Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 19-08-2016 Executado por Usuario (administrador) em USUARIO-PC (20-08-2016 09:33:55) Executando a partir de C:\Users\Usuario\Desktop Perfis Carregados: Usuario (Perfis Disponíveis: Usuario) Platform: Windows 7 Home Premium Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 10 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe (Baidu Inc.) C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe () C:\Program Files (x86)\WeatherTool\2.0.1.11389\WeatherService.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe (ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.11389\weather.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe () C:\Program Files (x86)\OEM\IPM 1.8\IPM.exe () C:\Program Files (x86)\OEM\OSD 1.10\SunflowerOSD.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe (BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Baidu.com, Inc.) C:\Program Files (x86)\baidu\Baidu Browser\sparkupdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wusa.exe () C:\Program Files (x86)\baidu\Baidu Browser\spark.exe () C:\Program Files (x86)\baidu\Baidu Browser\spark.exe () C:\Program Files (x86)\baidu\Baidu Browser\spark.exe () C:\Program Files (x86)\baidu\Baidu Browser\spark.exe () C:\Program Files (x86)\baidu\Baidu Browser\spark.exe () C:\Program Files (x86)\baidu\Baidu Browser\spark.exe () C:\Program Files (x86)\baidu\Baidu Browser\spark.exe () C:\Program Files (x86)\baidu\Baidu Browser\spark.exe () C:\Program Files (x86)\baidu\Baidu Browser\spark.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (TweakBit) C:\Program Files (x86)\TweakBit\FixMyPC\FixMyPC.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe () C:\Program Files (x86)\baidu\Baidu Browser\spark.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-06-10] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-06-10] (Synaptics Incorporated) HKLM\...\Run: [1] => C:\Windows\sut\bats\start\xtest.lnk HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2662472 2016-07-01] () HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil) Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal) HKU\S-1-5-21-612379544-3706749691-2850370343-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Usuario\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=cd2f08ae961c47d297fe51a735febce5-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0214c HKU\S-1-5-21-612379544-3706749691-2850370343-1000\...\Run: [uTorrent] => C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe [1972224 2016-08-11] (BitTorrent Inc.) HKU\S-1-5-21-612379544-3706749691-2850370343-1000\...\MountPoints2: {3cff3fe9-3121-11e4-9c1c-80ee731a5516} - E:\Startme.exe HKU\S-1-5-21-612379544-3706749691-2850370343-1000\...\MountPoints2: {4c8080fd-0a23-11e6-9dc4-80ee73120676} - F:\iLinker.exe ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\I-PowerGate.lnk [2013-02-25] ShortcutTarget: I-PowerGate.lnk -> C:\Windows\Installer\{6855D62A-B38C-4A3C-B047-B5C362DF0665}\_A8CDEFC0F66212C95A2DB6.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IPM.lnk [2011-06-28] ShortcutTarget: IPM.lnk -> C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_DA0FEDCDBBD18D7D3C13FE.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk [2011-06-28] ShortcutTarget: OSD.lnk -> C:\Windows\Installer\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}\_353C0203202AF80E0AFBAF.exe () Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk [2016-08-19] ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2015-03-07] ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0C0EA40F-2C15-4A89-97AC-503C59D2CCD8}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3B9BB2D3-BDCA-4A76-8548-7DF48D860A33}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{42836578-AFBA-4AAD-9CF5-125A400EA773}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&utm_campaign=fe3e0b31b84111284953a6828db917a0 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&utm_campaign=fe3e0b31b84111284953a6828db917a0 HKU\S-1-5-21-612379544-3706749691-2850370343-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={39415DF9-0FF7-4BA9-AE39-BFA8B3B5BDB8}&mid=cd2f08ae961c47d297fe51a735febce5-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-07 18:56:09&v=19.4.0.518&pid=safeguard&sg=&sap=hp HKU\S-1-5-21-612379544-3706749691-2850370343-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com HKU\S-1-5-21-612379544-3706749691-2850370343-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://nmd.msn.com www.philcoshop.com.br HKU\S-1-5-21-612379544-3706749691-2850370343-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.philcoshop.com.br SearchScopes: HKU\S-1-5-21-612379544-3706749691-2850370343-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={39415DF9-0FF7-4BA9-AE39-BFA8B3B5BDB8}&mid=cd2f08ae961c47d297fe51a735febce5-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-07 18:56:09&v=19.4.0.518&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-612379544-3706749691-2850370343-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={39415DF9-0FF7-4BA9-AE39-BFA8B3B5BDB8}&mid=cd2f08ae961c47d297fe51a735febce5-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-07 18:56:09&v=19.4.0.518&pid=safeguard&sg=&sap=dsp&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation) BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\19.4.0.518\AVG SafeGuard toolbar_toolbar.dll [2016-07-01] (AVG Secure Search) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation) Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.4.0.518\AVG SafeGuard toolbar_toolbar.dll [2016-07-01] (AVG Secure Search) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.4.0\ViProtocol.dll [2016-05-18] (AVG Secure Search) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [Nenhum Arquivo] FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2852 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-08-17] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-08-17] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1662 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-08-17] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-08-17] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014-03-07] [não assinado] Chrome: ======= CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-17] CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-17] CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-17] CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-11] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17] CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-17] CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-07-20] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia) R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-07-25] () R2 SparkSvc; C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe [97080 2016-06-05] (Baidu Inc.) S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1371960 2015-06-23] (Baidu.com, Inc.) S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1249280 2008-08-05] () [Arquivo não assinado] R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11389\WeatherService.exe [150640 2016-05-30] () R2 vToolbarUpdater19.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe [1888328 2016-05-18] (AVG Secure Search) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA) S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2013-03-10] () [Arquivo não assinado] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [298752 2016-07-12] (AVG Technologies CZ, s.r.o.) R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-08-19] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-12] (GAS Tecnologia) R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2009-12-11] () R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals) R3 SoilMC; C:\Windows\System32\Drivers\SoilMC.sys [13304 2009-12-03] (Systems Internals) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-08-12] (GAS Tecnologia LTDA) R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil) S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-05-30] (GAS Tecnologia) S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia) S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-08-20 09:33 - 2016-08-20 09:34 - 00022788 _____ C:\Users\Usuario\Desktop\FRST.txt 2016-08-20 09:31 - 2016-08-20 09:33 - 00000000 ____D C:\FRST 2016-08-20 09:29 - 2016-08-20 09:30 - 02395648 _____ (Farbar) C:\Users\Usuario\Desktop\FRST64.exe 2016-08-19 20:13 - 2016-08-19 20:13 - 00001129 _____ C:\Users\Usuario\Desktop\TweakBit FixMyPC.lnk 2016-08-19 20:13 - 2016-08-19 20:13 - 00000000 ____D C:\Windows\System32\Tasks\TweakBit 2016-08-19 20:13 - 2016-08-19 20:13 - 00000000 ____D C:\Users\Todos os Usuários\TweakBit 2016-08-19 20:13 - 2016-08-19 20:13 - 00000000 ____D C:\ProgramData\TweakBit 2016-08-19 20:13 - 2016-08-19 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit 2016-08-19 20:13 - 2016-08-19 20:13 - 00000000 ____D C:\Program Files (x86)\TweakBit 2016-08-19 20:10 - 2016-08-19 20:10 - 00421096 _____ (TweakBit) C:\Users\Usuario\Desktop\fix_api-ms-win-crt-runtime-l1-1-0.dll-setup.exe 2016-08-19 20:08 - 2016-08-19 20:09 - 14572000 _____ (Microsoft Corporation) C:\Users\Usuario\Desktop\vc_redist.x64.exe.downloading 2016-08-19 19:59 - 2016-08-19 19:59 - 00000000 ___HT C:\Windows\wusa.lock 2016-08-19 19:59 - 2016-08-19 19:59 - 00000000 ____D C:\6511df72becc29c8587879ce669d 2016-08-18 16:24 - 2016-08-18 16:24 - 00000000 ____D C:\Users\Usuario\Desktop\PokeFarmer-v1.0.101.ver5 2016-08-17 20:26 - 2016-08-17 20:26 - 00000000 ____D C:\Users\Usuario\.android 2016-08-17 20:13 - 2016-08-17 20:14 - 00000000 ____D C:\Users\Usuario\Desktop\edson 2016-07-25 22:15 - 2016-07-25 22:15 - 00003484 _____ C:\Windows\System32\Tasks\ByteFence Scan 2016-07-25 22:15 - 2016-07-25 22:15 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence 2016-07-25 20:18 - 2016-07-25 20:18 - 00000000 ____D C:\Users\Todos os Usuários\ByteFence 2016-07-25 20:18 - 2016-07-25 20:18 - 00000000 ____D C:\ProgramData\ByteFence 2016-07-25 20:12 - 2016-07-25 20:12 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC 2016-07-25 20:09 - 2016-07-25 20:09 - 00001098 _____ C:\Users\Usuario\Desktop\MPC-HC.lnk 2016-07-25 20:09 - 2016-07-25 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2016-07-25 20:09 - 2016-07-25 20:09 - 00000000 ____D C:\Program Files (x86)\MPC-HC 2016-07-25 20:08 - 2016-07-25 20:08 - 13148888 _____ (MPC-HC Team ) C:\Users\Usuario\Downloads\media_player_classic.exe.EXE 2016-07-25 20:08 - 2016-07-25 20:08 - 00003388 _____ C:\Windows\System32\Tasks\ByteFence 2016-07-25 20:07 - 2016-08-19 23:04 - 00000000 ____D C:\Program Files\ByteFence 2016-07-25 20:06 - 2016-07-25 20:06 - 00002449 _____ C:\Users\Usuario\Desktop\WarThunder.lnk 2016-07-25 20:06 - 2016-07-25 20:06 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\WarThunder 2016-07-25 20:06 - 2016-07-25 20:06 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder 2016-07-23 08:54 - 2016-07-23 08:54 - 00000000 ____D C:\Users\Usuario\Desktop\1 Buteco do Gusttavo Lima 2016-07-22 21:23 - 2016-07-22 21:35 - 78384686 _____ C:\Users\Usuario\Desktop\JN&F - SO.MOD.2009 - www.sistemasertanejo.com.rar 2016-07-22 20:20 - 2016-07-22 20:21 - 00000000 ____D C:\Users\Usuario\Desktop\Lancamentos 2016-07-21 10:38 - 2016-07-02 11:06 - 00000000 ____D C:\Users\Usuario\Desktop\CD LANÇAMENTOS SERTANEJO JULHO www.SERTANEJODOWNLOAD.com 2016-07-21 09:32 - 2016-07-21 10:09 - 259670802 _____ C:\Users\Usuario\Desktop\CD LANÇAMENTO JULHO 2016 - SertanejoDownload.rar 2016-07-19 16:30 - 2016-07-19 16:30 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\WinRAR 2016-07-19 16:30 - 2016-07-19 16:30 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-07-19 16:30 - 2016-07-19 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-07-19 16:30 - 2016-07-12 23:44 - 00000000 ___RD C:\Users\Usuario\Desktop\CD Baixar Sertanejo Vol.4 2016-07-19 16:29 - 2016-08-20 09:26 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\WeatherTool 2016-07-19 16:29 - 2016-07-19 16:30 - 00000000 ____D C:\Program Files (x86)\WinRAR 2016-07-19 16:29 - 2016-07-19 16:29 - 00000000 ____D C:\Users\Public\Documents\Tools 2016-07-19 16:29 - 2016-07-19 16:29 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-07-19 16:29 - 2016-07-19 16:29 - 00000000 ____D C:\Program Files (x86)\WeatherTool 2016-07-19 16:26 - 2016-07-19 16:28 - 01764632 _____ C:\Users\Usuario\Downloads\WinRAR Setup [1].exe 2016-07-19 12:27 - 2016-07-19 12:27 - 00261888 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2016-07-19 10:55 - 2016-07-19 11:09 - 95826048 _____ C:\Users\Usuario\Desktop\CD Baixar Sertanejo Vol.4.rar 2016-07-13 19:55 - 2016-07-13 19:55 - 00000000 ____D C:\Users\Usuario\Desktop\CD Zé Neto e Cristiano - Ao Vivo em São José do Rio Preto (2015) 2016-07-13 19:49 - 2016-07-13 19:49 - 00000000 ____D C:\Users\Usuario\Desktop\MeK - São João de Caruaru - 2016 - 2016-07-12 22:38 - 2016-07-12 22:39 - 00000000 ____D C:\Users\Usuario\Desktop\Top Musicas 2016-07-12 18:37 - 2016-07-12 18:37 - 00063350 _____ C:\Users\Usuario\Desktop\eticket_OTM1MDcxNzgtODU2.pdf 2016-07-12 18:37 - 2016-07-12 18:37 - 00062895 _____ C:\Users\Usuario\Desktop\eticket_NzI1MTU3OTgtODU2.pdf 2016-07-12 16:10 - 2016-07-12 16:10 - 00298752 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2016-07-07 20:51 - 2016-07-07 20:54 - 02885288 _____ (CAIXA) C:\Users\Usuario\Downloads\iGBPCEFwr (2).exe 2016-07-07 20:48 - 2016-07-07 20:49 - 02885288 _____ (CAIXA) C:\Users\Usuario\Downloads\iGBPCEFwr.exe 2016-07-01 20:24 - 2016-07-13 20:03 - 00000000 ____D C:\Users\Usuario\Desktop\Top Sertanejo 2016-06-30 14:41 - 2016-06-30 14:41 - 00314112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2016-06-29 21:19 - 2016-06-29 21:20 - 02885288 _____ (CAIXA) C:\Users\Usuario\Downloads\iGBPCEFwr (1).exe 2016-06-20 15:22 - 2016-06-20 15:22 - 00077056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avguniva.sys 2016-06-13 22:14 - 2016-06-13 22:14 - 00000000 ____D C:\Users\Usuario\Documents\S1001_encrypt_V1.09.16443-BY-PARCEIROS-DOS-DECOS 2016-06-09 18:41 - 2016-07-22 21:10 - 00034816 ___SH C:\Users\Usuario\Desktop\Thumbs.db 2016-06-09 18:17 - 2016-06-09 18:17 - 00000000 ____D C:\Users\Usuario\Desktop\s1000 2016-06-01 13:28 - 2016-06-01 13:28 - 00260352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2016-06-01 13:25 - 2016-06-01 13:25 - 00261376 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2016-06-01 13:16 - 2016-06-01 13:16 - 00052992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2016-05-30 21:16 - 2016-05-30 21:16 - 00000000 ____D C:\Users\Public\Documents\PC Faster 2016-05-29 11:37 - 2016-05-29 11:37 - 00004094 _____ C:\Windows\System32\Tasks\SparkUpdater 2016-05-29 11:37 - 2016-05-29 11:37 - 00002200 _____ C:\Users\Public\Desktop\Facebook.lnk 2016-05-29 11:37 - 2016-05-29 11:37 - 00002184 _____ C:\Users\Public\Desktop\Google.lnk 2016-05-29 11:37 - 2016-05-29 11:37 - 00002152 _____ C:\Users\Public\Desktop\Baidu Browser.lnk 2016-05-29 11:37 - 2016-05-29 11:37 - 00000000 ____D C:\Users\Todos os Usuários\Baidu 2016-05-29 11:37 - 2016-05-29 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser 2016-05-29 11:37 - 2016-05-29 11:37 - 00000000 ____D C:\ProgramData\Baidu 2016-05-29 11:36 - 2016-05-29 11:38 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Baidu 2016-05-29 11:36 - 2016-05-29 11:37 - 00000000 ____D C:\Program Files (x86)\baidu 2016-05-29 11:24 - 2016-05-29 11:24 - 01388736 _____ (Baidu Inc.) C:\Users\Usuario\Downloads\BaiduBrowser_MiniDownloader.exe 2016-05-29 11:24 - 2016-05-29 11:24 - 00000000 ____D C:\Users\Usuario\AppData\Local\MiniService 2016-05-29 11:24 - 2016-05-29 11:24 - 00000000 ____D C:\Users\Public\Documents\Baidu ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-08-20 09:35 - 2014-05-26 20:16 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent 2016-08-20 09:31 - 2014-02-27 20:19 - 00000000 ____D C:\Users\Todos os Usuários\MFAData 2016-08-20 09:31 - 2014-02-27 20:19 - 00000000 ____D C:\ProgramData\MFAData 2016-08-20 09:28 - 2013-03-09 08:59 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-20 09:27 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\tracing 2016-08-20 09:26 - 2009-07-14 01:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-20 09:26 - 2009-07-14 01:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-19 21:07 - 2013-03-09 08:59 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-19 10:47 - 2015-12-03 21:07 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\uTorrent 2016-08-19 10:46 - 2015-10-04 11:38 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2016-08-19 10:45 - 2015-10-04 11:37 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2016-08-19 10:45 - 2015-10-04 11:37 - 00000000 ____D C:\ProgramData\GbPlugin 2016-08-19 10:45 - 2015-10-04 11:37 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2016-08-19 10:45 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-18 16:32 - 2009-07-14 14:55 - 00703792 _____ C:\Windows\system32\prfh0416.dat 2016-08-18 16:32 - 2009-07-14 14:55 - 00146578 _____ C:\Windows\system32\prfc0416.dat 2016-08-18 16:32 - 2009-07-14 02:13 - 01629080 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-18 16:32 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2016-08-17 20:26 - 2013-02-25 16:41 - 00000000 ____D C:\Users\Usuario 2016-08-17 19:14 - 2013-03-09 09:05 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-17 18:56 - 2014-02-27 20:38 - 00000000 ____D C:\Users\Todos os Usuários\AVG2014 2016-08-17 18:56 - 2014-02-27 20:38 - 00000000 ____D C:\ProgramData\AVG2014 2016-08-17 18:56 - 2014-02-27 20:38 - 00000000 ____D C:\Program Files (x86)\AVG 2016-07-29 21:02 - 2013-03-09 08:59 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-29 21:02 - 2013-03-09 08:59 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-26 17:10 - 2016-01-04 19:45 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk 2016-07-26 17:10 - 2016-01-04 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-07-25 19:59 - 2013-03-09 09:26 - 00000000 ____D C:\Users\Usuario\AppData\Local\Windows Live 2016-07-22 11:21 - 2013-02-25 18:21 - 00000000 ____D C:\Users\Usuario\AppData\Local\ElevatedDiagnostics ==================== Arquivos na raiz de alguns diretórios ======= 2013-11-08 19:16 - 2013-11-08 19:16 - 0003584 _____ () C:\Users\Usuario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-02-25 18:14 - 2013-02-25 18:14 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-06-28 16:51 - 2011-06-28 16:51 - 0509952 _____ () C:\ProgramData\DRV10.tmp 2011-06-28 16:51 - 2013-02-25 16:41 - 2012672 _____ (OEM) C:\ProgramData\E1010.tmp Alguns arquivos em TEMP: ==================== C:\Users\Usuario\AppData\Local\Temp\avguirn_081148999705.exe C:\Users\Usuario\AppData\Local\Temp\avguirn_081277949260.exe C:\Users\Usuario\AppData\Local\Temp\avguirn_081299587679.exe C:\Users\Usuario\AppData\Local\Temp\avguirn_081929898569.exe C:\Users\Usuario\AppData\Local\Temp\avguirn_08348978466.exe C:\Users\Usuario\AppData\Local\Temp\avguirn_08371347526.exe C:\Users\Usuario\AppData\Local\Temp\avguirn_08819218848.exe C:\Users\Usuario\AppData\Local\Temp\avguirn_08823171624.exe C:\Users\Usuario\AppData\Local\Temp\avguirn_08874941615.exe C:\Users\Usuario\AppData\Local\Temp\converter.exe C:\Users\Usuario\AppData\Local\Temp\drm_dialogs.dll C:\Users\Usuario\AppData\Local\Temp\drm_dyndata_7330017.dll C:\Users\Usuario\AppData\Local\Temp\fix_api-ms-win-crt-runtime-l1-1-0.dll-setup.exe C:\Users\Usuario\AppData\Local\Temp\FRST64.exe C:\Users\Usuario\AppData\Local\Temp\media_player_classic.exe C:\Users\Usuario\AppData\Local\Temp\ose00000.exe C:\Users\Usuario\AppData\Local\Temp\spark_install.exe C:\Users\Usuario\AppData\Local\Temp\vc_redist.x64.exe C:\Users\Usuario\AppData\Local\Temp\WinRAR Setup.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll [2011-06-28 15:57] - [2015-09-21 18:58] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2011-06-28 15:58] - [2015-09-21 18:58] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-07-29 20:54 ==================== Fim de FRST.txt ============================