Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-01-2017 Executado por Adleer Sirotheau (administrador) em SONY (15-01-2017 15:08:20) Executando a partir de C:\Users\Adleer Sirotheau\Downloads Perfis Carregados: Adleer Sirotheau (Perfis Disponíveis: Adleer Sirotheau) Platform: Windows 7 Home Premium (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: IE) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (SaveSense) C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe () C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe () C:\Program Files (x86)\SmarThru Office\LegacyLauncher.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (Samsung) C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Lightcomm) C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (DLL-files.com) C:\Program Files (x86)\DLL-Files.com Client\DLLFilesClient.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [788640 2011-02-24] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657056 2011-02-24] (Atheros Commnucations) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] () HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [STO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [86016 2008-01-25] () HKLM-x32\...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\LegacyLauncher.exe [77824 2008-01-25] () HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\samsung\panelmgr\SSMMgr.exe [692224 2011-03-14] () HKLM-x32\...\Run: [NSCSysTrayUI] => C:\Program Files (x86)\Samsung\NetworkScan\NSCSysTrayUI.exe [270336 2009-04-09] (Samsung) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [GSMEjector] => C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856 2011-05-20] (Lightcomm) HKLM-x32\...\Run: [mbot_br_118] => [X] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-01-13] (Banco do Brasil) Winlogon\Notify\ GbPluginIsg: C:\Program Files (x86)\GbPlugin\gbiehIsg.dll [2012-06-01] (Infoseg - Senasp) HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\Run: [PriceMeterW] => "C:\Users\Adleer Sirotheau\AppData\Local\PriceMeter\pricemeterw.exe" HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {85f977fd-5b40-11e3-a394-6427379bebe0} - F:\Autorun.exe HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {8b2cbebc-1045-11e3-8bc2-6427379bebe0} - E:\AutoRun.exe HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {8b532bdf-f64b-11e2-aa64-6427379bebe0} - E:\AutoRun.exe HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {cd0e0a56-2e2a-11e3-8d28-6427379bebe0} - E:\LaunchU3.exe HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {d678a05b-f72f-11e3-96a8-e91c06ffa2c7} - E:\iLinker.exe HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {de65b85e-f624-11e2-a606-6427379bebe0} - E:\AutoRun.exe HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {de65b86c-f624-11e2-a606-6427379bebe0} - E:\AutoRun.exe HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {e1b27fde-f6c8-11e2-adee-6427379bebe0} - E:\AutoRun.exe HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {eb022148-8049-11e3-a8b6-00a0c6000000} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\autorun.bat HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\MountPoints2: {eeb5a626-2ced-11e3-8b67-6427379bebe0} - E:\MotoCastSetup.exe -a ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1836928 2015-01-13] (Banco do Brasil) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\Program Files (x86)\GbPlugin\gbiehisg.dll [597504 2012-06-01] (Infoseg - Senasp) Startup: C:\Users\Adleer Sirotheau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Officejet Pro 8600.lnk [2017-01-15] ShortcutTarget: Monitorar alertas de tinta - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [.DEFAULT] => Proxy está habilitado. ProxyServer: [.DEFAULT] => http=127.0.0.1:53751;https=127.0.0.1:53751; ProxyServer: [S-1-5-21-2252684816-1157628736-3161286079-1000] => 192.168.65.1:3128 AutoConfigURL: [S-1-5-21-2252684816-1157628736-3161286079-1000] => hxxp://10.1.0.10/wpad.pac Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 10.0.0.1 Tcpip\..\Interfaces\{498F4EC0-7C2D-45ED-909B-186E1DF6635D}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{9CA38B4A-DC62-4DC7-B138-6CC2E0624945}: [DhcpNameServer] 192.168.66.11 Tcpip\..\Interfaces\{D2E4A122-9F35-4EF2-A4D7-7B11E970DE53}: [DhcpNameServer] 8.8.8.8 10.0.0.1 ManualProxies: 0hxxp://10.1.0.10/wpad.pac Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms} HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms} HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/ HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097 URLSearchHook: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 - (Sem Nome) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Nenhum Arquivo SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms} SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms} SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://start.iminent.com/?appId=B9B691F0-A6C9-463F-A865-A3D7CDB4CE32&ref=toolbox&q={searchTerms} SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> DefaultScope {B9284A70-5BC2-49C6-9062-BD37E5AC12EE} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> Web URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms} SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.iminent.com/?appId=B9B691F0-A6C9-463F-A865-A3D7CDB4CE32&ref=toolbox&q={searchTerms} SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097&q={searchTerms} SearchScopes: HKU\S-1-5-21-2252684816-1157628736-3161286079-1000 -> {B9284A70-5BC2-49C6-9062-BD37E5AC12EE} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-07] (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO) BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll => Nenhum Arquivo BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-07] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO-x32: SaveSense -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> C:\Program Files (x86)\SaveSense\SaveSenseIE.dll [2013-10-28] (SaveSense) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-02-24] (Atheros Commnucations) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO) BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll => Nenhum Arquivo BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-01-13] (Banco do Brasil) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540015} -> C:\Program Files (x86)\GbPlugin\gbiehisg.dll [2012-06-01] (Infoseg - Senasp) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.) DPF: HKLM-x32 {02CF1781-EA91-4FA5-A200-646E8241987C} hxxp://www.sony.co.in/HP/script/supt/VaioInfo.CAB Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1412273052&from=tugs&uid=ST500LM012XHN-M500MBB_S2SKJ5BD307097 FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2014-05-20] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2014-05-20] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2014-05-20] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: (Anti-Banner) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2014-05-20] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2014-05-20] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-25] [não assinado] FF HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-07] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-23] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Nenhum Arquivo] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Nenhum Arquivo] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2013-12-10] (SaveSense) FF Plugin-x32: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll [2013-12-10] (SaveSense) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2252684816-1157628736-3161286079-1000: gastecnologia.com.br/sf/bb -> C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-04-14] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-2252684816-1157628736-3161286079-1000: gastecnologia.com.br/sf/gas64 -> C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [Nenhum Arquivo] FF Plugin HKU\S-1-5-21-2252684816-1157628736-3161286079-1000: gastecnologia.com.br/sf/isg -> C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\npsf_isg.dll [2012-12-06] (GAS Tecnologia) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://google.com.br/" CHR Profile: C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default [2017-01-15] CHR Extension: (GBBD Infoseg - Senasp) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\acglkpfaolcjghoenkgkmbboccpgdcmg [2014-04-21] CHR Extension: (Conselheiro de URLs da Kaspersky) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-21] CHR Extension: (MySocialShortcut) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkhngaioieemngifhcjghfankkmbpca [2017-01-15] CHR Extension: (Dinheiro seguro) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-21] CHR Extension: (Teclado virtual) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-21] CHR Extension: (GBBD Banco do Brasil) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2015-03-20] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10] CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2015-01-29] CHR Extension: (Anti-Banner) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-21] CHR Extension: (Chrome Media Router) - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15] CHR HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [acglkpfaolcjghoenkgkmbboccpgdcmg] - C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\isg\sf.crx [2013-10-07] CHR HKU\S-1-5-21-2252684816-1157628736-3161286079-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\Adleer Sirotheau\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2013-07-29] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18] CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Adleer Sirotheau\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-10-02] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18] ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-02-24] (Atheros) [Arquivo não assinado] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [73376 2011-02-24] (Atheros Commnucations) [Arquivo não assinado] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [579896 2015-04-29] (GAS Tecnologia) S2 GSMEjector; C:\Windows\SysWOW64\GSMSrvEjector.exe [620032 2011-05-20] () [Arquivo não assinado] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2011-04-17] (Realsil Microelectronics Inc.) [Arquivo não assinado] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Arquivo não assinado] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Arquivo não assinado] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Arquivo não assinado] R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [231936 2012-02-05] (Samsung Electronics Co., Ltd.) [Arquivo não assinado] S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-12-10] (SaveSense) S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2013-12-10] (SaveSense) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-04-16] (Samsung Electronics) S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO) [Arquivo não assinado] R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-26] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-26] (Kaspersky Lab ZAO) S3 Olicard160net; C:\Windows\System32\DRIVERS\Olicard160Usbnet.sys [138752 2009-12-11] (TCT International Mobile Ltd) S3 Olicard160ser; C:\Windows\System32\DRIVERS\Olicard160ser.sys [119680 2010-04-07] (Olivetti) S3 OLICARD160USB; C:\Windows\System32\Drivers\Olicard160Usb.sys [25088 2010-06-10] (Windows (R) Codename Longhorn DDK provider) S3 Spring; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [110336 2014-06-16] () R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA) S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X] S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X] S1 Bnbase; System32\drivers\bnbasex64.sys [X] S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X] S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X] S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X] S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X] S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-01-15 15:08 - 2017-01-15 15:08 - 00033700 _____ C:\Users\Adleer Sirotheau\Downloads\FRST.txt 2017-01-15 15:07 - 2017-01-15 15:08 - 00000000 ____D C:\FRST 2017-01-15 15:06 - 2017-01-15 15:06 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\DLL-files.com 2017-01-15 15:06 - 2017-01-15 15:06 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\DFXCT 2017-01-15 15:05 - 2017-01-15 15:05 - 00001089 _____ C:\Users\Public\Desktop\DLL-Files.com Client.lnk 2017-01-15 15:05 - 2017-01-15 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL-Files.com Client 2017-01-15 15:05 - 2017-01-15 15:05 - 00000000 ____D C:\Program Files (x86)\DLL-Files.com Client 2017-01-15 15:03 - 2017-01-15 15:04 - 02419200 _____ (Farbar) C:\Users\Adleer Sirotheau\Downloads\FRST64.exe 2017-01-15 15:01 - 2017-01-15 15:03 - 02729024 _____ (DLL-Files.com Client ) C:\Users\Adleer Sirotheau\Downloads\clientsetup_d-0.exe 2017-01-15 12:31 - 2017-01-15 12:31 - 00000222 _____ C:\Users\Adleer Sirotheau\Desktop\Age of Empires II HD Edition.url 2017-01-15 12:25 - 2017-01-15 12:25 - 00000000 ___RD C:\Users\Adleer Sirotheau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-01-13 00:50 - 2017-01-15 12:31 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-01-13 00:07 - 2017-01-13 00:08 - 00006731 _____ C:\Users\Adleer Sirotheau\Downloads\index (1).php 2017-01-12 17:00 - 2017-01-12 17:00 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Local\Chromium 2017-01-11 10:41 - 2017-01-11 10:41 - 00000000 _____ C:\Users\Adleer Sirotheau\AppData\Local\{3EA93397-F324-4521-872A-AC356DFA4A00} 2017-01-10 20:30 - 2017-01-10 20:30 - 00032895 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310589204688.pdf 2017-01-05 12:33 - 2017-01-05 12:33 - 02407830 _____ (GAS Tecnologia ) C:\Users\Adleer Sirotheau\Downloads\Não confirmado 45178.crdownload 2017-01-05 12:29 - 2017-01-05 12:29 - 01605752 _____ (GAS Tecnologia ) C:\Users\Adleer Sirotheau\Downloads\gbpbbwr.exe 2017-01-05 12:23 - 2017-01-05 12:25 - 03153968 _____ (Banco do Brasil SA) C:\Users\Adleer Sirotheau\Downloads\DiagnosticoBB (5).exe 2016-12-29 11:57 - 2016-12-29 11:57 - 00048640 _____ C:\Users\Adleer Sirotheau\Downloads\CONTAS DOS VALORES PARA LIBERAÇÃO.doc 2016-12-27 11:55 - 2016-12-27 11:55 - 00430952 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura (1).pdf 2016-12-22 14:36 - 2016-12-22 14:36 - 00019839 _____ C:\Users\Adleer Sirotheau\Downloads\pedido de liberação de valores.docx 2016-12-22 13:48 - 2016-12-22 13:48 - 00007911 _____ C:\Users\Adleer Sirotheau\Downloads\documento20160487991443.pdf 2016-12-15 12:01 - 2016-12-15 12:01 - 00113849 _____ C:\Users\Adleer Sirotheau\Downloads\texto_2993493.pdf 2016-12-15 11:59 - 2016-12-15 11:59 - 00024792 _____ C:\Users\Adleer Sirotheau\Downloads\texto_3062701.RTF 2016-12-14 12:23 - 2016-12-14 12:23 - 00032895 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310029213393.pdf 2016-12-13 21:18 - 2016-12-13 21:20 - 06683227 _____ C:\Users\Adleer Sirotheau\Downloads\AÇÃO CAUTELAR BLOQUEIO DE VERBAS DO MUNICIPIO PARA GARANTIR PAGAMENTO DOS SERVIDORES PUBLICOS.docx 2016-12-12 01:03 - 2016-12-12 01:03 - 00138948 _____ C:\Users\Adleer Sirotheau\Downloads\12-60.2015.6.26.0000.PDF 2016-12-12 00:56 - 2016-12-12 00:56 - 00180423 _____ C:\Users\Adleer Sirotheau\Downloads\168164_1_1_000000003210.pdf 2016-12-09 13:50 - 2016-12-09 13:50 - 00515674 _____ C:\Users\Adleer Sirotheau\Downloads\AC009915(Eleições 2012.Recurso Eleitoral.AIJE. PARTIDO DA SOCIAL DEMOCRACIA BRASILEIRA COLIGAÇÃO PARA MARAVILHA CONTINUAR NO CAMINHO CERTO)Documento.tif 2016-12-06 14:46 - 2016-12-06 14:46 - 00015637 _____ C:\Users\Adleer Sirotheau\Documents\Corrupção de menores - júri.docx 2016-12-06 14:30 - 2016-12-06 14:31 - 00792220 _____ C:\Users\Adleer Sirotheau\Downloads\22138-71236-1-SM.pdf 2016-12-06 14:28 - 2016-12-06 14:28 - 00096256 _____ C:\Users\Adleer Sirotheau\Downloads\946-3452-1-PB.doc 2016-12-06 12:17 - 2016-12-06 13:44 - 00006830 _____ C:\Users\Adleer Sirotheau\Downloads\default.asp 2016-12-06 09:12 - 2016-12-06 09:12 - 00008758 _____ C:\Users\Adleer Sirotheau\Downloads\processo00064119820148140003.pdf 2016-12-06 00:36 - 2016-12-06 00:36 - 00028608 _____ C:\Users\Adleer Sirotheau\Downloads\Boleto.htm 2016-12-06 00:36 - 2016-12-06 00:36 - 00028608 _____ C:\Users\Adleer Sirotheau\Documents\Boleto unimed - dezembro de 2016.html 2016-12-02 10:02 - 2016-12-02 10:02 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 51811 E 51931 - 2016 - COORDENADORIA BAIXO AMAZONAS - QUADRO DE LOTAÇÃO - NOV 2016 (1).doc 2016-12-02 09:53 - 2016-12-02 09:53 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 51811 E 51931 - 2016 - COORDENADORIA BAIXO AMAZONAS - QUADRO DE LOTAÇÃO - NOV 2016.doc 2016-12-01 23:14 - 2016-12-01 23:14 - 00039936 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLO Nº 42882 - PORTARIAS RETROATIVAS DR. ADLER CALDERARO SIROTHEAU (2).doc 2016-12-01 23:13 - 2016-12-01 23:13 - 00038912 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLO Nº 50507 - SUBSTITUIÇÃO DRA. IONE MISSAE - DIA 25.10.2016 (1).doc 2016-12-01 23:07 - 2016-12-01 23:07 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 52376 - 51390 E 51944 - 2016 - COORDENADORIA BAIXO AMAZONAS - DESIGANÇÕES - MÊS NACIONAL DO TRIBUNAL DO JÚRI - PJ SANTARÉM (2).doc 2016-12-01 23:07 - 2016-12-01 23:07 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 52376 - 51390 E 51944 - 2016 - COORDENADORIA BAIXO AMAZONAS - DESIGANÇÕES - MÊS NACIONAL DO TRIBUNAL DO JÚRI - PJ SANTARÉM (1).doc 2016-12-01 23:03 - 2016-12-01 23:03 - 00038912 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLO Nº 50507 - SUBSTITUIÇÃO DRA. IONE MISSAE - DIA 25.10.2016.doc 2016-12-01 23:02 - 2016-12-01 23:02 - 00068096 _____ C:\Users\Adleer Sirotheau\Downloads\PROTOCOLOS 52376 - 51390 E 51944 - 2016 - COORDENADORIA BAIXO AMAZONAS - DESIGANÇÕES - MÊS NACIONAL DO TRIBUNAL DO JÚRI - PJ SANTARÉM.doc 2016-12-01 18:13 - 2016-12-01 18:13 - 00134156 _____ C:\Users\Adleer Sirotheau\Downloads\LADILSON DE MELO SERIQUE - Progressao ao aberto INDEFERIDO, NOVA CONDENAÇÃO.rtf 2016-12-01 18:12 - 2016-12-01 18:13 - 00146746 _____ C:\Users\Adleer Sirotheau\Downloads\CLEIFE CORDEIRO TAVARES - Progressao ao aberto.rtf 2016-12-01 17:14 - 2016-12-01 17:14 - 00174081 _____ C:\Users\Adleer Sirotheau\Downloads\Manual de compras diretas TCU.pdf 2016-12-01 16:50 - 2016-12-01 16:50 - 00128128 _____ C:\Users\Adleer Sirotheau\Downloads\processo00011415920158140003.pdf 2016-11-22 12:03 - 2016-11-22 12:03 - 00069120 _____ C:\Users\Adleer Sirotheau\Downloads\2016-REPRE-conduta-vedada-exoneração-de-servidores-contratados-após-eleição-1 (Reparado).doc 2016-11-21 10:18 - 2016-11-21 10:18 - 00037300 _____ C:\Users\Adleer Sirotheau\Downloads\08.Quadro Lotação Promotores-Agosto 2016.docx 2016-11-08 15:56 - 2016-11-08 15:56 - 00024551 _____ C:\Users\Adleer Sirotheau\Downloads\Minuta de Recomendação Transição de Governo.docx 2016-11-08 15:51 - 2016-11-08 15:51 - 00118272 _____ C:\Users\Adleer Sirotheau\Downloads\RECOMENDAÇÃO SOBRE PATRIMONIO MUNICIPAL.doc 2016-10-26 12:15 - 2016-11-01 11:12 - 00139269 _____ C:\Users\Adleer Sirotheau\Documents\EXCELENTÍSSIMO SENHOR DOUTOR JUIZ DE DIREITO DA COMARCA DE ALENQUER.docx 2016-10-25 13:22 - 2016-10-25 13:22 - 00002104 _____ C:\Users\Public\Desktop\Google Earth.lnk 2016-10-25 13:22 - 2016-10-25 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2016-10-24 19:52 - 2016-10-24 19:52 - 00077888 _____ C:\Users\Adleer Sirotheau\Documents\Boleto unimed mês de outubro de 2016.pdf 2016-10-24 19:32 - 2016-10-24 19:32 - 00077888 _____ C:\Users\Adleer Sirotheau\Downloads\TELMA MARIA CALDERARO SIROTHEAU (3).pdf 2016-10-24 12:22 - 2016-10-24 12:22 - 00037230 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310015181594.pdf 2016-10-24 12:17 - 2016-10-24 12:17 - 00033150 _____ C:\Users\Adleer Sirotheau\Downloads\Fatura-310011200776.pdf 2016-10-21 10:22 - 2016-10-21 10:22 - 00034048 _____ C:\Users\Adleer Sirotheau\Downloads\download (10).docx 2016-10-19 22:43 - 2016-10-19 22:43 - 00209408 _____ C:\Users\Adleer Sirotheau\Downloads\ACP.SALARIO.doc ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-01-15 15:01 - 2013-07-22 14:17 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-15 14:48 - 2014-02-18 22:44 - 00000320 _____ C:\Windows\Tasks\MySearchDial.job 2017-01-15 14:44 - 2014-02-18 22:11 - 00000320 _____ C:\Windows\Tasks\Digital Sites.job 2017-01-15 14:31 - 2013-12-10 00:21 - 00000952 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job 2017-01-15 14:21 - 2013-12-10 00:21 - 00000320 _____ C:\Windows\Tasks\SaveSense.job 2017-01-15 14:21 - 2013-10-12 00:38 - 00000320 _____ C:\Windows\Tasks\Funmoods.job 2017-01-15 12:33 - 2009-07-14 01:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-15 12:33 - 2009-07-14 01:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-15 12:32 - 2009-07-14 14:55 - 00668086 _____ C:\Windows\system32\prfh0416.dat 2017-01-15 12:32 - 2009-07-14 14:55 - 00132184 _____ C:\Windows\system32\prfc0416.dat 2017-01-15 12:32 - 2009-07-14 02:13 - 01534494 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-15 12:32 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2017-01-15 12:31 - 2013-12-31 17:00 - 00000000 ____D C:\Program Files (x86)\Steam 2017-01-15 12:28 - 2013-07-23 08:27 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab 2017-01-15 12:28 - 2013-07-23 08:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-01-15 12:26 - 2013-07-26 09:36 - 00000156 _____ C:\Windows\ODBC.INI 2017-01-15 12:25 - 2014-10-02 15:05 - 00000936 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2017-01-15 12:25 - 2014-10-02 15:05 - 00000932 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2017-01-15 12:25 - 2013-12-10 00:21 - 00000948 _____ C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job 2017-01-15 12:25 - 2013-07-29 22:26 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-01-15 12:25 - 2013-07-22 14:08 - 00000035 _____ C:\Users\Todos os Usuários\AtherosServiceConfig.ini 2017-01-15 12:25 - 2013-07-22 14:08 - 00000035 _____ C:\ProgramData\AtherosServiceConfig.ini 2017-01-15 12:25 - 2013-07-22 09:59 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Bluetooth Folder 2017-01-15 12:25 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-13 14:40 - 2013-11-04 14:43 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Alenquer 2017-01-13 00:05 - 2013-08-26 13:08 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\LocalLow\HPAppData 2017-01-13 00:00 - 2014-01-01 02:17 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-01-13 00:00 - 2014-01-01 02:17 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-12 17:01 - 2015-10-30 23:16 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Local\Steam 2017-01-11 12:09 - 2013-07-22 19:22 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-11 12:09 - 2013-07-22 14:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-01-11 12:09 - 2013-07-22 14:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-01-11 12:09 - 2013-07-22 14:17 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-11 12:09 - 2013-07-22 14:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-10 12:00 - 2013-08-26 10:34 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Local\CrashDumps 2017-01-05 12:34 - 2014-01-16 12:38 - 00000000 ____D C:\Users\Todos os Usuários\Temp 2017-01-05 12:34 - 2014-01-16 12:38 - 00000000 ____D C:\ProgramData\Temp 2017-01-02 18:21 - 2013-07-22 14:05 - 00000000 ____D C:\Users\Adleer Sirotheau\AppData\Roaming\Atheros 2016-12-18 08:50 - 2013-07-26 20:45 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-18 08:50 - 2013-07-26 20:45 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-18 08:50 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Tasks 2016-12-16 16:44 - 2013-07-22 07:52 - 00000000 ___RD C:\Users\Adleer Sirotheau\Documents 2016-12-16 16:39 - 2015-05-25 18:01 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Execução Penal e Controle Externo 2016-12-16 16:34 - 2015-05-27 09:46 - 00000000 ____D C:\Users\Adleer Sirotheau\Documents\Modelos Interceptação Evelin ==================== Arquivos na raiz de alguns diretórios ======= 2014-09-01 05:18 - 2014-09-01 05:18 - 0002086 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\RADCPJ 2014-10-02 15:06 - 2014-10-02 15:06 - 1497504 _____ (browser) C:\Users\Adleer Sirotheau\AppData\Roaming\RADCPJ.exe 2013-07-29 22:25 - 2014-02-17 22:51 - 0029446 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins000.dat 2014-02-17 22:51 - 2014-02-17 22:50 - 0720082 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins000.exe 2013-10-07 16:45 - 2013-10-07 16:45 - 0009294 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins001.dat 2013-10-07 16:45 - 2013-10-07 16:45 - 0717985 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\unins001.exe 2013-09-16 22:00 - 2016-03-04 10:55 - 0000344 _____ () C:\Users\Adleer Sirotheau\AppData\Roaming\WB.CFG 2013-08-25 21:34 - 2013-08-25 21:34 - 0430107 _____ () C:\Users\Adleer Sirotheau\AppData\Local\funmoods_speedial_v9.0.10.crx 2017-01-11 10:41 - 2017-01-11 10:41 - 0000000 _____ () C:\Users\Adleer Sirotheau\AppData\Local\{3EA93397-F324-4521-872A-AC356DFA4A00} 2016-07-04 10:11 - 2016-07-04 10:11 - 0000000 _____ () C:\Users\Adleer Sirotheau\AppData\Local\{D0A6CF13-4ABF-4455-B1B8-92139D652585} 2016-08-21 00:31 - 2016-08-21 00:31 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-07-22 14:08 - 2017-01-15 12:25 - 0000035 _____ () C:\ProgramData\AtherosServiceConfig.ini 2014-09-14 20:03 - 2014-09-14 20:03 - 0014304 _____ () C:\ProgramData\Duplicaterecord.js 2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll 2013-08-25 18:31 - 2013-08-25 20:49 - 0001659 _____ () C:\ProgramData\hpzinstall.log Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\Duplicaterecord.js C:\ProgramData\FileSplitUpLoad.dll C:\Users\Todos os Usuários\Duplicaterecord.js C:\Users\Todos os Usuários\FileSplitUpLoad.dll Alguns arquivos em TEMP: ==================== C:\Users\Adleer Sirotheau\AppData\Local\Temp\041013_d.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\041013_y.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\180713_d.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\180713_y.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_d.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_f.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_p.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\291113_y.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\29182uninstall.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\BackupSetup.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\cd-frozen-uma-aventura-congelante-a-trilha-sonora-gratis.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\frozen-uma-aventura-congelante--trilha.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1056.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF123E.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF125C.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF149F.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1B62.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1CD7.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF1DB3.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF27F0.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF406.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF4EEF.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5112.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5239.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF526.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5342.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF53B1.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF545B.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF5536.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF57E7.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF6109.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF62FF.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF63E6.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF6619.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF6F0C.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF75EF.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF7767.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF793A.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8116.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8D9F.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8DC.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF8FC6.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF9310.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF9561.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF984A.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLF9F5A.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFA00A.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFA77B.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAA63.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAAB0.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAB8B.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFAFBB.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB159.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB32D.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB531.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB589.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB79D.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB80D.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFB93D.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFBB86.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFBD6B.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFBE83.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC316.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC611.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC91E.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFC95C.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFD088.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFDA7B.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFDC5C.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFDE9.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE075.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE09.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE093.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE787.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFE8DD.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFEC38.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFEFEF.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFF700.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFF942.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFF982.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFFE1.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\GLFFED.EXE C:\Users\Adleer Sirotheau\AppData\Local\Temp\hao123br-distribution.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\ICReinstall_MediaPlayerSetup.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\LollipopInstaller.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\MotoCast_Installer_1.1.26.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\pm.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\setup.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install_silent(1).exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install_silent(2).exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\spark_install_silent.exe C:\Users\Adleer Sirotheau\AppData\Local\Temp\Sqlite3.dll C:\Users\Adleer Sirotheau\AppData\Local\Temp\swt-gdip-win32-3448.dll C:\Users\Adleer Sirotheau\AppData\Local\Temp\swt-win32-3448.dll ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-01-13 01:33 ==================== Fim de FRST.txt ============================