Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) VersÃ£o: 15-03-2017
Executado por Renato (administrador) em RENATO-PC (21-03-2017 15:07:37)
Executando a partir de C:\Users\Renato\Downloads
Perfis Carregados: Renato (Perfis DisponÃ­veis: Renato)
Platform: Windows 7 Ultimate (X64) Idioma: PortuguÃªs (Brasil)
Internet Explorer VersÃ£o 9 (Navegador padrÃ£o: IE)
Modo da InicializaÃ§Ã£o: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluÃ­da na fixlist, o processo serÃ¡ fechado. O arquivo nÃ£o serÃ¡ movido.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
() C:\ProgramData\service.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Windows\svchost.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
() C:\Windows\csrss.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\Renato\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\XBox\XBLive.exe
() C:\Windows\Temp\g7A8D.tmp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft) C:\Users\Renato\AppData\Roaming\c4dRcR\wxX0TN.exe
() C:\Users\Renato\AppData\Local\Temp\00009360\msiql.exe
() C:\Users\Renato\AppData\Local\LikeToles01a\MCHromptoolz0.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(CompSoft) C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\rstrui.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluÃ­da na fixlist, o Ã­tem no Registro serÃ¡ restaurado para o padrÃ£o ou removido. O arquivo nÃ£o serÃ¡ movido.)

HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4013056 2014-08-17] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-07] (Realtek Semiconductor)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-18] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-18] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [DoroServer] => C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [208896 2015-09-23] (CompSoft)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-10-27] (Caixa Economica Federal)
HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\Run: [1A9A31FFF1059ED7] => C:\Users\Renato\AppData\Roaming\c4dRcR\wxX0TN.exe [34496 2017-03-21] (Microsoft)
HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\Run: [msiql] => C:\Users\Renato\AppData\Local\Temp\00009360\msiql.exe [2072064 2017-03-21] () <===== ATENÃÃO
HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\Chrome.exe [7174656 2017-03-14] ()
HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\MountPoints2: {836cd6b1-262d-11e5-b3cd-d43d7efcf277} - F:\Setup.exe
HKLM\...\Providers\a40l9eyv: C:\Program Files (x86)\Stukatprjertion Update\local64spl.dll [307712 2017-03-21] ()
ShellExecuteHooks: Sem Nome - {976C97C2-03AA-11E7-8491-64006A5CFC23} -  -> Nenhum Arquivo
ShellExecuteHooks: Sem Nome - {29E23142-03AB-11E7-928B-64006A5CFC23} -  -> Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-10-27] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\Â¿Ã¬ÃÂ¹\X64\KZipShell.dll [2017-03-21] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> Nenhum Arquivo
Startup: C:\Users\Renato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\35768.js [2017-03-21] ()
Startup: C:\Users\Renato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MCHromptoolz0.lnk [2017-03-21]
ShortcutTarget: MCHromptoolz0.lnk -> C:\Users\Renato\AppData\Local\LikeToles01a\MCHromptoolz0.exe ()
GroupPolicy: RestriÃ§Ã£o <======= ATENÃÃO
CHR HKLM\SOFTWARE\Policies\Google: RestriÃ§Ã£o <======= ATENÃÃO

==================== Internet (Whitelisted) ====================

(Se um Ã­tem for incluÃ­do na fixlist, sendo um Ã­tem do Registro, serÃ¡ removido ou restaurado para o padrÃ£o.)

ProxyEnable: [S-1-5-21-3989744648-3571885242-2210684081-1000] => Proxy estÃ¡ habilitado.
ProxyServer: [S-1-5-21-3989744648-3571885242-2210684081-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: HÃ¡ mais de uma entrada no Hosts. Veja a seÃ§Ã£o Hosts do Addition.txt
Tcpip\..\Interfaces\{1025BF11-E7F8-41BD-8393-DE293559B26D}: [NameServer] 8.8.8.8
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldastr_17_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0F0C0FtByByB0DzytAtCtN0D0Tzu0StCzytDyCtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyEtC0D0CtBtCtGtC0Czz0CtG0C0B0CyDtGyB0Fzy0DtG0ByEtB0CyDzzyCtA0Bzz0EtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtC0A0DyDtC0A0FtG0AtBzy0DtGyE0EtCyDtGzztC0C0EtGyB0CtCyCyEtCtA0A0D0DyD0C2QtN0A0LzuyE%26cr%3D234855385%26a%3Dwbf_dnldastr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldastr_17_13&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0F0C0FtByByB0DzytAtCtN0D0Tzu0StCzytDyCtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyEtC0D0CtBtCtGtC0Czz0CtG0C0B0CyDtGyB0Fzy0DtG0ByEtB0CyDzzyCtA0Bzz0EtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtC0A0DyDtC0A0FtG0AtBzy0DtGyE0EtCyDtGzztC0C0EtGyB0CtCyCyEtCtA0A0D0DyD0C2QtN0A0LzuyE%26cr%3D234855385%26a%3Dwbf_dnldastr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldastr_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0F0C0FtByByB0DzytAtCtN0D0Tzu0StCzytDyCtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyEtC0D0CtBtCtGtC0Czz0CtG0C0B0CyDtGyB0Fzy0DtG0ByEtB0CyDzzyCtA0Bzz0EtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtC0A0DyDtC0A0FtG0AtBzy0DtGyE0EtCyDtGzztC0C0EtGyB0CtCyCyEtCtA0A0D0DyD0C2QtN0A0LzuyE%26cr%3D234855385%26a%3Dwbf_dnldastr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldastr_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0F0C0FtByByB0DzytAtCtN0D0Tzu0StCzytDyCtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyEtC0D0CtBtCtGtC0Czz0CtG0C0B0CyDtGyB0Fzy0DtG0ByEtB0CyDzzyCtA0Bzz0EtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtC0A0DyDtC0A0FtG0AtBzy0DtGyE0EtCyDtGzztC0C0EtGyB0CtCyCyEtCtA0A0D0DyD0C2QtN0A0LzuyE%26cr%3D234855385%26a%3Dwbf_dnldastr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldastr_17_13&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0F0C0FtByByB0DzytAtCtN0D0Tzu0StCzytDyCtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyCtCyEtC0D0CtBtCtGtC0Czz0CtG0C0B0CyDtGyB0Fzy0DtG0ByEtB0CyDzzyCtA0Bzz0EtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtC0A0DyDtC0A0FtG0AtBzy0DtGyE0EtCyDtGzztC0C0EtGyB0CtCyCyEtCtA0A0D0DyD0C2QtN0A0LzuyE%26cr%3D234855385%26a%3Dwbf_dnldastr_17_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000 -> {74AB41FF-67F2-44B9-930D-65284FFD24F3} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-26] (Oracle Corporation)
BHO-x32: Auxiliar de ConexÃ£o de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-10-27] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-26] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000 -> Sem Nome - {41564952-412D-5350-00A7-7A786E7484D7} -  Nenhum Arquivo
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: jh3781rj.default
FF ProfilePath: C:\Users\Renato\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\jh3781rj.default\Profiles\jh3781rj.default [nÃ£o encontrado (a)]
FF ProfilePath: C:\Users\Renato\AppData\Roaming\Mozilla\Firefox\Profiles\jh3781rj.default [2017-03-21]
FF HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Renato\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Renato\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-07-07] [nÃ£o assinado]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-3989744648-3571885242-2210684081-1000: gastecnologia.com.br/sf/cef -> C:\Users\Renato\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3989744648-3571885242-2210684081-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\Renato\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData2
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www.google.com.br/"
CHR DefaultSearchURL: ChromeDefaultData2 -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData2 -> Yahoo
CHR DefaultSuggestURL: ChromeDefaultData2 -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-21] <==== ATENÃÃO
CHR Extension: (Google ApresentaÃ§Ãµes) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-24]
CHR Extension: (Google Docs) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-24]
CHR Extension: (Google Drive) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Planilhas do Google) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-24]
CHR Extension: (Documentos Google off-line) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Yahoo Partner) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2017-03-21]
CHR Extension: (Gmail) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-24]
CHR Extension: (Chrome Media Router) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Profile: C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-03-21] <==== ATENÃÃO
CHR Extension: (Google Docs) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-21]
CHR Extension: (Google Drive) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Documentos Google off-line) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR Extension: (Gmail) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\Renato\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-21]
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== ServiÃ§os (Whitelisted) ====================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-10-27] (GAS Tecnologia)
R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-03-21] () [Arquivo nÃ£o assinado] <==== ATENÃÃO
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-06-24] () [Arquivo nÃ£o assinado]
R2 KuaizipUpdateChecker; C:\Program Files\Â¿Ã¬ÃÂ¹\X86\kuaizipUpdateChecker.dll [219032 2017-03-21] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [Arquivo nÃ£o assinado]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 OtherSearch; C:\Program Files (x86)\jsXuLWuidd\kl.dll [1009152 2017-03-13] () [Arquivo nÃ£o assinado] <==== ATENÃÃO
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [Arquivo nÃ£o assinado]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 Windows; C:\Windows\svchost.exe [177152 2017-03-21] () [Arquivo nÃ£o assinado]
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1265152 2017-03-01] (Microsoft Corporation) [Arquivo nÃ£o assinado] <==== ATENÃÃO
R2 WMPNetworkAcSvc; C:\Users\Renato\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5091840 2016-11-10] () [Arquivo nÃ£o assinado] <==== ATENÃÃO
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [Arquivo nÃ£o assinado]
R2 XBox; C:\Program Files\XBox\XBLive.exe [7068160 2017-02-14] (Microsoft Corporation) [Arquivo nÃ£o assinado]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-03-21] (WinMount International Inc)
R1 Lace514; C:\Windows\System32\drivers\Lace_wpf_x64.sys [69400 2017-03-01] (Lace514)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-11-03] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-03-21] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S4 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== ATENÃÃO

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)


==================== Um MÃªs Criados arquivos e pastas ========

(Se uma entrada for incluÃ­da na fixlist, o arquivo/pasta serÃ¡ movido.)

2017-03-21 20:35 - 2017-03-21 20:35 - 00016422 _____ C:\Users\Renato\AppData\Roaming\88604368358d1b8b5f36ce
2017-03-21 15:07 - 2017-03-21 15:08 - 00025845 _____ C:\Users\Renato\Downloads\FRST.txt
2017-03-21 15:07 - 2017-03-21 15:07 - 00000000 ____D C:\FRST
2017-03-21 15:06 - 2017-03-21 15:07 - 02424832 _____ (Farbar) C:\Users\Renato\Downloads\FRST64.exe
2017-03-21 15:02 - 2017-03-21 15:02 - 00000000 ____D C:\Users\Renato\AppData\Local\ElevatedDiagnostics
2017-03-21 15:01 - 2017-03-21 15:01 - 00170240 _____ C:\Users\Renato\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-21 15:01 - 2017-03-21 15:01 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-03-21 15:01 - 2017-03-21 15:01 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-21 15:01 - 2017-03-21 15:01 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-03-21 15:01 - 2017-03-21 15:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-03-21 15:00 - 2017-03-21 15:01 - 15083200 _____ (Microsoft Corporation) C:\Users\Renato\Downloads\mseinstall.exe
2017-03-21 14:46 - 2017-03-21 15:05 - 00016708 _____ C:\Windows\System32\Tasks\47o751o563t157-dll
2017-03-21 14:40 - 2017-03-21 14:40 - 00003154 _____ C:\Windows\System32\Tasks\{CA5F38A2-BA0E-42A7-852A-90DC65B25F7C}
2017-03-21 14:16 - 2017-03-21 14:16 - 00001996 _____ C:\Windows\System32\Tasks\mG41sVNMLM
2017-03-21 14:15 - 2017-03-21 14:48 - 00000000 ____D C:\Program Files (x86)\jsXuLWuidd
2017-03-21 14:08 - 2017-03-21 14:13 - 00000000 ____D C:\Users\Renato\AppData\Roaming\Chomdom
2017-03-21 14:08 - 2017-03-21 14:08 - 00006078 _____ C:\Windows\System32\Tasks\Motupyanegcult Cache
2017-03-21 14:08 - 2017-03-21 14:08 - 00000000 ____D C:\Program Files (x86)\Motupyanegcult Cache
2017-03-21 14:07 - 2017-03-21 14:33 - 00000000 ____D C:\Program Files (x86)\Qejisyfank
2017-03-21 14:07 - 2017-03-21 14:08 - 00000000 ____D C:\Users\Renato\AppData\Local\Prermerward
2017-03-21 14:07 - 2017-03-21 14:07 - 00002920 _____ C:\Windows\System32\Tasks\osTip
2017-03-21 14:07 - 2017-03-21 14:07 - 00000000 ____D C:\Users\Renato\AppData\Local\CEF
2017-03-21 14:06 - 2017-03-21 14:33 - 00000000 __SHD C:\Users\Todos os UsuÃ¡rios\WindowsMsg
2017-03-21 14:06 - 2017-03-21 14:33 - 00000000 __SHD C:\ProgramData\WindowsMsg
2017-03-21 14:02 - 2017-03-21 14:33 - 00000000 ____D C:\Program Files (x86)\Stukatprjertion Update
2017-03-21 14:02 - 2017-03-21 14:10 - 00000000 ____D C:\Users\Renato\AppData\Roaming\Chesoty
2017-03-21 14:02 - 2017-03-21 14:02 - 00006058 _____ C:\Windows\System32\Tasks\Stukatprjertion Update
2017-03-21 14:02 - 2017-03-21 14:02 - 00000000 ____D C:\Users\Renato\AppData\Local\UCBrowser
2017-03-21 14:01 - 2017-03-21 14:33 - 00000000 ____D C:\Users\Renato\AppData\Roaming\excdir
2017-03-21 14:01 - 2017-03-21 14:33 - 00000000 ____D C:\Program Files (x86)\Vehotherdreguty
2017-03-21 14:01 - 2017-03-21 14:03 - 00000000 ____D C:\Users\Renato\AppData\Local\Phihavhiied
2017-03-21 14:00 - 2017-03-21 14:33 - 00000000 ____D C:\Users\Renato\AppData\Roaming\KuaiZip
2017-03-21 14:00 - 2017-03-21 14:33 - 00000000 ____D C:\Program Files\Â¿Ã¬ÃÂ¹
2017-03-21 14:00 - 2017-03-21 14:00 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
2017-03-21 14:00 - 2017-03-21 14:00 - 00003378 _____ C:\Windows\System32\Tasks\KuaiZip_Update
2017-03-21 14:00 - 2017-03-21 14:00 - 00000000 ____D C:\Users\Renato\AppData\Roaming\Softlink
2017-03-21 13:58 - 2017-03-21 14:33 - 00000000 __SHD C:\Users\Renato\AppData\Local\svchost
2017-03-21 13:58 - 2017-03-21 14:33 - 00000000 ____D C:\Users\Renato\AppData\Roaming\UCChannel
2017-03-21 13:57 - 2017-03-21 15:08 - 00016708 _____ C:\Windows\System32\Tasks\47o751o563t157
2017-03-21 13:57 - 2017-03-21 14:33 - 00000000 ___HD C:\Users\Todos os UsuÃ¡rios\47o751o563t157
2017-03-21 13:57 - 2017-03-21 14:33 - 00000000 ___HD C:\ProgramData\47o751o563t157
2017-03-21 13:57 - 2017-03-21 14:33 - 00000000 ____D C:\Users\Todos os UsuÃ¡rios\RegisterObject
2017-03-21 13:57 - 2017-03-21 14:33 - 00000000 ____D C:\Users\Renato\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-03-21 13:57 - 2017-03-21 14:33 - 00000000 ____D C:\ProgramData\RegisterObject
2017-03-21 13:57 - 2017-03-21 14:14 - 00000000 ____D C:\Windows\system32\SSL
2017-03-21 13:57 - 2017-03-21 13:57 - 01620992 _____ C:\Users\Todos os UsuÃ¡rios\service.exe
2017-03-21 13:57 - 2017-03-21 13:57 - 01620992 _____ C:\ProgramData\service.exe
2017-03-21 13:57 - 2017-03-21 13:57 - 01466213 _____ C:\Windows\csrss.exe
2017-03-21 13:57 - 2017-03-21 13:57 - 00177152 _____ C:\Windows\svchost.exe
2017-03-21 13:57 - 2017-03-21 13:57 - 00073216 _____ C:\Windows\taskmgr.exe
2017-03-21 13:57 - 2017-03-21 13:57 - 00000000 ____D C:\Windows\Azart
2017-03-21 13:56 - 2017-03-21 14:50 - 00000000 ____D C:\Users\Renato\AppData\Roaming\WMPNetworkAcSvc
2017-03-21 13:56 - 2017-03-21 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jogotempo
2017-03-21 13:56 - 2017-03-21 14:33 - 00000000 ____D C:\Program Files\XBox
2017-03-21 13:56 - 2017-03-21 14:33 - 00000000 ____D C:\Program Files (x86)\Jogotempo
2017-03-21 13:56 - 2017-03-21 14:33 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-03-21 13:55 - 2017-03-21 14:51 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-03-21 13:55 - 2017-03-21 14:33 - 00000000 ____D C:\Users\Todos os UsuÃ¡rios\Windows Security
2017-03-21 13:55 - 2017-03-21 14:33 - 00000000 ____D C:\ProgramData\Windows Security
2017-03-21 13:55 - 2017-03-21 13:55 - 00005074 _____ C:\Windows\System32\Tasks\Ckibugh
2017-03-21 13:54 - 2017-03-21 13:54 - 01262952 _____ C:\Users\Renato\Downloads\Vegas_Pro_14_2016_Crack_e_Serial.zip
2017-03-21 13:46 - 2017-03-21 13:46 - 09274608 _____ (Piriform Ltd) C:\Users\Renato\Downloads\ccsetup528.exe
2017-03-21 13:45 - 2017-03-20 20:18 - 00003879 _____ C:\Users\Renato\Downloads\SetupCcleaner.js
2017-03-21 13:41 - 2017-03-21 13:41 - 00000000 _____ C:\Users\Renato\AppData\Roaming\ax
2017-03-21 13:40 - 2017-03-21 13:40 - 00002999 _____ C:\Users\Renato\Downloads\SetupCcleaner.zip
2017-03-21 13:40 - 2017-03-21 13:40 - 00000000 _____ C:\Users\Todos os UsuÃ¡rios\Block
2017-03-21 13:40 - 2017-03-21 13:40 - 00000000 _____ C:\ProgramData\Block
2017-03-21 13:33 - 2017-03-21 13:33 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-03-21 13:33 - 2017-03-21 13:33 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-03-21 13:28 - 2017-03-21 13:28 - 01232106 _____ (Rasecadi ) C:\Users\Renato\Downloads\windows_movie_maker_1185436195 (2).exe
2017-03-21 13:25 - 2017-03-21 14:25 - 00000264 _____ C:\Windows\Tasks\{27CF2902-E889-0B48-0CFD-7205D36734C5}.job
2017-03-21 13:25 - 2017-03-21 13:25 - 00003208 _____ C:\Windows\System32\Tasks\{27CF2902-E889-0B48-0CFD-7205D36734C5}
2017-03-21 13:24 - 2017-03-21 13:24 - 01820656 _____ (Program ) C:\Users\Renato\Downloads\Baixaki_windows-movie-maker (3).exe
2017-03-21 13:23 - 2017-03-21 13:39 - 00000000 ____D C:\Users\Renato\AppData\Local\{879BB1C7-A333-DD7F-CEAB-F897EAC3040F}
2017-03-21 13:23 - 2017-03-21 13:23 - 00000372 __RSH C:\Users\Todos os UsuÃ¡rios\ntuser.pol
2017-03-21 13:23 - 2017-03-21 13:23 - 00000372 __RSH C:\ProgramData\ntuser.pol
2017-03-21 13:21 - 2017-03-21 13:21 - 01232106 _____ (Rasecadi ) C:\Users\Renato\Downloads\windows_movie_maker_1185436195 (1).exe
2017-03-21 13:17 - 2017-03-21 13:17 - 01232106 _____ (Rasecadi ) C:\Users\Renato\Downloads\windows_movie_maker_1185436195.exe
2017-03-21 13:13 - 2017-03-21 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-21 12:58 - 2017-03-21 12:58 - 01820656 _____ (Program ) C:\Users\Renato\Downloads\Baixaki_windows-movie-maker (2).exe
2017-03-21 12:57 - 2017-03-21 12:57 - 01820656 _____ (Program ) C:\Users\Renato\Downloads\Baixaki_windows-movie-maker (1).exe
2017-03-21 12:56 - 2017-03-21 14:33 - 00000000 ____D C:\Users\Renato\AppData\Local\LikeToles01a
2017-03-21 12:56 - 2017-03-21 12:56 - 00000000 _____ C:\Users\Renato\AppData\Local\Z10AABC21.abp
2017-03-21 12:55 - 2017-03-21 12:55 - 00339548 _____ C:\Users\Renato\Downloads\Adobe.zip
2017-03-21 12:52 - 2017-03-21 12:52 - 12633944 _____ (Microsoft Corporation) C:\Users\Renato\Downloads\mm20esn.exe
2017-03-21 12:45 - 2017-03-21 12:48 - 00000001 _____ C:\Users\Renato\AppData\Roaming\d3a42cab
2017-03-21 12:44 - 2017-03-21 14:33 - 00000000 ____D C:\Users\Renato\AppData\Roaming\c4dRcR
2017-03-21 12:44 - 2017-03-21 14:33 - 00000000 ____D C:\Users\Renato\AppData\Roaming\aXqlp1
2017-03-21 12:44 - 2017-03-21 12:44 - 01242312 _____ (Microsoft Corporation) C:\Users\Renato\Downloads\Baixaki_windows-movie-maker [1].exe
2017-03-21 12:44 - 2017-03-21 12:44 - 00000262 _____ C:\Users\Renato\AppData\Roaming\54dc8dd1
2017-03-21 12:43 - 2017-03-21 13:00 - 01242312 _____ (Microsoft Corporation) C:\Users\Renato\Downloads\Baixaki_windows-movie-maker.exe
2017-03-21 12:42 - 2017-03-21 12:42 - 00039949 _____ C:\Users\Renato\Downloads\Flash_Player_App.V.1.2.51.7.3.2.098.zip
2017-03-21 12:42 - 2017-03-21 12:42 - 00039949 _____ C:\Users\Renato\Downloads\Flash_Player_App.V.1.2.51.7.3.2.098 (1).zip
2017-03-21 12:39 - 2017-03-21 12:39 - 03774684 _____ C:\Users\Renato\Downloads\â¤Mensagem apaixonadaâ¤.mp4
2017-03-21 12:30 - 2017-03-21 12:31 - 46252218 _____ C:\Users\Renato\Downloads\MarÃ­lia MendonÃ§a - De Quem Ã A Culpa - DVD Realidade.mp4
2017-03-21 12:29 - 2017-03-21 12:30 - 42771788 _____ C:\Users\Renato\Downloads\Matheus & Kauan - Te Assumi Pro Brasil â Na Praia 2 - Ao Vivo.mp4
2017-03-21 08:34 - 2017-03-21 08:34 - 00117258 _____ C:\Users\Renato\Downloads\Oficio circular 010.2016 destinado as Prefeituras.pdf
2017-03-20 15:54 - 2017-03-20 15:54 - 00088590 _____ C:\Users\Renato\Downloads\Logos - JesÃºpolis - Fundo.cdr
2017-03-20 14:33 - 2017-03-20 14:33 - 00094720 _____ C:\Users\Renato\Downloads\Proposta_Pregao_N_0052017.xls
2017-03-20 14:33 - 2017-03-20 14:33 - 00044032 _____ C:\Users\Renato\Downloads\Credenciamento_Pregao_N_0052017.xls
2017-03-20 10:09 - 2017-03-20 10:09 - 04202108 _____ C:\Users\Renato\Downloads\ATA DE JULGAMENTO DE RECURSO ADMINISTRATIVO.pdf
2017-03-20 10:09 - 2017-03-20 10:09 - 00631038 _____ C:\Users\Renato\Downloads\EDITAL PREGAO N005 2017 MEDICAMENTOS.pdf
2017-03-20 10:09 - 2017-03-20 10:09 - 00556247 _____ C:\Users\Renato\Downloads\EDITAL CONVITE N002 2017 MATERIAL ELETRICO.pdf
2017-03-18 12:47 - 2017-03-18 12:47 - 00000000 _____ C:\Users\Renato\AppData\Local\{6A1E4698-5084-468C-82A4-3B0F8247ACD9}
2017-03-17 16:43 - 2017-03-17 16:43 - 03229883 _____ C:\Windows\b1bebf2044efde9047ffff42064b4a7d.exe
2017-03-15 17:14 - 2017-03-15 17:14 - 00097576 _____ C:\Users\Renato\Downloads\Lista 4 ConstruÃ§Ã£o FGTS Agehab 2017.pdf
2017-03-15 16:57 - 2017-03-15 16:58 - 00000000 ____D C:\Users\Renato\Desktop\LILIAN
2017-03-10 13:39 - 2017-03-10 13:39 - 02726729 _____ C:\Users\Renato\Downloads\ATA CPL CADASTRAMENTO PROFISSIONAIS SAUDE.pdf
2017-03-09 16:42 - 2017-03-09 16:42 - 00030949 _____ C:\Users\Renato\Desktop\I N.pdf
2017-03-09 16:02 - 2017-03-09 16:02 - 00086729 _____ C:\Users\Renato\Downloads\Logos - JesÃºpolis - secretaria da saÃºde.cdr
2017-03-09 15:28 - 2017-03-09 15:28 - 00015099 _____ C:\Users\Renato\Downloads\Minuta Fatura - JesÃºpolis 2017 (2).odt
2017-03-09 15:27 - 2017-03-09 15:27 - 00015099 _____ C:\Users\Renato\Downloads\Minuta Fatura - JesÃºpolis 2017.odt
2017-03-09 15:27 - 2017-03-09 15:27 - 00015099 _____ C:\Users\Renato\Downloads\Minuta Fatura - JesÃºpolis 2017 (1).odt
2017-03-07 15:56 - 2017-03-07 15:56 - 00655888 _____ C:\Users\Renato\Downloads\OfÃ­cio Provinha Brasil.pdf
2017-03-06 15:58 - 2017-03-06 15:59 - 49459683 _____ C:\Users\Renato\Downloads\Henrique e Juliano - VIDINHA DE BALADA - DVD O CÃ©u Explica Tudo.mp4
2017-03-06 15:31 - 2017-03-06 15:31 - 00111177 _____ C:\Users\Renato\Downloads\Danfe.pdf
2017-03-06 14:58 - 2017-03-06 14:58 - 00321802 _____ C:\Users\Renato\Downloads\Edital Credenciamento 2017 (1).pdf
2017-03-06 10:14 - 2017-03-06 10:14 - 01070917 _____ C:\Users\Renato\Downloads\RECURSO CONTRA DECISAO DE INABILITACAO.pdf
2017-03-06 10:14 - 2017-03-06 10:14 - 00436588 _____ C:\Users\Renato\Downloads\DESPACHO CPL.pdf
2017-03-06 08:22 - 2017-03-06 08:22 - 00276651 _____ C:\Users\Renato\Downloads\JESUPOLIS (1).pdf
2017-03-03 16:22 - 2017-03-03 16:22 - 00505062 _____ C:\Users\Renato\Downloads\Documento(24).pdf
2017-03-03 16:22 - 2017-03-03 16:22 - 00286213 _____ C:\Users\Renato\Downloads\FUNDO MUNICIPAL DE ASSISTENCIA JESUPOLIS 8786.pdf
2017-03-03 16:22 - 2017-03-03 16:22 - 00282969 _____ C:\Users\Renato\Downloads\PREFEITURA MUNICIPAL DE JESUPOLIS.pdf
2017-03-03 16:22 - 2017-03-03 16:22 - 00282856 _____ C:\Users\Renato\Downloads\FUNDO MUNICIPAL DE JESUPOLIS 8785.pdf
2017-03-03 16:22 - 2017-03-03 16:22 - 00012991 _____ C:\Users\Renato\Downloads\FUNDO MUNICIPAL DE SAUDE DE JESUPOLIS-10.411.406.0001-10.pdf
2017-03-03 16:22 - 2017-03-03 16:22 - 00012990 _____ C:\Users\Renato\Downloads\FUNDO MUN. DE ASSIST. SOCIAL D JESUPOLIS-13.608.402.0001-15.pdf
2017-03-03 16:22 - 2017-03-03 16:22 - 00012978 _____ C:\Users\Renato\Downloads\PREFEITURA MUNICIPAL DE JESUPOLIS-37.623.501.0001-34.pdf
2017-03-03 11:09 - 2017-01-04 15:02 - 01678023 _____ C:\Users\Renato\Desktop\QUINTO TERMO ADITIVO EMERSON.pdf
2017-03-03 11:09 - 2016-09-15 15:29 - 01380344 _____ C:\Users\Renato\Desktop\QUARTO TERMO ADITIVO PRAÃA LUIZ DE MATTOS.pdf
2017-03-03 11:09 - 2016-06-10 17:05 - 04109078 _____ C:\Users\Renato\Desktop\TERCEIRO TERMO ADITIVO PRAÃA LUIZ DE MATTOS.pdf
2017-03-03 11:09 - 2016-02-19 11:34 - 03979138 _____ C:\Users\Renato\Desktop\SEGUNDO TERMO ADITIVO EMERSON.pdf
2017-03-03 11:08 - 2015-10-29 14:52 - 00226462 _____ C:\Users\Renato\Desktop\1Âº TERMO ADITIVO AO CONTRATO NÂº23 2015.pdf
2017-03-03 11:07 - 2015-05-18 12:15 - 09462331 _____ C:\Users\Renato\Desktop\CONTRATO NÂº23 2015 EMERSON CARDOSO.pdf
2017-03-02 10:35 - 2017-03-02 10:35 - 00000001 _____ C:\Users\Renato\Downloads\Lei OrâÂºamentâÃ­ria Anual - LOA.pdf
2017-03-02 10:35 - 2017-03-02 10:35 - 00000001 _____ C:\Users\Renato\Downloads\AlteraâÂºâÃes da Lei do PPA.pdf
2017-03-01 14:32 - 2017-03-01 14:32 - 00069400 _____ (Lace514) C:\Windows\system32\Drivers\Lace_wpf_x64.sys
2017-02-23 17:07 - 2017-02-23 17:08 - 00000000 ____D C:\Users\TEMP
2017-02-23 10:50 - 2017-02-23 10:50 - 00321802 _____ C:\Users\Renato\Downloads\Edital Credenciamento 2017.pdf
2017-02-22 15:34 - 2017-02-22 15:46 - 00419350 _____ C:\Users\Renato\Desktop\Sem tÃ­tulo-1.cdr
2017-02-22 15:34 - 2017-02-22 15:34 - 00410277 _____ C:\Users\Renato\Desktop\CÃ³pia_de_seguranÃ§a_de_Sem tÃ­tulo-1.cdr
2017-02-22 13:29 - 2017-02-22 13:29 - 00067951 _____ C:\Users\Renato\Downloads\DAS-PGMEI-14932096000130 (4).pdf
2017-02-22 13:25 - 2017-02-22 13:25 - 00151001 _____ C:\Users\Renato\Downloads\DAS-PGMEI-14932096000130 (3).pdf
2017-02-22 13:24 - 2017-02-22 13:24 - 00067963 _____ C:\Users\Renato\Downloads\DAS-PGMEI-14932096000130 (2).pdf
2017-02-22 13:23 - 2017-02-22 13:23 - 00076284 _____ C:\Users\Renato\Downloads\DAS-PGMEI-14932096000130.pdf
2017-02-22 13:23 - 2017-02-22 13:23 - 00076284 _____ C:\Users\Renato\Downloads\DAS-PGMEI-14932096000130 (1).pdf
2017-02-21 16:32 - 2017-02-21 16:32 - 00034480 _____ C:\Users\Renato\Desktop\Guia_DUAM_2017-02-21_1632.pdf
2017-02-21 16:30 - 2017-02-21 16:30 - 00292258 _____ C:\Users\Renato\Downloads\NF 188 9MED 01 2017.pdf
2017-02-21 08:32 - 2017-02-21 08:32 - 00153365 _____ C:\Users\Renato\Downloads\TERMO DE DESISTÃNCIA.pdf
2017-02-20 17:12 - 2017-02-20 17:12 - 00406676 _____ C:\Users\Renato\Downloads\PAVIMENTAÃÃO JESÃPOLIS - TSD - AGETOP - 13.02.17.pdf
2017-02-20 13:56 - 2017-02-20 13:56 - 00159092 _____ C:\Users\Renato\Downloads\DAS-PGMEI-18842862000127.pdf
2017-02-20 09:18 - 2017-03-20 15:55 - 00002505 _____ C:\Users\Renato\Desktop\SBArrecadacao - Atalho.lnk
2017-02-20 09:18 - 2017-02-20 09:18 - 00360048 _____ C:\Users\Renato\Downloads\JESUPOLIS 02 2017.pdf

==================== Um MÃªs Modificados arquivos e pastas ========

(Se uma entrada for incluÃ­da na fixlist, o arquivo/pasta serÃ¡ movido.)

2017-03-21 15:07 - 2009-07-14 01:45 - 00013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-21 15:07 - 2009-07-14 01:45 - 00013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-21 15:02 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-21 15:01 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-03-21 14:50 - 2009-07-29 13:08 - 00703370 _____ C:\Windows\system32\prfh0416.dat
2017-03-21 14:50 - 2009-07-29 13:08 - 00146156 _____ C:\Windows\system32\prfc0416.dat
2017-03-21 14:50 - 2009-07-14 02:13 - 01628224 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-21 14:48 - 2015-08-28 16:21 - 00000000 ____D C:\Users\Todos os UsuÃ¡rios\GbPlugin
2017-03-21 14:48 - 2015-08-28 16:21 - 00000000 ____D C:\ProgramData\GbPlugin
2017-03-21 14:48 - 2009-07-14 02:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-03-21 14:47 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-21 14:46 - 2015-08-28 16:21 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-03-21 14:45 - 2016-10-25 15:51 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-03-21 14:45 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-21 14:44 - 2015-06-24 15:28 - 00000000 ____D C:\Users\Renato\Documents\Visual Studio 2008
2017-03-21 14:44 - 2015-06-24 14:45 - 00000000 ____D C:\Users\Todos os UsuÃ¡rios\Microsoft Help
2017-03-21 14:33 - 2016-09-26 10:11 - 00000000 ____D C:\Users\Todos os UsuÃ¡rios\Protexis
2017-03-21 14:33 - 2016-09-26 10:11 - 00000000 ____D C:\ProgramData\Protexis
2017-03-21 14:33 - 2016-08-31 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-21 14:33 - 2016-08-31 16:23 - 00000000 ____D C:\Program Files\CCleaner
2017-03-21 14:33 - 2015-06-24 14:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-21 14:33 - 2015-06-24 13:44 - 00000000 ____D C:\Users\Renato
2017-03-21 14:33 - 2009-07-14 04:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-21 14:33 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-21 14:33 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-03-21 14:33 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\registration
2017-03-21 14:07 - 2015-06-24 14:17 - 00002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-21 14:01 - 2016-12-12 11:57 - 00000000 ____D C:\Users\Renato\AppData\LocalLow\Mozilla
2017-03-21 14:01 - 2015-06-24 14:33 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-21 13:32 - 2015-06-24 14:46 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-03-21 13:30 - 2015-08-22 17:34 - 01595976 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-21 09:37 - 2015-07-08 09:13 - 00000000 ____D C:\SIGEPTEMP
2017-03-20 15:55 - 2016-12-20 16:58 - 00002015 _____ C:\Users\Renato\Desktop\PProtocolo - Atalho.lnk
2017-03-20 15:34 - 2015-09-25 08:33 - 00000000 ____D C:\Users\Renato\Desktop\DOCUMENTOS DIVERSOS
2017-03-14 11:09 - 2015-06-24 14:21 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 11:09 - 2015-06-24 14:21 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 11:09 - 2015-06-24 14:21 - 00004384 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 11:09 - 2015-06-24 14:21 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 11:09 - 2015-06-24 14:21 - 00000000 ____D C:\Windows\system32\Macromed

==================== Arquivos na raiz de alguns diretÃ³rios =======

2017-03-21 12:44 - 2017-03-21 12:44 - 0000262 _____ () C:\Users\Renato\AppData\Roaming\54dc8dd1
2017-03-21 20:35 - 2017-03-21 20:35 - 0016422 _____ () C:\Users\Renato\AppData\Roaming\88604368358d1b8b5f36ce
2017-03-21 13:41 - 2017-03-21 13:41 - 0000000 _____ () C:\Users\Renato\AppData\Roaming\ax
2017-03-21 12:45 - 2017-03-21 12:48 - 0000001 _____ () C:\Users\Renato\AppData\Roaming\d3a42cab
2015-07-07 11:37 - 2015-07-07 11:37 - 0018003 _____ () C:\Users\Renato\AppData\Roaming\unins000.dat
2017-03-21 12:56 - 2017-03-21 12:56 - 0000000 _____ () C:\Users\Renato\AppData\Local\Z10AABC21.abp
2017-03-18 12:47 - 2017-03-18 12:47 - 0000000 _____ () C:\Users\Renato\AppData\Local\{6A1E4698-5084-468C-82A4-3B0F8247ACD9}
2017-03-21 13:40 - 2017-03-21 13:40 - 0000000 _____ () C:\ProgramData\Block
2016-02-11 12:46 - 2016-02-11 12:47 - 0000358 _____ () C:\ProgramData\hpzinstall.log
2017-03-21 13:57 - 2017-03-21 13:57 - 1620992 _____ () C:\ProgramData\service.exe
C:\Windows\svchost.exe
ATENÃÃO ====> Check for partition/boot infection.

Arquivos para serem movidos ou deletados:
====================
C:\Users\Renato\AppData\Local\Temp\00009360\msiql.exe
C:\ProgramData\service.exe
C:\Users\Todos os UsuÃ¡rios\service.exe
C:\Windows\Tasks\{27CF2902-E889-0B48-0CFD-7205D36734C5}.job


Alguns arquivos em TEMP:
====================
2017-03-21 14:07 - 2017-03-21 14:07 - 0148992 _____ (5CQY7M9) C:\Users\Renato\AppData\Local\Temp\A4ZOCDQEAUVQ.exe
2017-03-21 13:56 - 2017-03-21 13:56 - 0856045 _____ (                                                            ) C:\Users\Renato\AppData\Local\Temp\AutoTime51495.exe
2017-03-21 13:23 - 2017-03-21 13:23 - 1232106 _____ (Rasecadi                                                    ) C:\Users\Renato\AppData\Local\Temp\ICReinstall_windows_movie_maker_1185436195 (1).exe
2017-03-21 13:37 - 2017-03-21 13:37 - 1232106 _____ (Rasecadi                                                    ) C:\Users\Renato\AppData\Local\Temp\ICReinstall_windows_movie_maker_1185436195 (2).exe
2017-03-21 13:19 - 2017-03-21 13:19 - 1232106 _____ (Rasecadi                                                    ) C:\Users\Renato\AppData\Local\Temp\ICReinstall_windows_movie_maker_1185436195.exe
2017-03-21 13:55 - 2017-03-21 13:55 - 12698402 _____ (                                                            ) C:\Users\Renato\AppData\Local\Temp\jg3.6.0.exe
2017-03-21 13:56 - 2017-03-21 13:56 - 0097280 _____ () C:\Users\Renato\AppData\Local\Temp\setup.exe
2017-03-21 13:57 - 2017-03-21 13:56 - 1199825 _____ () C:\Users\Renato\AppData\Local\Temp\unins000.exe
2017-03-21 13:56 - 2017-03-21 13:56 - 1247942 _____ (VideoBox                                                    ) C:\Users\Renato\AppData\Local\Temp\vbsetup.exe
2017-03-21 13:56 - 2017-03-21 13:57 - 10538775 _____ () C:\Users\Renato\AppData\Local\Temp\wajam_install.exe
2017-03-21 13:56 - 2017-03-21 13:56 - 0425674 _____ (WeMonetize                                                  ) C:\Users\Renato\AppData\Local\Temp\ZMDY5DA.exe

==================== Bamital & volsnap ======================

(NÃ£o hÃ¡ correÃ§Ã£o automÃ¡tica para arquivos que nÃ£o passaram na verificaÃ§Ã£o.)

C:\Windows\system32\winlogon.exe => O arquivo Ã© assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo Ã© assinado digitalmente
C:\Windows\explorer.exe => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo Ã© assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo Ã© assinado digitalmente
C:\Windows\system32\services.exe => O arquivo Ã© assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo Ã© assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo Ã© assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo Ã© assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo Ã© assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo Ã© assinado digitalmente

LastRegBack: 2017-03-14 08:21

==================== Fim de FRST.txt ============================