cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 11-07-2017
Executado por Aderson (administrador) em ADERSON-PC (13-07-2017 00:07:57)
Executando a partir de C:\Users\Aderson\Desktop
Perfis Carregados: Aderson (Perfis Disponíveis: Aderson)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [fst_br_218] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-103578851-1006005707-559352929-1000\...\MountPoints2: {25531aca-45a3-11e0-83df-806e6f6e6963} - E:\DriverPackSolution.exe
HKU\S-1-5-21-103578851-1006005707-559352929-1000\...\MountPoints2: {37b8e824-5ef8-11e0-b2f6-0025225b4628} - D:\Autorun.exe
HKU\S-1-5-21-103578851-1006005707-559352929-1000\...\MountPoints2: {51ec0f50-6161-11e1-8258-fa8992b7b280} - F:\setup.exe -a
HKU\S-1-5-21-103578851-1006005707-559352929-1000\...\MountPoints2: {a6a80503-705f-11e0-b4e1-0025225b4628} - D:\DriverPackSolution.exe
HKU\S-1-5-21-103578851-1006005707-559352929-1000\...\MountPoints2: {eb352ad5-31d3-11e1-a625-e2b7c9de97f6} - F:\AutoRun.exe
HKU\S-1-5-21-103578851-1006005707-559352929-1000\...\MountPoints2: {eb352ae4-31d3-11e1-a625-e2b7c9de97f6} - F:\AutoRun.exe
HKU\S-1-5-21-103578851-1006005707-559352929-1000\...\MountPoints2: {ec7076f4-200b-11e1-8e9a-f122575f3b82} - F:\autorun.exe
HKU\S-1-5-21-103578851-1006005707-559352929-1000\...\MountPoints2: {ec707706-200b-11e1-8e9a-f122575f3b82} - F:\autorun.exe
HKU\S-1-5-21-103578851-1006005707-559352929-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => Nenhum Arquivo
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => Nenhum Arquivo
GroupPolicy: Restrição - Chrome <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54477;https=127.0.0.1:54477;
ProxyServer: [S-1-5-21-103578851-1006005707-559352929-1000] => http=127.0.0.1:13885;https=127.0.0.1:13885
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll => Nenhum Arquivo
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll => Nenhum Arquivo
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll => Nenhum Arquivo
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll => Nenhum Arquivo
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll => Nenhum Arquivo
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll => Nenhum Arquivo
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll => Nenhum Arquivo
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll => Nenhum Arquivo
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll => Nenhum Arquivo
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1 8.8.8.8
Tcpip\..\Interfaces\{037B885B-3242-4810-97A0-4E95128D3E81}: [DhcpNameServer] 172.16.0.1 8.8.8.8
Tcpip\..\Interfaces\{52D6107C-DB77-4CC4-A9E3-A196864640D1}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{A2749016-D05E-480C-9A99-BA015138C0BB}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{C2446C5F-41D3-4FAB-A1F4-BBDBFE7648C7}: [DhcpNameServer] 30.30.10.2 192.168.1.1
Tcpip\..\Interfaces\{E5914600-6F36-417A-A6AF-BF692C39D178}: [DhcpNameServer] 192.168.1.1 8.8.8.8
Tcpip\..\Interfaces\{E8F54B48-8001-484D-BC6C-22406EF31B56}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404572328&from=bxk&uid=395049983_1052483_44DB8597&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1404572328&from=bxk&uid=395049983_1052483_44DB8597&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404572328&from=bxk&uid=395049983_1052483_44DB8597&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404572328&from=bxk&uid=395049983_1052483_44DB8597&q={searchTerms}
HKU\S-1-5-21-103578851-1006005707-559352929-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.alot.com/?client_id=9866684001CC41C6022CEECC&install_time=2011-07-14T01:37:30Z&src_id=12170&camp_id=2453&tb_version=2.5.20000.3
HKU\S-1-5-21-103578851-1006005707-559352929-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=110824&tt=4712_5&babsrc=HP_ss&mntrId=44db859700000000000000026f6a2ce6
HKU\S-1-5-21-103578851-1006005707-559352929-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1404572328&from=bxk&uid=395049983_1052483_44DB8597&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByD0ByEyCtBzzzzyDzyyBtN0D0Tzu0CtAtByCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2085020484
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q={searchTerms}
SearchScopes: HKLM-x32 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByD0ByEyCtBzzzzyDzyyBtN0D0Tzu0CtAtByCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2085020484
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=MC4F3E649-EB01-4052-9F33-B07D86D8D189&SearchSource=58&CUI=&UM=6&UP=SP04EF9C53-7236-4F52-A4B4-91B1F2D7E5F1&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> Web URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=MC4F3E649-EB01-4052-9F33-B07D86D8D189&SearchSource=58&CUI=&UM=6&UP=SP04EF9C53-7236-4F52-A4B4-91B1F2D7E5F1&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=pcmega&s={searchTerms}&f=4
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4712_5&babsrc=SP_ss&mntrId=44db859700000000000000026f6a2ce6
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} URL = hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=9866684001CC41C6022CEECC&install_time=2011-07-14T01:37:30Z&src_id=12170&camp_id=2453&tb_version=2.5.20000.3
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {AAF909E2-7814-417E-913A-BE31E3D9A446} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=crm&q={searchTerms}&locale=pt_BR&apn_ptnrs=T8&apn_dtid=YYYYYYYYBR&apn_uid=e70cd0e2-7880-41b1-a2e1-56f1d3f91ed3&apn_sauid=D23ED902-A946-4315-8B4E-C330521B8F8C
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=pcmega1&chnl=pcmega1&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByD0ByEyCtBzzzzyDzyyBtN0D0Tzu0CtAtByCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2085020484
SearchScopes: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO-x32: Facilitador de Leitor de Link Adobe PDF -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO-x32: BlockAndSurf -> {116A3232-FFD2-E653-A41B-953268ED14F9} -> C:\Program Files (x86)\v04BlockAndSurf\175.dll => Nenhum Arquivo
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-11-21] (RealPlayer)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-07-12] (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-01-20] ()
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22] (Microsoft Corporation)
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20] ()
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-01-20] ()
Toolbar: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> Sem Nome - {D4027C7F-154A-4066-A1AD-4243D8127440} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> Sem Nome - {EEE6C35B-6118-11DC-9C72-001320C79847} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> Sem Nome - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-103578851-1006005707-559352929-1000 -> Sem Nome - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - Nenhum Arquivo
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-03-11] (McAfee, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default [2017-07-13]
FF user.js: detected! => C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\user.js [2016-07-08]
FF DefaultSearchEngine : Mozilla\Firefox\Profiles\66675eqv.default -> Web
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\66675eqv.default ->
FF SelectedSearchEngine : Mozilla\Firefox\Profiles\66675eqv.default -> Web
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\66675eqv.default ->
FF Extension: (Sem Nome) - C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\Extensions\chrome [2011-07-04] [não assinado]
FF Extension: (Sem Nome) - C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\Extensions\components [2011-07-04] [não assinado]
FF Extension: (Blur) - C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\Extensions\donottrackplus@abine.com.xpi [2017-07-12]
FF Extension: (Site Matcher) - C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\Extensions\sitematchersitesrc@sitematchersitesrc.com [2014-07-05] [não assinado]
FF Extension: (Mozilla Firefox Hotfixer) - C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\Extensions\veggy@veggyAddon.com [2017-07-12] [não assinado]
FF Extension: (DealPly) - C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012-11-21] [não assinado]
FF SearchPlugin: C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\searchplugins\ask-search.xml [2013-07-16]
FF SearchPlugin: C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\searchplugins\Funmoods.xml [2012-11-21]
FF SearchPlugin: C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\searchplugins\mngr.xml [2012-11-22]
FF SearchPlugin: C:\Users\Aderson\AppData\Roaming\Mozilla\Firefox\Profiles\66675eqv.default\searchplugins\speedbit.xml [2012-12-13]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-08-19] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor [2016-08-14] [não assinado]
FF HKU\S-1-5-21-103578851-1006005707-559352929-1000\...\Firefox\Extensions: [{157B9130-1152-8AF8-8CAB-E997B53F0984}] - C:\Program Files (x86)\v04BlockAndSurf\175.xpi => não encontrado (a)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2014-07-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-07-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\search_the_web.xml [2014-07-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2013-07-23] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-07-23] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [2012-07-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-07] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-11-21] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-12] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Aderson\AppData\Local\Google\Chrome\User Data\Default [2017-07-12]
CHR Extension: (YouTube) - C:\Users\Aderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-14]
CHR Extension: (Pesquisa do Google) - C:\Users\Aderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-03]
CHR Extension: (SiteAdvisor) - C:\Users\Aderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-08-14]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Aderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-14]
CHR Extension: (Gmail) - C:\Users\Aderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-14]
CHR Extension: (Chrome Media Router) - C:\Users\Aderson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-03]
CHR Extension: (Extutil) - C:\Users\Aderson\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-07-08]
CHR Extension: (Managera) - C:\Users\Aderson\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-07-08]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Aderson\AppData\Local\funmoods.crx [2012-11-21]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Aderson\AppData\Local\funmoods-speeddial_sf.crx [2012-11-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-08-14]
CHR HKU\S-1-5-21-103578851-1006005707-559352929-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Aderson\AppData\Local\funmoods.crx [2012-11-21]
CHR HKU\S-1-5-21-103578851-1006005707-559352929-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Aderson\AppData\Local\funmoods-speeddial_sf.crx [2012-11-21]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Aderson\AppData\Local\funmoods.crx [2012-11-21]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Aderson\AppData\Local\funmoods-speeddial_sf.crx [2012-11-21]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-21]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Arquivo não assinado]
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [154856 2015-03-27] (McAfee, Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
S3 ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [Arquivo não assinado]
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-10] () [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 BlockAndSurf; C:\Program Files (x86)\v04BlockAndSurf\v03BlockAndSurfgF175.exe [X]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 3xHybr64; C:\Windows\System32\DRIVERS\3xHybr64.sys [1033216 2009-04-20] (Crypto SA)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2225808 2014-12-08] (MediaTek Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-03-24] () [Arquivo não assinado]
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [61112 2014-07-04] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-07-13 00:07 - 2017-07-13 00:08 - 00029038 _____ C:\Users\Aderson\Desktop\FRST.txt
2017-07-13 00:07 - 2017-07-13 00:07 - 00000000 ____D C:\FRST
2017-07-13 00:06 - 2017-07-13 00:06 - 02435584 _____ (Farbar) C:\Users\Aderson\Desktop\FRST64.exe
2017-07-13 00:02 - 2017-07-13 00:02 - 00629006 _____ C:\Users\Aderson\Desktop\Windows6.1-KB2999226-x86.msu
2017-07-13 00:01 - 2017-07-13 00:01 - 01034556 _____ C:\Users\Aderson\Desktop\Windows6.1-KB2999226-x64.msu
2017-07-12 23:51 - 2017-07-12 23:51 - 00002225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-12 23:51 - 2017-07-12 23:51 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-12 23:48 - 2017-07-12 23:48 - 01130328 _____ (Google Inc.) C:\Users\Aderson\Desktop\ChromeSetup.exe
2017-07-12 23:41 - 2017-07-12 23:44 - 00000000 ____D C:\Users\Aderson\Desktop\Nova pasta
2017-07-12 23:25 - 2017-07-12 23:25 - 00889416 _____ (Microsoft Corporation) C:\Users\Aderson\Desktop\dotNetFx40_Full_setup.exe
2017-07-12 23:09 - 2017-07-12 23:12 - 69999448 _____ (Microsoft Corporation) C:\Users\Aderson\Desktop\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2017-07-12 23:07 - 2017-07-12 23:07 - 00000985 _____ C:\Users\Aderson\Desktop\Dll Kit Pro.lnk
2017-07-12 22:55 - 2017-07-12 22:55 - 00000000 ____D C:\Users\Aderson\AppData\Local\CEF
2017-07-12 22:54 - 2017-07-12 22:54 - 00000000 ____D C:\Users\Aderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dll Kit Pro
2017-07-12 22:49 - 2017-07-12 22:54 - 00000000 ____D C:\Program Files (x86)\DllKitPRO
2017-07-12 22:48 - 2017-07-12 22:48 - 00904176 _____ C:\Users\Aderson\Desktop\dllkit-setup.exe
2017-07-12 20:41 - 2017-07-12 20:41 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017 (32 Bit).lnk
2017-07-12 20:41 - 2017-07-12 20:41 - 00000000 ____D C:\Users\Aderson\AC
2017-07-12 20:35 - 2017-07-12 23:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-07-12 20:32 - 2017-07-12 20:32 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-07-12 20:20 - 2017-07-12 20:31 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-07-12 20:20 - 2017-07-12 20:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-12 19:30 - 2017-07-12 19:30 - 00000020 ___SH C:\Users\Aderson\ntuser.ini
2017-07-11 20:54 - 2017-07-11 20:54 - 00000000 __SHD C:\found.002
2017-07-11 12:30 - 2017-07-11 12:30 - 00000000 _____ C:\Users\Aderson\AppData\Local\{DA22ED5B-971A-4820-8499-BA0576E3EFA2}

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-07-12 23:52 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-07-12 23:51 - 2012-11-21 10:55 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-12 23:48 - 2011-04-16 11:43 - 00000000 ____D C:\Users\Aderson\AppData\Roaming\Adobe
2017-07-12 23:48 - 2011-03-03 14:00 - 00000000 ____D C:\Users\Aderson\AppData\Local\Adobe
2017-07-12 23:05 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 23:05 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-12 23:01 - 2011-03-03 11:42 - 00000000 ____D C:\Users\Aderson
2017-07-12 22:58 - 2016-08-14 04:28 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-07-12 22:58 - 2011-03-03 13:54 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-07-12 22:58 - 2011-03-03 13:54 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-12 22:58 - 2009-07-14 02:08 - 00032594 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-12 22:58 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-12 22:02 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\tracing
2017-07-12 21:53 - 2011-04-19 19:48 - 00000000 ____D C:\Users\Aderson\AppData\Local\ElevatedDiagnostics
2017-07-12 20:37 - 2011-03-03 14:00 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2017-07-12 20:37 - 2011-03-03 14:00 - 00000000 ____D C:\ProgramData\Adobe
2017-07-12 20:35 - 2011-03-03 14:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-07-12 20:10 - 2011-03-03 13:47 - 00109224 _____ C:\Users\Aderson\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-12 19:40 - 2009-07-29 13:08 - 04419924 _____ C:\Windows\system32\prfh0416.dat
2017-07-12 19:40 - 2009-07-29 13:08 - 03722568 _____ C:\Windows\system32\prfc0416.dat
2017-07-12 19:40 - 2009-07-14 02:13 - 00004574 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-12 19:35 - 2011-03-24 19:26 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Toolbar
2017-07-12 19:35 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-07-12 19:30 - 2009-07-14 01:45 - 00416992 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 19:23 - 2013-03-28 12:52 - 00000000 ____D C:\Program Files (x86)\InstallAffixationInfo
2017-07-12 19:23 - 2011-03-03 11:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-12 19:20 - 2011-05-02 13:12 - 00000000 ____D C:\Program Files (x86)\Project64 1.6
2017-07-12 19:18 - 2011-03-03 14:23 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-07-12 19:17 - 2011-07-10 15:05 - 00000000 ____D C:\Users\Aderson\AppData\Local\Google
2017-07-12 19:15 - 2016-08-14 04:06 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-07-12 19:15 - 2013-07-23 19:54 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2017-07-12 19:15 - 2013-07-23 19:54 - 00000000 ____D C:\ProgramData\McAfee
2017-07-12 19:09 - 2013-08-13 23:06 - 00000000 ____D C:\Users\Aderson\AppData\Roaming\DVDVideoSoft
2017-07-12 19:09 - 2013-08-13 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2017-07-12 19:07 - 2011-07-10 12:20 - 00000000 ____D C:\Program Files (x86)\DsNET Corp
2017-07-11 12:23 - 2014-07-05 13:09 - 00000492 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-07-11 12:23 - 2014-07-05 13:09 - 00000492 __RSH C:\ProgramData\ntuser.pol

==================== Arquivos na raiz de alguns diretórios =======

2011-03-24 18:58 - 2006-06-16 14:58 - 1104707 _____ () C:\Program Files\Setup Virtual Clone Drive.exe
2011-03-24 19:32 - 2010-10-14 18:59 - 9591104 _____ (DT Soft Ltd.) C:\Program Files (x86)\DTLite4356-0091.exe
2016-08-14 04:09 - 2016-08-14 04:09 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-07-03 13:09 - 2014-07-03 13:09 - 0000045 _____ () C:\Users\Aderson\AppData\Roaming\WB.CFG
2014-07-05 12:19 - 2014-07-04 13:23 - 0575887 _____ (ClickMeIn Limited) C:\Users\Aderson\AppData\Local\AnyProtectScannerSetup.exe
2014-07-17 17:44 - 2014-07-17 17:44 - 0002048 _____ () C:\Users\Aderson\AppData\Local\BlockAndSurfdb.sqlite
2013-01-05 00:21 - 2013-01-05 00:21 - 0003584 _____ () C:\Users\Aderson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-21 12:08 - 2012-11-21 12:08 - 0290500 _____ () C:\Users\Aderson\AppData\Local\funmoods-speeddial_sf.crx
2012-11-21 12:08 - 2012-11-21 12:08 - 0031465 _____ () C:\Users\Aderson\AppData\Local\funmoods.crx
2014-07-05 12:07 - 2014-07-05 12:07 - 0591320 _____ (ClickMeIn Limited) C:\Users\Aderson\AppData\Local\nsx300F.tmp
2017-07-11 12:30 - 2017-07-11 12:30 - 0000000 _____ () C:\Users\Aderson\AppData\Local\{DA22ED5B-971A-4820-8499-BA0576E3EFA2}

Alguns arquivos em TEMP:
====================
2012-11-22 11:34 - 2012-11-21 12:08 - 0397312 _____ (Setup © ) C:\Users\Aderson\AppData\Local\Temp\62088uninstall.exe
2012-02-01 16:06 - 2012-02-01 16:06 - 0356520 _____ (Ask.com) C:\Users\Aderson\AppData\Local\Temp\ApnStub.exe
2006-10-17 02:20 - 2006-10-17 02:20 - 0569344 _____ (Electronic Arts Inc.) C:\Users\Aderson\AppData\Local\Temp\AutoRun.exe
2011-04-16 11:44 - 2006-10-13 05:01 - 0528384 _____ (Electronic Arts Inc.) C:\Users\Aderson\AppData\Local\Temp\AutoRunGUI.dll
2014-06-30 20:28 - 2014-06-30 20:28 - 0000000 ____D () C:\Users\Aderson\AppData\Local\Temp\avgnt.exe
2014-07-05 12:08 - 2014-07-05 12:08 - 22038328 _____ (Baidu, Inc.) C:\Users\Aderson\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.7.72269.exe
2014-07-05 12:19 - 2014-07-05 12:19 - 0262984 _____ () C:\Users\Aderson\AppData\Local\Temp\bdg8790.exe
2012-11-22 11:44 - 2012-08-08 18:45 - 0098304 _____ () C:\Users\Aderson\AppData\Local\Temp\cabex.dll
2009-06-08 12:55 - 2009-06-08 12:55 - 1107176 ____N (Techland) C:\Users\Aderson\AppData\Local\Temp\CoJBiBLauncher.exe
2012-01-02 00:31 - 2009-08-22 15:43 - 0206336 ____R (Huawei Technologies Co., Ltd.) C:\Users\Aderson\AppData\Local\Temp\DataCard_Setup64.exe
2009-11-12 01:31 - 2009-11-12 01:31 - 0010240 ____R (Windows (R) Codename Longhorn DDK provider) C:\Users\Aderson\AppData\Local\Temp\DeviceSetup64.exe
2011-07-11 15:35 - 2011-07-11 15:40 - 2700678 _____ (Electronic Arts, Inc.) C:\Users\Aderson\AppData\Local\Temp\EAD60C4.exe
2011-04-16 11:44 - 2006-10-13 05:01 - 0720896 _____ () C:\Users\Aderson\AppData\Local\Temp\EAInstall.dll
2011-07-10 19:13 - 2011-07-10 19:33 - 3085984 _____ (Adobe Systems, Inc.) C:\Users\Aderson\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
2016-07-07 21:21 - 2012-10-09 10:54 - 0181432 _____ () C:\Users\Aderson\AppData\Local\Temp\GRRemove.exe
2012-07-27 20:51 - 2012-07-27 20:52 - 0000000 _____ () C:\Users\Aderson\AppData\Local\Temp\GUR7483.exe
1997-05-25 14:36 - 1997-05-25 14:36 - 0717824 ____N () C:\Users\Aderson\AppData\Local\Temp\HAMMER.EXE
2011-06-15 19:48 - 2011-06-15 19:48 - 3029824 _____ (Electronic Arts, Inc.) C:\Users\Aderson\AppData\Local\Temp\installerdll2263480.dll
2011-06-15 19:48 - 2011-06-15 19:48 - 3029824 _____ (Electronic Arts, Inc.) C:\Users\Aderson\AppData\Local\Temp\installerdll2264167.dll
2011-06-15 19:48 - 2011-06-15 19:48 - 3029824 _____ (Electronic Arts, Inc.) C:\Users\Aderson\AppData\Local\Temp\installerdll2270469.dll
2016-07-08 01:07 - 2014-07-10 01:09 - 0543520 _____ () C:\Users\Aderson\AppData\Local\Temp\NetCrawlUntemp.exe
2011-05-12 16:43 - 2011-05-12 16:43 - 0001536 _____ () C:\Users\Aderson\AppData\Local\Temp\NEventMessages.dll
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nsa278C.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nsaE34A.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nsf8E2E.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nsfAE0E.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nsi7D20.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nskC18F.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nsn74B5.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nspFAD0.exe
2014-07-07 13:47 - 2014-07-07 13:47 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nsq807A.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nssD2B6.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nssE637.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nst791A.exe
2014-06-26 06:30 - 2014-06-26 06:30 - 0156061 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\nsyEA00.exe
2011-07-12 14:49 - 2011-07-12 14:49 - 35859328 _____ (Electronic Arts, Inc.) C:\Users\Aderson\AppData\Local\Temp\OriginLauncher2263480.exe
2012-01-02 00:31 - 2008-02-20 10:16 - 0007168 ____R () C:\Users\Aderson\AppData\Local\Temp\ResetDevice.exe
2011-06-08 17:03 - 2011-06-08 17:03 - 0336280 ____R (Microsoft Corporation) C:\Users\Aderson\AppData\Local\Temp\rootsupd.exe
2014-05-21 07:01 - 2014-05-21 07:01 - 1183744 _____ (Baidu.com) C:\Users\Aderson\AppData\Local\Temp\Setup.exe
2012-11-13 12:09 - 2012-11-13 12:09 - 1150808 _____ (SweetIM Technologies Ltd.) C:\Users\Aderson\AppData\Local\Temp\simbo.exe
2014-07-12 21:41 - 2014-07-12 21:41 - 41173832 _____ () C:\Users\Aderson\AppData\Local\Temp\spark_install.exe
2014-07-07 19:48 - 2014-07-07 19:48 - 6575936 _____ (Client Connect LTD) C:\Users\Aderson\AppData\Local\Temp\SPSetup.exe
2012-10-09 22:19 - 2012-10-09 22:19 - 0541696 _____ () C:\Users\Aderson\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2012-11-21 10:50 - 2012-11-07 10:14 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Aderson\AppData\Local\Temp\stubhelper.dll
2012-11-22 11:44 - 2012-01-17 13:11 - 0265424 _____ (SPEEDbit Ltd.) C:\Users\Aderson\AppData\Local\Temp\svd_va.exe
2012-11-21 15:08 - 2012-10-17 12:37 - 0340632 _____ (Babylon Ltd.) C:\Users\Aderson\AppData\Local\Temp\uninst1.exe
2009-04-29 14:51 - 2009-04-29 14:51 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Aderson\AppData\Local\Temp\UninstallEADM.dll
2014-07-05 15:39 - 2014-07-05 15:39 - 2033320 _____ (Wajamu ) C:\Users\Aderson\AppData\Local\Temp\v-bates.exe
2016-07-07 23:55 - 2012-08-08 17:45 - 0173296 _____ () C:\Users\Aderson\AppData\Local\Temp\VARemove.exe
2011-06-08 17:03 - 2011-06-08 17:03 - 5673816 _____ (Microsoft Corporation) C:\Users\Aderson\AppData\Local\Temp\vcredist_x64.exe
2011-06-08 17:03 - 2011-06-08 17:03 - 4995416 _____ (Microsoft Corporation) C:\Users\Aderson\AppData\Local\Temp\vcredist_x86.exe
2011-10-03 14:19 - 2011-10-03 14:32 - 13756720 _____ (DsNET Corp) C:\Users\Aderson\AppData\Local\Temp\_MTB431026641419113102011.exe
2014-07-17 17:43 - 2014-07-17 17:43 - 4433510 _____ () C:\Users\Aderson\AppData\Local\Temp\_v01BlockAndSurfm57.exe
2013-03-10 19:29 - 2013-03-10 19:41 - 0000000 _____ () C:\Users\Aderson\AppData\Local\Temp\{DE8DA813-1D6C-460A-B567-06175E514DFF}-27.0.1435.0_chrome_installer.exe
2013-10-30 07:06 - 2013-10-30 07:07 - 0000000 _____ () C:\Users\Aderson\AppData\Local\Temp\{FAA2A7C6-129D-4AFD-8196-F9070CAFB3D4}-32.0.1686.0_chrome_installer.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2016-07-07 21:40

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité