppData\Local\Temp\16290.exe C:\Users\user\AppData\Local\Temp\16398.exe C:\Users\user\AppData\Local\Temp\16556.exe C:\Users\user\AppData\Local\Temp\1684.exe C:\Users\user\AppData\Local\Temp\16987.exe C:\Users\user\AppData\Local\Temp\17165.exe C:\Users\user\AppData\Local\Temp\17237.exe C:\Users\user\AppData\Local\Temp\17245.exe C:\Users\user\AppData\Local\Temp\17712.exe C:\Users\user\AppData\Local\Temp\17775.exe C:\Users\user\AppData\Local\Temp\17779.exe C:\Users\user\AppData\Local\Temp\17964.exe C:\Users\user\AppData\Local\Temp\18113.exe C:\Users\user\AppData\Local\Temp\18225.exe C:\Users\user\AppData\Local\Temp\18346.exe C:\Users\user\AppData\Local\Temp\18458.exe C:\Users\user\AppData\Local\Temp\18876669-1650-4c82-9fe8-ec467308849d.exe C:\Users\user\AppData\Local\Temp\1904.exe C:\Users\user\AppData\Local\Temp\19374.exe C:\Users\user\AppData\Local\Temp\19433.exe C:\Users\user\AppData\Local\Temp\19628.exe C:\Users\user\AppData\Local\Temp\20191.exe C:\Users\user\AppData\Local\Temp\20285.exe C:\Users\user\AppData\Local\Temp\21361.exe C:\Users\user\AppData\Local\Temp\21417.exe C:\Users\user\AppData\Local\Temp\21684.exe C:\Users\user\AppData\Local\Temp\21725.exe C:\Users\user\AppData\Local\Temp\21781.exe C:\Users\user\AppData\Local\Temp\21813.exe C:\Users\user\AppData\Local\Temp\21898.exe C:\Users\user\AppData\Local\Temp\21971.exe C:\Users\user\AppData\Local\Temp\22325.exe C:\Users\user\AppData\Local\Temp\22522.exe C:\Users\user\AppData\Local\Temp\22850.exe C:\Users\user\AppData\Local\Temp\2290.exe C:\Users\user\AppData\Local\Temp\22994.exe C:\Users\user\AppData\Local\Temp\2309.exe C:\Users\user\AppData\Local\Temp\23266.exe C:\Users\user\AppData\Local\Temp\23635.exe C:\Users\user\AppData\Local\Temp\24120.exe C:\Users\user\AppData\Local\Temp\24285.exe C:\Users\user\AppData\Local\Temp\24308.exe C:\Users\user\AppData\Local\Temp\24384.exe C:\Users\user\AppData\Local\Temp\24661.exe C:\Users\user\AppData\Local\Temp\24783.exe C:\Users\user\AppData\Local\Temp\24807.exe C:\Users\user\AppData\Local\Temp\25043.exe C:\Users\user\AppData\Local\Temp\25096.exe C:\Users\user\AppData\Local\Temp\25221.exe C:\Users\user\AppData\Local\Temp\25244.exe C:\Users\user\AppData\Local\Temp\25914.exe C:\Users\user\AppData\Local\Temp\26099.exe C:\Users\user\AppData\Local\Temp\26141.exe C:\Users\user\AppData\Local\Temp\26637.exe C:\Users\user\AppData\Local\Temp\27297.exe C:\Users\user\AppData\Local\Temp\27611.exe C:\Users\user\AppData\Local\Temp\27857.exe C:\Users\user\AppData\Local\Temp\27988.exe C:\Users\user\AppData\Local\Temp\28031.exe C:\Users\user\AppData\Local\Temp\28476.exe C:\Users\user\AppData\Local\Temp\28498.exe C:\Users\user\AppData\Local\Temp\28518.exe C:\Users\user\AppData\Local\Temp\28966.exe C:\Users\user\AppData\Local\Temp\29020.exe C:\Users\user\AppData\Local\Temp\2903.exe C:\Users\user\AppData\Local\Temp\29853.exe C:\Users\user\AppData\Local\Temp\30772.exe C:\Users\user\AppData\Local\Temp\30926.exe C:\Users\user\AppData\Local\Temp\30998.exe C:\Users\user\AppData\Local\Temp\31129.exe C:\Users\user\AppData\Local\Temp\31384.exe C:\Users\user\AppData\Local\Temp\31435.exe C:\Users\user\AppData\Local\Temp\31599.exe C:\Users\user\AppData\Local\Temp\32036.exe C:\Users\user\AppData\Local\Temp\32041.exe C:\Users\user\AppData\Local\Temp\32232.exe C:\Users\user\AppData\Local\Temp\32247.exe C:\Users\user\AppData\Local\Temp\32335.exe C:\Users\user\AppData\Local\Temp\32389.exe C:\Users\user\AppData\Local\Temp\32468.exe C:\Users\user\AppData\Local\Temp\32495.exe C:\Users\user\AppData\Local\Temp\3611.exe C:\Users\user\AppData\Local\Temp\3965.exe C:\Users\user\AppData\Local\Temp\4017.exe C:\Users\user\AppData\Local\Temp\4353.exe C:\Users\user\AppData\Local\Temp\4436.exe C:\Users\user\AppData\Local\Temp\5079.exe C:\Users\user\AppData\Local\Temp\556.exe C:\Users\user\AppData\Local\Temp\5600.exe C:\Users\user\AppData\Local\Temp\5772.exe C:\Users\user\AppData\Local\Temp\5782.exe C:\Users\user\AppData\Local\Temp\5888.exe C:\Users\user\AppData\Local\Temp\6012.exe C:\Users\user\AppData\Local\Temp\6165.exe C:\Users\user\AppData\Local\Temp\6172.exe C:\Users\user\AppData\Local\Temp\6310.exe C:\Users\user\AppData\Local\Temp\6407.exe C:\Users\user\AppData\Local\Temp\6772.exe C:\Users\user\AppData\Local\Temp\6df64429-f63e-4780-a7d7-193abf41ec21.exe C:\Users\user\AppData\Local\Temp\7128.exe C:\Users\user\AppData\Local\Temp\7201.exe C:\Users\user\AppData\Local\Temp\7479.exe C:\Users\user\AppData\Local\Temp\7899.exe C:\Users\user\AppData\Local\Temp\8061.exe C:\Users\user\AppData\Local\Temp\8098.exe C:\Users\user\AppData\Local\Temp\8123.exe C:\Users\user\AppData\Local\Temp\8183.exe C:\Users\user\AppData\Local\Temp\8855.exe C:\Users\user\AppData\Local\Temp\8949.exe C:\Users\user\AppData\Local\Temp\9014.exe C:\Users\user\AppData\Local\Temp\9495.exe C:\Users\user\AppData\Local\Temp\9542.exe C:\Users\user\AppData\Local\Temp\9683.exe C:\Users\user\AppData\Local\Temp\998.exe C:\Users\user\AppData\Local\Temp\BitLordSetup.exe C:\Users\user\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe C:\Users\user\AppData\Local\Temp\dsrsetup.exe C:\Users\user\AppData\Local\Temp\ICReinstall_BitLordSetup.exe C:\Users\user\AppData\Local\Temp\InstallHelper.exe C:\Users\user\AppData\Local\Temp\proxy_vole3007057139579070223.dll C:\Users\user\AppData\Local\Temp\proxy_vole4743929058331013762.dll C:\Users\user\AppData\Local\Temp\proxy_vole4958976090729501861.dll C:\Users\user\AppData\Local\Temp\proxy_vole5727372274035650330.dll C:\Users\user\AppData\Local\Temp\proxy_vole8290826407297282896.dll C:\Users\user\AppData\Local\Temp\ReimagePackage.exe C:\Users\user\AppData\Local\Temp\res.dll C:\Users\user\AppData\Local\Temp\SkypeSetup.exe C:\Users\user\AppData\Local\Temp\spark_install.exe C:\Users\user\AppData\Local\Temp\swt-win32-3740.dll C:\Users\user\AppData\Local\Temp\ToggleMarkUntemp.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-07-30 17:42 ==================== Fim de FRST.txt ============================