Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 16.05.2018 01
Executado por Lianne (administrador) em LIANNE-PC (25-05-2018 21:46:11)
Executando a partir de C:\Users\Lianne\Desktop
Perfis Carregados: Lianne (Perfis Disponíveis: Lianne)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Smart Software, Inc.) C:\Program Files (x86)\WindowsTM\TMService.exe
(Smart Software, Inc.) C:\Program Files (x86)\WindowsTM\TMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2190704 2011-11-03] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [160536 2017-06-22] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2017-08-30] (Banco Itaú Unibanco)
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\Run: [DesktopSearch] => C:\ProgramData\DesktopSearch\DesktopSearch.exe -ros
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\Run: [Wisdom-soft ScreenHunter 6.0 Free] => 0
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\Run: [StillHill] => C:\Windows\rss\csrss.exe [5243392 2018-05-02] () <==== ATENÇÃO
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\Run: [CloudNet] => C:\Users\Lianne\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [680960 2018-05-02] (EpicNet Inc.)
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\MountPoints2: {40304de0-e54c-11e4-a6c3-e006e6fb073a} - F:\AutoRun.exe
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\MountPoints2: {40304deb-e54c-11e4-a6c3-e006e6fb073a} - F:\AutoRun.exe
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\MountPoints2: {e0ba0faf-6743-11e2-8899-e006e6fb073a} - E:\windows\Install.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1951968 2017-08-30] (Banco Itaú Unibanco)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
CHR HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 201.21.192.119 201.21.192.123
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{A817B3A5-BD1D-416D-9CFF-27BDE9522567}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D166AA58-CE28-4438-9F19-717D2A3F90CA}: [DhcpNameServer] 201.21.192.119 201.21.192.123
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.321oyun.com?oem=mbtkv3&uid=S2WG965X_5AS&tm=1431911114
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.321oyun.com?oem=mbtkv3&uid=S2WG965X_5AS&tm=1431911114
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
URLSearchHook: HKLM-x32 -> Padrão = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope {2E5E4A56-3313-4E77-911F-409A0D67EA23} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {2E5E4A56-3313-4E77-911F-409A0D67EA23} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {2E5E4A56-3313-4E77-911F-409A0D67EA23} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2E5E4A56-3313-4E77-911F-409A0D67EA23} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1696428889-2434750818-4036064162-1000 -> {2E5E4A56-3313-4E77-911F-409A0D67EA23} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-30] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-30] (Oracle Corporation)
BHO: FunDiEuals -> {EC2068ED-8AAC-4420-AEA1-34852EA2BEB7} -> C:\Program Files (x86)\FunDiEuals\C0bWqjRinS2Gq9.x64.dll => Nenhum Arquivo
BHO-x32: Sem Nome -> {2B57BF0B-ADBA-4575-88B1-CE7CD41E6F97} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-05] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2017-08-30] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-05] (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 1d0dd992.default
FF ProfilePath: C:\Users\Lianne\AppData\Roaming\Mozilla\Firefox\Profiles\1d0dd992.default [2018-05-02]
FF Homepage: Mozilla\Firefox\Profiles\1d0dd992.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\1d0dd992.default -> about:newtab
FF Extension: (Avira Browser Safety) - C:\Users\Lianne\AppData\Roaming\Mozilla\Firefox\Profiles\1d0dd992.default\Extensions\abs@avira.com [2018-03-24] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => não encontrado (a)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-01-30] (Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-01-30] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1696428889-2434750818-4036064162-1000: gastecnologia.com.br/sf/uni -> C:\Users\Lianne\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-08-27] (GAS Tecnologia)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default [2018-05-25]
CHR Extension: (Apresentações) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-06]
CHR Extension: (Documentos) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-06]
CHR Extension: (Google Drive) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-06]
CHR Extension: (YouTube) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-06]
CHR Extension: (Planilhas) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-06]
CHR Extension: (Documentos Google off-line) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-24]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hahpjplbmicfkmoccokbjejahjjpnena] - C:\Users\Lianne\AppData\Local\B1E\B1Tool.crx [2013-02-05]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] -
CHR HKLM-x32\...\Chrome\Extension: [mkgngkfjklojelbbglcnmnjabdgldofo] - hxxp://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.C2L3YKRZDGFW3SOEHLNBFOHP7E - C:\Users\Lianne\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-01-30] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [Arquivo não assinado]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [Arquivo não assinado]
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [590048 2017-08-30] (GAS Tecnologia)
S4 OracleJobSchedulerDBTEST01; c:\oracle\product\10.2.0\db_1\Bin\extjob.exe [102400 2005-08-29] () [Arquivo não assinado]
S3 OracleOraDb10g_home1TNSListener; C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe [204800 2005-08-15] () [Arquivo não assinado]
S3 OracleServiceDBTEST01; c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE [59027456 2005-08-29] (Oracle Corporation) [Arquivo não assinado]
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [220952 2016-08-31] (Beijing Rising Information Technology Co., Ltd.)
S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop35.exe [512312 2018-03-07] (PandaViewer)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 TMService; C:\Program Files (x86)\WindowsTM\TMService.exe [242344 2017-08-29] (Smart Software, Inc.) <==== ATENÇÃO
R2 WinDefender; C:\Windows\windefender.exe [0 ] () <==== ATENÇÃO (zero byte Arquivo/Pasta)
R2 WTMUPSrv; C:\Windows\SysWow64\TMhardware.dll [459560 2017-08-29] ()
S2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [X]
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 bavsvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavsvc.exe" [X]
S2 bhipssvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bhipssvc.exe" [X]
S2 DellDataVaultWiz; "C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [X]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [X]
S2 WMPNetworkAcSvc; "C:\Users\Lianne\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2017-08-30] (GAS Tecnologia)
R1 LanmaMaster; C:\Windows\system32\drivers\lanmamaster.sys [1505896 2016-04-09] () [Arquivo não assinado] <==== ATENÇÃO
R1 prilock; C:\Windows\System32\drivers\prilock.sys [122776 2018-02-08] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 TMhardware; C:\Windows\system32\drivers\TMhardware.sys [216608 2016-04-09] ()
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-08-27] (电脑管家)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2017-08-30] (GAS Tecnologia LTDA)
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] () <==== ATENÇÃO (zero byte Arquivo/Pasta)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (Windows (R) Win 7 DDK provider) <==== ATENÇÃO (zero byte Arquivo/Pasta)
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2018-05-02] () [Arquivo não assinado]
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\PCFApiUtil64.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\QMUdisk64.sys [X]
S3 smsbda; system32\drivers\smsbda.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\TS888x64.sys [X]
S3 ZTEusbdvbh; system32\DRIVERS\ZTEusbdvbh.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-05-25 21:46 - 2018-05-25 21:46 - 000023299 _____ C:\Users\Lianne\Desktop\FRST.txt
2018-05-25 21:45 - 2018-05-25 21:46 - 000000000 ____D C:\FRST
2018-05-25 21:44 - 2018-05-25 21:44 - 002413056 _____ (Farbar) C:\Users\Lianne\Desktop\FRST64.exe
2018-05-25 21:35 - 2018-05-25 21:35 - 000000000 ___RD C:\Users\Lianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2018-05-19 13:33 - 2018-05-19 13:32 - 002075488 _____ C:\Users\Lianne\Desktop\Simulado CTFL _ BSTQB.pdf
2018-05-15 21:21 - 2018-05-15 21:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2018-05-12 11:04 - 2018-05-12 11:04 - 005844091 _____ C:\Users\Lianne\Downloads\Modulo6.pdf
2018-05-12 11:03 - 2018-05-12 11:04 - 006523056 _____ C:\Users\Lianne\Downloads\Modulo5.pdf
2018-05-12 09:50 - 2018-05-12 09:50 - 009059873 _____ C:\Users\Lianne\Downloads\Modulo4.pdf
2018-05-12 09:50 - 2018-05-12 09:50 - 007411698 _____ C:\Users\Lianne\Downloads\Modulo1 (1).pdf
2018-05-12 09:50 - 2018-05-12 09:50 - 005941135 _____ C:\Users\Lianne\Downloads\Modulo2.pdf
2018-05-12 09:50 - 2018-05-12 09:50 - 004625160 _____ C:\Users\Lianne\Downloads\Modulo3.pdf
2018-05-07 22:11 - 2018-05-07 22:11 - 000018556 _____ C:\Users\Lianne\Downloads\Modelo - Priorizacao_condicoes_teste.zip
2018-05-07 22:01 - 2018-05-22 20:41 - 000003232 _____ C:\Windows\System32\Tasks\MRT
2018-05-03 21:48 - 2018-05-03 21:48 - 007411698 _____ C:\Users\Lianne\Downloads\Modulo1.pdf
2018-05-02 23:33 - 2018-05-02 23:33 - 000003160 _____ C:\Windows\System32\Tasks\{50E6000D-506E-4AD7-81D6-A7AC0054B50D}
2018-05-02 23:24 - 2018-05-02 23:24 - 000000000 ____D C:\Users\Lianne\AppData\Roaming\EpicNet Inc
2018-05-02 23:23 - 2018-05-02 23:23 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2018-05-02 23:19 - 2018-05-25 21:36 - 000003514 _____ C:\Windows\System32\Tasks\ScheduledUpdate
2018-05-02 23:19 - 2018-05-25 21:36 - 000003184 _____ C:\Windows\System32\Tasks\csrss
2018-05-02 23:19 - 2018-05-02 23:23 - 005546216 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2018-05-02 23:19 - 2018-05-02 23:23 - 000634432 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2018-05-02 23:19 - 2018-05-02 23:19 - 000001709 _____ C:\PandaViewer.lnk
2018-05-02 23:19 - 2018-05-02 23:19 - 000000000 ____D C:\Users\Todos os Usuários\yahoochrome_D
2018-05-02 23:19 - 2018-05-02 23:19 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-04-25 21:38 - 2018-05-02 23:23 - 000000000 ____D C:\Users\Lianne\Desktop\Engenharia da Qualidade de Software
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-05-25 21:36 - 2014-05-15 22:50 - 000000000 ____D C:\Program Files (x86)\GbPlugin
2018-05-25 21:36 - 2009-07-13 23:34 - 000452670 _____ C:\Windows\win.ini
2018-05-25 21:35 - 2015-07-21 14:22 - 000000996 _____ C:\Windows\Tasks\4cJ66eFLvK.job
2018-05-25 21:35 - 2012-05-25 16:22 - 000000000 ____D C:\Users\Usuário Padrão\AppData\Local\SoftThinks
2018-05-25 21:35 - 2012-05-25 16:22 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-05-25 21:35 - 2012-05-25 16:22 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-05-25 21:35 - 2012-05-25 16:13 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-05-25 21:35 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-25 21:27 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-25 21:27 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-24 19:55 - 2010-11-21 06:37 - 000713412 _____ C:\Windows\system32\prfh0416.dat
2018-05-24 19:55 - 2010-11-21 06:37 - 000153000 _____ C:\Windows\system32\prfc0416.dat
2018-05-24 19:55 - 2009-07-14 02:13 - 001662062 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-24 19:55 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2018-05-22 20:42 - 2013-11-04 18:45 - 000000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2018-05-22 20:42 - 2013-11-04 18:45 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-05-19 13:33 - 2018-04-17 23:30 - 000000000 ____D C:\Users\Lianne\AppData\Local\CutePDF Writer
2018-05-19 12:17 - 2012-06-06 21:46 - 000000000 ____D C:\Users\Lianne\AppData\Local\VirtualStore
2018-05-08 21:31 - 2016-03-16 23:29 - 000000000 ____D C:\Users\Lianne\AppData\Roaming\WMPNetworkAcSvc
2018-05-08 21:07 - 2012-05-25 15:55 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-08 21:07 - 2012-05-25 15:55 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-08 21:07 - 2012-05-25 15:55 - 000004384 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-08 21:07 - 2012-05-25 15:55 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-08 21:07 - 2012-05-25 15:55 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-07 20:24 - 2017-08-29 22:59 - 000000000 ____D C:\Users\Lianne\AppData\Roaming\excdir
2018-05-02 23:53 - 2015-08-07 17:02 - 000701356 _____ C:\Windows\ntbtlog.txt
2018-05-02 23:33 - 2012-07-05 16:16 - 000000000 ____D C:\Users\Lianne\AppData\Local\CrashDumps
2018-05-02 23:28 - 2012-11-02 12:29 - 000000000 ____D C:\Windows\Minidump
2018-05-02 23:28 - 2012-05-25 20:56 - 000318741 ____N C:\Windows\Minidump\050218-75114-01.dmp
2018-04-28 20:32 - 2016-09-04 14:10 - 000002299 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-28 20:32 - 2016-09-04 14:10 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Arquivos na raiz de alguns diretórios =======
2014-01-15 02:15 - 2014-01-15 02:15 - 000167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2014-01-15 02:15 - 2014-01-15 02:15 - 000167784 _____ (Baidu, Inc.) C:\Users\Todos os Usuários\FileSplitUpLoad.dll
2012-09-17 20:45 - 2012-09-17 20:45 - 001397144 _____ (BitTorrent, Inc.) C:\Program Files\BitTorrent.exe
2013-02-25 22:43 - 2013-02-25 22:43 - 007283839 _____ (MPC-HC Team ) C:\Program Files\MPC-HC.1.6.5.6366.x86.exe
2017-11-18 13:23 - 2017-11-18 13:23 - 000000000 _____ () C:\Program Files (x86)\GUT7161.tmp
2016-08-14 23:25 - 2016-08-14 23:25 - 007065600 _____ () C:\Program Files (x86)\GUTFFE1.tmp
2015-04-19 09:20 - 2015-09-21 23:59 - 000000626 _____ () C:\Users\Lianne\AppData\Roaming\4cJ66eFLvK
2015-06-24 23:21 - 2015-06-24 23:33 - 000000020 _____ () C:\Users\Lianne\AppData\Roaming\appdataFr2.bin
2015-06-26 19:43 - 2015-09-21 22:06 - 000000024 _____ () C:\Users\Lianne\AppData\Roaming\appdataFr25.bin
2014-05-15 22:49 - 2014-05-15 22:50 - 000015816 _____ () C:\Users\Lianne\AppData\Roaming\unins000.dat
2014-02-13 21:44 - 2015-05-08 00:01 - 000000113 _____ () C:\Users\Lianne\AppData\Roaming\WB.CFG
2012-08-24 00:12 - 2013-06-04 23:29 - 000009728 _____ () C:\Users\Lianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-10 19:40 - 2015-07-10 19:40 - 000000000 _____ () C:\Users\Lianne\AppData\Local\Temp.dat
2014-07-23 14:56 - 2014-07-23 14:56 - 000000000 _____ () C:\Users\Lianne\AppData\Local\{7D83E1C9-7199-4F5C-9354-3317F41BD6F5}
2014-08-12 21:34 - 2014-08-12 21:34 - 000000000 _____ () C:\Users\Lianne\AppData\Local\{DB8682FA-B650-45DC-B2DC-86F97B1656D2}
Arquivos para serem movidos ou deletados:
====================
C:\Windows\rss\csrss.exe
Alguns arquivos em TEMP:
====================
2018-04-17 23:29 - 2018-04-17 23:29 - 008108488 _____ () C:\Users\Lianne\AppData\Local\Temp\converter.exe
2018-05-02 23:19 - 2018-05-02 23:19 - 001527488 _____ (Microsoft Corporation) C:\Users\Lianne\AppData\Local\Temp\dbghelp.dll
2018-05-02 23:19 - 2018-05-02 23:19 - 000167616 _____ (Microsoft Corporation) C:\Users\Lianne\AppData\Local\Temp\symsrv.dll
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restaurado com sucesso
LastRegBack: 2018-04-14 13:32
==================== Fim de FRST.txt ============================
Executado por Lianne (administrador) em LIANNE-PC (25-05-2018 21:46:11)
Executando a partir de C:\Users\Lianne\Desktop
Perfis Carregados: Lianne (Perfis Disponíveis: Lianne)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Smart Software, Inc.) C:\Program Files (x86)\WindowsTM\TMService.exe
(Smart Software, Inc.) C:\Program Files (x86)\WindowsTM\TMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\RSD\popwndexe.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2190704 2011-11-03] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [160536 2017-06-22] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2017-08-30] (Banco Itaú Unibanco)
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\Run: [DesktopSearch] => C:\ProgramData\DesktopSearch\DesktopSearch.exe -ros
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\Run: [Wisdom-soft ScreenHunter 6.0 Free] => 0
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\Run: [StillHill] => C:\Windows\rss\csrss.exe [5243392 2018-05-02] () <==== ATENÇÃO
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\Run: [CloudNet] => C:\Users\Lianne\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [680960 2018-05-02] (EpicNet Inc.)
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\MountPoints2: {40304de0-e54c-11e4-a6c3-e006e6fb073a} - F:\AutoRun.exe
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\MountPoints2: {40304deb-e54c-11e4-a6c3-e006e6fb073a} - F:\AutoRun.exe
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\...\MountPoints2: {e0ba0faf-6743-11e2-8899-e006e6fb073a} - E:\windows\Install.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1951968 2017-08-30] (Banco Itaú Unibanco)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
CHR HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 201.21.192.119 201.21.192.123
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{A817B3A5-BD1D-416D-9CFF-27BDE9522567}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D166AA58-CE28-4438-9F19-717D2A3F90CA}: [DhcpNameServer] 201.21.192.119 201.21.192.123
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.321oyun.com?oem=mbtkv3&uid=S2WG965X_5AS&tm=1431911114
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.321oyun.com?oem=mbtkv3&uid=S2WG965X_5AS&tm=1431911114
HKU\S-1-5-21-1696428889-2434750818-4036064162-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
URLSearchHook: HKLM-x32 -> Padrão = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope {2E5E4A56-3313-4E77-911F-409A0D67EA23} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {2E5E4A56-3313-4E77-911F-409A0D67EA23} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {2E5E4A56-3313-4E77-911F-409A0D67EA23} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2E5E4A56-3313-4E77-911F-409A0D67EA23} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1696428889-2434750818-4036064162-1000 -> {2E5E4A56-3313-4E77-911F-409A0D67EA23} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-30] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-30] (Oracle Corporation)
BHO: FunDiEuals -> {EC2068ED-8AAC-4420-AEA1-34852EA2BEB7} -> C:\Program Files (x86)\FunDiEuals\C0bWqjRinS2Gq9.x64.dll => Nenhum Arquivo
BHO-x32: Sem Nome -> {2B57BF0B-ADBA-4575-88B1-CE7CD41E6F97} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-05] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2017-08-30] (Banco Itaú Unibanco)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-05] (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 1d0dd992.default
FF ProfilePath: C:\Users\Lianne\AppData\Roaming\Mozilla\Firefox\Profiles\1d0dd992.default [2018-05-02]
FF Homepage: Mozilla\Firefox\Profiles\1d0dd992.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\1d0dd992.default -> about:newtab
FF Extension: (Avira Browser Safety) - C:\Users\Lianne\AppData\Roaming\Mozilla\Firefox\Profiles\1d0dd992.default\Extensions\abs@avira.com [2018-03-24] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => não encontrado (a)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-01-30] (Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-01-30] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1696428889-2434750818-4036064162-1000: gastecnologia.com.br/sf/uni -> C:\Users\Lianne\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-08-27] (GAS Tecnologia)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default [2018-05-25]
CHR Extension: (Apresentações) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-06]
CHR Extension: (Documentos) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-06]
CHR Extension: (Google Drive) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-06]
CHR Extension: (YouTube) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-06]
CHR Extension: (Planilhas) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-06]
CHR Extension: (Documentos Google off-line) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-24]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-02]
CHR Extension: (Gmail) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\Lianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hahpjplbmicfkmoccokbjejahjjpnena] - C:\Users\Lianne\AppData\Local\B1E\B1Tool.crx [2013-02-05]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] -
CHR HKLM-x32\...\Chrome\Extension: [mkgngkfjklojelbbglcnmnjabdgldofo] - hxxp://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.C2L3YKRZDGFW3SOEHLNBFOHP7E - C:\Users\Lianne\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-01-30] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros) [Arquivo não assinado]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Commnucations) [Arquivo não assinado]
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [590048 2017-08-30] (GAS Tecnologia)
S4 OracleJobSchedulerDBTEST01; c:\oracle\product\10.2.0\db_1\Bin\extjob.exe [102400 2005-08-29] () [Arquivo não assinado]
S3 OracleOraDb10g_home1TNSListener; C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe [204800 2005-08-15] () [Arquivo não assinado]
S3 OracleServiceDBTEST01; c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE [59027456 2005-08-29] (Oracle Corporation) [Arquivo não assinado]
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [220952 2016-08-31] (Beijing Rising Information Technology Co., Ltd.)
S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop35.exe [512312 2018-03-07] (PandaViewer)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 TMService; C:\Program Files (x86)\WindowsTM\TMService.exe [242344 2017-08-29] (Smart Software, Inc.) <==== ATENÇÃO
R2 WinDefender; C:\Windows\windefender.exe [0 ] () <==== ATENÇÃO (zero byte Arquivo/Pasta)
R2 WTMUPSrv; C:\Windows\SysWow64\TMhardware.dll [459560 2017-08-29] ()
S2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [X]
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 bavsvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavsvc.exe" [X]
S2 bhipssvc; "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bhipssvc.exe" [X]
S2 DellDataVaultWiz; "C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [X]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [X]
S2 WMPNetworkAcSvc; "C:\Users\Lianne\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [52032 2014-01-21] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [34624 2014-01-21] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [128992 2014-01-21] (Baidu, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2017-08-30] (GAS Tecnologia)
R1 LanmaMaster; C:\Windows\system32\drivers\lanmamaster.sys [1505896 2016-04-09] () [Arquivo não assinado] <==== ATENÇÃO
R1 prilock; C:\Windows\System32\drivers\prilock.sys [122776 2018-02-08] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 TMhardware; C:\Windows\system32\drivers\TMhardware.sys [216608 2016-04-09] ()
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-08-27] (电脑管家)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2017-08-30] (GAS Tecnologia LTDA)
R3 Winmon; C:\Windows\System32\drivers\Winmon.sys [0 ] () <==== ATENÇÃO (zero byte Arquivo/Pasta)
R3 WinmonFS; C:\Windows\System32\drivers\WinmonFS.sys [0 ] (Windows (R) Win 7 DDK provider) <==== ATENÇÃO (zero byte Arquivo/Pasta)
R1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2018-05-02] () [Arquivo não assinado]
S3 BdApiUtil; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\PCFApiUtil64.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\QMUdisk64.sys [X]
S3 smsbda; system32\drivers\smsbda.sys [X]
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.7.16066.216\TS888x64.sys [X]
S3 ZTEusbdvbh; system32\DRIVERS\ZTEusbdvbh.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-05-25 21:46 - 2018-05-25 21:46 - 000023299 _____ C:\Users\Lianne\Desktop\FRST.txt
2018-05-25 21:45 - 2018-05-25 21:46 - 000000000 ____D C:\FRST
2018-05-25 21:44 - 2018-05-25 21:44 - 002413056 _____ (Farbar) C:\Users\Lianne\Desktop\FRST64.exe
2018-05-25 21:35 - 2018-05-25 21:35 - 000000000 ___RD C:\Users\Lianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2018-05-19 13:33 - 2018-05-19 13:32 - 002075488 _____ C:\Users\Lianne\Desktop\Simulado CTFL _ BSTQB.pdf
2018-05-15 21:21 - 2018-05-15 21:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2018-05-12 11:04 - 2018-05-12 11:04 - 005844091 _____ C:\Users\Lianne\Downloads\Modulo6.pdf
2018-05-12 11:03 - 2018-05-12 11:04 - 006523056 _____ C:\Users\Lianne\Downloads\Modulo5.pdf
2018-05-12 09:50 - 2018-05-12 09:50 - 009059873 _____ C:\Users\Lianne\Downloads\Modulo4.pdf
2018-05-12 09:50 - 2018-05-12 09:50 - 007411698 _____ C:\Users\Lianne\Downloads\Modulo1 (1).pdf
2018-05-12 09:50 - 2018-05-12 09:50 - 005941135 _____ C:\Users\Lianne\Downloads\Modulo2.pdf
2018-05-12 09:50 - 2018-05-12 09:50 - 004625160 _____ C:\Users\Lianne\Downloads\Modulo3.pdf
2018-05-07 22:11 - 2018-05-07 22:11 - 000018556 _____ C:\Users\Lianne\Downloads\Modelo - Priorizacao_condicoes_teste.zip
2018-05-07 22:01 - 2018-05-22 20:41 - 000003232 _____ C:\Windows\System32\Tasks\MRT
2018-05-03 21:48 - 2018-05-03 21:48 - 007411698 _____ C:\Users\Lianne\Downloads\Modulo1.pdf
2018-05-02 23:33 - 2018-05-02 23:33 - 000003160 _____ C:\Windows\System32\Tasks\{50E6000D-506E-4AD7-81D6-A7AC0054B50D}
2018-05-02 23:24 - 2018-05-02 23:24 - 000000000 ____D C:\Users\Lianne\AppData\Roaming\EpicNet Inc
2018-05-02 23:23 - 2018-05-02 23:23 - 000036096 _____ C:\Windows\system32\Drivers\WinmonProcessMonitor.sys
2018-05-02 23:19 - 2018-05-25 21:36 - 000003514 _____ C:\Windows\System32\Tasks\ScheduledUpdate
2018-05-02 23:19 - 2018-05-25 21:36 - 000003184 _____ C:\Windows\System32\Tasks\csrss
2018-05-02 23:19 - 2018-05-02 23:23 - 005546216 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2018-05-02 23:19 - 2018-05-02 23:23 - 000634432 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2018-05-02 23:19 - 2018-05-02 23:19 - 000001709 _____ C:\PandaViewer.lnk
2018-05-02 23:19 - 2018-05-02 23:19 - 000000000 ____D C:\Users\Todos os Usuários\yahoochrome_D
2018-05-02 23:19 - 2018-05-02 23:19 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-04-25 21:38 - 2018-05-02 23:23 - 000000000 ____D C:\Users\Lianne\Desktop\Engenharia da Qualidade de Software
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-05-25 21:36 - 2014-05-15 22:50 - 000000000 ____D C:\Program Files (x86)\GbPlugin
2018-05-25 21:36 - 2009-07-13 23:34 - 000452670 _____ C:\Windows\win.ini
2018-05-25 21:35 - 2015-07-21 14:22 - 000000996 _____ C:\Windows\Tasks\4cJ66eFLvK.job
2018-05-25 21:35 - 2012-05-25 16:22 - 000000000 ____D C:\Users\Usuário Padrão\AppData\Local\SoftThinks
2018-05-25 21:35 - 2012-05-25 16:22 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-05-25 21:35 - 2012-05-25 16:22 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-05-25 21:35 - 2012-05-25 16:13 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-05-25 21:35 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-25 21:27 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-05-25 21:27 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-05-24 19:55 - 2010-11-21 06:37 - 000713412 _____ C:\Windows\system32\prfh0416.dat
2018-05-24 19:55 - 2010-11-21 06:37 - 000153000 _____ C:\Windows\system32\prfc0416.dat
2018-05-24 19:55 - 2009-07-14 02:13 - 001662062 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-24 19:55 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2018-05-22 20:42 - 2013-11-04 18:45 - 000000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2018-05-22 20:42 - 2013-11-04 18:45 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-05-19 13:33 - 2018-04-17 23:30 - 000000000 ____D C:\Users\Lianne\AppData\Local\CutePDF Writer
2018-05-19 12:17 - 2012-06-06 21:46 - 000000000 ____D C:\Users\Lianne\AppData\Local\VirtualStore
2018-05-08 21:31 - 2016-03-16 23:29 - 000000000 ____D C:\Users\Lianne\AppData\Roaming\WMPNetworkAcSvc
2018-05-08 21:07 - 2012-05-25 15:55 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-08 21:07 - 2012-05-25 15:55 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-08 21:07 - 2012-05-25 15:55 - 000004384 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-05-08 21:07 - 2012-05-25 15:55 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-05-08 21:07 - 2012-05-25 15:55 - 000000000 ____D C:\Windows\system32\Macromed
2018-05-07 20:24 - 2017-08-29 22:59 - 000000000 ____D C:\Users\Lianne\AppData\Roaming\excdir
2018-05-02 23:53 - 2015-08-07 17:02 - 000701356 _____ C:\Windows\ntbtlog.txt
2018-05-02 23:33 - 2012-07-05 16:16 - 000000000 ____D C:\Users\Lianne\AppData\Local\CrashDumps
2018-05-02 23:28 - 2012-11-02 12:29 - 000000000 ____D C:\Windows\Minidump
2018-05-02 23:28 - 2012-05-25 20:56 - 000318741 ____N C:\Windows\Minidump\050218-75114-01.dmp
2018-04-28 20:32 - 2016-09-04 14:10 - 000002299 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-28 20:32 - 2016-09-04 14:10 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Arquivos na raiz de alguns diretórios =======
2014-01-15 02:15 - 2014-01-15 02:15 - 000167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2014-01-15 02:15 - 2014-01-15 02:15 - 000167784 _____ (Baidu, Inc.) C:\Users\Todos os Usuários\FileSplitUpLoad.dll
2012-09-17 20:45 - 2012-09-17 20:45 - 001397144 _____ (BitTorrent, Inc.) C:\Program Files\BitTorrent.exe
2013-02-25 22:43 - 2013-02-25 22:43 - 007283839 _____ (MPC-HC Team ) C:\Program Files\MPC-HC.1.6.5.6366.x86.exe
2017-11-18 13:23 - 2017-11-18 13:23 - 000000000 _____ () C:\Program Files (x86)\GUT7161.tmp
2016-08-14 23:25 - 2016-08-14 23:25 - 007065600 _____ () C:\Program Files (x86)\GUTFFE1.tmp
2015-04-19 09:20 - 2015-09-21 23:59 - 000000626 _____ () C:\Users\Lianne\AppData\Roaming\4cJ66eFLvK
2015-06-24 23:21 - 2015-06-24 23:33 - 000000020 _____ () C:\Users\Lianne\AppData\Roaming\appdataFr2.bin
2015-06-26 19:43 - 2015-09-21 22:06 - 000000024 _____ () C:\Users\Lianne\AppData\Roaming\appdataFr25.bin
2014-05-15 22:49 - 2014-05-15 22:50 - 000015816 _____ () C:\Users\Lianne\AppData\Roaming\unins000.dat
2014-02-13 21:44 - 2015-05-08 00:01 - 000000113 _____ () C:\Users\Lianne\AppData\Roaming\WB.CFG
2012-08-24 00:12 - 2013-06-04 23:29 - 000009728 _____ () C:\Users\Lianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-10 19:40 - 2015-07-10 19:40 - 000000000 _____ () C:\Users\Lianne\AppData\Local\Temp.dat
2014-07-23 14:56 - 2014-07-23 14:56 - 000000000 _____ () C:\Users\Lianne\AppData\Local\{7D83E1C9-7199-4F5C-9354-3317F41BD6F5}
2014-08-12 21:34 - 2014-08-12 21:34 - 000000000 _____ () C:\Users\Lianne\AppData\Local\{DB8682FA-B650-45DC-B2DC-86F97B1656D2}
Arquivos para serem movidos ou deletados:
====================
C:\Windows\rss\csrss.exe
Alguns arquivos em TEMP:
====================
2018-04-17 23:29 - 2018-04-17 23:29 - 008108488 _____ () C:\Users\Lianne\AppData\Local\Temp\converter.exe
2018-05-02 23:19 - 2018-05-02 23:19 - 001527488 _____ (Microsoft Corporation) C:\Users\Lianne\AppData\Local\Temp\dbghelp.dll
2018-05-02 23:19 - 2018-05-02 23:19 - 000167616 _____ (Microsoft Corporation) C:\Users\Lianne\AppData\Local\Temp\symsrv.dll
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restaurado com sucesso
LastRegBack: 2018-04-14 13:32
==================== Fim de FRST.txt ============================