top of page
Search
colroloberrosig
Aug 17, 202313 min read

O O DiskImage Professional 14.0 Build 321 x86 x64 key: Protect your data from loss with this powerfu



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017Ran by Ivan (administrator) on IVAN-VAIO (26-02-2017 14:42:45)Running from C:\Users\Ivan\DesktopLoaded Profiles: Ivan (Available Profiles: Ivan)Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Portuguese (Brazil)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: -frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe(Intel Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe() C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe() C:\Windows\SysWOW64\dxconfig.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe(Intel Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe() C:\Windows\SysWOW64\dxconfig.exe(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe() C:\Windows\SearchIndexer.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe() C:\Windows\SearchIndexer.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Rapid Storage Technology\IAStorIcon.exe(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe(Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Sony Corporation) C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Rapid Storage Technology\IAStorDataMgrSvc.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe() C:\Program Files\Sony\VAIO Care\listener.exe(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Management Engine Components\UNS\UNS.exe(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Farbar) C:\Users\Ivan\Desktop\EnglishFRST64.exe==================== Registry (Whitelisted) ====================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-15] (Synaptics Incorporated)HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2724432 2015-12-26] (Sony Corporation)HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-09-12] (Caixa Economica Federal)Winlogon\Notify\ GbPluginIsg: C:\Program Files (x86)\GbPlugin\gbiehIsg.dll [2016-01-04] (Infoseg - Senasp)HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3985464 2016-11-11] (Tonec Inc.)HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Policies\Explorer: [NoDrives] 2ShellExecuteHooks-x32: GbPluginObj Class - E37CB5F0-51F5-4395-A808-5FA49E399015 - C:\Program Files (x86)\GbPlugin\gbiehisg.dll [1870240 2016-01-04] (Infoseg - Senasp)ShellExecuteHooks-x32: GbPluginObj Class - E37CB5F0-51F5-4395-A808-5FA49E399003 - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1903328 2016-09-12] (Caixa Economica Federal)ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> CDC95B92-E27C-4745-A8C5-64A52A78855D => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)ShellIconOverlayIdentifiers: [ AccExtIco1] -> AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47 => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()ShellIconOverlayIdentifiers: [ AccExtIco2] -> 853B7E05-C47D-4985-909A-D0DC5C6D7303 => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()ShellIconOverlayIdentifiers: [ AccExtIco3] -> 42D38F2E-98E9-4382-B546-E24E4D6D04BB => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()ShellIconOverlayIdentifiers: [OODIIcon] -> 14A94384-BBED-47ed-86C0-6BF63FD892D0 => C:\Program Files\Laplink\DiskImage\oodishi.dll [2014-02-13] (O&O Software GmbH)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 200.189.88.192 200.189.88.182Tcpip\..\Interfaces\4714ED28-43AD-400A-8235-0BD9537DCF5E: [DhcpNameServer] 200.189.88.192 200.189.88.182Tcpip\..\Interfaces\4C38E937-7F82-4F58-AA74-BC28874FC5ED: [DhcpNameServer] 192.168.42.129Internet Explorer:==================HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.comHKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/SearchScopes: HKLM -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL =SearchScopes: HKLM-x32 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL =SearchScopes: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL =BHO: IDM integration (IDMIEHlprObj Class) -> 0055C089-8582-441B-A0BF-17B458C2A3A8 -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-11-09] (Internet Download Manager, Tonec Inc.)BHO: Java™ Plug-In SSV Helper -> 761497BB-D6F0-462C-B6EB-D4DAF1D92D43 -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-13] (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> 9030D464-4C02-4ABF-8ECC-5164760863C6 -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO: Office Document Cache Handler -> B4F3A835-0E21-4959-BA22-42B3008E02FF -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: Java™ Plug-In 2 SSV Helper -> DBC80044-A445-435b-BC74-9C25C1C588A9 -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-13] (Oracle Corporation)BHO-x32: IDM integration (IDMIEHlprObj Class) -> 0055C089-8582-441B-A0BF-17B458C2A3A8 -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-11-09] (Internet Download Manager, Tonec Inc.)BHO-x32: Windows Live ID Sign-in Helper -> 9030D464-4C02-4ABF-8ECC-5164760863C6 -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> B4F3A835-0E21-4959-BA22-42B3008E02FF -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: AviraBrowserSafety.BrowserSafety -> c3c77255-42c0-499f-b664-6e981a0b1647 -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)BHO-x32: GbIehObj Class -> C41A1C0E-EA6C-11D4-B1B8-444553540003 -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2016-09-12] (Caixa Economica Federal)BHO-x32: GbIehObj Class -> C41A1C0E-EA6C-11D4-B1B8-444553540015 -> C:\Program Files (x86)\GbPlugin\gbiehisg.dll [2016-01-04] (Infoseg - Senasp)BHO-x32: KeepVid Pro 4.10.0 -> F9B65201-3D7F-48DA-AAB3-57A6FAD648FD -> C:\ProgramData\KeepVid\KeepVid Pro\WSBrowserAppMgr.dll [2016-08-08] ()Toolbar: HKLM - No Name - 41564952-412D-5637-4300-7A786E7484D7 - No FileHandler-x32: abs - E00957BD-D0E1-4eb9-A025-7743FDC8B27B - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No FileFireFox:========FF DefaultProfile: adnt6zdd.defaultFF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default [2017-02-26]FF Homepage: Mozilla\Firefox\Profiles\adnt6zdd.default -> www.google.comFF Extension: (United States English Spellchecker) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\Extensions\en-US@dictionaries.addons.mozilla.org [2017-01-21]FF Extension: (MEGA) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\Extensions\firefox@mega.co.nz.xpi [2017-02-17]FF Extension: (uBlock Origin) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\Extensions\uBlock0@raymondhill.net.xpi [2017-02-20]FF Extension: (TV-Fox) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\Extensions\2f17f610-5e97-4fed-828f-9940b7b577a4 [2017-02-12]FF Extension: (Download YouTube Videos as MP4) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\Extensions\b9bfaf1c-a63f-47cd-8b9a-29526ced9060.xpi [2017-02-14]FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\adnt6zdd.default\features\669f63f1-6eb4-45cb-ad83-8c9774499a3e\disableSHA1rollout@mozilla.org.xpi [2017-02-24]FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]FF HKLM-x32\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpiFF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi [2017-01-05]FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [87F8774F-B485-47E2-A755-A40A8A5E8878] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpiFF Extension: (GBBD Infoseg - Senasp) - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi [2016-09-13] [not signed]FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [87F8774F-B485-47E2-A755-A40A8A5E886D] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\cef\xpiFF Extension: (GBBD Caixa Economica Federal) - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2016-07-19] [not signed]FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [87F8774F-B485-47E2-A755-A40A8A5E886F] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpiFF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpiFF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpiFF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ivan\AppData\Roaming\IDM\idmmzcc5FF Extension: (IDM CC) - C:\Users\Ivan\AppData\Roaming\IDM\idmmzcc5 [2017-02-25] [not signed]FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-28] ()FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA1\MICROS2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-28] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA2\MICROS1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA2\MICROS1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/cef -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/cef64 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/isg -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg.dll [2015-02-26] (GAS Tecnologia)FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/isg64 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll [2015-02-26] (GAS Tecnologia)Chrome:=======CHR DefaultProfile: ChromeDefaultDataCHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]CHR Extension: (Google Apresentações) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]CHR Extension: (Video Downloader professional) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-10-21]CHR Extension: (Planilhas do Google) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]CHR Extension: (YouTube Flash Video Player) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldkdmkgnlbehfgeifjpjabmandnchpe [2016-10-21]CHR Extension: (Segurança do navegador Avira) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-21]CHR Extension: (Documentos Google off-line) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-21]CHR Extension: (AdBlock) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-21]CHR Extension: (Video Downloader Pro) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-10-21]CHR Extension: (IDM Integration Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-21]CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-21]CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]CHR Extension: (Chrome Media Router) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-11-21]CHR HKU\S-1-5-21-3714546670-946274982-931039520-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-11-21]==================== Services (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [308616 2017-02-03] (Avira Operations GmbH & Co. KG)R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-24] (Cybereason)S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [File not signed]R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-09-12] (GAS Tecnologia)S4 ImDskSvc; C:\Windows\system32\imdsksvc.exe [18016 2014-09-19] (Olof Lagerkvist)R2 KingoSoftService; C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367584 2016-11-28] ()R2 Microsoft DirectX Configuration Service; C:\Windows\SysWOW64\dxconfig.exe [64512 2017-01-19] () [File not signed]S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)S4 OO DiskImage; C:\Program Files\Laplink\DiskImage\oodiag.exe [6258880 2014-02-13] (O&O Software GmbH)R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)S3 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6348560 2015-10-29] (TeamViewer GmbH)S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-24] (Sony Corporation)R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 Windows Indexer; C:\Windows\SearchIndexer.exe [64512 2017-01-01] () [File not signed]===================== Drivers (Whitelisted) ======================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-15] (Avira Operations GmbH & Co. KG)R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-15] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-08-07] (Avira Operations GmbH & Co. KG)R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-06-02] (Avira Operations GmbH & Co. KG)R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [20536 2014-06-03] (Olof Lagerkvist)S3 facap; C:\Windows\System32\DRIVERS\facap.sys [38400 2012-09-03] (Windows Win 7 DDK provider)R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [42560 2014-09-19] (Olof Lagerkvist)S3 MDANTDRV; C:\Windows\system32\MDANTDRV.sys [34296 2016-12-29] ()S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [936960 2010-03-17] (DiBcom SA) [File not signed]S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-07-13] (DiBcom S.A.)R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116928 2014-02-13] (O&O Software GmbH)R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41152 2014-02-13] (O&O Software GmbH)R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255680 2014-02-13] (O&O Software GmbH)R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44736 2014-02-13] (O&O Software GmbH)S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [18528 2014-10-23] ()S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [15456 2014-10-23] ()R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-04-24] ()S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [821888 2011-01-26] (Windows Win 7 DDK provider)S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-03-18] (GAS Tecnologia LTDA)R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2016-02-29] (Wondershare)R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-02-26] (GAS Tecnologia)R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)R1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [31960 2014-06-03] (XOSLAB.COM)S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2017-02-26 14:42 - 2017-02-26 14:45 - 00031070 _____ C:\Users\Ivan\Desktop\FRST.txt2017-02-26 14:42 - 2017-02-26 14:42 - 00000000 ____D C:\Users\Ivan\Desktop\FRST-OlderVersion2017-02-26 14:41 - 2017-02-26 14:42 - 02423296 _____ (Farbar) C:\Users\Ivan\Desktop\EnglishFRST64.exe2017-02-26 14:39 - 2017-02-26 14:39 - 00531463 _____ C:\Users\QEJ6\opportunity.dean.dawn.xlsx2017-02-26 14:39 - 2017-02-26 14:39 - 00506560 _____ C:\Users\Akinrag\probabilities-belly-fur.xlsx2017-02-26 14:39 - 2017-02-26 14:39 - 00212330 _____ C:\Users\Akinrag\killing_encouraged_heading_returns.mdb2017-02-26 14:39 - 2017-02-26 14:39 - 00209919 _____ C:\Users\QEJ6\chairs-decrease.mdb2017-02-26 14:39 - 2017-02-26 14:39 - 00063672 _____ C:\Users\QEJ6\lqOJJPTbf7.xls2017-02-26 14:39 - 2017-02-26 14:39 - 00062601 _____ C:\Users\Akinrag\playersconstruemainlypowder.xls2017-02-26 14:39 - 2017-02-26 14:39 - 00055119 _____ C:\Users\QEJ6\irYNPkaFAGEv.pem2017-02-26 14:39 - 2017-02-26 14:39 - 00053348 _____ C:\Users\Akinrag\lunch.accordance.whispered.radar.pem2017-02-26 14:39 - 2017-02-26 14:39 - 00034022 _____ C:\Users\Akinrag\ones.scalar.txt2017-02-26 14:39 - 2017-02-26 14:39 - 00023400 _____ C:\Users\Akinrag\oxygenwonderful.sql2017-02-26 14:39 - 2017-02-26 14:39 - 00016421 _____ C:\Users\QEJ6\every_lot_congo.txt2017-02-26 14:39 - 2017-02-26 14:39 - 00014138 _____ C:\Users\QEJ6\institutions-turning-billy.sql2017-02-26 14:39 - 2017-02-26 14:39 - 00000000 __SHD C:\Users\Ivan\Desktop\ This folder protects against ransomware. Modifying it will reduce protection2017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ___HD C:\Users\QEJ62017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ___HD C:\Users\Ivan\Documents\Xtransfers182017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ___HD C:\Users\Ivan\Documents\Acvalue262017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ___HD C:\Users\Akinrag2017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ____D C:\_Gworking1982017-02-26 14:39 - 2017-02-26 14:39 - 00000000 ____D C:\.Ssorted92017-02-26 02:20 - 2017-02-26 02:20 - 441893535 _____ C:\Users\Ivan\Downloads\---Chris de Burgh in concert - YouTube.mp42017-02-26 02:05 - 2017-02-26 02:05 - 36211962 _____ C:\Users\Ivan\Downloads\Lady in red ( LIVE ) -Chris De Burgh.mp42017-02-25 10:47 - 2017-02-25 10:47 - 00005482 _____ C:\Users\Ivan\Documents\ESET1.txt2017-02-24 19:39 - 2017-02-24 19:39 - 00000027 _____ C:\Settings.ini2017-02-23 22:20 - 2017-02-23 22:20 - 00081558 _____ C:\Users\Ivan\Downloads\Blindspot.S02E14.HDTV.x264-LOL.rar2017-02-23 10:54 - 2017-02-23 11:51 - 4089577472 _____ C:\Users\Ivan\Downloads\A LENDA DO ZORRO.iso2017-02-21 14:53 - 2017-02-21 14:58 - 00000000 ____D C:\ProgramData\SystemExplorer2017-02-21 14:53 - 2017-02-21 14:53 - 00001046 _____ C:\Users\Public\Desktop\System Explorer.lnk2017-02-21 14:53 - 2017-02-21 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer2017-02-21 14:53 - 2017-02-21 14:53 - 00000000 ____D C:\Program Files (x86)\System Explorer2017-02-18 15:04 - 2017-02-18 15:04 - 01917528 _____ (Mister Group ) C:\Users\Ivan\Downloads\SystemExplorerSetup.exe2017-02-18 12:31 - 2017-02-18 12:31 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ssadadb_01005.Wdf2017-02-15 20:45 - 2017-02-15 20:46 - 45491643 _____ C:\Users\Ivan\Downloads\Wondershare.DVD.Creator.v4.0.0.16-P2P.rar2017-02-15 19:42 - 2017-02-15 19:42 - 00000000 ____D C:\Users\Ivan\Documents\Necessarie2017-02-15 01:30 - 2017-02-15 01:30 - 00001969 _____ C:\Users\Ivan\Documents\Como Tirar o CR para Airsoft.txt2017-02-15 01:29 - 2017-02-15 01:29 - 87504399 _____ C:\Users\Ivan\Downloads\COMO TIRAR O CR - CERTIFICADO DE REGISTRO - BRASIL - AIRSOFT.mp42017-02-14 21:52 - 2017-02-14 21:52 - 00000000 ____D C:\Users\Ivan\Documents\SafeZone2017-02-14 21:51 - 2017-02-14 21:51 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\WinPatrol2017-02-14 21:51 - 2017-02-14 21:51 - 00000000 ____D C:\ProgramData\WinPatrol2017-02-14 21:51 - 2016-01-17 09:51 - 00015640 _____ C:\Windows\system32\Drivers\CGKDarkWatcher.sys2017-02-12 21:10 - 2017-02-12 21:10 - 00098494 _____ C:\Users\Ivan\Downloads\Blindspot.S02E13.rar2017-02-12 00:35 - 2017-02-12 01:33 - 386547712 _____ C:\Users\Ivan\Downloads\Milagres do Paraiso.ISO2017-02-11 17:34 - 2017-02-11 17:34 - 02696220 _____ C:\Users\Ivan\Downloads\Informe Anual da DIRF PagSeguro.pdf2017-02-11 14:57 - 2017-02-11 14:57 - 01350637 _____ C:\Users\Ivan\Downloads\snort_manual.pdf2017-02-11 14:56 - 2017-02-11 14:56 - 00296152 _____ C:\Users\Ivan\Downloads\SnortUsersWebcast_IntroSnort.pdf2017-02-11 14:50 - 2017-02-11 14:50 - 38910920 _____ (WinPatrol) C:\Users\Ivan\Downloads\winpatrolwar-setup.exe2017-02-11 14:33 - 2017-02-11 14:33 - 03821802 _____ C:\Users\Ivan\Downloads\Snort_2_9_9_0_Installer.exe2017-02-11 13:46 - 2017-02-11 13:46 - 16531456 _____ C:\Users\Ivan\Downloads\Suricata-3.2-1-32bit.msi2017-02-10 20:46 - 2017-02-10 20:46 - 00001364 _____ C:\Users\Public\Desktop\Lazesoft Recovery Suite Professional Edition.lnk2017-02-09 22:56 - 2017-02-09 23:03 - 00000000 ____D C:\Users\Ivan\Downloads\Lazesoft Recovery Suite 4.2.1 Professional Edition FULL2017-02-09 22:48 - 2017-02-11 02:15 - 00001000 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk2017-02-09 22:47 - 2017-02-09 22:47 - 00000000 ____D C:\Users\Ivan\Downloads\Avira.Phantom.VPN.Pro.2.2.1.205992017-02-09 21:22 - 2017-02-09 21:22 - 00000000 ____D C:\Users\Ivan\Documents\KeepVid Pro2017-02-08 16:30 - 2017-02-08 16:30 - 04179759 _____ C:\Users\Ivan\Downloads\Avira.Phantom.VPN.Pro.2.2.1.20599.zip2017-02-08 16:04 - 2017-02-08 16:06 - 132416870 _____ C:\Users\Ivan\Downloads\Lazesoft Recovery Suite Unlimited Edition 3.5.1.rar2017-02-07 01:37 - 2017-02-07 01:39 - 62859787 _____ C:\Users\Ivan\Downloads\Lazesoft Recovery Suite 4.2.1 Professional Edition FULL.rar2017-02-06 19:04 - 2017-02-06 19:04 - 04759016 _____ C:\Users\Ivan\Downloads\Avira_Phantom_VPN_1.3.1.30415.rar2017-02-06 18:27 - 2017-02-23 22:21 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\IDM2017-02-06 18:27 - 2017-02-06 18:28 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager2017-02-06 18:27 - 2017-02-06 18:27 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager2017-02-06 18:27 - 2017-02-06 18:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager2017-02-06 18:26 - 2017-02-06 18:26 - 00000000 ____D C:\Users\Ivan\Downloads\IDM.6.26.Build.11.softfunda.com2017-02-06 16:13 - 2017-02-06 16:13 - 00000510 _____ C:\Users\Ivan\Documents\NetFlix Login.txt2017-02-06 15:34 - 2017-02-06 15:38 - 10893901 _____ C:\Users\Ivan\Downloads\IDM.6.26.Build.11.rar2017-02-06 15:31 - 2017-02-06 17:31 - 648515675 _____ C:\Users\Ivan\Downloads\EasyRE.Pro.Win7.8.10.rar2017-02-04 18:36 - 2017-02-04 18:36 - 02579769 _____ C:\Users\Ivan\Downloads\Ativar Wiwndows 7 - MaxTuto.rar2017-02-04 00:52 - 2017-02-04 00:52 - 12801140 _____ C:\Users\Ivan\Downloads\Como ativar seu windows 7 da forma correta todas as versões.mp42017-02-03 21:28 - 2017-02-03 21:28 - 00004713 _____ C:\Users\Ivan\Documents\Chaves do W10.txt2017-02-03 17:53 - 2017-02-03 17:57 - 00000000 ____D C:\MP32017-01-29 02:15 - 2017-01-29 02:15 - 07962635 _____ C:\Users\Ivan\Downloads\Internet Download Manager (IDM) 6.25 Build 2 [Oct 16,2015].rar2017-01-29 01:34 - 2017-01-29 01:34 - 06930368 _____ (Tonec Inc.) C:\Users\Ivan\Downloads\idman627build3f.exe2017-01-29 00:51 - 2017-01-29 00:55 - 59043604 _____ C:\Users\Ivan\Downloads\ES-Demônios da Garoa-Ontem e Hoje.rar2017-01-29 00:47 - 2017-01-29 00:47 - 54850425 _____ C:\Users\Ivan\Downloads\ES-Sertanejo Bom de Dança.rar2017-01-28 23:12 - 2017-01-28 23:14 - 130891164 _____ C:\Users\Ivan\Downloads\ES- A Praia da Música Brasileira (2011).rar2017-01-28 22:16 - 2017-01-28 22:35 - 52081349 _____ C:\Users\Ivan\Downloads\ES-Toco Preto - MPB em Chorinho (1999).rar2017-01-28 18:17 - 2017-01-28 18:17 - 01172815 _____ C:\Users\Ivan\Downloads\ossec-agent-win32-2.8.3.exe2017-01-28 18:09 - 2017-01-28 18:09 - 00603984 _____ (Filesland.com ) C:\Users\Ivan\Downloads\openport.exe2017-01-28 15:07 - 2017-01-28 15:07 - 00921531 _____ C:\Users\Ivan\Downloads\detecting-malicious-smb-activity-bro-37472.pdf2017-01-28 02:21 - 2017-01-29 02:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2017-02-26 14:42 - 2017-01-18 18:10 - 00000000 ____D C:\FRST2017-02-26 14:36 - 2009-07-14 00:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02017-02-26 14:36 - 2009-07-14 00:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02017-02-26 14:28 - 2015-10-15 20:25 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys2017-02-26 14:28 - 2014-09-05 15:58 - 00000000 ____D C:\ProgramData\GbPlugin2017-02-26 14:28 - 2014-09-05 15:58 - 00000000 ____D C:\Program Files (x86)\GbPlugin2017-02-26 14:27 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2017-02-26 02:28 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\DMCache2017-02-26 02:27 - 2016-11-18 16:56 - 00000000 ____D C:\Users\Ivan\AppData\LocalLow\Mozilla2017-02-25 20:19 - 2016-02-29 16:10 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job2017-02-25 15:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF2017-02-25 01:45 - 2017-01-14 23:47 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\vlc2017-02-24 21:12 - 2014-04-01 13:44 - 00706008 _____ C:\Windows\system32\prfh0416.dat2017-02-24 21:12 - 2014-04-01 13:44 - 00147848 _____ C:\Windows\system32\prfc0416.dat2017-02-24 21:12 - 2009-07-14 01:13 - 01635890 _____ C:\Windows\system32\PerfStringBackup.INI2017-02-24 21:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf2017-02-24 02:52 - 2014-03-13 12:20 - 00000000 ____D C:\Windows\system32\MRT2017-02-24 02:43 - 2014-03-13 12:20 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe2017-02-24 02:26 - 2015-06-15 21:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2017-02-23 22:30 - 2016-01-24 23:11 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\uTorrent2017-02-23 21:36 - 2014-03-13 09:37 - 00000000 ____D C:\Users\Ivan\AppData\Local\CrashDumps2017-02-23 12:25 - 2016-11-23 20:52 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\dvdcss2017-02-21 14:06 - 2016-02-29 16:10 - 00003958 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier2017-02-21 14:06 - 2014-03-13 18:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2017-02-21 14:06 - 2014-03-13 18:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2017-02-21 14:06 - 2014-03-13 18:22 - 00000000 ____D C:\Windows\system32\Macromed2017-02-21 14:06 - 2014-03-13 17:36 - 00000000 ____D C:\Users\Ivan\AppData\Local\Adobe2017-02-21 14:06 - 2012-02-25 21:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed2017-02-20 23:15 - 2016-04-01 23:15 - 00025618 _____ C:\Users\Ivan\AppData\default.pls2017-02-18 12:53 - 2016-03-03 01:06 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Android Ultimate Toolbox Pro2017-02-15 21:23 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\Downloads\Compressed2017-02-15 20:24 - 2016-12-25 15:48 - 00000000 ____D C:\Users\Ivan\Documents\Wondershare DVD Creator2017-02-15 20:24 - 2016-12-25 15:48 - 00000000 ____D C:\Program Files (x86)\Wondershare2017-02-15 20:24 - 2016-08-07 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare2017-02-15 20:15 - 2016-08-07 03:29 - 00326424 _____ C:\Users\Ivan\Documents\starburn.txt2017-02-11 02:15 - 2015-09-10 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira2017-02-10 22:09 - 2014-03-13 10:40 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Adobe2017-02-10 20:46 - 2016-07-27 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazesoft Recovery Suite2017-02-10 20:46 - 2016-07-27 17:08 - 00000000 ____D C:\Program Files (x86)\Lazesoft Recovery Suite2017-02-09 22:48 - 2014-03-13 10:56 - 00000000 ____D C:\ProgramData\Avira2017-02-09 22:48 - 2014-03-13 10:56 - 00000000 ____D C:\Program Files (x86)\Avira2017-02-09 20:57 - 2017-01-05 15:37 - 00000000 ____D C:\ProgramData\KeepVid Pro2017-02-06 20:54 - 2015-08-23 01:45 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2017-02-06 20:54 - 2015-08-23 01:45 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk2017-02-06 18:27 - 2016-09-25 10:48 - 00000969 _____ C:\Users\Ivan\Desktop\Internet Download Manager.lnk2017-01-29 02:28 - 2014-03-13 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service==================== Files in the root of some directories =======2015-10-15 20:27 - 2015-10-15 20:27 - 0017908 _____ () C:\Users\Ivan\AppData\Roaming\unins000.dat2016-09-13 22:26 - 2016-09-13 22:30 - 0018130 _____ () C:\Users\Ivan\AppData\Roaming\unins001.dat2014-03-18 15:53 - 2014-03-18 15:53 - 0001567 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140318.155318.txt2014-04-05 15:52 - 2014-04-05 15:52 - 0001567 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140405.155230.txt2014-06-13 08:21 - 2014-06-13 08:21 - 0001544 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140613.082127.txt2015-05-11 19:26 - 2015-05-11 19:26 - 0001565 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20150511.192628.txt2015-10-01 17:34 - 2015-10-01 17:34 - 0001542 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20151001.173412.txt2015-10-06 14:04 - 2015-10-06 14:04 - 0001566 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20151006.140408.txt2016-04-10 22:40 - 2016-04-10 22:40 - 0001543 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20160410.224022.txt2016-09-08 01:32 - 2016-09-08 01:32 - 0001565 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20160908.013223.txt2015-10-19 13:42 - 2015-10-19 13:42 - 0000028 _____ () C:\Users\Ivan\AppData\Local\settings.ini2016-11-28 02:40 - 2016-11-28 02:40 - 0000176 _____ () C:\Users\Ivan\AppData\Local\uts.ini2012-02-25 20:11 - 2012-02-25 20:12 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc==================== Bamital & volsnap ======================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2017-02-22 19:03==================== End of FRST.txt ============================




O O DiskImage Professional 14.0 Build 321 x86 x64 key

2ff7e9595c


0 views0 comments

Recent Posts

See All

תגובות

bottom of page