Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HEUR/APC Found by Avira


  • This topic is locked This topic is locked
19 replies to this topic

#1 igirao

igirao

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 10 January 2017 - 01:00 PM

Hi, I downloaded a  cracked program - Avira Phanton VPN to try it. Before running it, I scanned it with Avira and Avira said it was clean.

Today Avira said it found HEUR.APC (Cloud) C:\ ....Avira.VpnService.exe and put it into quarantine. Avira itself says nothing much about it. It only says this: "A generic detection routine designed to detect common family characteristics shared in several variants. This special detection routine was developed in order to detect unknown variants and will be enhanced continuously." My OS is WIN7 Home Premium.

What am I supposed to do?



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:58 AM

Posted 14 January 2017 - 10:25 PM

Greetings igirao and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:58 AM

Posted 17 January 2017 - 05:16 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 18 January 2017 - 04:58 PM

Hi Gary, sorry for not replying earlier. I still need help with this. I'm preparing what you've requested and will post next reply.



#5 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 18 January 2017 - 06:12 PM

Hi Gary! Here we go:

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 18-01-2017
Executado por Ivan (administrador) em IVAN-VAIO (18-01-2017 18:12:08)
Executando a partir de C:\Users\Ivan\Desktop
Perfis Carregados: Ivan (Perfis Disponíveis: Ivan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SecureHunter LLC) C:\Program Files (x86)\SecureHunter\AntiMalwarePro\bin\shrtsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Windows\SearchIndexer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Windows\SearchIndexer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
() C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
() C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2724432 2015-12-26] (Sony Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [18544 2016-10-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1925136 2016-07-15] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\KeepVid\KeepVid Pro\DelayPluginI.exe [1974432 2016-08-08] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-09-12] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginIsg: C:\Program Files (x86)\GbPlugin\gbiehIsg.dll [2016-01-04] (Infoseg - Senasp)
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\MountPoints2: {24b6844f-c400-11e3-ad44-a65fba829510} - D:\Startme.exe
ShellExecuteHooks: Sem Nome - {B5C518CC-9E92-11E6-A998-64006A5CFC23} -  -> Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\Program Files (x86)\GbPlugin\gbiehisg.dll [1870240 2016-01-04] (Infoseg - Senasp)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1903328 2016-09-12] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\Laplink\DiskImage\oodishi.dll [2014-02-13] (O&O Software GmbH)
Startup: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk [2016-12-31]
ShortcutTarget: qlock.lnk -> C:\Users\Ivan\AppData\Roaming\Qlock\qlock.exe ()
GroupPolicy: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: 127.0.0.1                   keystone.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4714ED28-43AD-400A-8235-0BD9537DCF5E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4C38E937-7F82-4F58-AA74-BC28874FC5ED}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-13] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2016-09-12] (Caixa Economica Federal)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540015} -> C:\Program Files (x86)\GbPlugin\gbiehisg.dll [2016-01-04] (Infoseg - Senasp)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\ProgramData\KeepVid\KeepVid Pro\WSBrowserAppMgr.dll [2016-08-08] ()
Toolbar: HKLM - Sem Nome - {41564952-412D-5637-4300-7A786E7484D7} -  Nenhum Arquivo
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Sem Nome - {41564952-412D-5637-4300-7A786E7484D7} -  Nenhum Arquivo
Toolbar: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> Sem Nome - {41564952-412D-5637-4300-7A786E7484D7} -  Nenhum Arquivo
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  Nenhum Arquivo

FireFox:
========
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\tucbvczq.default\Profiles\tucbvczq.default [não encontrado (a)]
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default [2017-01-18]
FF Homepage: Mozilla\Firefox\Profiles\tucbvczq.default -> hxxps://www.google.com.br/?gws_rd=ssl
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> gopher", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> gopher_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> type", 0
FF Extension: (Video Downloader Pro) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\@video_downloader_pro.xpi [2017-01-05]
FF Extension: (Avira Browser Safety) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (ADB Helper) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\adbhelper@mozilla.org [2016-11-05]
FF Extension: (United States English Spellchecker) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-18]
FF Extension: (Valence) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\fxdevtools-adapters@mozilla.org [2017-01-18]
FF Extension: (SaveFrom.net helper) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\helper@savefrom.net.xpi [2016-10-31]
FF Extension: (Print pages to PDF) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\printPages2Pdf@reinhold.ripper [2016-07-19]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\safesearchplus2@avira.com.xpi [2016-12-15]
FF Extension: (NoScript) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-18]
FF Extension: (Adblock Plus) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi\ []
FF HKLM-x32\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi
FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi [2017-01-05]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8878}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi
FF Extension: (GBBD Infoseg - Senasp) - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi [2016-09-13] [não assinado]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2016-07-19] [não assinado]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886F}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ivan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ivan\AppData\Roaming\IDM\idmmzcc5 [2017-01-14] [não assinado]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-04] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-04] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Nenhum Arquivo]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Nenhum Arquivo]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/cef -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/cef64 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/isg -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg.dll [2015-02-26] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/isg64 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll [2015-02-26] (GAS Tecnologia)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-14] <==== ATENÇÃO
CHR Extension: (Google Apresentações) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-02]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-23]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-23]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-23]
CHR Extension: (Tampermonkey) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-11-02]
CHR Extension: (Planilhas do Google) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-02]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-23]
CHR Extension: (IDM Integration Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-02]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default [2017-01-14]
CHR Extension: (Google Apresentações) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Video Downloader professional) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-10-21]
CHR Extension: (Planilhas do Google) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]
CHR Extension: (YouTube Flash Video Player) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldkdmkgnlbehfgeifjpjabmandnchpe [2016-10-21]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-21]
CHR Extension: (Documentos Google off-line) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-21]
CHR Extension: (AdBlock) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-21]
CHR Extension: (Video Downloader Pro) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-10-21]
CHR Extension: (IDM Integration Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-21]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-08]
CHR HKU\S-1-5-21-3714546670-946274982-931039520-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-08]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-09-30] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-09-30] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-09-30] (BlueStack Systems, Inc.)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [Arquivo não assinado]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-09-12] (GAS Tecnologia)
S2 Grzerck; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Grzerck; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S4 ImDskSvc; C:\Windows\system32\imdsksvc.exe [18016 2014-09-19] (Olof Lagerkvist)
R2 KingoSoftService; C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367584 2016-11-28] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [Arquivo não assinado]
S4 OO DiskImage; C:\Program Files\Laplink\DiskImage\oodiag.exe [6258880 2014-02-13] (O&O Software GmbH)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Arquivo não assinado]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 Secure Hunter Service; C:\Program Files (x86)\SecureHunter\AntiMalwarePro\bin\shrtsrv.exe [47872 2016-11-22] (SecureHunter LLC)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [26632 2016-10-18] (Avira Operations GmbH & Co. KG)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6348560 2015-10-29] (TeamViewer GmbH)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-24] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Windows Indexer; C:\Windows\SearchIndexer.exe [64512 2017-01-01] () [Arquivo não assinado]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-08-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [20536 2014-06-03] (Olof Lagerkvist)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-09-30] (BlueStack Systems)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 facap; C:\Windows\System32\DRIVERS\facap.sys [38400 2012-09-03] (Windows ® Win 7 DDK provider)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [42560 2014-09-19] (Olof Lagerkvist)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-18] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-18] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-15] (Malwarebytes)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [936960 2010-03-17] (DiBcom SA) [Arquivo não assinado]
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-07-13] (DiBcom S.A.)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116928 2014-02-13] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41152 2014-02-13] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255680 2014-02-13] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44736 2014-02-13] (O&O Software GmbH)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [Arquivo não assinado]
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [18528 2014-10-23] ()
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [15456 2014-10-23] ()
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-04-24] ()
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [Arquivo não assinado]
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [821888 2011-01-26] (Windows ® Win 7 DDK provider)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-03-18] (GAS Tecnologia LTDA)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2016-02-29] (Wondershare)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-01-18] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
R1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [31960 2014-06-03] (XOSLAB.COM)
S3 cpuz134; \??\C:\Users\Ivan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 GrdKey; system32\DRIVERS\grdkey.sys [X]
U3 iswSvc; não ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S2 UbarCalloutDriver; \??\C:\Program Files\UBar\UbarDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-01-18 18:12 - 2017-01-18 18:14 - 00039062 _____ C:\Users\Ivan\Desktop\FRST.txt
2017-01-18 18:10 - 2017-01-18 18:12 - 00000000 ____D C:\FRST
2017-01-18 18:07 - 2017-01-18 18:07 - 02419712 _____ (Farbar) C:\Users\Ivan\Desktop\FRST64.exe
2017-01-18 17:39 - 2017-01-18 17:55 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-01-18 02:03 - 2017-01-18 02:25 - 88734415 _____ C:\Users\Ivan\Downloads\giorgifinal.mp4
2017-01-17 16:49 - 2017-01-17 16:49 - 00000728 _____ C:\Users\Ivan\Documents\Default.sfvidcap
2017-01-16 01:27 - 2016-02-29 11:26 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudioDevice_383S(1).sys
2017-01-14 23:47 - 2017-01-18 02:28 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\vlc
2017-01-14 23:41 - 2017-01-14 23:41 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-01-14 23:41 - 2017-01-14 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-01-14 23:40 - 2017-01-14 23:40 - 00000000 ____D C:\Program Files\VideoLAN
2017-01-14 23:39 - 2017-01-14 23:39 - 31717016 _____ C:\Users\Ivan\Downloads\vlc-2.2.4-win64.exe
2017-01-14 00:09 - 2017-01-14 00:10 - 30533688 _____ C:\Users\Ivan\Downloads\vlc-2.2.4-win32.exe
2017-01-13 23:58 - 2017-01-13 23:58 - 00023680 _____ C:\Users\Ivan\Downloads\Blindspot.S02E11.HDTV.x264-LOL.rar
2017-01-13 22:34 - 2017-01-13 22:34 - 10014141 _____ C:\Users\Ivan\Downloads\mde-free-portable.zip
2017-01-13 22:28 - 2017-01-13 22:28 - 03931940 _____ C:\Users\Ivan\Downloads\mscanner-portable.zip
2017-01-13 21:17 - 2017-01-13 21:17 - 00001361 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-01-13 21:15 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-01-13 21:15 - 2017-01-13 21:15 - 00000000 ____D C:\Program Files (x86)\Seagate
2017-01-13 21:14 - 2017-01-13 21:14 - 26157600 _____ C:\Users\Ivan\Downloads\SeaToolsforWindowsSetup.exe
2017-01-13 20:50 - 2017-01-13 20:50 - 00520859 _____ C:\Users\Ivan\Downloads\victoria.zip
2017-01-13 20:50 - 2017-01-13 20:50 - 00000000 ____D C:\Users\Ivan\Downloads\victoria
2017-01-13 19:18 - 2017-01-13 19:18 - 00000000 ____D C:\Users\Ivan\Downloads\HDDScan-3.3
2017-01-13 19:17 - 2017-01-13 19:17 - 03822364 _____ C:\Users\Ivan\Downloads\HDDScan-3.3.zip
2017-01-12 01:19 - 2017-01-12 01:19 - 00663552 _____ (BahamasSecurity.com) C:\Users\Ivan\Downloads\dhavi.exe
2017-01-12 00:42 - 2017-01-12 01:17 - 00000000 ____D C:\Program Files (x86)\Intelbras Media Player
2017-01-12 00:42 - 2017-01-12 00:42 - 00001135 _____ C:\Users\Public\Desktop\Intelbras Media Player.lnk
2017-01-12 00:42 - 2017-01-12 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intelbras Media Player
2017-01-12 00:38 - 2017-01-12 00:39 - 12082916 _____ C:\Users\Ivan\Downloads\intelbras_player_poreng_is_v3.36.11.t.20160606_0.exe
2017-01-11 14:13 - 2017-01-11 14:11 - 00622831 _____ C:\Users\Ivan\Documents\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials.pdf
2017-01-11 14:10 - 2017-01-11 14:10 - 00271456 _____ C:\Users\Ivan\Downloads\FRSTTutorial-HowtouseFarbarRecoveryScanToolpageNumber-MalwareRemovalGuidesandTutorials.html
2017-01-11 13:58 - 2017-01-11 13:58 - 01761280 _____ (Farbar) C:\Users\Ivan\Downloads\FRST.exe
2017-01-11 11:16 - 2017-01-05 14:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 11:16 - 2017-01-05 14:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 11:16 - 2017-01-05 14:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 11:16 - 2017-01-05 13:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 11:16 - 2017-01-05 13:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 11:16 - 2017-01-05 13:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 11:16 - 2017-01-05 13:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 11:16 - 2017-01-05 13:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 11:16 - 2017-01-05 13:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 11:16 - 2017-01-05 13:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 11:16 - 2017-01-05 13:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-11 02:32 - 2017-01-18 17:46 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-11 02:32 - 2017-01-18 17:45 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-11 02:32 - 2017-01-15 21:13 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-11 02:32 - 2017-01-11 02:52 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-11 02:31 - 2017-01-18 17:45 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-11 02:31 - 2017-01-11 02:31 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-11 02:31 - 2017-01-11 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-11 02:31 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-11 02:21 - 2017-01-11 02:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-11 01:25 - 2017-01-11 01:25 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-11 01:23 - 2017-01-11 01:24 - 54199488 _____ (Malwarebytes ) C:\Users\Ivan\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-10 20:35 - 2017-01-10 20:35 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Ivan\Downloads\rkill.exe
2017-01-10 17:01 - 2017-01-10 17:01 - 00000000 ____D C:\Users\Ivan\Downloads\Malwarebytes 3.0.5 1299 Premium Lifetime License
2017-01-10 16:26 - 2017-01-10 16:27 - 20850752 _____ C:\Users\Ivan\Downloads\Malwarebytes Anti-Malware 3.0.5 1299 Premium Crack (Lifetime Free).mp4
2017-01-10 16:25 - 2017-01-10 16:27 - 76952678 _____ C:\Users\Ivan\Downloads\Malwarebytes 3.0.5 1299 Premium Lifetime License.zip
2017-01-09 21:15 - 2017-01-09 21:15 - 00001072 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-01-09 21:04 - 2017-01-09 21:04 - 00000000 ____D C:\Users\Ivan\Downloads\Avira.Phantom.VPN.Pro.2.2.3.19655
2017-01-09 21:03 - 2017-01-09 21:03 - 04161620 _____ C:\Users\Ivan\Downloads\Avira.Phantom.VPN.Pro.2.2.3.19655_www.theopsbrasil.blogspot.com.rar
2017-01-08 22:01 - 2017-01-08 22:01 - 00000000 ____D C:\ProgramData\Wondershare AllMytube
2017-01-06 22:41 - 2017-01-06 22:41 - 00067809 _____ C:\Users\Ivan\Downloads\Blindspot.S02E10_legendei.com_.zip
2017-01-05 18:33 - 2017-01-15 22:29 - 00000000 ____D C:\ProgramData\xml_param
2017-01-05 18:10 - 2017-01-05 18:10 - 00001273 _____ C:\Users\Public\Desktop\KeepVid Pro.lnk
2017-01-05 18:10 - 2017-01-05 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid
2017-01-05 18:09 - 2017-01-05 18:09 - 00000000 ____D C:\ProgramData\KeepVid
2017-01-05 18:06 - 2017-01-05 18:06 - 00008870 _____ C:\Users\Ivan\Documents\cc_20170105_180602.reg
2017-01-05 17:35 - 2017-01-05 17:35 - 00000000 ____D C:\Users\Ivan\Downloads\KeepVID Pro 4.10.1.0 + full _
2017-01-05 17:21 - 2017-01-05 17:26 - 35887827 _____ C:\Users\Ivan\Downloads\KeepVID Pro v4.10.0.5 + Patch - _ingpatching.com.zip
2017-01-05 17:16 - 2017-01-05 17:19 - 36621428 _____ C:\Users\Ivan\Downloads\KeepVID Pro 4.10.1.0 + full _.rar
2017-01-05 15:37 - 2017-01-08 22:34 - 00000000 ____D C:\ProgramData\KeepVid Pro
2017-01-05 15:37 - 2017-01-05 15:37 - 00000000 ____D C:\ProgramData\KeepVid Application Common Data
2017-01-05 15:26 - 2017-01-05 15:26 - 00055868 _____ C:\Users\Ivan\Documents\cc_20170105_152640.reg
2017-01-05 15:18 - 2017-01-05 15:18 - 00000000 ____D C:\Users\Ivan\Downloads\KeepVidPro.4.10.2 Fullversiondown
2017-01-05 14:57 - 2017-01-05 14:58 - 35886280 _____ C:\Users\Ivan\Downloads\KeepVidPro.4.10.2 Fullversiondown.com.rar
2017-01-05 01:42 - 2017-01-05 01:42 - 00000000 ____D C:\Users\Ivan\AppData\Local\Keepvid
2017-01-05 01:42 - 2017-01-05 01:42 - 00000000 ____D C:\ProgramData\Aimersoft
2017-01-05 01:40 - 2017-01-05 01:40 - 00000000 ____D C:\Users\Ivan\AppData\Local\Aimersoft
2017-01-05 01:39 - 2017-01-05 01:39 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\KeepVid
2017-01-05 01:39 - 2017-01-05 01:39 - 00000000 ____D C:\Program Files (x86)\Keepvid
2017-01-05 01:36 - 2017-01-05 01:38 - 00000000 ____D C:\Users\Public\Documents\Keepvid
2017-01-04 12:49 - 2017-01-04 12:49 - 01396306 _____ C:\Users\Ivan\Downloads\SPN.S11.leg.HDTV.sobrenaturalbrazil.com.br.rar
2017-01-04 05:52 - 2017-01-04 05:52 - 00034696 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2017-01-03 01:27 - 2017-01-03 01:27 - 00000000 ____D C:\Users\Ivan\AppData\Local\Apple Computer
2017-01-01 21:59 - 2017-01-01 21:59 - 00000000 ____D C:\Users\Ivan\Downloads\testdisk-7.0.win(1)
2017-01-01 21:43 - 2017-01-01 21:44 - 12444088 _____ C:\Users\Ivan\Downloads\testdisk-7.0.win(1).zip
2017-01-01 17:33 - 2017-01-01 17:33 - 00001250 _____ C:\Users\Ivan\Desktop\M3 RAW Drive Recovery.lnk
2017-01-01 17:33 - 2017-01-01 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M3 RAW Drive Recovery
2017-01-01 17:33 - 2017-01-01 17:33 - 00000000 ____D C:\Program Files (x86)\M3 Software
2017-01-01 17:31 - 2017-01-01 17:31 - 00000000 ____D C:\Users\Ivan\Downloads\RAW.Drive.Recovery.5.6.8
2017-01-01 17:14 - 2017-01-01 17:15 - 13130840 _____ C:\Users\Ivan\Downloads\RAW.Drive.Recovery.5.6.8.rar
2017-01-01 16:38 - 2017-01-01 16:38 - 00064512 _____ C:\Windows\SearchIndexer.exe
2016-12-31 19:29 - 2016-12-31 19:29 - 00000000 ____D C:\Users\Ivan\Downloads\FXhome HitFilm Pro 2017 v5.0.6007 (x64)
2016-12-31 19:02 - 2016-12-31 19:02 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Qlock
2016-12-31 19:02 - 2016-12-31 19:02 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qlock
2016-12-31 19:01 - 2016-12-31 19:01 - 00748533 _____ C:\Users\Ivan\Downloads\qlock-install.exe
2016-12-31 18:57 - 2016-12-31 18:57 - 00000000 ____D C:\Users\Ivan\Downloads\HFPv4
2016-12-31 18:02 - 2016-12-31 18:04 - 196896495 _____ C:\Users\Ivan\Downloads\HFPv4.part2.rar
2016-12-31 17:59 - 2016-12-31 18:01 - 207618048 _____ C:\Users\Ivan\Downloads\HFPv4.part1.rar
2016-12-31 17:49 - 2016-12-31 17:51 - 293646754 _____ C:\Users\Ivan\Downloads\FXhome HitFilm Pro 2017 v5.0.5916 Incl Crack - softasm.com.rar
2016-12-31 17:36 - 2016-12-31 17:39 - 295029870 _____ C:\Users\Ivan\Downloads\FXhome HitFilm Pro 2017 v5.0.6007 (x64).rar
2016-12-30 01:32 - 2016-12-30 01:32 - 00001106 _____ C:\Users\Ivan\Desktop\Adobe Premiere Pro CC 2017.lnk
2016-12-30 00:43 - 2016-12-30 00:43 - 00001638 _____ C:\Users\Ivan\Desktop\Adobe Encore.exe - Atalho.lnk
2016-12-30 00:42 - 2016-12-30 00:42 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-12-30 00:42 - 2016-12-30 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-12-30 00:42 - 2016-12-30 00:42 - 00000000 ____D C:\ProgramData\Apple Computer
2016-12-30 00:42 - 2016-12-30 00:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-30 00:40 - 2016-12-30 00:40 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-30 00:40 - 2016-12-30 00:40 - 00000000 ____D C:\Users\Ivan\AppData\Local\Apple
2016-12-30 00:40 - 2016-12-30 00:40 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-30 00:39 - 2016-12-30 00:39 - 00000000 ____D C:\Users\Ivan\AppData\LocalLow\Apple Computer
2016-12-30 00:38 - 2016-12-30 00:38 - 41896256 _____ (Apple Inc.) C:\Users\Ivan\Downloads\QuickTimeInstaller.exe
2016-12-30 00:07 - 2012-05-10 09:31 - 00708608 _____ (MPT34M ) C:\Users\Ivan\Downloads\Adobe CS6 Activator - All Products CS6 Version.exe
2016-12-29 23:55 - 2016-12-29 23:55 - 00000000 ____D C:\Program Files (x86)\My Company Name
2016-12-29 23:55 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2016-12-29 23:55 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2016-12-29 23:55 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2016-12-29 23:54 - 2016-12-29 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-12-29 23:52 - 2016-12-29 23:52 - 00000957 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-12-29 23:52 - 2016-12-29 23:52 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-12-29 23:52 - 2016-12-29 23:52 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-12-29 23:05 - 2016-12-29 23:07 - 00000000 ____D C:\Users\Ivan\Downloads\PremierePro_6_LS7
2016-12-29 22:19 - 2016-12-29 22:19 - 00699531 _____ C:\Users\Ivan\Downloads\AdobeAtivador.rar
2016-12-29 22:00 - 2016-12-29 22:10 - 1182717118 _____ C:\Users\Ivan\Downloads\PremierePro_6_LS7.7z
2016-12-29 01:09 - 2016-12-29 01:09 - 00177217 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 D.jpg
2016-12-29 01:07 - 2016-12-29 01:07 - 00166013 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 C.jpg
2016-12-29 01:05 - 2016-12-29 01:05 - 00156310 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 B.jpg
2016-12-29 01:04 - 2016-12-29 01:04 - 00160140 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 A.jpg
2016-12-29 01:03 - 2016-12-29 01:03 - 00106847 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016.jpg
2016-12-28 16:50 - 2016-12-28 16:48 - 00028107 _____ C:\Users\Ivan\Documents\Pagto Net 10-12.pdf
2016-12-27 22:27 - 2016-12-27 22:13 - 00007831 _____ C:\Users\Ivan\Downloads\Logo RC 2016.png
2016-12-26 18:16 - 2016-12-26 18:16 - 00001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2016-12-26 18:16 - 2016-12-26 18:16 - 00000000 ____D C:\Users\Public\Documents\Adobe
2016-12-26 18:07 - 2016-12-26 18:07 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2016-12-26 17:55 - 2016-12-26 18:35 - 00175624 _____ C:\Users\Ivan\Documents\PDApp.log
2016-12-26 17:25 - 2016-12-26 17:25 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-12-26 17:25 - 2016-12-26 17:25 - 00001097 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-12-26 15:46 - 2016-12-26 15:47 - 00000000 ____D C:\Program Files (x86)\GUM6C59.tmp
2016-12-26 00:33 - 2016-12-26 00:33 - 00015547 _____ C:\Users\Ivan\Downloads\Snapshot_1.jpg
2016-12-26 00:15 - 2016-12-26 00:07 - 00074692 _____ C:\Users\Ivan\Downloads\Snapshot_1.png
2016-12-25 19:49 - 2016-12-25 19:49 - 00000465 _____ C:\Users\Ivan\Documents\Instalação do Adobe Premiere Pro.txt
2016-12-25 15:48 - 2016-12-26 23:09 - 00000000 ____D C:\Users\Ivan\Documents\Wondershare DVD Creator
2016-12-25 15:48 - 2016-12-25 15:48 - 00001150 _____ C:\Users\Ivan\Desktop\Wondershare DVD Creator.lnk
2016-12-25 15:48 - 2016-12-25 15:48 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-12-25 15:31 - 2016-12-25 15:31 - 41271368 _____ (Wondershare ) C:\Users\Ivan\Downloads\ws_dvdcreator_win_av.exe
2016-12-25 15:30 - 2016-12-25 15:30 - 01114256 _____ C:\Users\Ivan\Downloads\dvd-creator_setup_full1203.exe
2016-12-25 01:33 - 2016-12-25 01:33 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Publish Providers
2016-12-25 01:33 - 2016-12-25 01:33 - 00000000 ____D C:\ProgramData\VEGAS Pro
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\VEGAS Pro
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\VEGAS
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\MAGIX Computer Products Intl. Co
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\MAGIX
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Local\VEGAS Pro
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Local\Sony
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\ProgramData\MAGIX
2016-12-25 01:24 - 2016-12-25 01:24 - 00001045 _____ C:\Users\Public\Desktop\Vegas Pro 14.0 (64-bit).lnk
2016-12-25 01:24 - 2016-12-25 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\Users\Ivan\AppData\Local\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\ProgramData\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\Program Files\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\Program Files (x86)\VEGAS
2016-12-25 01:21 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Sony
2016-12-24 19:14 - 2016-12-24 19:14 - 00111417 _____ C:\Users\Ivan\Downloads\Cartão-de-Nata-1l.jpg
2016-12-24 18:58 - 2016-12-24 18:58 - 00148761 _____ C:\Users\Ivan\Downloads\coracao-agua-4.jpg
2016-12-24 18:25 - 2016-12-24 19:13 - 01898678 _____ C:\Users\Ivan\Downloads\Cartão-de-Natal.psd
2016-12-24 17:56 - 2016-12-24 17:56 - 00306604 _____ C:\Users\Ivan\Downloads\Cartão-de-Natal.jpg
2016-12-24 17:45 - 2016-12-24 17:45 - 00006223 _____ C:\Users\Ivan\Downloads\Jesus Cristo.jpg
2016-12-23 20:47 - 2016-12-24 19:21 - 00000000 ____D C:\Users\Ivan\Downloads\0UINT4L3
2016-12-21 21:22 - 2016-12-21 21:22 - 00000810 _____ C:\Users\Ivan\Documents\Reclamaçao a Sky.txt
2016-12-21 18:38 - 2016-12-21 18:38 - 01880519 _____ (DTI Data ) C:\Users\Ivan\Downloads\hard-drive-scan-verification.exe
2016-12-21 18:34 - 2016-12-21 18:36 - 71365725 _____ C:\Users\Ivan\Downloads\Maxtor Firmware.rar
2016-12-21 01:44 - 2016-12-21 01:44 - 00000000 ____D C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008
2016-12-20 22:29 - 2016-12-20 22:45 - 75766859 _____ C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008.part5.rar
2016-12-20 21:37 - 2016-12-20 21:59 - 104857600 _____ C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008.part4.rar
2016-12-20 20:26 - 2016-12-20 20:26 - 00000054 _____ C:\Users\Ivan\Documents\Senha para descompactar Wincom 9 SP4.txt
2016-12-20 20:23 - 2016-12-20 20:44 - 104857600 _____ C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008.part3.rar
2016-12-20 17:33 - 2016-12-20 17:38 - 104857600 _____ C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008.part2.rar
2016-12-20 17:07 - 2016-12-20 17:13 - 104857600 _____ C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008.part1.rar
2016-12-20 16:04 - 2016-12-20 16:04 - 21849402 _____ C:\Users\Ivan\Downloads\Como converter imagens JPG, GIF, PNG, BMP e etc para matriz de bordados computadorizado.mp4

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-01-18 17:53 - 2009-07-14 00:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-18 17:53 - 2009-07-14 00:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-18 17:50 - 2016-11-18 16:56 - 00000000 ____D C:\Users\Ivan\AppData\LocalLow\Mozilla
2017-01-18 17:48 - 2016-10-29 01:36 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-01-18 17:45 - 2014-09-05 15:58 - 00000000 ____D C:\ProgramData\GbPlugin
2017-01-18 17:45 - 2014-09-05 15:58 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-01-18 17:44 - 2015-10-15 20:25 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-01-18 17:44 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-18 01:39 - 2016-10-29 01:36 - 01368548 _____ C:\Windows\SysWOW64\winapp2_disk.csv
2017-01-17 16:49 - 2014-03-13 09:37 - 00000000 ____D C:\Users\Ivan\AppData\Local\CrashDumps
2017-01-17 16:46 - 2014-03-13 09:13 - 00000000 ____D C:\Users\Ivan\AppData\Local\VirtualStore
2017-01-17 13:50 - 2014-04-01 13:44 - 00706008 _____ C:\Windows\system32\prfh0416.dat
2017-01-17 13:50 - 2014-04-01 13:44 - 00147848 _____ C:\Windows\system32\prfc0416.dat
2017-01-17 13:50 - 2009-07-14 01:13 - 01635890 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-17 13:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-01-17 01:39 - 2016-01-24 23:11 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\uTorrent
2017-01-15 01:22 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\DMCache
2017-01-14 23:39 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\IDM
2017-01-14 23:35 - 2016-06-05 08:23 - 00000000 ____D C:\Windows\Minidump
2017-01-14 00:35 - 2015-04-25 11:06 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2017-01-13 21:16 - 2015-09-10 17:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-13 19:56 - 2015-04-25 01:17 - 00000000 ____D C:\Program Files (x86)\WinDFT
2017-01-13 13:45 - 2014-03-13 09:04 - 00000000 ____D C:\Users\Ivan
2017-01-12 21:01 - 2016-04-01 23:15 - 00000091 _____ C:\Users\Ivan\AppData\default.pls
2017-01-12 01:18 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\Downloads\Video
2017-01-11 14:13 - 2015-06-15 23:41 - 00000000 ____D C:\Users\Ivan\AppData\Local\CutePDF Writer
2017-01-11 12:03 - 2014-03-13 12:20 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 11:48 - 2014-03-13 12:20 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-09 21:15 - 2015-09-10 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-09 21:15 - 2014-03-13 10:56 - 00000000 ____D C:\ProgramData\Avira
2017-01-09 21:15 - 2014-03-13 10:56 - 00000000 ____D C:\Program Files (x86)\Avira
2017-01-08 22:54 - 2014-03-13 10:40 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Adobe
2017-01-04 20:52 - 2014-03-13 17:36 - 00000000 ____D C:\Users\Ivan\AppData\Local\Adobe
2017-01-04 20:51 - 2014-03-13 18:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-04 20:51 - 2014-03-13 18:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-04 20:51 - 2014-03-13 18:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-04 20:51 - 2012-02-25 21:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-03 21:58 - 2015-05-27 19:54 - 00000000 ____D C:\Users\Ivan\Downloads\RamCapturer64
2017-01-01 19:24 - 2016-01-09 01:09 - 00000000 ____D C:\Program Files\Recuva
2017-01-01 17:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-01 03:19 - 2009-07-14 01:08 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-31 19:02 - 2014-03-13 09:04 - 00000000 ___RD C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-29 23:56 - 2016-08-28 15:26 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-12-29 23:56 - 2016-08-28 15:24 - 00000000 ____D C:\Program Files\Adobe
2016-12-29 23:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\catroot
2016-12-29 23:52 - 2015-06-15 21:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-29 23:52 - 2012-02-25 21:04 - 00000000 ____D C:\ProgramData\Adobe
2016-12-29 23:52 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default\AppData\Roaming
2016-12-29 23:52 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming
2016-12-28 21:23 - 2016-08-07 03:29 - 00162443 _____ C:\Users\Ivan\Documents\starburn.txt
2016-12-28 17:15 - 2016-11-23 20:52 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\dvdcss
2016-12-27 10:41 - 2009-07-14 00:45 - 05153408 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-27 02:50 - 2016-06-24 07:31 - 00524288 ___SH C:\Users\Ivan\ntuser.dat{22474ab3-39ff-11e6-bbf1-78843cb270f1}.TMContainer00000000000000000001.regtrans-ms
2016-12-27 02:50 - 2016-06-24 07:31 - 00065536 ___SH C:\Users\Ivan\ntuser.dat{22474ab3-39ff-11e6-bbf1-78843cb270f1}.TM.blf
2016-12-27 02:37 - 2016-12-18 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureHunter
2016-12-26 18:41 - 2016-08-28 15:40 - 00000000 ____D C:\Users\Ivan\Documents\Adobe
2016-12-26 18:36 - 2014-03-13 09:04 - 00131120 _____ C:\Users\Ivan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-26 18:15 - 2016-09-10 01:49 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-12-26 18:08 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Fonts
2016-12-26 17:02 - 2016-03-03 11:34 - 00000979 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-12-26 17:02 - 2016-03-03 11:34 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Notepad++
2016-12-26 16:16 - 2015-08-23 01:45 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-26 16:16 - 2015-08-23 01:45 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-26 15:46 - 2015-09-20 15:57 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0f3de85dace73
2016-12-26 15:46 - 2015-09-20 15:57 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0f3de85391025
2016-12-26 15:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Tasks
2016-12-25 16:53 - 2016-05-14 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2016-12-25 16:53 - 2016-05-14 10:18 - 00000000 ____D C:\Program Files\Process Hacker 2
2016-12-25 16:45 - 2016-05-14 10:18 - 00002178 _____ C:\Users\Ivan\Desktop\Process Hacker 2.lnk
2016-12-25 15:48 - 2016-08-07 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-12-25 01:25 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\assembly
2016-12-25 01:25 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-22 18:08 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\Downloads\Compressed
2016-12-22 15:54 - 2016-12-10 10:41 - 00109565 _____ C:\Users\Ivan\Documents\d_megasc.xlsx
2016-12-22 11:46 - 2014-08-25 23:53 - 00000000 ____D C:\Users\Ivan\AppData\Local\Microsoft Help
2016-12-21 00:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-20 10:56 - 2015-11-27 23:23 - 00003578 _____ C:\Windows\System32\Tasks\TinyTakeUpgrade

==================== Arquivos na raiz de alguns diretórios =======

2015-10-15 20:27 - 2015-10-15 20:27 - 0017908 _____ () C:\Users\Ivan\AppData\Roaming\unins000.dat
2016-09-13 22:26 - 2016-09-13 22:30 - 0018130 _____ () C:\Users\Ivan\AppData\Roaming\unins001.dat
2014-03-18 15:53 - 2014-03-18 15:53 - 0001567 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140318.155318.txt
2014-04-05 15:52 - 2014-04-05 15:52 - 0001567 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140405.155230.txt
2014-06-13 08:21 - 2014-06-13 08:21 - 0001544 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140613.082127.txt
2015-05-11 19:26 - 2015-05-11 19:26 - 0001565 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20150511.192628.txt
2015-10-01 17:34 - 2015-10-01 17:34 - 0001542 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20151001.173412.txt
2015-10-06 14:04 - 2015-10-06 14:04 - 0001566 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20151006.140408.txt
2016-04-10 22:40 - 2016-04-10 22:40 - 0001543 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20160410.224022.txt
2016-09-08 01:32 - 2016-09-08 01:32 - 0001565 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20160908.013223.txt
2015-10-19 13:42 - 2015-10-19 13:42 - 0000028 _____ () C:\Users\Ivan\AppData\Local\settings.ini
2016-11-28 02:40 - 2016-11-28 02:40 - 0000176 _____ () C:\Users\Ivan\AppData\Local\uts.ini
2012-02-25 20:11 - 2012-02-25 20:12 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2016-05-29 01:51

==================== Fim de FRST.txt ============================

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 18-01-2017
Executado por Ivan (18-01-2017 18:16:43)
Executando a partir de C:\Users\Ivan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-03-13 13:04:09)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrator (S-1-5-21-3714546670-946274982-931039520-500 - Administrator - Disabled)
Guest (S-1-5-21-3714546670-946274982-931039520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3714546670-946274982-931039520-1009 - Limited - Enabled)
Ivan (S-1-5-21-3714546670-946274982-931039520-1005 - Administrator - Enabled) => C:\Users\Ivan

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
AirDroid 3.3.5.0 (HKLM-x32\...\AirDroid) (Version: 3.3.5.0 - Sand Studio)
Altap Salamander 3.06 (x64) (HKLM\...\Altap Salamander 3.06 (x64)) (Version: 3.06 - ALTAP)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Android Ultimate Toolbox Pro (HKLM-x32\...\{80E86044-5C1D-42A3-A119-1FA8839FB701}) (Version: 1.2.0.0 - D01 MicroApps)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.367 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.2.3.19655 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1D00}) (Version: 12.29.0.1473 - APN, LLC)
AviraScoutMsi (x32 Version: 16.02.15.00170 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\{F22E13B7-2C58-4BE6-BA9D-24303403B494}) (Version: 0.10.6.8001 - BlueStack Systems, Inc.)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.50 - Conexant)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
Digital microscope (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.3.0.3 - DiskInternals Research)
DiskInternals Linux Recovery (HKLM-x32\...\DiskInternals Linux Recovery) (Version: 4.5 - DiskInternals Research)
DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 5.7 - DiskInternals Research)
Easy File Locker 1.5 (HKLM-x32\...\Easy File Locker) (Version: 1.5 - XOSLAB.COM)
Geosense for Windows (HKLM\...\{D617DF82-6046-44EB-AD4A-D3423319E12C}) (Version: 1.2.0.0 - Within Network, LLC)
GoldWave v6.10 (HKLM\...\GoldWave v6.10) (Version: 6.10 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
IDM Patch 6.25 build 05 (HKLM-x32\...\IDM Patch 6.25 build 05) (Version: build 05 - SandySeedings Team)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: 1.* - )
inSSIDer 4 (HKLM-x32\...\{068F709E-5BA2-4C2F-84E9-B2DFF374F366}) (Version: 4.2.0.12 - MetaGeek, LLC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intelbras Media Player 3.36.11 (HKLM-x32\...\Intelbras Media Player) (Version: 3.36.11 - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboard Shortcuts (HKLM-x32\...\{FE8974B4-479C-4DBA-8544-9E5342ABB26A}) (Version: 1.1.0.08290 - Sony Corporation)
Laplink DiskImage Professional (HKLM\...\{56F8EF3C-D9A0-4728-95D5-DC05A72931F5}) (Version: 7.81.11 - Laplink Software, Inc)
Laplink PCmover Enterprise (HKLM-x32\...\{21FED337-581F-47D9-B7E2-ABF6C7C132A8}) (Version: 10.01.645 - Laplink Software, Inc.)
Malwarebytes versão 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Media Gallery (Version: 2.0.0.11150 - Sony Corporation) Hidden
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MicroCapture 2.0 (HKLM-x32\...\MicroCapture) (Version: 2.0 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 pt-BR)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\MyFreeCodec) (Version:  - )
Nero 7 Ultra Edition (HKLM-x32\...\{C6115A28-F277-4E82-B067-84D28BF21046}) (Version: 7.03.1357 - Nero AG)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
OOBE (x32 Version: 11.2.1.10 - Sony Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Qlock Free (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Qlock) (Version: 1.91 - Vitei inc)
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raise Data Recovery (HKLM\...\rdr) (Version: 6.4.2 - LLC SysDev Laboratories)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remix OS (HKLM-x32\...\RemixOS) (Version:  - )
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Screen Grab Pro (HKLM-x32\...\{581125F9-D1C6-4797-93BB-47A992D69AA8}) (Version:  - )
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SMI Grabber Device (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.29 - Somagic)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.9.0 - Synaptics Incorporated)
Syncios 6.0.2 (HKLM-x32\...\Syncios) (Version: 6.0.2 - Anvsoft)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.50527 A - TeamViewer)
TFTP Client (HKLM-x32\...\TFTP Client) (Version:  - )
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
TinyTake by MangoApps (HKLM-x32\...\{cbb7c584-20c0-4426-9921-ac1cc52ff54d}) (Version: 4.0.1 - MangoApps)
TinyTake by MangoApps (x32 Version: 4.0.1 - MangoApps) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Media Gallery (HKLM-x32\...\{DD696AF7-8A89-41D5-976A-2053E41A69BE}) (Version: 2.2.3.04170 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.11.11160 - Sony Corporation) Hidden
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care (x32 Version: 6.4.0.15030 - Sony Corporation) Hidden
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (HKLM-x32\...\{F5248E24-F52C-4FD1-B76F-102460BAFD6B}) (Version: 14.00.0125 - Sony Corporation)
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO Quick Web Access (x32 Version: 1.4.5.5 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.10.2.08270 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F000C}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F000C}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{C78B614C-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (ALTAP)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {009C04E9-C525-4404-B6D1-8DF6D6DC3694} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
"{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}" task foi desbloqueado. <===== ATENÇÃO
Task: {04E1EC9D-6F44-4AE7-8D62-FDAE71482F5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {05376BBF-F45D-4DA2-BA43-45A3064BE927} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
"{088482FA-65B8-4E17-9ABF-1DCD48E8D373}" task foi desbloqueado. <===== ATENÇÃO
Task: {095A8847-20C2-4A6C-ACCF-4DF1F0737AFC} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
"{09F06BFE-A3C8-40E3-846A-6E6F4000C238}" task foi desbloqueado. <===== ATENÇÃO
Task: {0C27557E-D4E6-4617-B3E0-C79A849D55DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {18CB6D2A-3C3C-4C39-949A-B15A2A7BE1DE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {1D0B746E-663B-445B-B5EF-62BE990FAC90} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
"{1F7B7221-AE8F-44F3-BA82-F7D260F51964}" task foi desbloqueado. <===== ATENÇÃO
Task: {21292617-EA11-48D7-938A-8E789EF1C231} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
"{2470470F-2634-478E-B181-571E98A789BB}" task foi desbloqueado. <===== ATENÇÃO
Task: {25C8D1DE-0489-48A2-AED8-1004F9D6DC52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {26DC3E0C-B5E7-4C39-93CF-1E710116085B} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
"{28011108-68DF-4C73-B91B-57427D501BBA}" task foi desbloqueado. <===== ATENÇÃO
Task: {2B863642-3438-4D67-8BCB-AE6B23EC95BA} - System32\Tasks\VAIO® Messenger (Ivan) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {2EF3D667-644A-4E75-B96D-566ED111FD9D} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f3de85391025 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
"{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" task foi desbloqueado. <===== ATENÇÃO
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Nenhum Arquivo <==== ATENÇÃO
Task: {3554DA6E-AA9E-4627-9837-9CEE4B8EE030} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {3AE5B1F5-4361-4F30-B6A2-04341920CC8F} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {45B644A3-64E0-4C6D-8F10-AB53162BC895} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2011-08-31] ()
"{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}" task foi desbloqueado. <===== ATENÇÃO
"{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" task foi desbloqueado. <===== ATENÇÃO
"{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}" task foi desbloqueado. <===== ATENÇÃO
Task: {51E4DFF9-4230-40FB-BA18-98AF805BC24F} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f3de85dace73 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {54499AD8-03B1-43F0-8593-6AD3F37EB409} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
"{5A40E926-9E86-4B89-9CFD-B12311724371}" task foi desbloqueado. <===== ATENÇÃO
"{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" task foi desbloqueado. <===== ATENÇÃO
"{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}" task foi desbloqueado. <===== ATENÇÃO
"{5F5A18EB-DC73-4E45-A11C-B59043598412}" task foi desbloqueado. <===== ATENÇÃO
"{613612BA-897D-44CE-8DC1-8FC283F9FD51}" task foi desbloqueado. <===== ATENÇÃO
Task: {62C56036-F72E-4AB7-8A36-EC7807A76612} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient [Argument = /Start]
Task: {654EF357-8E87-46B8-981E-17E175E659C0} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
"{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}" task foi desbloqueado. <===== ATENÇÃO
Task: {69E36298-7B49-4FAB-82E9-6417D0114011} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Nenhum Arquivo <==== ATENÇÃO
"{72DB7465-BC54-491B-A92A-4637A28C9BBF}" task foi desbloqueado. <===== ATENÇÃO
"{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}" task foi desbloqueado. <===== ATENÇÃO
"{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}" task foi desbloqueado. <===== ATENÇÃO
Task: {7F18F11C-2259-4045-BD4F-DA24CFA621B7} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ivan\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe [2015-10-13] (MangoApps Inc.)
Task: {8058F7E6-4B0E-465F-ADB0-349673A08666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
"{81540B9F-B5BF-47EB-9C95-BE195BF2C664}" task foi desbloqueado. <===== ATENÇÃO
Task: {85F3EE02-4F44-4B77-A63E-DAEDF6C56C10} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {86CD374E-8039-4514-BEE9-C572F196668E} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-10-18] (Avira Operations GmbH & Co. KG)
Task: {8A855ED2-26EE-4C7E-B169-1514FB070BCF} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {92E0678C-7B0D-4FCE-8325-AC3A5D022681} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
"{9435F817-FED2-454E-88CD-7F78FDA62C48}" task foi desbloqueado. <===== ATENÇÃO
"{994C86AD-A929-4B2C-88A0-4E25A107A029}" task foi desbloqueado. <===== ATENÇÃO
"{9979CB83-103A-4105-9E5D-C74B0AF6D198}" task foi desbloqueado. <===== ATENÇÃO
Task: {9BB0577A-BB1F-4B2E-B90D-C9F3378A99CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-04] (Adobe Systems Incorporated)
"{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}" task foi desbloqueado. <===== ATENÇÃO
"{A48CABBF-24C8-4B87-B00F-9261807C3B43}" task foi desbloqueado. <===== ATENÇÃO
"{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}" task foi desbloqueado. <===== ATENÇÃO
"{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" task foi desbloqueado. <===== ATENÇÃO
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Nenhum Arquivo <==== ATENÇÃO
"{AC668097-4D6B-4093-AC14-014C09DBF820}" task foi desbloqueado. <===== ATENÇÃO
"{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" task foi desbloqueado. <===== ATENÇÃO
Task: {B308B8CE-167D-4EE8-A0B1-129DDE49A1BA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Nenhum Arquivo <==== ATENÇÃO
Task: {B3AF4A93-B58D-4832-8DFE-0C0662393F43} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {B4B66809-153E-4054-BEB3-450B3E80B02E} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BBB45B94-D3A4-45A9-A958-66BB99359CD8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-14] (Adobe Systems Incorporated)
"{BE669C13-8165-4536-96D0-6D6C39292AAE}" task foi desbloqueado. <===== ATENÇÃO
"{C016366B-7126-46CA-B36B-592A3D95A60B}" task foi desbloqueado. <===== ATENÇÃO
Task: {C27D5544-478D-40E8-BFDE-B0A22CEA9C09} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C5DEB034-64BC-4A8E-94DE-F7E13CBE9848} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music Ivan => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2011-10-03] (Sony Corporation)
"{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}" task foi desbloqueado. <===== ATENÇÃO
"{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}" task foi desbloqueado. <===== ATENÇÃO
Task: {CE6548F1-8A4A-41C7-9E67-056850378CFF} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
"{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" task foi desbloqueado. <===== ATENÇÃO
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Nenhum Arquivo <==== ATENÇÃO
"{D0250F3F-6480-484F-B719-42F659AC64D5}" task foi desbloqueado. <===== ATENÇÃO
Task: {D41279D5-BC7F-4868-834C-9BD575704A3E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
"{D7B6E81D-3CF4-432C-84D2-24213F4316E6}" task foi desbloqueado. <===== ATENÇÃO
"{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}" task foi desbloqueado. <===== ATENÇÃO
Task: {DABCD011-1F9F-4EBF-A996-C19B739CD941} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib TaskTray => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [2011-11-03] (Sony Corporation)
"{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}" task foi desbloqueado. <===== ATENÇÃO
Task: {E0B846C9-F3FA-456E-B21E-7BAEF1FE3017} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
"{E22A8667-F75B-4BA9-BA46-067ED4429DE8}" task foi desbloqueado. <===== ATENÇÃO
"{E3163C33-301D-4730-A266-5518C5ED3967}" task foi desbloqueado. <===== ATENÇÃO
Task: {E37EC287-8E65-4D27-863F-228B5EFC7031} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
"{EACA24FF-236C-401D-A1E7-B3D5267B8A50}" task foi desbloqueado. <===== ATENÇÃO
"{EB02381F-D652-4B1C-894A-712498C62C51}" task foi desbloqueado. <===== ATENÇÃO
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> Nenhum Arquivo <==== ATENÇÃO
Task: {EC26B6E7-9154-49ED-95F5-CDBA85E00152} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {EE689E85-8183-45EC-9F7C-D3306EE6151C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
"{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" task foi desbloqueado. <===== ATENÇÃO
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Nenhum Arquivo <==== ATENÇÃO
"{FB3C354D-297A-4EB2-9B58-090F6361906B}" task foi desbloqueado. <===== ATENÇÃO
Task: {FD139FD3-BE2B-49C9-A172-1B66471E155E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)
"{FDD56C73-F0D5-41B6-B767-6EFFD7966428}" task foi desbloqueado. <===== ATENÇÃO

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

Shortcut: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files (x86)\Simple Port Forwarding\basic_ui.bat ()
Shortcut: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qlock\Help.lnk -> hxxp://www.qlock.com/help

==================== Módulos Carregados (Whitelisted) ==============

2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-06-15 23:40 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
2016-11-28 02:40 - 2016-11-28 02:39 - 00017376 _____ () C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
2017-01-01 16:38 - 2017-01-01 16:38 - 00064512 _____ () C:\Windows\SearchIndexer.exe
2017-01-11 02:31 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-11 02:31 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-21 17:38 - 2016-02-21 17:38 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-03-28 03:04 - 2011-03-28 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-08 14:50 - 2015-05-08 14:50 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-07-15 01:42 - 2016-07-15 01:42 - 01925136 _____ () C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
2016-09-01 20:59 - 2016-09-01 20:59 - 00017024 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
2016-06-21 20:39 - 2016-06-21 20:39 - 01419776 _____ () C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2012-02-25 21:00 - 2011-03-05 20:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2016-11-24 22:28 - 2016-11-24 22:28 - 00437760 _____ () C:\Program Files (x86)\Anvsoft\Syncios\DuiLib.dll
2016-11-15 23:09 - 2016-11-15 23:09 - 00074240 _____ () C:\Program Files (x86)\Anvsoft\Syncios\generalFunc_pdt.dll
2016-11-15 23:09 - 2016-11-15 23:09 - 01000448 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidSyncCore_pdm.dll
2016-11-15 23:09 - 2016-11-15 23:09 - 00177664 _____ () C:\Program Files (x86)\Anvsoft\Syncios\driverMgr4Transfer_pdm.dll
2016-09-01 20:59 - 2016-09-01 20:59 - 01278080 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libandroidnotifier.dll
2016-06-21 20:39 - 2016-06-21 20:39 - 00059904 _____ () C:\Program Files (x86)\Anvsoft\Syncios\zlib.dll
2016-08-01 04:01 - 2016-08-01 04:01 - 00571392 _____ () C:\Program Files (x86)\Anvsoft\Syncios\sqlite3.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 00073512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-21 20:39 - 2016-06-21 20:39 - 00671744 _____ () C:\Program Files (x86)\Anvsoft\Syncios\hashAB.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-08-07 16:11 - 2016-06-20 14:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-08-07 16:11 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-05-11 09:35 - 2016-05-11 09:35 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2012-02-25 20:21 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 10:49 - 2016-10-25 10:49 - 00109760 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2013-07-02 23:06 - 2013-07-02 23:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:25EB0427_Cef.gbp [2]
AlternateDataStreams: C:\Windows\System32:25EB0427_Isg.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2166]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\caixa.gov.br -> imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\infoseg.gov.br -> hxxp://www.infoseg.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\serpro.gov.br -> hxxps://infoseg9.serpro.gov.br

==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-13 22:34 - 2017-01-11 02:20 - 00000942 ____N C:\Windows\system32\Drivers\etc\hosts

    0.0.0.0    keysotne.mwbsys.com127.0.0.1                   example.net
127.0.0.1                   keystone.mwbsys.com

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-3714546670-946274982-931039520-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: ImDskSvc => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: OO DiskImage => 2
MSCONFIG\Services: SophosVirusRemovalTool => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: WsDrvInst => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk => C:\Windows\pss\TMMonitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk => C:\Windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: FAStartup =>
MSCONFIG\startupreg: FATrayAlert => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
MSCONFIG\startupreg: FreeHideIPunstall =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_C76D497934B1A0EE0E3BF23C3F10F9A7 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: OODITRAY.EXE => C:\Program Files\Laplink\DiskImage\ooditray.exe
MSCONFIG\startupreg: PC Remote Server => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TinyTake by MangoApps => "C:\Users\Ivan\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe" NOTOPENCONTEXTMENU
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{A70359FB-69DA-45AF-A7D0-E0B4566E3133}] => C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{CF064422-05B5-4043-B099-1F2D4178C90A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70A47580-D530-4C4A-A92D-A6B04B4DD111}] => LPort=2869
FirewallRules: [{690A5E44-93E9-4E3B-A75A-79BE604E252D}] => LPort=1900
FirewallRules: [{CC660E36-D225-45D0-ACF9-8701019DBA70}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3C353CC2-E905-43A5-BB48-109BB2E18455}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{51834E06-7B2C-4308-A3E5-7BA8CF8BCEB5}] => C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{31C8BE3E-B4C8-49FB-9F19-A6F615827F9B}] => C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{14D45B68-ACD8-4340-86CA-C9E13AA13718}] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
FirewallRules: [{9F8F5C54-4D93-4000-B4B0-CFA5DC44FE59}] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{CAC38972-004A-4D1A-8A67-D3F18742900F}] => C:\Program Files (x86)\Sony\Media Gallery\VRLP.exe
FirewallRules: [{26B62950-7CFA-4286-BD5B-C68DFB15E44C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D113E971-C739-4B3A-A5EC-42C65ED9716B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC69ED9E-9303-4128-9024-C4D57D814B42}] => C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{7192DA52-8681-4B15-ABD7-AC26415C8542}] => C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{8664838F-22A5-4EC5-B735-470557676330}] => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{D5697FF2-A701-47FB-8272-24F2A091A4BF}] => C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{1BF5F74D-025D-493B-A633-B223A201C7AC}] => C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{3A608BE2-255B-466D-9AAE-C43BA4F4DAFA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8945EE26-AEAE-49AC-9F66-5B7357DB9C54}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37439B52-B830-4EBC-B943-AAA2C4AFB384}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1EA0333B-8755-445D-A045-B35961902A4B}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{46A0D045-05C4-4D1F-843A-B5A1A9EB34F6}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FF41E427-5A11-4FA3-8F02-E77D49E77E70}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{638F7488-C483-414E-969A-0413DE17F912}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [UDP Query User{C529F1AE-6246-42C7-81A6-CFE18E236096}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [{44F2E0EF-251C-4038-82E8-7571FE4AE4C4}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA026661-1E60-4B47-BF5E-C0505D4F250A}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A8EA6FA-D041-4248-907D-A33649096D12}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2C99A0B3-3C01-4EB0-99FA-8C4A5CE47514}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE5658E9-3EE7-48B1-8828-C1DBC8FEFB5D}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE3F91C6-2FE9-4D9A-ACCA-706CC7255287}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9AEFD00B-CB98-4910-81A5-396442A32179}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{061C0E8E-1DB0-41DE-877D-DCAAC8A55158}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{A70F557A-FECD-4DFC-A078-A928350BB404}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{6A3B8C2C-662A-43BF-92DA-80D6F834536F}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{15505A3B-E9BF-432D-B139-4D85D085189E}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{A2395079-CC16-4908-92AA-F964E8FD1A71}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{3941A930-5766-456F-A126-B79FF00CE3E4}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{1EE1D3DE-1B75-418E-B88D-CB28D122FCF4}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [{6A60F6F5-8C02-4A83-BEA4-68B2435BB81E}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{4F1079E9-5C42-4803-B76C-6A452AB62C21}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{B8767609-ABD2-464F-A955-33F5D4CB5C6F}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [TCP Query User{FC289D15-F163-4E5D-AD63-0C6F4396AE37}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{4D2E170E-6FF6-4CC0-A11D-ACF3A14CE3D1}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [{368890DC-D616-4D0A-96D2-B702804439B1}] => C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [{E8721374-3AE5-4130-8850-93985B0B5A21}] => C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [TCP Query User{DA6FBAC5-ED00-4BA6-898F-6874BFAADE01}C:\windows\ehome\ehexthost.exe] => C:\windows\ehome\ehexthost.exe
FirewallRules: [UDP Query User{23F57204-109E-449C-95B2-78B3A39ADD8B}C:\windows\ehome\ehexthost.exe] => C:\windows\ehome\ehexthost.exe
FirewallRules: [{C05C36E1-75DC-4F2D-A1D1-CBF30F00B59B}] => C:\Program Files (x86)\Deskshare\IP Camera Viewer 3\IP Camera Viewer.exe
FirewallRules: [{21FB453E-3A60-4E80-A5B6-2FAD6528A689}] => C:\Program Files (x86)\Deskshare\IP Camera Viewer 3\IP Camera Viewer.exe
FirewallRules: [{7AAB3F22-966F-40BC-91D9-9F3263FE5B35}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{53436137-4432-4141-B141-EE2520A9CC71}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{9F9D14D1-D98E-4ADF-BE12-A893FB0E0EBA}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{DB887C5C-3C10-4681-86E1-9CD48F61B719}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{4F5AECDD-146C-4878-BE67-5F6B836923AF}] => %ProgramFiles%\Wondershare\Filmora\ImageHost.exe
FirewallRules: [{D3833999-D5B7-4165-9751-85A67F7EE70C}] => %ProgramFiles%\Wondershare\Filmora\Wondershare Helper Compact.exe
FirewallRules: [{10596333-2C4C-4C44-844E-C3EC70794BF5}] => %ProgramFiles%\Wondershare\Filmora\WSResDownloader.exe
FirewallRules: [{8A8B072C-6FA5-4DB1-9B0E-BEDD7538C2C0}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{17847381-76CD-492A-B7BF-195C9B579485}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{D29FB238-9957-4747-B682-3D2784AA1DED}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{169D8E2E-4102-43BA-946A-4DB3B8A2CED7}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{29A47274-F4AF-4E30-BE50-258BFC49E286}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [TCP Query User{FF0413C0-8AC0-421A-9788-C4C722D5DF86}C:\users\ivan\downloads\rtl1090a\rtl1090.exe] => C:\users\ivan\downloads\rtl1090a\rtl1090.exe
FirewallRules: [UDP Query User{52BE858F-5C0D-4EF2-9B03-5D5E07629095}C:\users\ivan\downloads\rtl1090a\rtl1090.exe] => C:\users\ivan\downloads\rtl1090a\rtl1090.exe
FirewallRules: [{A4522630-4520-407E-A439-7E1724AE93E3}] => C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{DDB90306-9E83-4B90-97EE-14C5C89EC427}] => C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{B20F4783-3192-4E98-AD65-5189FF792D87}] => C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{461001B9-BC1B-475B-8A26-63286E5B2B8D}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{48864A6E-2E7E-4AF1-8B14-33D3417E6BA8}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99FCE23D-DF17-4461-839A-77E1D5C0F1C6}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{F4A5015C-8719-46E9-A098-259CD6EC3B5B}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{8F2EA323-7CA7-4845-B71F-81159404CEF7}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{90A832AF-C289-495F-8556-4871D3F3D160}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{39DDF0EF-5E6C-4A57-8924-540942368766}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5AF79AAC-2E99-4F0A-B858-9850B8A1D612}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{241B5A05-FAC1-4222-A27A-D55090C0B364}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [TCP Query User{C84872FE-C12D-4F12-BF10-94EC0814B286}C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe] => C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe
FirewallRules: [UDP Query User{D166B843-3A2D-415E-ABF4-3ABD007756E0}C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe] => C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe

==================== Pontos de Restauração =========================

09-01-2017 21:26:22 Instalação de Pacote de Driver de Dispositivo: TAP-Windows Provider V9 Adaptadores de rede
11-01-2017 11:45:10 Windows Update
12-01-2017 00:40:47 Instalado Microsoft Visual C++ 2005 Redistributable
13-01-2017 21:16:06 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2017 01:28:06 Instalação de Pacote de Driver de Dispositivo: WsAudioDevice_383S(1) Controladores de som, vídeo e jogos

==================== Dispositivos Apresentando Falhas No Gerenciador =============

Name: Ubar Callout Driver
Description: Ubar Callout Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: UbarCalloutDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (01/18/2017 05:44:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/18/2017 05:37:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Ivan-VAIO)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.

Error: (01/18/2017 05:37:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Ivan-VAIO)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.

Error: (01/18/2017 05:37:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Ivan-VAIO)
Description: O Windows não pode carregar o perfil armazenado localmente. As possíveis causas do erro são direitos de segurança insuficientes ou um perfil local corrompido.

 DETALHE - O arquivo já está sendo usado por outro processo.

Error: (01/18/2017 05:37:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.

 DETALHE - O arquivo já está sendo usado por outro processo.
 para C:\Users\Ivan\ntuser.dat

Error: (01/18/2017 05:29:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/17/2017 04:49:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: VidCap60.EXE, versão: 6.0.0.1003, carimbo de hora: 0x57aba518
Nome do módulo de falhas: VidCap60.EXE, versão: 6.0.0.1003, carimbo de hora: 0x57aba518
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0005a490
Identificação do processo com falha: 0x215c
Hora de início do aplicativo com falha: 0x01d27102ba140a6b
Caminho do aplicativo com falha: C:\Program Files\VEGAS\VEGAS Pro 14.0\VidCap60.EXE
FCaminho do módulo de falhas: C:\Program Files\VEGAS\VEGAS Pro 14.0\VidCap60.EXE
Identificação do Relatório: 7413b89a-dcf6-11e6-9eaa-78843cb270f1

Error: (01/17/2017 01:38:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/16/2017 11:30:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/15/2017 11:15:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa firefox.exe versão 50.1.0.6186 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 1964

Hora de Início: 01d26f96e6807974

Hora de Término: 46

Caminho do Aplicativo: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Id do Relatório: f0e031a5-db99-11e6-878c-78843cb270f1


Erros de Sistema:
=============
Error: (01/18/2017 05:47:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/18/2017 05:47:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/18/2017 05:47:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/18/2017 05:47:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/18/2017 05:45:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/18/2017 05:45:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/18/2017 05:45:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/18/2017 05:45:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
gbpddfac
gbpddreg

Error: (01/18/2017 05:44:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Ubar Callout Driver devido ao seguinte erro:
O sistema não pode encontrar o caminho especificado.

Error: (01/18/2017 05:44:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Grzerck terminou com o erro:
O sistema não pode encontrar o arquivo especificado.


==================== Informações da Memória ===========================

Processador: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentagem de memória em uso: 69%
RAM física total: 4043.86 MB
RAM física disponível: 1221.47 MB
Virtual Total: 8085.89 MB
Virtual disponível: 4502.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:310.72 GB) (Free:77.55 GB) NTFS
Drive d: () (Fixed) (Total:274.2 GB) (Free:19.71 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 90547D58)
Partition 1: (Not Active) - (Size=11.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=310.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=274.2 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================

 

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:58 AM

Posted 18 January 2017 - 06:47 PM

Greetings and thank you for the information.

I apologize for doing this to you but please right click on FRST64.exe, rename it to FRST64english.exe and run the scan again. It will make it much easier for me to review.

Thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 19 January 2017 - 04:14 PM

Greetings! Here we go again

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by Ivan (administrator) on IVAN-VAIO (19-01-2017 17:06:55)
Running from C:\Users\Ivan\Desktop
Loaded Profiles: Ivan (Available Profiles: Ivan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SecureHunter LLC) C:\Program Files (x86)\SecureHunter\AntiMalwarePro\bin\shrtsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Windows\SearchIndexer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\SearchIndexer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Farbar) C:\Users\Ivan\Desktop\FRST64english.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2724432 2015-12-26] (Sony Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [18544 2016-10-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1925136 2016-07-15] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\KeepVid\KeepVid Pro\DelayPluginI.exe [1974432 2016-08-08] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-09-12] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginIsg: C:\Program Files (x86)\GbPlugin\gbiehIsg.dll [2016-01-04] (Infoseg - Senasp)
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\MountPoints2: {24b6844f-c400-11e3-ad44-a65fba829510} - D:\Startme.exe
ShellExecuteHooks: No Name - {B5C518CC-9E92-11E6-A998-64006A5CFC23} -  -> No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\Program Files (x86)\GbPlugin\gbiehisg.dll [1870240 2016-01-04] (Infoseg - Senasp)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1903328 2016-09-12] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\Laplink\DiskImage\oodishi.dll [2014-02-13] (O&O Software GmbH)
Startup: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk [2016-12-31]
ShortcutTarget: qlock.lnk -> C:\Users\Ivan\AppData\Roaming\Qlock\qlock.exe ()
Startup: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-01-19]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1                   keystone.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4714ED28-43AD-400A-8235-0BD9537DCF5E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4C38E937-7F82-4F58-AA74-BC28874FC5ED}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-13] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2016-09-12] (Caixa Economica Federal)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540015} -> C:\Program Files (x86)\GbPlugin\gbiehisg.dll [2016-01-04] (Infoseg - Senasp)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\ProgramData\KeepVid\KeepVid Pro\WSBrowserAppMgr.dll [2016-08-08] ()
Toolbar: HKLM - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\tucbvczq.default\Profiles\tucbvczq.default [not found]
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default [2017-01-19]
FF Homepage: Mozilla\Firefox\Profiles\tucbvczq.default -> hxxps://www.google.com.br/?gws_rd=ssl
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> gopher", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> gopher_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> type", 0
FF Extension: (Video Downloader Pro) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\@video_downloader_pro.xpi [2017-01-05]
FF Extension: (Avira Browser Safety) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (ADB Helper) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\adbhelper@mozilla.org [2017-01-19]
FF Extension: (United States English Spellchecker) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-18]
FF Extension: (Valence) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\fxdevtools-adapters@mozilla.org [2017-01-18]
FF Extension: (SaveFrom.net helper) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\helper@savefrom.net.xpi [2016-10-31]
FF Extension: (Print pages to PDF) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\printPages2Pdf@reinhold.ripper [2016-07-19]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\safesearchplus2@avira.com.xpi [2016-12-15]
FF Extension: (NoScript) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-18]
FF Extension: (Adblock Plus) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi\ []
FF HKLM-x32\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi
FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi [2017-01-05]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8878}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi
FF Extension: (GBBD Infoseg - Senasp) - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi [2016-09-13] [not signed]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2016-07-19] [not signed]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886F}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ivan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ivan\AppData\Roaming\IDM\idmmzcc5 [2017-01-19] [not signed]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-04] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-04] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/cef -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/cef64 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/isg -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg.dll [2015-02-26] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/isg64 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll [2015-02-26] (GAS Tecnologia)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-14] <==== ATTENTION
CHR Extension: (Google Apresentações) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-02]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-23]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-23]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-23]
CHR Extension: (Tampermonkey) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-11-02]
CHR Extension: (Planilhas do Google) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-02]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-23]
CHR Extension: (IDM Integration Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-02]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default [2017-01-14]
CHR Extension: (Google Apresentações) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Video Downloader professional) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-10-21]
CHR Extension: (Planilhas do Google) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]
CHR Extension: (YouTube Flash Video Player) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldkdmkgnlbehfgeifjpjabmandnchpe [2016-10-21]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-21]
CHR Extension: (Documentos Google off-line) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-21]
CHR Extension: (AdBlock) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-21]
CHR Extension: (Video Downloader Pro) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-10-21]
CHR Extension: (IDM Integration Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-21]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-08]
CHR HKU\S-1-5-21-3714546670-946274982-931039520-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-09-30] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-09-30] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-09-30] (BlueStack Systems, Inc.)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-09-12] (GAS Tecnologia)
S2 Grzerck; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Grzerck; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S4 ImDskSvc; C:\Windows\system32\imdsksvc.exe [18016 2014-09-19] (Olof Lagerkvist)
R2 KingoSoftService; C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367584 2016-11-28] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
S4 OO DiskImage; C:\Program Files\Laplink\DiskImage\oodiag.exe [6258880 2014-02-13] (O&O Software GmbH)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 Secure Hunter Service; C:\Program Files (x86)\SecureHunter\AntiMalwarePro\bin\shrtsrv.exe [47872 2016-11-22] (SecureHunter LLC)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [26632 2016-10-18] (Avira Operations GmbH & Co. KG)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6348560 2015-10-29] (TeamViewer GmbH)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-24] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Windows Indexer; C:\Windows\SearchIndexer.exe [64512 2017-01-01] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-08-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [20536 2014-06-03] (Olof Lagerkvist)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-09-30] (BlueStack Systems)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 facap; C:\Windows\System32\DRIVERS\facap.sys [38400 2012-09-03] (Windows ® Win 7 DDK provider)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [42560 2014-09-19] (Olof Lagerkvist)
R4 KProcessHacker3; C:\Program Files\Process Hacker 2\kprocesshacker.sys [45208 2016-03-29] (wj32)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-11] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-19] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-19] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-19] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-15] (Malwarebytes)
S3 MDANTDRV; C:\Windows\system32\MDANTDRV.sys [34296 2016-12-29] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [936960 2010-03-17] (DiBcom SA) [File not signed]
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-07-13] (DiBcom S.A.)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116928 2014-02-13] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41152 2014-02-13] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255680 2014-02-13] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44736 2014-02-13] (O&O Software GmbH)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [18528 2014-10-23] ()
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [15456 2014-10-23] ()
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-04-24] ()
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [821888 2011-01-26] (Windows ® Win 7 DDK provider)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-03-18] (GAS Tecnologia LTDA)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2016-02-29] (Wondershare)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-01-19] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
R1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [31960 2014-06-03] (XOSLAB.COM)
S3 cpuz134; \??\C:\Users\Ivan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 GrdKey; system32\DRIVERS\grdkey.sys [X]
U3 iswSvc; no ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S2 UbarCalloutDriver; \??\C:\Program Files\UBar\UbarDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 17:06 - 2017-01-19 17:08 - 00039136 _____ C:\Users\Ivan\Desktop\FRST.txt
2017-01-19 16:35 - 2017-01-19 16:36 - 04942473 _____ C:\Users\Ivan\Downloads\M3.Data.Recovery.5.6.8.Professional..Technician.License.rar
2017-01-19 16:08 - 2017-01-19 16:08 - 13594445 _____ C:\Users\Ivan\Documents\2017_01_19_16_08_scan_result.sr
2017-01-19 16:03 - 2017-01-19 16:03 - 00000338 _____ C:\Users\Ivan\Documents\2017_01_19_16_03_scan_result.sr
2017-01-19 15:42 - 2017-01-19 15:42 - 00000000 ____D C:\Users\Ivan\Downloads\mde-free-portable
2017-01-18 19:10 - 2017-01-18 19:10 - 00129503 _____ C:\Users\Ivan\Documents\Summary.zip
2017-01-18 18:49 - 2017-01-18 18:49 - 02761194 _____ C:\Users\Ivan\Documents\Summary.nfo
2017-01-18 18:40 - 2017-01-18 19:04 - 00080757 _____ C:\Users\Ivan\Documents\Summary.rar
2017-01-18 18:37 - 2017-01-18 18:37 - 01738768 _____ C:\Users\Ivan\Documents\Summary.txt
2017-01-18 18:10 - 2017-01-19 17:06 - 00000000 ____D C:\FRST
2017-01-18 18:07 - 2017-01-18 18:07 - 02419712 _____ (Farbar) C:\Users\Ivan\Desktop\FRST64english.exe
2017-01-18 02:03 - 2017-01-18 02:25 - 88734415 _____ C:\Users\Ivan\Downloads\giorgifinal.mp4
2017-01-17 16:49 - 2017-01-17 16:49 - 00000728 _____ C:\Users\Ivan\Documents\Default.sfvidcap
2017-01-16 01:27 - 2016-02-29 11:26 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudioDevice_383S(1).sys
2017-01-14 23:47 - 2017-01-18 02:28 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\vlc
2017-01-14 23:41 - 2017-01-14 23:41 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-01-14 23:41 - 2017-01-14 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-01-14 23:40 - 2017-01-14 23:40 - 00000000 ____D C:\Program Files\VideoLAN
2017-01-14 23:39 - 2017-01-14 23:39 - 31717016 _____ C:\Users\Ivan\Downloads\vlc-2.2.4-win64.exe
2017-01-14 00:09 - 2017-01-14 00:10 - 30533688 _____ C:\Users\Ivan\Downloads\vlc-2.2.4-win32.exe
2017-01-13 23:58 - 2017-01-13 23:58 - 00023680 _____ C:\Users\Ivan\Downloads\Blindspot.S02E11.HDTV.x264-LOL.rar
2017-01-13 22:34 - 2017-01-13 22:34 - 10014141 _____ C:\Users\Ivan\Downloads\mde-free-portable.zip
2017-01-13 22:28 - 2017-01-13 22:28 - 03931940 _____ C:\Users\Ivan\Downloads\mscanner-portable.zip
2017-01-13 21:17 - 2017-01-13 21:17 - 00001361 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-01-13 21:15 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-01-13 21:15 - 2017-01-13 21:15 - 00000000 ____D C:\Program Files (x86)\Seagate
2017-01-13 21:14 - 2017-01-13 21:14 - 26157600 _____ C:\Users\Ivan\Downloads\SeaToolsforWindowsSetup.exe
2017-01-13 20:50 - 2017-01-13 20:50 - 00520859 _____ C:\Users\Ivan\Downloads\victoria.zip
2017-01-13 20:50 - 2017-01-13 20:50 - 00000000 ____D C:\Users\Ivan\Downloads\victoria
2017-01-13 19:18 - 2017-01-13 19:18 - 00000000 ____D C:\Users\Ivan\Downloads\HDDScan-3.3
2017-01-13 19:17 - 2017-01-13 19:17 - 03822364 _____ C:\Users\Ivan\Downloads\HDDScan-3.3.zip
2017-01-12 01:19 - 2017-01-12 01:19 - 00663552 _____ (BahamasSecurity.com) C:\Users\Ivan\Downloads\dhavi.exe
2017-01-12 00:42 - 2017-01-12 01:17 - 00000000 ____D C:\Program Files (x86)\Intelbras Media Player
2017-01-12 00:42 - 2017-01-12 00:42 - 00001135 _____ C:\Users\Public\Desktop\Intelbras Media Player.lnk
2017-01-12 00:42 - 2017-01-12 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intelbras Media Player
2017-01-12 00:38 - 2017-01-12 00:39 - 12082916 _____ C:\Users\Ivan\Downloads\intelbras_player_poreng_is_v3.36.11.t.20160606_0.exe
2017-01-11 14:13 - 2017-01-11 14:11 - 00622831 _____ C:\Users\Ivan\Documents\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials.pdf
2017-01-11 14:10 - 2017-01-11 14:10 - 00271456 _____ C:\Users\Ivan\Downloads\FRSTTutorial-HowtouseFarbarRecoveryScanToolpageNumber-MalwareRemovalGuidesandTutorials.html
2017-01-11 13:58 - 2017-01-11 13:58 - 01761280 _____ (Farbar) C:\Users\Ivan\Downloads\FRST.exe
2017-01-11 11:16 - 2017-01-05 14:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 11:16 - 2017-01-05 14:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 11:16 - 2017-01-05 14:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 11:16 - 2017-01-05 13:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 11:16 - 2017-01-05 13:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 11:16 - 2017-01-05 13:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 11:16 - 2017-01-05 13:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 11:16 - 2017-01-05 13:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 11:16 - 2017-01-05 13:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 11:16 - 2017-01-05 13:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 11:16 - 2017-01-05 13:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-11 02:32 - 2017-01-19 15:15 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-11 02:32 - 2017-01-19 15:15 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-11 02:32 - 2017-01-15 21:13 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-11 02:32 - 2017-01-11 02:52 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-11 02:31 - 2017-01-19 15:14 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-11 02:31 - 2017-01-11 02:31 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-11 02:31 - 2017-01-11 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-11 02:31 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-11 02:21 - 2017-01-11 02:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-11 01:25 - 2017-01-11 01:25 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-11 01:23 - 2017-01-11 01:24 - 54199488 _____ (Malwarebytes ) C:\Users\Ivan\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-10 20:35 - 2017-01-10 20:35 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Ivan\Downloads\rkill.exe
2017-01-10 17:01 - 2017-01-10 17:01 - 00000000 ____D C:\Users\Ivan\Downloads\Malwarebytes 3.0.5 1299 Premium Lifetime License
2017-01-10 16:26 - 2017-01-10 16:27 - 20850752 _____ C:\Users\Ivan\Downloads\Malwarebytes Anti-Malware 3.0.5 1299 Premium Crack (Lifetime Free).mp4
2017-01-10 16:25 - 2017-01-10 16:27 - 76952678 _____ C:\Users\Ivan\Downloads\Malwarebytes 3.0.5 1299 Premium Lifetime License.zip
2017-01-09 21:15 - 2017-01-09 21:15 - 00001072 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-01-09 21:04 - 2017-01-09 21:04 - 00000000 ____D C:\Users\Ivan\Downloads\Avira.Phantom.VPN.Pro.2.2.3.19655
2017-01-09 21:03 - 2017-01-09 21:03 - 04161620 _____ C:\Users\Ivan\Downloads\Avira.Phantom.VPN.Pro.2.2.3.19655_www.theopsbrasil.blogspot.com.rar
2017-01-08 22:01 - 2017-01-08 22:01 - 00000000 ____D C:\ProgramData\Wondershare AllMytube
2017-01-06 22:41 - 2017-01-06 22:41 - 00067809 _____ C:\Users\Ivan\Downloads\Blindspot.S02E10_legendei.com_.zip
2017-01-05 18:33 - 2017-01-15 22:29 - 00000000 ____D C:\ProgramData\xml_param
2017-01-05 18:10 - 2017-01-05 18:10 - 00001273 _____ C:\Users\Public\Desktop\KeepVid Pro.lnk
2017-01-05 18:10 - 2017-01-05 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid
2017-01-05 18:09 - 2017-01-05 18:09 - 00000000 ____D C:\ProgramData\KeepVid
2017-01-05 18:06 - 2017-01-05 18:06 - 00008870 _____ C:\Users\Ivan\Documents\cc_20170105_180602.reg
2017-01-05 17:35 - 2017-01-05 17:35 - 00000000 ____D C:\Users\Ivan\Downloads\KeepVID Pro 4.10.1.0 + full _
2017-01-05 17:21 - 2017-01-05 17:26 - 35887827 _____ C:\Users\Ivan\Downloads\KeepVID Pro v4.10.0.5 + Patch - _ingpatching.com.zip
2017-01-05 17:16 - 2017-01-05 17:19 - 36621428 _____ C:\Users\Ivan\Downloads\KeepVID Pro 4.10.1.0 + full _.rar
2017-01-05 15:37 - 2017-01-08 22:34 - 00000000 ____D C:\ProgramData\KeepVid Pro
2017-01-05 15:37 - 2017-01-05 15:37 - 00000000 ____D C:\ProgramData\KeepVid Application Common Data
2017-01-05 15:26 - 2017-01-05 15:26 - 00055868 _____ C:\Users\Ivan\Documents\cc_20170105_152640.reg
2017-01-05 15:18 - 2017-01-05 15:18 - 00000000 ____D C:\Users\Ivan\Downloads\KeepVidPro.4.10.2 Fullversiondown
2017-01-05 14:57 - 2017-01-05 14:58 - 35886280 _____ C:\Users\Ivan\Downloads\KeepVidPro.4.10.2 Fullversiondown.com.rar
2017-01-05 12:01 - 2017-01-05 12:01 - 00711584 _____ C:\Windows\system32\ndm-fre.exe
2017-01-05 01:42 - 2017-01-05 01:42 - 00000000 ____D C:\Users\Ivan\AppData\Local\Keepvid
2017-01-05 01:42 - 2017-01-05 01:42 - 00000000 ____D C:\ProgramData\Aimersoft
2017-01-05 01:40 - 2017-01-05 01:40 - 00000000 ____D C:\Users\Ivan\AppData\Local\Aimersoft
2017-01-05 01:39 - 2017-01-05 01:39 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\KeepVid
2017-01-05 01:39 - 2017-01-05 01:39 - 00000000 ____D C:\Program Files (x86)\Keepvid
2017-01-05 01:36 - 2017-01-05 01:38 - 00000000 ____D C:\Users\Public\Documents\Keepvid
2017-01-04 12:49 - 2017-01-04 12:49 - 01396306 _____ C:\Users\Ivan\Downloads\SPN.S11.leg.HDTV.sobrenaturalbrazil.com.br.rar
2017-01-04 05:52 - 2017-01-04 05:52 - 00034696 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2017-01-03 01:27 - 2017-01-03 01:27 - 00000000 ____D C:\Users\Ivan\AppData\Local\Apple Computer
2017-01-01 21:59 - 2017-01-01 21:59 - 00000000 ____D C:\Users\Ivan\Downloads\testdisk-7.0.win(1)
2017-01-01 21:43 - 2017-01-01 21:44 - 12444088 _____ C:\Users\Ivan\Downloads\testdisk-7.0.win(1).zip
2017-01-01 17:33 - 2017-01-01 17:33 - 00001250 _____ C:\Users\Ivan\Desktop\M3 RAW Drive Recovery.lnk
2017-01-01 17:33 - 2017-01-01 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M3 RAW Drive Recovery
2017-01-01 17:33 - 2017-01-01 17:33 - 00000000 ____D C:\Program Files (x86)\M3 Software
2017-01-01 17:31 - 2017-01-01 17:31 - 00000000 ____D C:\Users\Ivan\Downloads\RAW.Drive.Recovery.5.6.8
2017-01-01 17:14 - 2017-01-01 17:15 - 13130840 _____ C:\Users\Ivan\Downloads\RAW.Drive.Recovery.5.6.8.rar
2017-01-01 16:38 - 2017-01-01 16:38 - 00064512 _____ C:\Windows\SearchIndexer.exe
2016-12-31 19:29 - 2016-12-31 19:29 - 00000000 ____D C:\Users\Ivan\Downloads\FXhome HitFilm Pro 2017 v5.0.6007 (x64)
2016-12-31 19:02 - 2016-12-31 19:02 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Qlock
2016-12-31 19:02 - 2016-12-31 19:02 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qlock
2016-12-31 19:01 - 2016-12-31 19:01 - 00748533 _____ C:\Users\Ivan\Downloads\qlock-install.exe
2016-12-31 18:57 - 2016-12-31 18:57 - 00000000 ____D C:\Users\Ivan\Downloads\HFPv4
2016-12-31 18:02 - 2016-12-31 18:04 - 196896495 _____ C:\Users\Ivan\Downloads\HFPv4.part2.rar
2016-12-31 17:59 - 2016-12-31 18:01 - 207618048 _____ C:\Users\Ivan\Downloads\HFPv4.part1.rar
2016-12-31 17:49 - 2016-12-31 17:51 - 293646754 _____ C:\Users\Ivan\Downloads\FXhome HitFilm Pro 2017 v5.0.5916 Incl Crack - softasm.com.rar
2016-12-31 17:36 - 2016-12-31 17:39 - 295029870 _____ C:\Users\Ivan\Downloads\FXhome HitFilm Pro 2017 v5.0.6007 (x64).rar
2016-12-30 01:32 - 2016-12-30 01:32 - 00001106 _____ C:\Users\Ivan\Desktop\Adobe Premiere Pro CC 2017.lnk
2016-12-30 00:43 - 2016-12-30 00:43 - 00001638 _____ C:\Users\Ivan\Desktop\Adobe Encore.exe - Atalho.lnk
2016-12-30 00:42 - 2016-12-30 00:42 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-12-30 00:42 - 2016-12-30 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-12-30 00:42 - 2016-12-30 00:42 - 00000000 ____D C:\ProgramData\Apple Computer
2016-12-30 00:42 - 2016-12-30 00:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-30 00:40 - 2016-12-30 00:40 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-30 00:40 - 2016-12-30 00:40 - 00000000 ____D C:\Users\Ivan\AppData\Local\Apple
2016-12-30 00:40 - 2016-12-30 00:40 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-30 00:39 - 2016-12-30 00:39 - 00000000 ____D C:\Users\Ivan\AppData\LocalLow\Apple Computer
2016-12-30 00:38 - 2016-12-30 00:38 - 41896256 _____ (Apple Inc.) C:\Users\Ivan\Downloads\QuickTimeInstaller.exe
2016-12-30 00:07 - 2012-05-10 09:31 - 00708608 _____ (MPT34M ) C:\Users\Ivan\Downloads\Adobe CS6 Activator - All Products CS6 Version.exe
2016-12-29 23:55 - 2016-12-29 23:55 - 00000000 ____D C:\Program Files (x86)\My Company Name
2016-12-29 23:55 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2016-12-29 23:55 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2016-12-29 23:55 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2016-12-29 23:54 - 2016-12-29 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-12-29 23:52 - 2016-12-29 23:52 - 00000957 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-12-29 23:52 - 2016-12-29 23:52 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-12-29 23:52 - 2016-12-29 23:52 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-12-29 23:05 - 2016-12-29 23:07 - 00000000 ____D C:\Users\Ivan\Downloads\PremierePro_6_LS7
2016-12-29 22:19 - 2016-12-29 22:19 - 00699531 _____ C:\Users\Ivan\Downloads\AdobeAtivador.rar
2016-12-29 22:00 - 2016-12-29 22:10 - 1182717118 _____ C:\Users\Ivan\Downloads\PremierePro_6_LS7.7z
2016-12-29 04:21 - 2016-12-29 04:21 - 00097784 _____ C:\Windows\vssMgr.exe
2016-12-29 02:55 - 2016-12-29 02:55 - 00034296 _____ C:\Windows\system32\MDANTDRV.sys
2016-12-29 01:09 - 2016-12-29 01:09 - 00177217 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 D.jpg
2016-12-29 01:07 - 2016-12-29 01:07 - 00166013 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 C.jpg
2016-12-29 01:05 - 2016-12-29 01:05 - 00156310 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 B.jpg
2016-12-29 01:04 - 2016-12-29 01:04 - 00160140 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 A.jpg
2016-12-29 01:03 - 2016-12-29 01:03 - 00106847 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016.jpg
2016-12-28 16:50 - 2016-12-28 16:48 - 00028107 _____ C:\Users\Ivan\Documents\Pagto Net 10-12.pdf
2016-12-27 22:27 - 2016-12-27 22:13 - 00007831 _____ C:\Users\Ivan\Downloads\Logo RC 2016.png
2016-12-26 18:16 - 2016-12-26 18:16 - 00001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2016-12-26 18:16 - 2016-12-26 18:16 - 00000000 ____D C:\Users\Public\Documents\Adobe
2016-12-26 18:07 - 2016-12-26 18:07 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2016-12-26 17:55 - 2016-12-26 18:35 - 00175624 _____ C:\Users\Ivan\Documents\PDApp.log
2016-12-26 17:25 - 2016-12-26 17:25 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-12-26 17:25 - 2016-12-26 17:25 - 00001097 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-12-26 15:46 - 2016-12-26 15:47 - 00000000 ____D C:\Program Files (x86)\GUM6C59.tmp
2016-12-26 00:33 - 2016-12-26 00:33 - 00015547 _____ C:\Users\Ivan\Downloads\Snapshot_1.jpg
2016-12-26 00:15 - 2016-12-26 00:07 - 00074692 _____ C:\Users\Ivan\Downloads\Snapshot_1.png
2016-12-25 19:49 - 2016-12-25 19:49 - 00000465 _____ C:\Users\Ivan\Documents\Instalação do Adobe Premiere Pro.txt
2016-12-25 15:48 - 2016-12-26 23:09 - 00000000 ____D C:\Users\Ivan\Documents\Wondershare DVD Creator
2016-12-25 15:48 - 2016-12-25 15:48 - 00001150 _____ C:\Users\Ivan\Desktop\Wondershare DVD Creator.lnk
2016-12-25 15:48 - 2016-12-25 15:48 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-12-25 15:31 - 2016-12-25 15:31 - 41271368 _____ (Wondershare ) C:\Users\Ivan\Downloads\ws_dvdcreator_win_av.exe
2016-12-25 15:30 - 2016-12-25 15:30 - 01114256 _____ C:\Users\Ivan\Downloads\dvd-creator_setup_full1203.exe
2016-12-25 01:33 - 2016-12-25 01:33 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Publish Providers
2016-12-25 01:33 - 2016-12-25 01:33 - 00000000 ____D C:\ProgramData\VEGAS Pro
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\VEGAS Pro
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\VEGAS
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\MAGIX Computer Products Intl. Co
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\MAGIX
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Local\VEGAS Pro
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Local\Sony
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\ProgramData\MAGIX
2016-12-25 01:24 - 2016-12-25 01:24 - 00001045 _____ C:\Users\Public\Desktop\Vegas Pro 14.0 (64-bit).lnk
2016-12-25 01:24 - 2016-12-25 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\Users\Ivan\AppData\Local\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\ProgramData\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\Program Files\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\Program Files (x86)\VEGAS
2016-12-25 01:21 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Sony
2016-12-24 19:14 - 2016-12-24 19:14 - 00111417 _____ C:\Users\Ivan\Downloads\Cartão-de-Nata-1l.jpg
2016-12-24 18:58 - 2016-12-24 18:58 - 00148761 _____ C:\Users\Ivan\Downloads\coracao-agua-4.jpg
2016-12-24 18:25 - 2016-12-24 19:13 - 01898678 _____ C:\Users\Ivan\Downloads\Cartão-de-Natal.psd
2016-12-24 17:56 - 2016-12-24 17:56 - 00306604 _____ C:\Users\Ivan\Downloads\Cartão-de-Natal.jpg
2016-12-24 17:45 - 2016-12-24 17:45 - 00006223 _____ C:\Users\Ivan\Downloads\Jesus Cristo.jpg
2016-12-23 20:47 - 2016-12-24 19:21 - 00000000 ____D C:\Users\Ivan\Downloads\0UINT4L3
2016-12-21 21:22 - 2016-12-21 21:22 - 00000810 _____ C:\Users\Ivan\Documents\Reclamaçao a Sky.txt
2016-12-21 18:38 - 2016-12-21 18:38 - 01880519 _____ (DTI Data ) C:\Users\Ivan\Downloads\hard-drive-scan-verification.exe
2016-12-21 18:34 - 2016-12-21 18:36 - 71365725 _____ C:\Users\Ivan\Downloads\Maxtor Firmware.rar
2016-12-21 01:44 - 2016-12-21 01:44 - 00000000 ____D C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008
2016-12-20 22:29 - 2016-12-20 22:45 - 75766859 _____ C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008.part5.rar
2016-12-20 21:37 - 2016-12-20 21:59 - 104857600 _____ C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008.part4.rar
2016-12-20 20:26 - 2016-12-20 20:26 - 00000054 _____ C:\Users\Ivan\Documents\Senha para descompactar Wincom 9 SP4.txt
2016-12-20 20:23 - 2016-12-20 20:44 - 104857600 _____ C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008.part3.rar
2016-12-20 17:33 - 2016-12-20 17:38 - 104857600 _____ C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008.part2.rar
2016-12-20 17:07 - 2016-12-20 17:13 - 104857600 _____ C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008.part1.rar
2016-12-20 16:04 - 2016-12-20 16:04 - 21849402 _____ C:\Users\Ivan\Downloads\Como converter imagens JPG, GIF, PNG, BMP e etc para matriz de bordados computadorizado.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-19 16:55 - 2014-03-13 09:37 - 00000000 ____D C:\Users\Ivan\AppData\Local\CrashDumps
2017-01-19 16:15 - 2016-11-18 16:56 - 00000000 ____D C:\Users\Ivan\AppData\LocalLow\Mozilla
2017-01-19 15:50 - 2009-07-14 00:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-19 15:50 - 2009-07-14 00:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-19 15:26 - 2015-04-25 11:06 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2017-01-19 15:26 - 2014-04-01 13:44 - 00706008 _____ C:\Windows\system32\prfh0416.dat
2017-01-19 15:26 - 2014-04-01 13:44 - 00147848 _____ C:\Windows\system32\prfc0416.dat
2017-01-19 15:26 - 2009-07-14 01:13 - 01635890 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-19 15:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-01-19 15:21 - 2015-04-25 01:17 - 00000000 ____D C:\Program Files (x86)\WinDFT
2017-01-19 15:18 - 2016-10-29 01:36 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-01-19 15:14 - 2014-09-05 15:58 - 00000000 ____D C:\ProgramData\GbPlugin
2017-01-19 15:14 - 2014-09-05 15:58 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-01-19 15:13 - 2015-10-15 20:25 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-01-19 15:13 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-19 01:44 - 2016-10-29 01:36 - 01368548 _____ C:\Windows\SysWOW64\winapp2_disk.csv
2017-01-17 16:46 - 2014-03-13 09:13 - 00000000 ____D C:\Users\Ivan\AppData\Local\VirtualStore
2017-01-17 01:39 - 2016-01-24 23:11 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\uTorrent
2017-01-15 01:22 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\DMCache
2017-01-14 23:39 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\IDM
2017-01-14 23:35 - 2016-06-05 08:23 - 00000000 ____D C:\Windows\Minidump
2017-01-13 21:16 - 2015-09-10 17:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-13 13:45 - 2014-03-13 09:04 - 00000000 ____D C:\Users\Ivan
2017-01-12 21:01 - 2016-04-01 23:15 - 00000091 _____ C:\Users\Ivan\AppData\default.pls
2017-01-12 01:18 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\Downloads\Video
2017-01-11 14:13 - 2015-06-15 23:41 - 00000000 ____D C:\Users\Ivan\AppData\Local\CutePDF Writer
2017-01-11 12:03 - 2014-03-13 12:20 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 11:48 - 2014-03-13 12:20 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-09 21:15 - 2015-09-10 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-09 21:15 - 2014-03-13 10:56 - 00000000 ____D C:\ProgramData\Avira
2017-01-09 21:15 - 2014-03-13 10:56 - 00000000 ____D C:\Program Files (x86)\Avira
2017-01-08 22:54 - 2014-03-13 10:40 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Adobe
2017-01-04 20:52 - 2014-03-13 17:36 - 00000000 ____D C:\Users\Ivan\AppData\Local\Adobe
2017-01-04 20:51 - 2014-03-13 18:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-04 20:51 - 2014-03-13 18:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-04 20:51 - 2014-03-13 18:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-04 20:51 - 2012-02-25 21:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-03 21:58 - 2015-05-27 19:54 - 00000000 ____D C:\Users\Ivan\Downloads\RamCapturer64
2017-01-01 19:24 - 2016-01-09 01:09 - 00000000 ____D C:\Program Files\Recuva
2017-01-01 17:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-01 03:19 - 2009-07-14 01:08 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-31 19:02 - 2014-03-13 09:04 - 00000000 ___RD C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-29 23:56 - 2016-08-28 15:26 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-12-29 23:56 - 2016-08-28 15:24 - 00000000 ____D C:\Program Files\Adobe
2016-12-29 23:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\catroot
2016-12-29 23:52 - 2015-06-15 21:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-29 23:52 - 2012-02-25 21:04 - 00000000 ____D C:\ProgramData\Adobe
2016-12-29 23:52 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default\AppData\Roaming
2016-12-29 23:52 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming
2016-12-28 21:23 - 2016-08-07 03:29 - 00162443 _____ C:\Users\Ivan\Documents\starburn.txt
2016-12-28 17:15 - 2016-11-23 20:52 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\dvdcss
2016-12-27 10:41 - 2009-07-14 00:45 - 05153408 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-27 02:50 - 2016-06-24 07:31 - 00524288 ___SH C:\Users\Ivan\ntuser.dat{22474ab3-39ff-11e6-bbf1-78843cb270f1}.TMContainer00000000000000000001.regtrans-ms
2016-12-27 02:50 - 2016-06-24 07:31 - 00065536 ___SH C:\Users\Ivan\ntuser.dat{22474ab3-39ff-11e6-bbf1-78843cb270f1}.TM.blf
2016-12-27 02:37 - 2016-12-18 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureHunter
2016-12-26 18:41 - 2016-08-28 15:40 - 00000000 ____D C:\Users\Ivan\Documents\Adobe
2016-12-26 18:36 - 2014-03-13 09:04 - 00131120 _____ C:\Users\Ivan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-26 18:15 - 2016-09-10 01:49 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-12-26 18:08 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Fonts
2016-12-26 17:02 - 2016-03-03 11:34 - 00000979 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-12-26 17:02 - 2016-03-03 11:34 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Notepad++
2016-12-26 16:16 - 2015-08-23 01:45 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-26 16:16 - 2015-08-23 01:45 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-26 15:46 - 2015-09-20 15:57 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0f3de85dace73
2016-12-26 15:46 - 2015-09-20 15:57 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0f3de85391025
2016-12-26 15:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Tasks
2016-12-25 16:53 - 2016-05-14 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2016-12-25 16:53 - 2016-05-14 10:18 - 00000000 ____D C:\Program Files\Process Hacker 2
2016-12-25 16:45 - 2016-05-14 10:18 - 00002178 _____ C:\Users\Ivan\Desktop\Process Hacker 2.lnk
2016-12-25 15:48 - 2016-08-07 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-12-25 01:25 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\assembly
2016-12-25 01:25 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-22 18:08 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\Downloads\Compressed
2016-12-22 15:54 - 2016-12-10 10:41 - 00109565 _____ C:\Users\Ivan\Documents\d_megasc.xlsx
2016-12-22 11:46 - 2014-08-25 23:53 - 00000000 ____D C:\Users\Ivan\AppData\Local\Microsoft Help
2016-12-21 00:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-20 10:56 - 2015-11-27 23:23 - 00003578 _____ C:\Windows\System32\Tasks\TinyTakeUpgrade

==================== Files in the root of some directories =======

2015-10-15 20:27 - 2015-10-15 20:27 - 0017908 _____ () C:\Users\Ivan\AppData\Roaming\unins000.dat
2016-09-13 22:26 - 2016-09-13 22:30 - 0018130 _____ () C:\Users\Ivan\AppData\Roaming\unins001.dat
2014-03-18 15:53 - 2014-03-18 15:53 - 0001567 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140318.155318.txt
2014-04-05 15:52 - 2014-04-05 15:52 - 0001567 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140405.155230.txt
2014-06-13 08:21 - 2014-06-13 08:21 - 0001544 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140613.082127.txt
2015-05-11 19:26 - 2015-05-11 19:26 - 0001565 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20150511.192628.txt
2015-10-01 17:34 - 2015-10-01 17:34 - 0001542 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20151001.173412.txt
2015-10-06 14:04 - 2015-10-06 14:04 - 0001566 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20151006.140408.txt
2016-04-10 22:40 - 2016-04-10 22:40 - 0001543 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20160410.224022.txt
2016-09-08 01:32 - 2016-09-08 01:32 - 0001565 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20160908.013223.txt
2015-10-19 13:42 - 2015-10-19 13:42 - 0000028 _____ () C:\Users\Ivan\AppData\Local\settings.ini
2016-11-28 02:40 - 2016-11-28 02:40 - 0000176 _____ () C:\Users\Ivan\AppData\Local\uts.ini
2012-02-25 20:11 - 2012-02-25 20:12 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-29 01:51

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by Ivan (19-01-2017 17:08:49)
Running from C:\Users\Ivan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-03-13 13:04:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3714546670-946274982-931039520-500 - Administrator - Disabled)
Guest (S-1-5-21-3714546670-946274982-931039520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3714546670-946274982-931039520-1009 - Limited - Enabled)
Ivan (S-1-5-21-3714546670-946274982-931039520-1005 - Administrator - Enabled) => C:\Users\Ivan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
AirDroid 3.3.5.0 (HKLM-x32\...\AirDroid) (Version: 3.3.5.0 - Sand Studio)
Altap Salamander 3.06 (x64) (HKLM\...\Altap Salamander 3.06 (x64)) (Version: 3.06 - ALTAP)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Android Ultimate Toolbox Pro (HKLM-x32\...\{80E86044-5C1D-42A3-A119-1FA8839FB701}) (Version: 1.2.0.0 - D01 MicroApps)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.367 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.2.3.19655 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1D00}) (Version: 12.29.0.1473 - APN, LLC)
AviraScoutMsi (x32 Version: 16.02.15.00170 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\{F22E13B7-2C58-4BE6-BA9D-24303403B494}) (Version: 0.10.6.8001 - BlueStack Systems, Inc.)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.50 - Conexant)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
Digital microscope (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.3.0.3 - DiskInternals Research)
DiskInternals Linux Recovery (HKLM-x32\...\DiskInternals Linux Recovery) (Version: 4.5 - DiskInternals Research)
DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 5.7 - DiskInternals Research)
Easy File Locker 1.5 (HKLM-x32\...\Easy File Locker) (Version: 1.5 - XOSLAB.COM)
Geosense for Windows (HKLM\...\{D617DF82-6046-44EB-AD4A-D3423319E12C}) (Version: 1.2.0.0 - Within Network, LLC)
GoldWave v6.10 (HKLM\...\GoldWave v6.10) (Version: 6.10 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
IDM Patch 6.25 build 05 (HKLM-x32\...\IDM Patch 6.25 build 05) (Version: build 05 - SandySeedings Team)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: 1.* - )
inSSIDer 4 (HKLM-x32\...\{068F709E-5BA2-4C2F-84E9-B2DFF374F366}) (Version: 4.2.0.12 - MetaGeek, LLC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intelbras Media Player 3.36.11 (HKLM-x32\...\Intelbras Media Player) (Version: 3.36.11 - )
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboard Shortcuts (HKLM-x32\...\{FE8974B4-479C-4DBA-8544-9E5342ABB26A}) (Version: 1.1.0.08290 - Sony Corporation)
Laplink DiskImage Professional (HKLM\...\{56F8EF3C-D9A0-4728-95D5-DC05A72931F5}) (Version: 7.81.11 - Laplink Software, Inc)
Laplink PCmover Enterprise (HKLM-x32\...\{21FED337-581F-47D9-B7E2-ABF6C7C132A8}) (Version: 10.01.645 - Laplink Software, Inc.)
Malwarebytes versão 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Media Gallery (Version: 2.0.0.11150 - Sony Corporation) Hidden
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MicroCapture 2.0 (HKLM-x32\...\MicroCapture) (Version: 2.0 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 pt-BR)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\MyFreeCodec) (Version:  - )
Nero 7 Ultra Edition (HKLM-x32\...\{C6115A28-F277-4E82-B067-84D28BF21046}) (Version: 7.03.1357 - Nero AG)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
OOBE (x32 Version: 11.2.1.10 - Sony Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Qlock Free (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Qlock) (Version: 1.91 - Vitei inc)
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raise Data Recovery (HKLM\...\rdr) (Version: 6.4.2 - LLC SysDev Laboratories)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remix OS (HKLM-x32\...\RemixOS) (Version:  - )
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Screen Grab Pro (HKLM-x32\...\{581125F9-D1C6-4797-93BB-47A992D69AA8}) (Version:  - )
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SMI Grabber Device (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.29 - Somagic)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.9.0 - Synaptics Incorporated)
Syncios 6.0.2 (HKLM-x32\...\Syncios) (Version: 6.0.2 - Anvsoft)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.50527 A - TeamViewer)
TFTP Client (HKLM-x32\...\TFTP Client) (Version:  - )
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
TinyTake by MangoApps (HKLM-x32\...\{cbb7c584-20c0-4426-9921-ac1cc52ff54d}) (Version: 4.0.1 - MangoApps)
TinyTake by MangoApps (x32 Version: 4.0.1 - MangoApps) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Media Gallery (HKLM-x32\...\{DD696AF7-8A89-41D5-976A-2053E41A69BE}) (Version: 2.2.3.04170 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.11.11160 - Sony Corporation) Hidden
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care (x32 Version: 6.4.0.15030 - Sony Corporation) Hidden
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (HKLM-x32\...\{F5248E24-F52C-4FD1-B76F-102460BAFD6B}) (Version: 14.00.0125 - Sony Corporation)
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO Quick Web Access (x32 Version: 1.4.5.5 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.10.2.08270 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F000C}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F000C}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{C78B614C-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (ALTAP)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009C04E9-C525-4404-B6D1-8DF6D6DC3694} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {04E1EC9D-6F44-4AE7-8D62-FDAE71482F5B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {05376BBF-F45D-4DA2-BA43-45A3064BE927} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {095A8847-20C2-4A6C-ACCF-4DF1F0737AFC} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {0C27557E-D4E6-4617-B3E0-C79A849D55DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {18CB6D2A-3C3C-4C39-949A-B15A2A7BE1DE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {1D0B746E-663B-445B-B5EF-62BE990FAC90} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {21292617-EA11-48D7-938A-8E789EF1C231} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {25C8D1DE-0489-48A2-AED8-1004F9D6DC52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {26DC3E0C-B5E7-4C39-93CF-1E710116085B} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {2B863642-3438-4D67-8BCB-AE6B23EC95BA} - System32\Tasks\VAIO® Messenger (Ivan) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {2EF3D667-644A-4E75-B96D-566ED111FD9D} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f3de85391025 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3554DA6E-AA9E-4627-9837-9CEE4B8EE030} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {3AE5B1F5-4361-4F30-B6A2-04341920CC8F} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {45B644A3-64E0-4C6D-8F10-AB53162BC895} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2011-08-31] ()
Task: {51E4DFF9-4230-40FB-BA18-98AF805BC24F} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f3de85dace73 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {54499AD8-03B1-43F0-8593-6AD3F37EB409} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {62C56036-F72E-4AB7-8A36-EC7807A76612} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient [Argument = /Start]
Task: {654EF357-8E87-46B8-981E-17E175E659C0} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {69E36298-7B49-4FAB-82E9-6417D0114011} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {7F18F11C-2259-4045-BD4F-DA24CFA621B7} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ivan\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe [2015-10-13] (MangoApps Inc.)
Task: {8058F7E6-4B0E-465F-ADB0-349673A08666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {85F3EE02-4F44-4B77-A63E-DAEDF6C56C10} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {86CD374E-8039-4514-BEE9-C572F196668E} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-10-18] (Avira Operations GmbH & Co. KG)
Task: {8A855ED2-26EE-4C7E-B169-1514FB070BCF} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {92E0678C-7B0D-4FCE-8325-AC3A5D022681} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {9BB0577A-BB1F-4B2E-B90D-C9F3378A99CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-04] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B308B8CE-167D-4EE8-A0B1-129DDE49A1BA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {B3AF4A93-B58D-4832-8DFE-0C0662393F43} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {B4B66809-153E-4054-BEB3-450B3E80B02E} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BBB45B94-D3A4-45A9-A958-66BB99359CD8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {C27D5544-478D-40E8-BFDE-B0A22CEA9C09} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C5DEB034-64BC-4A8E-94DE-F7E13CBE9848} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music Ivan => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2011-10-03] (Sony Corporation)
Task: {CE6548F1-8A4A-41C7-9E67-056850378CFF} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D41279D5-BC7F-4868-834C-9BD575704A3E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {DABCD011-1F9F-4EBF-A996-C19B739CD941} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib TaskTray => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [2011-11-03] (Sony Corporation)
Task: {E0B846C9-F3FA-456E-B21E-7BAEF1FE3017} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E37EC287-8E65-4D27-863F-228B5EFC7031} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {EC26B6E7-9154-49ED-95F5-CDBA85E00152} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {EE689E85-8183-45EC-9F7C-D3306EE6151C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FD139FD3-BE2B-49C9-A172-1B66471E155E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files (x86)\Simple Port Forwarding\basic_ui.bat ()
Shortcut: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qlock\Help.lnk -> hxxp://www.qlock.com/help

==================== Loaded Modules (Whitelisted) ==============

2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-06-15 23:40 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
2016-11-28 02:40 - 2016-11-28 02:39 - 00017376 _____ () C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
2017-01-01 16:38 - 2017-01-01 16:38 - 00064512 _____ () C:\Windows\SearchIndexer.exe
2017-01-11 02:31 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-11 02:31 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-21 17:38 - 2016-02-21 17:38 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-03-28 03:04 - 2011-03-28 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-08 14:50 - 2015-05-08 14:50 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-06-21 20:39 - 2016-06-21 20:39 - 01419776 _____ () C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2012-02-25 21:00 - 2011-03-05 20:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 10:49 - 2016-10-25 10:49 - 00109760 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-05-11 09:35 - 2016-05-11 09:35 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2012-02-25 20:21 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:25EB0427_Cef.gbp [2]
AlternateDataStreams: C:\Windows\System32:25EB0427_Isg.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2166]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\caixa.gov.br -> imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\infoseg.gov.br -> hxxp://www.infoseg.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\serpro.gov.br -> hxxps://infoseg9.serpro.gov.br

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-01-11 02:20 - 00000942 ____N C:\Windows\system32\Drivers\etc\hosts

    0.0.0.0    keysotne.mwbsys.com127.0.0.1                   example.net
127.0.0.1                   keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3714546670-946274982-931039520-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: ImDskSvc => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: OO DiskImage => 2
MSCONFIG\Services: SophosVirusRemovalTool => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: WsDrvInst => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk => C:\Windows\pss\TMMonitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk => C:\Windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: FAStartup =>
MSCONFIG\startupreg: FATrayAlert => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
MSCONFIG\startupreg: FreeHideIPunstall =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_C76D497934B1A0EE0E3BF23C3F10F9A7 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: OODITRAY.EXE => C:\Program Files\Laplink\DiskImage\ooditray.exe
MSCONFIG\startupreg: PC Remote Server => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TinyTake by MangoApps => "C:\Users\Ivan\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe" NOTOPENCONTEXTMENU
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A70359FB-69DA-45AF-A7D0-E0B4566E3133}] => C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{CF064422-05B5-4043-B099-1F2D4178C90A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70A47580-D530-4C4A-A92D-A6B04B4DD111}] => LPort=2869
FirewallRules: [{690A5E44-93E9-4E3B-A75A-79BE604E252D}] => LPort=1900
FirewallRules: [{CC660E36-D225-45D0-ACF9-8701019DBA70}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3C353CC2-E905-43A5-BB48-109BB2E18455}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{51834E06-7B2C-4308-A3E5-7BA8CF8BCEB5}] => C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{31C8BE3E-B4C8-49FB-9F19-A6F615827F9B}] => C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{14D45B68-ACD8-4340-86CA-C9E13AA13718}] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
FirewallRules: [{9F8F5C54-4D93-4000-B4B0-CFA5DC44FE59}] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{CAC38972-004A-4D1A-8A67-D3F18742900F}] => C:\Program Files (x86)\Sony\Media Gallery\VRLP.exe
FirewallRules: [{26B62950-7CFA-4286-BD5B-C68DFB15E44C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D113E971-C739-4B3A-A5EC-42C65ED9716B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC69ED9E-9303-4128-9024-C4D57D814B42}] => C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{7192DA52-8681-4B15-ABD7-AC26415C8542}] => C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{8664838F-22A5-4EC5-B735-470557676330}] => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{D5697FF2-A701-47FB-8272-24F2A091A4BF}] => C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{1BF5F74D-025D-493B-A633-B223A201C7AC}] => C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{3A608BE2-255B-466D-9AAE-C43BA4F4DAFA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8945EE26-AEAE-49AC-9F66-5B7357DB9C54}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37439B52-B830-4EBC-B943-AAA2C4AFB384}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1EA0333B-8755-445D-A045-B35961902A4B}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{46A0D045-05C4-4D1F-843A-B5A1A9EB34F6}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FF41E427-5A11-4FA3-8F02-E77D49E77E70}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{638F7488-C483-414E-969A-0413DE17F912}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [UDP Query User{C529F1AE-6246-42C7-81A6-CFE18E236096}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [{44F2E0EF-251C-4038-82E8-7571FE4AE4C4}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA026661-1E60-4B47-BF5E-C0505D4F250A}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A8EA6FA-D041-4248-907D-A33649096D12}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2C99A0B3-3C01-4EB0-99FA-8C4A5CE47514}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE5658E9-3EE7-48B1-8828-C1DBC8FEFB5D}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE3F91C6-2FE9-4D9A-ACCA-706CC7255287}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9AEFD00B-CB98-4910-81A5-396442A32179}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{061C0E8E-1DB0-41DE-877D-DCAAC8A55158}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{A70F557A-FECD-4DFC-A078-A928350BB404}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{6A3B8C2C-662A-43BF-92DA-80D6F834536F}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{15505A3B-E9BF-432D-B139-4D85D085189E}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{A2395079-CC16-4908-92AA-F964E8FD1A71}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{3941A930-5766-456F-A126-B79FF00CE3E4}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{1EE1D3DE-1B75-418E-B88D-CB28D122FCF4}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [{6A60F6F5-8C02-4A83-BEA4-68B2435BB81E}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{4F1079E9-5C42-4803-B76C-6A452AB62C21}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{B8767609-ABD2-464F-A955-33F5D4CB5C6F}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [TCP Query User{FC289D15-F163-4E5D-AD63-0C6F4396AE37}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{4D2E170E-6FF6-4CC0-A11D-ACF3A14CE3D1}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [{368890DC-D616-4D0A-96D2-B702804439B1}] => C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [{E8721374-3AE5-4130-8850-93985B0B5A21}] => C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [TCP Query User{DA6FBAC5-ED00-4BA6-898F-6874BFAADE01}C:\windows\ehome\ehexthost.exe] => C:\windows\ehome\ehexthost.exe
FirewallRules: [UDP Query User{23F57204-109E-449C-95B2-78B3A39ADD8B}C:\windows\ehome\ehexthost.exe] => C:\windows\ehome\ehexthost.exe
FirewallRules: [{C05C36E1-75DC-4F2D-A1D1-CBF30F00B59B}] => C:\Program Files (x86)\Deskshare\IP Camera Viewer 3\IP Camera Viewer.exe
FirewallRules: [{21FB453E-3A60-4E80-A5B6-2FAD6528A689}] => C:\Program Files (x86)\Deskshare\IP Camera Viewer 3\IP Camera Viewer.exe
FirewallRules: [{7AAB3F22-966F-40BC-91D9-9F3263FE5B35}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{53436137-4432-4141-B141-EE2520A9CC71}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{9F9D14D1-D98E-4ADF-BE12-A893FB0E0EBA}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{DB887C5C-3C10-4681-86E1-9CD48F61B719}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{4F5AECDD-146C-4878-BE67-5F6B836923AF}] => %ProgramFiles%\Wondershare\Filmora\ImageHost.exe
FirewallRules: [{D3833999-D5B7-4165-9751-85A67F7EE70C}] => %ProgramFiles%\Wondershare\Filmora\Wondershare Helper Compact.exe
FirewallRules: [{10596333-2C4C-4C44-844E-C3EC70794BF5}] => %ProgramFiles%\Wondershare\Filmora\WSResDownloader.exe
FirewallRules: [{8A8B072C-6FA5-4DB1-9B0E-BEDD7538C2C0}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{17847381-76CD-492A-B7BF-195C9B579485}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{D29FB238-9957-4747-B682-3D2784AA1DED}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{169D8E2E-4102-43BA-946A-4DB3B8A2CED7}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{29A47274-F4AF-4E30-BE50-258BFC49E286}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [TCP Query User{FF0413C0-8AC0-421A-9788-C4C722D5DF86}C:\users\ivan\downloads\rtl1090a\rtl1090.exe] => C:\users\ivan\downloads\rtl1090a\rtl1090.exe
FirewallRules: [UDP Query User{52BE858F-5C0D-4EF2-9B03-5D5E07629095}C:\users\ivan\downloads\rtl1090a\rtl1090.exe] => C:\users\ivan\downloads\rtl1090a\rtl1090.exe
FirewallRules: [{A4522630-4520-407E-A439-7E1724AE93E3}] => C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{DDB90306-9E83-4B90-97EE-14C5C89EC427}] => C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{B20F4783-3192-4E98-AD65-5189FF792D87}] => C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{461001B9-BC1B-475B-8A26-63286E5B2B8D}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{48864A6E-2E7E-4AF1-8B14-33D3417E6BA8}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99FCE23D-DF17-4461-839A-77E1D5C0F1C6}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{F4A5015C-8719-46E9-A098-259CD6EC3B5B}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{8F2EA323-7CA7-4845-B71F-81159404CEF7}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{90A832AF-C289-495F-8556-4871D3F3D160}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{39DDF0EF-5E6C-4A57-8924-540942368766}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5AF79AAC-2E99-4F0A-B858-9850B8A1D612}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{241B5A05-FAC1-4222-A27A-D55090C0B364}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [TCP Query User{C84872FE-C12D-4F12-BF10-94EC0814B286}C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe] => C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe
FirewallRules: [UDP Query User{D166B843-3A2D-415E-ABF4-3ABD007756E0}C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe] => C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe

==================== Restore Points =========================

09-01-2017 21:26:22 Instalação de Pacote de Driver de Dispositivo: TAP-Windows Provider V9 Adaptadores de rede
11-01-2017 11:45:10 Windows Update
12-01-2017 00:40:47 Instalado Microsoft Visual C++ 2005 Redistributable
13-01-2017 21:16:06 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2017 01:28:06 Instalação de Pacote de Driver de Dispositivo: WsAudioDevice_383S(1) Controladores de som, vídeo e jogos

==================== Faulty Device Manager Devices =============

Name: Ubar Callout Driver
Description: Ubar Callout Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: UbarCalloutDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2017 04:55:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: RAWDriveRecovery.exe, versão: 5.6.8.0, carimbo de hora: 0x58116660
Nome do módulo de falhas: MSVCR90.dll, versão: 9.0.30729.6161, carimbo de hora: 0x4dace5b9
Código de exceção: 0xc0000417
Deslocamento com falha: 0x00036d36
Identificação do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d27290281c0ac2
Caminho do aplicativo com falha: C:\Program Files (x86)\M3 Software\M3 RAW Drive Recovery\RAWDriveRecovery.exe
FCaminho do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Identificação do Relatório: a5b2f475-de89-11e6-a638-78843cb270f1

Error: (01/19/2017 03:36:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa VAIO Messenger.exe versão 2.0.550.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 1720

Hora de Início: 01d272891e54baba

Hora de Término: 208

Caminho do Aplicativo: C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

Id do Relatório: 7da42b20-de7e-11e6-a638-78843cb270f1

Error: (01/19/2017 03:13:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/18/2017 05:44:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/18/2017 05:37:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Ivan-VAIO)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.

Error: (01/18/2017 05:37:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Ivan-VAIO)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.

Error: (01/18/2017 05:37:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Ivan-VAIO)
Description: O Windows não pode carregar o perfil armazenado localmente. As possíveis causas do erro são direitos de segurança insuficientes ou um perfil local corrompido.

 DETALHE - O arquivo já está sendo usado por outro processo.

Error: (01/18/2017 05:37:24 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.

 DETALHE - O arquivo já está sendo usado por outro processo.
 para C:\Users\Ivan\ntuser.dat

Error: (01/18/2017 05:29:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/17/2017 04:49:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: VidCap60.EXE, versão: 6.0.0.1003, carimbo de hora: 0x57aba518
Nome do módulo de falhas: VidCap60.EXE, versão: 6.0.0.1003, carimbo de hora: 0x57aba518
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0005a490
Identificação do processo com falha: 0x215c
Hora de início do aplicativo com falha: 0x01d27102ba140a6b
Caminho do aplicativo com falha: C:\Program Files\VEGAS\VEGAS Pro 14.0\VidCap60.EXE
FCaminho do módulo de falhas: C:\Program Files\VEGAS\VEGAS Pro 14.0\VidCap60.EXE
Identificação do Relatório: 7413b89a-dcf6-11e6-9eaa-78843cb270f1


System errors:
=============
Error: (01/19/2017 03:41:40 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{51ced5a0-de7b-11e6-a638-78843cb270f1} não podem ser lidas.

Error: (01/19/2017 03:41:39 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{51ced59c-de7b-11e6-a638-78843cb270f1} não podem ser lidas.

Error: (01/19/2017 03:41:39 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{51ced59e-de7b-11e6-a638-78843cb270f1} não podem ser lidas.

Error: (01/19/2017 03:33:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Serviço de Relatórios de Erro do Windows.

Error: (01/19/2017 03:19:56 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{51ced5a0-de7b-11e6-a638-78843cb270f1} não podem ser lidas.

Error: (01/19/2017 03:19:54 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{51ced59e-de7b-11e6-a638-78843cb270f1} não podem ser lidas.

Error: (01/19/2017 03:19:52 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{51ced59c-de7b-11e6-a638-78843cb270f1} não podem ser lidas.

Error: (01/19/2017 03:17:34 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: O serviço 'WMPNetworkSvc' não foi iniciado corretamente porque CoCreateInstance(CLSID_UPnPDeviceFinder) encontrou o erro '0x80004005'. Verifique se o serviço UPnPHost está sendo executado e se o componente UPnPHost do Windows foi instalado adequadamente.

Error: (01/19/2017 03:17:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/19/2017 03:17:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 67%
Total physical RAM: 4043.86 MB
Available physical RAM: 1318.01 MB
Total Virtual: 8085.89 MB
Available Virtual: 4343.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:310.72 GB) (Free:77.24 GB) NTFS
Drive d: () (Fixed) (Total:274.2 GB) (Free:19.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 90547D58)
Partition 1: (Not Active) - (Size=11.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=310.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=274.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2283BC67)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Waiting for your reply. Tks.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:58 AM

Posted 19 January 2017 - 09:12 PM

Gretings,

Unfortunately there is evidence of a number of illegal software programs on your computer. I am going to request you completely uninstall each of the programs for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 20 January 2017 - 06:26 PM

Hi! New reports.

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\androidsdk\docs\reference\android\security\keystore\keygenparameterspec.builder.html
c:\androidsdk\docs\reference\android\security\keystore\keygenparameterspec.html
c:\androidsdk\docs\reference\java\security\spec\rsakeygenparameterspec.html
c:\androidsdk\docs\reference\javax\crypto\keygenerator.html
c:\androidsdk\docs\reference\javax\crypto\keygeneratorspi.html
c:\androidsdk\sources\android-16\java\security\spec\rsakeygenparameterspec.java
c:\androidsdk\sources\android-16\javax\crypto\keygenerator.java
c:\androidsdk\sources\android-16\javax\crypto\keygeneratorspi.java
c:\androidsdk\sources\android-16\org\apache\harmony\crypto\tests\javax\crypto\keygeneratorspitest.java
c:\androidsdk\sources\android-16\org\apache\harmony\crypto\tests\javax\crypto\keygeneratortest.java
c:\androidsdk\sources\android-16\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorfunctionaltest.java
c:\androidsdk\sources\android-16\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorthread.java
c:\androidsdk\sources\android-16\org\apache\harmony\crypto\tests\support\mykeygeneratorspi.java
c:\androidsdk\sources\android-23\android\security\keystore\androidkeystorekeygeneratorspi.java
c:\androidsdk\sources\android-23\android\security\keystore\keygenparameterspec.java
c:\androidsdk\sources\android-23\java\security\spec\rsakeygenparameterspec.java
c:\androidsdk\sources\android-23\javax\crypto\keygenerator.java
c:\androidsdk\sources\android-23\javax\crypto\keygeneratorspi.java
c:\androidsdk\sources\android-23\org\apache\harmony\crypto\tests\javax\crypto\keygeneratorspitest.java
c:\androidsdk\sources\android-23\org\apache\harmony\crypto\tests\javax\crypto\keygeneratortest.java
c:\androidsdk\sources\android-23\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorfunctionaltest.java
c:\androidsdk\sources\android-23\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorthread.java
c:\androidsdk\sources\android-23\org\apache\harmony\crypto\tests\support\mykeygeneratorspi.java
c:\program files\diebold\warsaw\windivert.dll
c:\users\ivan\favorites\crackle.url
scanner sequence 3.ZZ.11.XBABQ0
 ----- EOF -----

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by Ivan (administrator) on IVAN-VAIO (20-01-2017 19:02:33)
Running from C:\Users\Ivan\Desktop
Loaded Profiles: Ivan (Available Profiles: Ivan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
() C:\Windows\SysWOW64\dxconfig.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SecureHunter LLC) C:\Program Files (x86)\SecureHunter\AntiMalwarePro\bin\shrtsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Windows\SearchIndexer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\SearchIndexer.exe
() C:\Windows\SysWOW64\dxconfig.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Vimicro Corporation) C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Farbar) C:\Users\Ivan\Desktop\FRST64english.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [135168 2008-03-26] (Vimicro Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2724432 2015-12-26] (Sony Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [18544 2016-10-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [1925136 2016-07-15] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\KeepVid\KeepVid Pro\DelayPluginI.exe [1974432 2016-08-08] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-09-12] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginIsg: C:\Program Files (x86)\GbPlugin\gbiehIsg.dll [2016-01-04] (Infoseg - Senasp)
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\MountPoints2: {24b6844f-c400-11e3-ad44-a65fba829510} - D:\Startme.exe
ShellExecuteHooks: No Name - {B5C518CC-9E92-11E6-A998-64006A5CFC23} -  -> No File
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\Program Files (x86)\GbPlugin\gbiehisg.dll [1870240 2016-01-04] (Infoseg - Senasp)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1903328 2016-09-12] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [OODIIcon] -> {14A94384-BBED-47ed-86C0-6BF63FD892D0} => C:\Program Files\Laplink\DiskImage\oodishi.dll [2014-02-13] (O&O Software GmbH)
Startup: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk [2016-12-31]
ShortcutTarget: qlock.lnk -> C:\Users\Ivan\AppData\Roaming\Qlock\qlock.exe ()
Startup: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zSpeedup.lnk [2017-01-20]
ShortcutTarget: zSpeedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (Avira Operations GmbH & Co. KG)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1                   keystone.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4714ED28-43AD-400A-8235-0BD9537DCF5E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4C38E937-7F82-4F58-AA74-BC28874FC5ED}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2016-09-12] (Caixa Economica Federal)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540015} -> C:\Program Files (x86)\GbPlugin\gbiehisg.dll [2016-01-04] (Infoseg - Senasp)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
BHO-x32: KeepVid Pro 4.10.0 -> {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} -> C:\ProgramData\KeepVid\KeepVid Pro\WSBrowserAppMgr.dll [2016-08-08] ()
Toolbar: HKLM - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File

FireFox:
========
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\tucbvczq.default\Profiles\tucbvczq.default [not found]
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default [2017-01-20]
FF Homepage: Mozilla\Firefox\Profiles\tucbvczq.default -> hxxps://www.google.com.br/?gws_rd=ssl
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> gopher", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> gopher_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\tucbvczq.default -> type", 0
FF Extension: (Video Downloader Pro) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\@video_downloader_pro.xpi [2017-01-05]
FF Extension: (Avira Browser Safety) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\abs@avira.com.xpi [2016-11-21]
FF Extension: (ADB Helper) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\adbhelper@mozilla.org [2017-01-19]
FF Extension: (United States English Spellchecker) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-18]
FF Extension: (Valence) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\fxdevtools-adapters@mozilla.org [2017-01-18]
FF Extension: (SaveFrom.net helper) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\helper@savefrom.net.xpi [2016-10-31]
FF Extension: (Print pages to PDF) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\printPages2Pdf@reinhold.ripper [2016-07-19]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\safesearchplus2@avira.com.xpi [2016-12-15]
FF Extension: (NoScript) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-01-18]
FF Extension: (Adblock Plus) - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\tucbvczq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (KeepVid Pro) - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi [2017-01-05]
FF HKLM-x32\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\ProgramData\KeepVid\KeepVid Pro\KVAllmytube@KeepVid.com_xpi
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8878}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi
FF Extension: (GBBD Infoseg - Senasp) - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi [2016-09-13] [not signed]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2016-07-19] [not signed]
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886F}] - C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\isg\xpi
FF HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-04] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-04] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/cef -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/cef64 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/isg -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg.dll [2015-02-26] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3714546670-946274982-931039520-1005: gastecnologia.com.br/sf/isg64 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll [2015-02-26] (GAS Tecnologia)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-20] <==== ATTENTION
CHR Extension: (Google Apresentações) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-02]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-23]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-23]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-23]
CHR Extension: (Tampermonkey) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-11-02]
CHR Extension: (Planilhas do Google) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-02]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-23]
CHR Extension: (IDM Integration Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-02]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Google Apresentações) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Video Downloader professional) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-10-21]
CHR Extension: (Planilhas do Google) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]
CHR Extension: (YouTube Flash Video Player) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldkdmkgnlbehfgeifjpjabmandnchpe [2016-10-21]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-21]
CHR Extension: (Documentos Google off-line) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-21]
CHR Extension: (AdBlock) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-21]
CHR Extension: (Video Downloader Pro) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-10-21]
CHR Extension: (IDM Integration Module) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-21]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-3714546670-946274982-931039520-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-09-30] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-09-30] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-09-30] (BlueStack Systems, Inc.)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [111776 2011-08-25] (Atheros Communication Inc.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-09-12] (GAS Tecnologia)
S2 Grzerck; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Grzerck; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S4 ImDskSvc; C:\Windows\system32\imdsksvc.exe [18016 2014-09-19] (Olof Lagerkvist)
R2 KingoSoftService; C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367584 2016-11-28] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 Microsoft DirectX Configuration Service; C:\Windows\SysWOW64\dxconfig.exe [64512 2017-01-19] () [File not signed]
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
S4 OO DiskImage; C:\Program Files\Laplink\DiskImage\oodiag.exe [6258880 2014-02-13] (O&O Software GmbH)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506960 2015-12-26] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 Secure Hunter Service; C:\Program Files (x86)\SecureHunter\AntiMalwarePro\bin\shrtsrv.exe [47872 2016-11-22] (SecureHunter LLC)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [26632 2016-10-18] (Avira Operations GmbH & Co. KG)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6348560 2015-10-29] (TeamViewer GmbH)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [958112 2011-10-24] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Windows Indexer; C:\Windows\SearchIndexer.exe [64512 2017-01-01] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [311872 2011-11-10] ()
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-08-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-06-02] (Avira Operations GmbH & Co. KG)
R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [20536 2014-06-03] (Olof Lagerkvist)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-09-30] (BlueStack Systems)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 facap; C:\Windows\System32\DRIVERS\facap.sys [38400 2012-09-03] (Windows ® Win 7 DDK provider)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [42560 2014-09-19] (Olof Lagerkvist)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-11] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-20] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-15] (Malwarebytes)
S3 MDANTDRV; C:\Windows\system32\MDANTDRV.sys [34296 2016-12-29] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [936960 2010-03-17] (DiBcom SA) [File not signed]
S3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [24200 2007-07-13] (DiBcom S.A.)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 oodisr; C:\Windows\System32\DRIVERS\oodisr.sys [116928 2014-02-13] (O&O Software GmbH)
R0 oodisrh; C:\Windows\System32\DRIVERS\oodisrh.sys [41152 2014-02-13] (O&O Software GmbH)
R0 oodivd; C:\Windows\System32\DRIVERS\oodivd.sys [255680 2014-02-13] (O&O Software GmbH)
R0 oodivdh; C:\Windows\System32\DRIVERS\oodivdh.sys [44736 2014-02-13] (O&O Software GmbH)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [18528 2014-10-23] ()
S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [15456 2014-10-23] ()
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-04-24] ()
S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed]
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [821888 2011-01-26] (Windows ® Win 7 DDK provider)
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-03-11] (Vimicro Corporation)
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-03-18] (GAS Tecnologia LTDA)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2016-02-29] (Wondershare)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-01-20] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
R1 xlkfs; C:\Windows\System32\DRIVERS\xlkfs.sys [31960 2014-06-03] (XOSLAB.COM)
S3 cpuz134; \??\C:\Users\Ivan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 GrdKey; system32\DRIVERS\grdkey.sys [X]
U3 iswSvc; no ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S2 UbarCalloutDriver; \??\C:\Program Files\UBar\UbarDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 19:02 - 2017-01-20 19:02 - 00037818 _____ C:\Users\Ivan\Desktop\FRST.txt
2017-01-20 01:43 - 2017-01-20 01:43 - 00011546 _____ C:\Users\Ivan\Desktop\ckfiles1.txt
2017-01-20 01:08 - 2017-01-20 01:08 - 00468480 _____ () C:\Users\Ivan\Desktop\CKScanner.exe
2017-01-19 18:50 - 2017-01-19 18:50 - 00064512 _____ C:\Windows\SysWOW64\dxconfig.exe
2017-01-19 18:48 - 2017-01-19 18:48 - 00001240 _____ C:\Users\Ivan\Desktop\M3 Data Recovery.lnk
2017-01-19 18:48 - 2017-01-19 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M3 Data Recovery Free
2017-01-19 18:47 - 2017-01-19 18:47 - 00000000 ____D C:\Users\Ivan\Downloads\M3.Data.Recovery.5.6.8.Professional..Technician.License
2017-01-19 16:08 - 2017-01-19 16:08 - 13594445 _____ C:\Users\Ivan\Documents\2017_01_19_16_08_scan_result.sr
2017-01-19 16:03 - 2017-01-19 16:03 - 00000338 _____ C:\Users\Ivan\Documents\2017_01_19_16_03_scan_result.sr
2017-01-19 15:42 - 2017-01-19 15:42 - 00000000 ____D C:\Users\Ivan\Downloads\mde-free-portable
2017-01-18 19:10 - 2017-01-18 19:10 - 00129503 _____ C:\Users\Ivan\Documents\Summary.zip
2017-01-18 18:49 - 2017-01-18 18:49 - 02761194 _____ C:\Users\Ivan\Documents\Summary.nfo
2017-01-18 18:40 - 2017-01-18 19:04 - 00080757 _____ C:\Users\Ivan\Documents\Summary.rar
2017-01-18 18:37 - 2017-01-18 18:37 - 01738768 _____ C:\Users\Ivan\Documents\Summary.txt
2017-01-18 18:10 - 2017-01-20 19:02 - 00000000 ____D C:\FRST
2017-01-18 18:07 - 2017-01-18 18:07 - 02419712 _____ (Farbar) C:\Users\Ivan\Desktop\FRST64english.exe
2017-01-18 02:03 - 2017-01-18 02:25 - 88734415 _____ C:\Users\Ivan\Downloads\giorgifinal.mp4
2017-01-17 16:49 - 2017-01-17 16:49 - 00000728 _____ C:\Users\Ivan\Documents\Default.sfvidcap
2017-01-16 01:27 - 2016-02-29 11:26 - 00029288 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudioDevice_383S(1).sys
2017-01-14 23:47 - 2017-01-18 02:28 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\vlc
2017-01-14 23:41 - 2017-01-14 23:41 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-01-14 23:41 - 2017-01-14 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-01-14 23:40 - 2017-01-14 23:40 - 00000000 ____D C:\Program Files\VideoLAN
2017-01-13 21:17 - 2017-01-13 21:17 - 00001361 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2017-01-13 21:15 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-01-13 21:15 - 2017-01-13 21:15 - 00000000 ____D C:\Program Files (x86)\Seagate
2017-01-13 20:50 - 2017-01-13 20:50 - 00000000 ____D C:\Users\Ivan\Downloads\victoria
2017-01-13 19:18 - 2017-01-13 19:18 - 00000000 ____D C:\Users\Ivan\Downloads\HDDScan-3.3
2017-01-12 00:42 - 2017-01-12 01:17 - 00000000 ____D C:\Program Files (x86)\Intelbras Media Player
2017-01-12 00:42 - 2017-01-12 00:42 - 00001135 _____ C:\Users\Public\Desktop\Intelbras Media Player.lnk
2017-01-12 00:42 - 2017-01-12 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intelbras Media Player
2017-01-11 14:13 - 2017-01-11 14:11 - 00622831 _____ C:\Users\Ivan\Documents\FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials.pdf
2017-01-11 14:10 - 2017-01-11 14:10 - 00271456 _____ C:\Users\Ivan\Downloads\FRSTTutorial-HowtouseFarbarRecoveryScanToolpageNumber-MalwareRemovalGuidesandTutorials.html
2017-01-11 11:16 - 2017-01-05 14:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 11:16 - 2017-01-05 14:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 11:16 - 2017-01-05 14:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 11:16 - 2017-01-05 14:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 11:16 - 2017-01-05 13:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-11 11:16 - 2017-01-05 13:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 11:16 - 2017-01-05 13:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 11:16 - 2017-01-05 13:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 11:16 - 2017-01-05 13:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 11:16 - 2017-01-05 13:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 11:16 - 2017-01-05 13:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 11:16 - 2017-01-05 13:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 11:16 - 2017-01-05 13:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-11 02:32 - 2017-01-20 14:03 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-11 02:32 - 2017-01-20 14:03 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-11 02:32 - 2017-01-15 21:13 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-11 02:32 - 2017-01-11 02:52 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-11 02:31 - 2017-01-20 14:03 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-11 02:31 - 2017-01-11 02:31 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-11 02:31 - 2017-01-11 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-11 02:31 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-11 02:21 - 2017-01-11 02:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-11 01:25 - 2017-01-11 01:25 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-10 17:01 - 2017-01-20 11:28 - 00000000 ____D C:\Users\Ivan\Downloads\Malwarebytes 3.0.5 1299 Premium Lifetime License
2017-01-10 16:26 - 2017-01-10 16:27 - 20850752 _____ C:\Users\Ivan\Downloads\Malwarebytes Anti-Malware 3.0.5 1299 Premium  (Lifetime Free).mp4
2017-01-09 21:15 - 2017-01-09 21:15 - 00001072 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-01-09 21:04 - 2017-01-09 21:04 - 00000000 ____D C:\Users\Ivan\Downloads\Avira.Phantom.VPN.Pro.2.2.3.19655
2017-01-08 22:01 - 2017-01-08 22:01 - 00000000 ____D C:\ProgramData\Wondershare AllMytube
2017-01-05 18:33 - 2017-01-15 22:29 - 00000000 ____D C:\ProgramData\xml_param
2017-01-05 18:10 - 2017-01-05 18:10 - 00001273 _____ C:\Users\Public\Desktop\KeepVid Pro.lnk
2017-01-05 18:10 - 2017-01-05 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid
2017-01-05 18:09 - 2017-01-05 18:09 - 00000000 ____D C:\ProgramData\KeepVid
2017-01-05 18:06 - 2017-01-05 18:06 - 00008870 _____ C:\Users\Ivan\Documents\cc_20170105_180602.reg
2017-01-05 17:35 - 2017-01-20 11:22 - 00000000 ____D C:\Users\Ivan\Downloads\KeepVID Pro 4.10.1.0
2017-01-05 15:37 - 2017-01-08 22:34 - 00000000 ____D C:\ProgramData\KeepVid Pro
2017-01-05 15:37 - 2017-01-05 15:37 - 00000000 ____D C:\ProgramData\KeepVid Application Common Data
2017-01-05 15:26 - 2017-01-05 15:26 - 00055868 _____ C:\Users\Ivan\Documents\cc_20170105_152640.reg
2017-01-05 15:18 - 2017-01-05 15:18 - 00000000 ____D C:\Users\Ivan\Downloads\KeepVidPro.4.10.2 Fullversiondown
2017-01-05 12:01 - 2017-01-05 12:01 - 00711584 _____ C:\Windows\system32\ndm-fre.exe
2017-01-05 01:42 - 2017-01-05 01:42 - 00000000 ____D C:\Users\Ivan\AppData\Local\Keepvid
2017-01-05 01:42 - 2017-01-05 01:42 - 00000000 ____D C:\ProgramData\Aimersoft
2017-01-05 01:40 - 2017-01-05 01:40 - 00000000 ____D C:\Users\Ivan\AppData\Local\Aimersoft
2017-01-05 01:39 - 2017-01-05 01:39 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\KeepVid
2017-01-05 01:39 - 2017-01-05 01:39 - 00000000 ____D C:\Program Files (x86)\Keepvid
2017-01-05 01:36 - 2017-01-05 01:38 - 00000000 ____D C:\Users\Public\Documents\Keepvid
2017-01-04 05:52 - 2017-01-04 05:52 - 00034696 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2017-01-03 01:27 - 2017-01-03 01:27 - 00000000 ____D C:\Users\Ivan\AppData\Local\Apple Computer
2017-01-01 21:59 - 2017-01-01 21:59 - 00000000 ____D C:\Users\Ivan\Downloads\testdisk-7.0.win(1)
2017-01-01 17:33 - 2017-01-19 18:48 - 00000000 ____D C:\Program Files (x86)\M3 Software
2017-01-01 17:33 - 2017-01-01 17:33 - 00001250 _____ C:\Users\Ivan\Desktop\M3 RAW Drive Recovery.lnk
2017-01-01 17:33 - 2017-01-01 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M3 RAW Drive Recovery
2017-01-01 17:31 - 2017-01-20 11:29 - 00000000 ____D C:\Users\Ivan\Downloads\RAW.Drive.Recovery.5.6.8
2017-01-01 16:38 - 2017-01-01 16:38 - 00064512 _____ C:\Windows\SearchIndexer.exe
2016-12-31 19:29 - 2016-12-31 19:29 - 00000000 ____D C:\Users\Ivan\Downloads\FXhome HitFilm Pro 2017 v5.0.6007 (x64)
2016-12-31 19:02 - 2016-12-31 19:02 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Qlock
2016-12-31 19:02 - 2016-12-31 19:02 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qlock
2016-12-31 18:57 - 2016-12-31 18:57 - 00000000 ____D C:\Users\Ivan\Downloads\HFPv4
2016-12-30 01:32 - 2016-12-30 01:32 - 00001106 _____ C:\Users\Ivan\Desktop\Adobe Premiere Pro CC 2017.lnk
2016-12-30 00:43 - 2016-12-30 00:43 - 00001638 _____ C:\Users\Ivan\Desktop\Adobe Encore.exe - Atalho.lnk
2016-12-30 00:42 - 2016-12-30 00:42 - 00001805 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-12-30 00:42 - 2016-12-30 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-12-30 00:42 - 2016-12-30 00:42 - 00000000 ____D C:\ProgramData\Apple Computer
2016-12-30 00:42 - 2016-12-30 00:42 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-30 00:40 - 2016-12-30 00:40 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-30 00:40 - 2016-12-30 00:40 - 00000000 ____D C:\Users\Ivan\AppData\Local\Apple
2016-12-30 00:40 - 2016-12-30 00:40 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-30 00:39 - 2016-12-30 00:39 - 00000000 ____D C:\Users\Ivan\AppData\LocalLow\Apple Computer
2016-12-29 23:55 - 2016-12-29 23:55 - 00000000 ____D C:\Program Files (x86)\My Company Name
2016-12-29 23:55 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2016-12-29 23:55 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys
2016-12-29 23:55 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys
2016-12-29 23:54 - 2016-12-29 23:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-12-29 23:52 - 2016-12-29 23:52 - 00000957 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-12-29 23:52 - 2016-12-29 23:52 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-12-29 23:52 - 2016-12-29 23:52 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-12-29 23:05 - 2016-12-29 23:07 - 00000000 ____D C:\Users\Ivan\Downloads\PremierePro_6_LS7
2016-12-29 04:21 - 2016-12-29 04:21 - 00097784 _____ C:\Windows\vssMgr.exe
2016-12-29 04:21 - 2016-12-29 04:21 - 00097784 _____ C:\Windows\suite.vssMgr.exe
2016-12-29 02:55 - 2016-12-29 02:55 - 00034296 _____ C:\Windows\system32\MDANTDRV.sys
2016-12-29 01:09 - 2016-12-29 01:09 - 00177217 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 D.jpg
2016-12-29 01:07 - 2016-12-29 01:07 - 00166013 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 C.jpg
2016-12-29 01:05 - 2016-12-29 01:05 - 00156310 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 B.jpg
2016-12-29 01:04 - 2016-12-29 01:04 - 00160140 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016 A.jpg
2016-12-29 01:03 - 2016-12-29 01:03 - 00106847 _____ C:\Users\Ivan\Documents\DVD RC Especial 2016.jpg
2016-12-28 16:50 - 2016-12-28 16:48 - 00028107 _____ C:\Users\Ivan\Documents\Pagto Net 10-12.pdf
2016-12-27 22:27 - 2016-12-27 22:13 - 00007831 _____ C:\Users\Ivan\Downloads\Logo RC 2016.png
2016-12-26 17:55 - 2016-12-26 18:35 - 00175624 _____ C:\Users\Ivan\Documents\PDApp.log
2016-12-26 17:25 - 2016-12-26 17:25 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-12-26 17:25 - 2016-12-26 17:25 - 00001097 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-12-26 15:46 - 2016-12-26 15:47 - 00000000 ____D C:\Program Files (x86)\GUM6C59.tmp
2016-12-26 00:33 - 2016-12-26 00:33 - 00015547 _____ C:\Users\Ivan\Downloads\Snapshot_1.jpg
2016-12-26 00:15 - 2016-12-26 00:07 - 00074692 _____ C:\Users\Ivan\Downloads\Snapshot_1.png
2016-12-25 19:49 - 2016-12-25 19:49 - 00000465 _____ C:\Users\Ivan\Documents\Instalação do Adobe Premiere Pro.txt
2016-12-25 15:48 - 2016-12-26 23:09 - 00000000 ____D C:\Users\Ivan\Documents\Wondershare DVD Creator
2016-12-25 15:48 - 2016-12-25 15:48 - 00001150 _____ C:\Users\Ivan\Desktop\Wondershare DVD Creator.lnk
2016-12-25 15:48 - 2016-12-25 15:48 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-12-25 01:33 - 2016-12-25 01:33 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Publish Providers
2016-12-25 01:33 - 2016-12-25 01:33 - 00000000 ____D C:\ProgramData\VEGAS Pro
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\VEGAS Pro
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\VEGAS
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\MAGIX Computer Products Intl. Co
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\MAGIX
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Local\VEGAS Pro
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Local\Sony
2016-12-25 01:32 - 2016-12-25 01:32 - 00000000 ____D C:\ProgramData\MAGIX
2016-12-25 01:24 - 2016-12-25 01:24 - 00001045 _____ C:\Users\Public\Desktop\Vegas Pro 14.0 (64-bit).lnk
2016-12-25 01:24 - 2016-12-25 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\Users\Ivan\AppData\Local\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\ProgramData\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\Program Files\VEGAS
2016-12-25 01:22 - 2016-12-25 01:22 - 00000000 ____D C:\Program Files (x86)\VEGAS
2016-12-25 01:21 - 2016-12-25 01:32 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Sony
2016-12-24 19:14 - 2016-12-24 19:14 - 00111417 _____ C:\Users\Ivan\Downloads\Cartão-de-Nata-1l.jpg
2016-12-24 18:58 - 2016-12-24 18:58 - 00148761 _____ C:\Users\Ivan\Downloads\coracao-agua-4.jpg
2016-12-24 18:25 - 2016-12-24 19:13 - 01898678 _____ C:\Users\Ivan\Downloads\Cartão-de-Natal.psd
2016-12-24 17:56 - 2016-12-24 17:56 - 00306604 _____ C:\Users\Ivan\Downloads\Cartão-de-Natal.jpg
2016-12-24 17:45 - 2016-12-24 17:45 - 00006223 _____ C:\Users\Ivan\Downloads\Jesus Cristo.jpg
2016-12-23 20:47 - 2016-12-24 19:21 - 00000000 ____D C:\Users\Ivan\Downloads\0UINT4L3
2016-12-21 21:22 - 2016-12-21 21:22 - 00000810 _____ C:\Users\Ivan\Documents\Reclamaçao a Sky.txt
2016-12-21 01:44 - 2016-12-21 01:44 - 00000000 ____D C:\Users\Ivan\Downloads\WES v9.0 SP4_Jor2008

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 19:02 - 2016-10-29 01:36 - 01368548 _____ C:\Windows\SysWOW64\winapp2_disk.csv
2017-01-20 18:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-01-20 18:29 - 2015-04-25 11:06 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2017-01-20 14:52 - 2014-04-01 13:44 - 00706008 _____ C:\Windows\system32\prfh0416.dat
2017-01-20 14:52 - 2014-04-01 13:44 - 00147848 _____ C:\Windows\system32\prfc0416.dat
2017-01-20 14:52 - 2009-07-14 01:13 - 01635890 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 14:32 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\IDM
2017-01-20 14:32 - 2016-01-24 23:11 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\uTorrent
2017-01-20 14:32 - 2014-03-13 09:37 - 00000000 ____D C:\Users\Ivan\AppData\Local\CrashDumps
2017-01-20 14:18 - 2016-11-18 16:56 - 00000000 ____D C:\Users\Ivan\AppData\LocalLow\Mozilla
2017-01-20 14:13 - 2009-07-14 00:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-20 14:13 - 2009-07-14 00:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-20 14:05 - 2016-10-29 01:36 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-01-20 14:03 - 2014-09-05 15:58 - 00000000 ____D C:\ProgramData\GbPlugin
2017-01-20 14:03 - 2014-09-05 15:58 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-01-20 14:02 - 2016-09-25 10:48 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-01-20 14:02 - 2015-10-15 20:25 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-01-20 14:02 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-20 11:31 - 2016-08-07 03:31 - 00000000 ____D C:\Users\Ivan\Downloads\Wondershare Filmora Lifetime Universal
2017-01-20 11:29 - 2015-05-25 15:32 - 00000000 ____D C:\Users\Ivan\Downloads\RStudio.7.6.158796
2017-01-20 11:21 - 2016-05-10 21:42 - 00000000 ____D C:\Users\Ivan\Downloads\InSSIDer.E.4.2.0.12
2017-01-20 10:47 - 2016-08-28 15:24 - 00000000 ____D C:\Program Files\Adobe
2017-01-20 10:47 - 2014-03-13 10:40 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Adobe
2017-01-20 02:24 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\DMCache
2017-01-20 01:03 - 2015-06-15 21:39 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-19 15:21 - 2015-04-25 01:17 - 00000000 ____D C:\Program Files (x86)\WinDFT
2017-01-17 16:46 - 2014-03-13 09:13 - 00000000 ____D C:\Users\Ivan\AppData\Local\VirtualStore
2017-01-14 23:35 - 2016-06-05 08:23 - 00000000 ____D C:\Windows\Minidump
2017-01-13 21:16 - 2015-09-10 17:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-13 13:45 - 2014-03-13 09:04 - 00000000 ____D C:\Users\Ivan
2017-01-12 21:01 - 2016-04-01 23:15 - 00000091 _____ C:\Users\Ivan\AppData\default.pls
2017-01-12 01:18 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\Downloads\Video
2017-01-11 14:13 - 2015-06-15 23:41 - 00000000 ____D C:\Users\Ivan\AppData\Local\CutePDF Writer
2017-01-11 12:03 - 2014-03-13 12:20 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 11:48 - 2014-03-13 12:20 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-09 21:15 - 2015-09-10 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-01-09 21:15 - 2014-03-13 10:56 - 00000000 ____D C:\ProgramData\Avira
2017-01-09 21:15 - 2014-03-13 10:56 - 00000000 ____D C:\Program Files (x86)\Avira
2017-01-04 20:52 - 2014-03-13 17:36 - 00000000 ____D C:\Users\Ivan\AppData\Local\Adobe
2017-01-04 20:51 - 2014-03-13 18:22 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-04 20:51 - 2014-03-13 18:22 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-04 20:51 - 2014-03-13 18:22 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-04 20:51 - 2012-02-25 21:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-03 21:58 - 2015-05-27 19:54 - 00000000 ____D C:\Users\Ivan\Downloads\RamCapturer64
2017-01-01 19:24 - 2016-01-09 01:09 - 00000000 ____D C:\Program Files\Recuva
2017-01-01 17:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-01 03:19 - 2009-07-14 01:08 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-29 23:56 - 2016-08-28 15:26 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-12-29 23:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\catroot
2016-12-29 23:52 - 2015-06-15 21:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-29 23:52 - 2012-02-25 21:04 - 00000000 ____D C:\ProgramData\Adobe
2016-12-29 23:52 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default\AppData\Roaming
2016-12-29 23:52 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default User\AppData\Roaming
2016-12-28 21:23 - 2016-08-07 03:29 - 00162443 _____ C:\Users\Ivan\Documents\starburn.txt
2016-12-28 17:15 - 2016-11-23 20:52 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\dvdcss
2016-12-27 10:41 - 2009-07-14 00:45 - 05153408 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-27 02:50 - 2016-06-24 07:31 - 00524288 ___SH C:\Users\Ivan\ntuser.dat{22474ab3-39ff-11e6-bbf1-78843cb270f1}.TMContainer00000000000000000001.regtrans-ms
2016-12-27 02:50 - 2016-06-24 07:31 - 00065536 ___SH C:\Users\Ivan\ntuser.dat{22474ab3-39ff-11e6-bbf1-78843cb270f1}.TM.blf
2016-12-27 02:37 - 2016-12-18 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureHunter
2016-12-26 18:41 - 2016-08-28 15:40 - 00000000 ____D C:\Users\Ivan\Documents\Adobe
2016-12-26 18:36 - 2014-03-13 09:04 - 00131120 _____ C:\Users\Ivan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-26 18:15 - 2016-09-10 01:49 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-12-26 17:02 - 2016-03-03 11:34 - 00000979 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-12-26 17:02 - 2016-03-03 11:34 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Notepad++
2016-12-26 16:16 - 2015-08-23 01:45 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-26 16:16 - 2015-08-23 01:45 - 00002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-26 15:46 - 2015-09-20 15:57 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0f3de85dace73
2016-12-26 15:46 - 2015-09-20 15:57 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0f3de85391025
2016-12-26 15:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Tasks
2016-12-25 16:53 - 2016-05-14 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2016-12-25 16:53 - 2016-05-14 10:18 - 00000000 ____D C:\Program Files\Process Hacker 2
2016-12-25 16:45 - 2016-05-14 10:18 - 00002178 _____ C:\Users\Ivan\Desktop\Process Hacker 2.lnk
2016-12-25 15:48 - 2016-08-07 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-12-25 01:25 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\assembly
2016-12-25 01:25 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-22 18:08 - 2016-09-25 10:48 - 00000000 ____D C:\Users\Ivan\Downloads\Compressed
2016-12-22 15:54 - 2016-12-10 10:41 - 00109565 _____ C:\Users\Ivan\Documents\d_megasc.xlsx
2016-12-22 11:46 - 2014-08-25 23:53 - 00000000 ____D C:\Users\Ivan\AppData\Local\Microsoft Help
2016-12-21 00:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-10-15 20:27 - 2015-10-15 20:27 - 0017908 _____ () C:\Users\Ivan\AppData\Roaming\unins000.dat
2016-09-13 22:26 - 2016-09-13 22:30 - 0018130 _____ () C:\Users\Ivan\AppData\Roaming\unins001.dat
2014-03-18 15:53 - 2014-03-18 15:53 - 0001567 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140318.155318.txt
2014-04-05 15:52 - 2014-04-05 15:52 - 0001567 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140405.155230.txt
2014-06-13 08:21 - 2014-06-13 08:21 - 0001544 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20140613.082127.txt
2015-05-11 19:26 - 2015-05-11 19:26 - 0001565 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20150511.192628.txt
2015-10-01 17:34 - 2015-10-01 17:34 - 0001542 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20151001.173412.txt
2015-10-06 14:04 - 2015-10-06 14:04 - 0001566 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20151006.140408.txt
2016-04-10 22:40 - 2016-04-10 22:40 - 0001543 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20160410.224022.txt
2016-09-08 01:32 - 2016-09-08 01:32 - 0001565 _____ () C:\Users\Ivan\AppData\Local\PDLSetup.20160908.013223.txt
2015-10-19 13:42 - 2015-10-19 13:42 - 0000028 _____ () C:\Users\Ivan\AppData\Local\settings.ini
2016-11-28 02:40 - 2016-11-28 02:40 - 0000176 _____ () C:\Users\Ivan\AppData\Local\uts.ini
2012-02-25 20:11 - 2012-02-25 20:12 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\Ivan\AppData\Local\Temp\utg8ua8b.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-29 01:51

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by Ivan (20-01-2017 19:03:23)
Running from C:\Users\Ivan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-03-13 13:04:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3714546670-946274982-931039520-500 - Administrator - Disabled)
Guest (S-1-5-21-3714546670-946274982-931039520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3714546670-946274982-931039520-1009 - Limited - Enabled)
Ivan (S-1-5-21-3714546670-946274982-931039520-1005 - Administrator - Enabled) => C:\Users\Ivan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
AirDroid 3.3.5.0 (HKLM-x32\...\AirDroid) (Version: 3.3.5.0 - Sand Studio)
Altap Salamander 3.06 (x64) (HKLM\...\Altap Salamander 3.06 (x64)) (Version: 3.06 - ALTAP)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Android Ultimate Toolbox Pro (HKLM-x32\...\{80E86044-5C1D-42A3-A119-1FA8839FB701}) (Version: 1.2.0.0 - D01 MicroApps)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.367 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Connect (HKLM-x32\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.2.3.19655 - Avira Operations GmbH & Co. KG)
Avira Scout (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\{3cc6cc67-d693-4af9-9320-241d34083394}) (Version: 16.2.15.170 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1D00}) (Version: 12.29.0.1473 - APN, LLC)
AviraScoutMsi (x32 Version: 16.02.15.00170 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\{F22E13B7-2C58-4BE6-BA9D-24303403B494}) (Version: 0.10.6.8001 - BlueStack Systems, Inc.)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.18.50 - Conexant)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
Digital microscope (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2009.03.18 - Vimicro Corp.)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.3.0.3 - DiskInternals Research)
DiskInternals Linux Recovery (HKLM-x32\...\DiskInternals Linux Recovery) (Version: 4.5 - DiskInternals Research)
DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 5.7 - DiskInternals Research)
Easy File Locker 1.5 (HKLM-x32\...\Easy File Locker) (Version: 1.5 - XOSLAB.COM)
Geosense for Windows (HKLM\...\{D617DF82-6046-44EB-AD4A-D3423319E12C}) (Version: 1.2.0.0 - Within Network, LLC)
GoldWave v6.10 (HKLM\...\GoldWave v6.10) (Version: 6.10 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: 1.* - )
inSSIDer 4 (HKLM-x32\...\{068F709E-5BA2-4C2F-84E9-B2DFF374F366}) (Version: 4.2.0.12 - MetaGeek, LLC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intelbras Media Player 3.36.11 (HKLM-x32\...\Intelbras Media Player) (Version: 3.36.11 - )
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboard Shortcuts (HKLM-x32\...\{FE8974B4-479C-4DBA-8544-9E5342ABB26A}) (Version: 1.1.0.08290 - Sony Corporation)
Laplink DiskImage Professional (HKLM\...\{56F8EF3C-D9A0-4728-95D5-DC05A72931F5}) (Version: 7.81.11 - Laplink Software, Inc)
Laplink PCmover Enterprise (HKLM-x32\...\{21FED337-581F-47D9-B7E2-ABF6C7C132A8}) (Version: 10.01.645 - Laplink Software, Inc.)
M3 Data Recovery Free version 5.6.8 (HKLM-x32\...\{6C88A66C-ECDA-4825-A582-8225626630CC}}_is1) (Version: 5.6.8 - M3 Data Recovery)
Malwarebytes versão 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Media Gallery (Version: 2.0.0.11150 - Sony Corporation) Hidden
MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MicroCapture 2.0 (HKLM-x32\...\MicroCapture) (Version: 2.0 - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 pt-BR)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\MyFreeCodec) (Version:  - )
Nero 7 Ultra Edition (HKLM-x32\...\{C6115A28-F277-4E82-B067-84D28BF21046}) (Version: 7.03.1357 - Nero AG)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
OOBE (x32 Version: 11.2.1.10 - Sony Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.1.00.12260 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.01.06110 - Sony Corporation) Hidden
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.1.00 - Sony Corporation) Hidden
Qlock Free (HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Qlock) (Version: 1.91 - Vitei inc)
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raise Data Recovery (HKLM\...\rdr) (Version: 6.4.2 - LLC SysDev Laboratories)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Remix OS (HKLM-x32\...\RemixOS) (Version:  - )
Remote Keyboard (x32 Version: 1.1.1.07060 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Screen Grab Pro (HKLM-x32\...\{581125F9-D1C6-4797-93BB-47A992D69AA8}) (Version:  - )
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SMI Grabber Device (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.29 - Somagic)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.9.0 - Synaptics Incorporated)
Syncios 6.0.2 (HKLM-x32\...\Syncios) (Version: 6.0.2 - Anvsoft)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.50527 A - TeamViewer)
TFTP Client (HKLM-x32\...\TFTP Client) (Version:  - )
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
TinyTake by MangoApps (HKLM-x32\...\{cbb7c584-20c0-4426-9921-ac1cc52ff54d}) (Version: 4.0.1 - MangoApps)
TinyTake by MangoApps (x32 Version: 4.0.1 - MangoApps) Hidden
VAIO - Media Gallery - VAIO Personalization Manager Update (HKLM\...\{50A7190B-5DA6-4A51-B275-3D413E617BA6}) (Version: 4.2.5.07160 - Sony Corporation)
VAIO - Media Gallery (HKLM-x32\...\{DD696AF7-8A89-41D5-976A-2053E41A69BE}) (Version: 2.2.3.04170 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
VAIO - PMB VAIO Edition Plug-in (x32 Version: 1.6.11.11160 - Sony Corporation) Hidden
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.1.0.07060 - Sony Corporation)
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{D9FFE40D-1A85-4541-992C-5EF505F391A4}) (Version: 8.4.2.12041 - Sony Corporation)
VAIO Care (x32 Version: 6.4.0.15030 - Sony Corporation) Hidden
VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation)
VAIO Control Center (x32 Version: 4.5.0.03040 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (x32 Version: 5.5.0.03040 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.4.0.03240 - Sony Corporation) Hidden
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Help and Support (HKLM-x32\...\{F5248E24-F52C-4FD1-B76F-102460BAFD6B}) (Version: 14.00.0125 - Sony Corporation)
VAIO Improvement (x32 Version: 1.0.0.14150 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.0.0.02250 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO Quick Web Access (x32 Version: 1.4.5.5 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.10.2.08270 - Sony Corporation)
VAIO Transfer Support (x32 Version: 1.4.0.14230 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F000C}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F000C}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_isg_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3714546670-946274982-931039520-1005_Classes\CLSID\{C78B614C-F3EA-11D2-94A1-00E0292A01E3}\InprocServer32 -> C:\Program Files\Altap Salamander\utils\salextx64.dll (ALTAP)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009C04E9-C525-4404-B6D1-8DF6D6DC3694} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {05376BBF-F45D-4DA2-BA43-45A3064BE927} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {095A8847-20C2-4A6C-ACCF-4DF1F0737AFC} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {0C27557E-D4E6-4617-B3E0-C79A849D55DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {18CB6D2A-3C3C-4C39-949A-B15A2A7BE1DE} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {1D0B746E-663B-445B-B5EF-62BE990FAC90} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {21292617-EA11-48D7-938A-8E789EF1C231} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {25C8D1DE-0489-48A2-AED8-1004F9D6DC52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {26DC3E0C-B5E7-4C39-93CF-1E710116085B} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {2B863642-3438-4D67-8BCB-AE6B23EC95BA} - System32\Tasks\VAIO® Messenger (Ivan) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {2EF3D667-644A-4E75-B96D-566ED111FD9D} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f3de85391025 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {3554DA6E-AA9E-4627-9837-9CEE4B8EE030} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
Task: {3AE5B1F5-4361-4F30-B6A2-04341920CC8F} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {45B644A3-64E0-4C6D-8F10-AB53162BC895} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2011-08-31] ()
Task: {51E4DFF9-4230-40FB-BA18-98AF805BC24F} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f3de85dace73 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {54499AD8-03B1-43F0-8593-6AD3F37EB409} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {62C56036-F72E-4AB7-8A36-EC7807A76612} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient [Argument = /Start]
Task: {654EF357-8E87-46B8-981E-17E175E659C0} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {69E36298-7B49-4FAB-82E9-6417D0114011} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {7F18F11C-2259-4045-BD4F-DA24CFA621B7} - System32\Tasks\TinyTakeUpgrade => C:\Users\Ivan\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe [2015-10-13] (MangoApps Inc.)
Task: {8058F7E6-4B0E-465F-ADB0-349673A08666} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {85F3EE02-4F44-4B77-A63E-DAEDF6C56C10} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {86CD374E-8039-4514-BEE9-C572F196668E} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-10-18] (Avira Operations GmbH & Co. KG)
Task: {8A855ED2-26EE-4C7E-B169-1514FB070BCF} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {92E0678C-7B0D-4FCE-8325-AC3A5D022681} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation)
Task: {9BB0577A-BB1F-4B2E-B90D-C9F3378A99CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-04] (Adobe Systems Incorporated)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B308B8CE-167D-4EE8-A0B1-129DDE49A1BA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {B3AF4A93-B58D-4832-8DFE-0C0662393F43} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {B4B66809-153E-4054-BEB3-450B3E80B02E} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BBB45B94-D3A4-45A9-A958-66BB99359CD8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {C27D5544-478D-40E8-BFDE-B0A22CEA9C09} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C5DEB034-64BC-4A8E-94DE-F7E13CBE9848} - System32\Tasks\Sony Corporation\VAIO Personalization Manager\VpmLM Task Music Ivan => C:\Program Files\Sony\VAIO Personalization Manager\VpmLM.exe [2011-10-03] (Sony Corporation)
Task: {CE6548F1-8A4A-41C7-9E67-056850378CFF} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D41279D5-BC7F-4868-834C-9BD575704A3E} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {DABCD011-1F9F-4EBF-A996-C19B739CD941} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib TaskTray => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [2011-11-03] (Sony Corporation)
Task: {E0B846C9-F3FA-456E-B21E-7BAEF1FE3017} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E37EC287-8E65-4D27-863F-228B5EFC7031} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {E82D9BAC-9C33-4C8B-A90E-420D2B13723D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {EC26B6E7-9154-49ED-95F5-CDBA85E00152} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {EE689E85-8183-45EC-9F7C-D3306EE6151C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-23] (Google Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FD139FD3-BE2B-49C9-A172-1B66471E155E} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files (x86)\Simple Port Forwarding\basic_ui.bat ()
Shortcut: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qlock\Help.lnk -> hxxp://www.qlock.com/help

==================== Loaded Modules (Whitelisted) ==============

2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-06-15 23:40 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
2016-11-28 02:40 - 2016-11-28 02:39 - 00017376 _____ () C:\Users\Ivan\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
2017-01-19 18:50 - 2017-01-19 18:50 - 00064512 _____ () C:\Windows\SysWOW64\dxconfig.exe
2017-01-01 16:38 - 2017-01-01 16:38 - 00064512 _____ () C:\Windows\SearchIndexer.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-21 17:38 - 2016-02-21 17:38 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-01-11 02:31 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-11 02:31 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2010-12-17 17:53 - 2010-12-17 17:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-03-28 03:04 - 2011-03-28 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-07-15 01:42 - 2016-07-15 01:42 - 01925136 _____ () C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
2016-09-01 20:59 - 2016-09-01 20:59 - 00017024 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
2015-05-08 14:50 - 2015-05-08 14:50 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-06-21 20:39 - 2016-06-21 20:39 - 01419776 _____ () C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-11-01 14:59 - 2013-11-01 14:59 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2012-02-25 21:00 - 2011-03-05 20:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2016-11-24 22:28 - 2016-11-24 22:28 - 00437760 _____ () C:\Program Files (x86)\Anvsoft\Syncios\DuiLib.dll
2016-11-15 23:09 - 2016-11-15 23:09 - 00074240 _____ () C:\Program Files (x86)\Anvsoft\Syncios\generalFunc_pdt.dll
2016-11-15 23:09 - 2016-11-15 23:09 - 01000448 _____ () C:\Program Files (x86)\Anvsoft\Syncios\androidSyncCore_pdm.dll
2016-11-15 23:09 - 2016-11-15 23:09 - 00177664 _____ () C:\Program Files (x86)\Anvsoft\Syncios\driverMgr4Transfer_pdm.dll
2016-09-01 20:59 - 2016-09-01 20:59 - 01278080 _____ () C:\Program Files (x86)\Anvsoft\Syncios\libandroidnotifier.dll
2016-06-21 20:39 - 2016-06-21 20:39 - 00059904 _____ () C:\Program Files (x86)\Anvsoft\Syncios\zlib.dll
2016-08-01 04:01 - 2016-08-01 04:01 - 00571392 _____ () C:\Program Files (x86)\Anvsoft\Syncios\sqlite3.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 00073512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-21 20:39 - 2016-06-21 20:39 - 00671744 _____ () C:\Program Files (x86)\Anvsoft\Syncios\hashAB.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-25 10:51 - 2016-10-25 10:51 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 10:49 - 2016-10-25 10:49 - 00109760 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-05-11 09:35 - 2016-05-11 09:35 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2012-02-25 20:21 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00039936 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudModel.dll
2013-07-02 23:06 - 2013-07-02 23:06 - 00011264 _____ () C:\Program Files (x86)\DDNi\Oasis2Service\OasisCloudClient.dll
2014-03-13 10:29 - 2013-07-03 02:08 - 00061864 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudModel.dll
2014-03-13 10:29 - 2013-07-03 02:08 - 00018856 _____ () C:\Program Files (x86)\DDNi\Oasis\OasisCloudClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:25EB0427_Cef.gbp [2]
AlternateDataStreams: C:\Windows\System32:25EB0427_Isg.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2166]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\caixa.gov.br -> imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\infoseg.gov.br -> hxxp://www.infoseg.gov.br
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE trusted site: HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\serpro.gov.br -> hxxps://infoseg9.serpro.gov.br

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-01-11 02:20 - 00000942 ____N C:\Windows\system32\Drivers\etc\hosts

    0.0.0.0    keysotne.mwbsys.com127.0.0.1                   example.net
127.0.0.1                   keystone.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3714546670-946274982-931039520-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: ImDskSvc => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: OO DiskImage => 2
MSCONFIG\Services: SophosVirusRemovalTool => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: WsDrvInst => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk => C:\Windows\pss\TMMonitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia BackUp & Recorder Monitor.lnk => C:\Windows\pss\TotalMedia BackUp & Recorder Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Server.lnk => C:\Windows\pss\TotalMedia Server.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: FAStartup =>
MSCONFIG\startupreg: FATrayAlert => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
MSCONFIG\startupreg: FreeHideIPunstall =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_C76D497934B1A0EE0E3BF23C3F10F9A7 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: KiesPDLR.exe => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: OODITRAY.EXE => C:\Program Files\Laplink\DiskImage\ooditray.exe
MSCONFIG\startupreg: PC Remote Server => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe /silent
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TinyTake by MangoApps => "C:\Users\Ivan\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe" NOTOPENCONTEXTMENU
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A70359FB-69DA-45AF-A7D0-E0B4566E3133}] => C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{CF064422-05B5-4043-B099-1F2D4178C90A}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70A47580-D530-4C4A-A92D-A6B04B4DD111}] => LPort=2869
FirewallRules: [{690A5E44-93E9-4E3B-A75A-79BE604E252D}] => LPort=1900
FirewallRules: [{CC660E36-D225-45D0-ACF9-8701019DBA70}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3C353CC2-E905-43A5-BB48-109BB2E18455}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{51834E06-7B2C-4308-A3E5-7BA8CF8BCEB5}] => C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
FirewallRules: [{31C8BE3E-B4C8-49FB-9F19-A6F615827F9B}] => C:\Program Files\Sony\VAIO Smart Network\WFDA\WiFiDirectApplication.exe
FirewallRules: [{14D45B68-ACD8-4340-86CA-C9E13AA13718}] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
FirewallRules: [{9F8F5C54-4D93-4000-B4B0-CFA5DC44FE59}] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
FirewallRules: [{CAC38972-004A-4D1A-8A67-D3F18742900F}] => C:\Program Files (x86)\Sony\Media Gallery\VRLP.exe
FirewallRules: [{26B62950-7CFA-4286-BD5B-C68DFB15E44C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D113E971-C739-4B3A-A5EC-42C65ED9716B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC69ED9E-9303-4128-9024-C4D57D814B42}] => C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{7192DA52-8681-4B15-ABD7-AC26415C8542}] => C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{8664838F-22A5-4EC5-B735-470557676330}] => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{D5697FF2-A701-47FB-8272-24F2A091A4BF}] => C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{1BF5F74D-025D-493B-A633-B223A201C7AC}] => C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{3A608BE2-255B-466D-9AAE-C43BA4F4DAFA}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8945EE26-AEAE-49AC-9F66-5B7357DB9C54}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37439B52-B830-4EBC-B943-AAA2C4AFB384}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1EA0333B-8755-445D-A045-B35961902A4B}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{46A0D045-05C4-4D1F-843A-B5A1A9EB34F6}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FF41E427-5A11-4FA3-8F02-E77D49E77E70}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{638F7488-C483-414E-969A-0413DE17F912}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [UDP Query User{C529F1AE-6246-42C7-81A6-CFE18E236096}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [{44F2E0EF-251C-4038-82E8-7571FE4AE4C4}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AA026661-1E60-4B47-BF5E-C0505D4F250A}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A8EA6FA-D041-4248-907D-A33649096D12}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2C99A0B3-3C01-4EB0-99FA-8C4A5CE47514}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE5658E9-3EE7-48B1-8828-C1DBC8FEFB5D}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE3F91C6-2FE9-4D9A-ACCA-706CC7255287}] => C:\Users\Ivan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9AEFD00B-CB98-4910-81A5-396442A32179}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{061C0E8E-1DB0-41DE-877D-DCAAC8A55158}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{A70F557A-FECD-4DFC-A078-A928350BB404}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{6A3B8C2C-662A-43BF-92DA-80D6F834536F}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{15505A3B-E9BF-432D-B139-4D85D085189E}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{A2395079-CC16-4908-92AA-F964E8FD1A71}C:\program files\android\android studio\bin\studio64.exe] => C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{3941A930-5766-456F-A126-B79FF00CE3E4}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{1EE1D3DE-1B75-418E-B88D-CB28D122FCF4}C:\program files\java\jdk1.7.0_79\bin\java.exe] => C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [{6A60F6F5-8C02-4A83-BEA4-68B2435BB81E}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{4F1079E9-5C42-4803-B76C-6A452AB62C21}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{B8767609-ABD2-464F-A955-33F5D4CB5C6F}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [TCP Query User{FC289D15-F163-4E5D-AD63-0C6F4396AE37}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [UDP Query User{4D2E170E-6FF6-4CC0-A11D-ACF3A14CE3D1}C:\program files\tftpd64\tftpd64.exe] => C:\program files\tftpd64\tftpd64.exe
FirewallRules: [{368890DC-D616-4D0A-96D2-B702804439B1}] => C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [{E8721374-3AE5-4130-8850-93985B0B5A21}] => C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [TCP Query User{DA6FBAC5-ED00-4BA6-898F-6874BFAADE01}C:\windows\ehome\ehexthost.exe] => C:\windows\ehome\ehexthost.exe
FirewallRules: [UDP Query User{23F57204-109E-449C-95B2-78B3A39ADD8B}C:\windows\ehome\ehexthost.exe] => C:\windows\ehome\ehexthost.exe
FirewallRules: [{C05C36E1-75DC-4F2D-A1D1-CBF30F00B59B}] => C:\Program Files (x86)\Deskshare\IP Camera Viewer 3\IP Camera Viewer.exe
FirewallRules: [{21FB453E-3A60-4E80-A5B6-2FAD6528A689}] => C:\Program Files (x86)\Deskshare\IP Camera Viewer 3\IP Camera Viewer.exe
FirewallRules: [{7AAB3F22-966F-40BC-91D9-9F3263FE5B35}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{53436137-4432-4141-B141-EE2520A9CC71}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{9F9D14D1-D98E-4ADF-BE12-A893FB0E0EBA}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{DB887C5C-3C10-4681-86E1-9CD48F61B719}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{4F5AECDD-146C-4878-BE67-5F6B836923AF}] => %ProgramFiles%\Wondershare\Filmora\ImageHost.exe
FirewallRules: [{D3833999-D5B7-4165-9751-85A67F7EE70C}] => %ProgramFiles%\Wondershare\Filmora\Wondershare Helper Compact.exe
FirewallRules: [{10596333-2C4C-4C44-844E-C3EC70794BF5}] => %ProgramFiles%\Wondershare\Filmora\WSResDownloader.exe
FirewallRules: [{8A8B072C-6FA5-4DB1-9B0E-BEDD7538C2C0}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{17847381-76CD-492A-B7BF-195C9B579485}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{D29FB238-9957-4747-B682-3D2784AA1DED}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{169D8E2E-4102-43BA-946A-4DB3B8A2CED7}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{29A47274-F4AF-4E30-BE50-258BFC49E286}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [TCP Query User{FF0413C0-8AC0-421A-9788-C4C722D5DF86}C:\users\ivan\downloads\rtl1090a\rtl1090.exe] => C:\users\ivan\downloads\rtl1090a\rtl1090.exe
FirewallRules: [UDP Query User{52BE858F-5C0D-4EF2-9B03-5D5E07629095}C:\users\ivan\downloads\rtl1090a\rtl1090.exe] => C:\users\ivan\downloads\rtl1090a\rtl1090.exe
FirewallRules: [{A4522630-4520-407E-A439-7E1724AE93E3}] => C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{DDB90306-9E83-4B90-97EE-14C5C89EC427}] => C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{B20F4783-3192-4E98-AD65-5189FF792D87}] => C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe
FirewallRules: [{461001B9-BC1B-475B-8A26-63286E5B2B8D}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{48864A6E-2E7E-4AF1-8B14-33D3417E6BA8}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99FCE23D-DF17-4461-839A-77E1D5C0F1C6}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{F4A5015C-8719-46E9-A098-259CD6EC3B5B}] => %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [{8F2EA323-7CA7-4845-B71F-81159404CEF7}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{90A832AF-C289-495F-8556-4871D3F3D160}] => %ProgramFiles% (x86)\Common Files\Wondershare\Wondershare Helper Compact\Wondershare Helper Compact.exe
FirewallRules: [{39DDF0EF-5E6C-4A57-8924-540942368766}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5AF79AAC-2E99-4F0A-B858-9850B8A1D612}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{241B5A05-FAC1-4222-A27A-D55090C0B364}] => C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [TCP Query User{C84872FE-C12D-4F12-BF10-94EC0814B286}C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe] => C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe
FirewallRules: [UDP Query User{D166B843-3A2D-415E-ABF4-3ABD007756E0}C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe] => C:\program files (x86)\keepvid\keepvid pro\urlreqservice.exe

==================== Restore Points =========================

11-01-2017 11:45:10 Windows Update
12-01-2017 00:40:47 Instalado Microsoft Visual C++ 2005 Redistributable
13-01-2017 21:16:06 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
16-01-2017 01:28:06 Instalação de Pacote de Driver de Dispositivo: WsAudioDevice_383S(1) Controladores de som, vídeo e jogos

==================== Faulty Device Manager Devices =============

Name: Ubar Callout Driver
Description: Ubar Callout Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: UbarCalloutDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2017 05:12:12 PM) (Source: .NET Runtime) (EventID: 0) (User: )
Description: CorperfmonExt!CollectCtrs caught exception c0000090

Error: (01/20/2017 02:02:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 10:37:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 01:04:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: AUTORIDADE NT)
Description: Produto: Adobe Acrobat Reader DC - Português - A atualização 'Adobe Acrobat Reader DC
 (15.023.20056)' não pôde ser instalada. Código de erro 1603. O Windows Installer pode criar logs para ajudar a solucionar problemas na instalação de pacotes de software. Use o link a seguir para obter informações sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/20/2017 01:04:04 AM) (Source: MsiInstaller) (EventID: 10005) (User: AUTORIDADE NT)
Description: Produto: Adobe Acrobat Reader DC - Português -- Erro 2380. Error opening file for write: C:\Config.Msi\PTFAB9.tmp. GetLastError: 32.

Error: (01/19/2017 06:51:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: VSNService.exe, versão: 3.10.2.7120, carimbo de hora: 0x51dfc01e
Nome do módulo de falhas: wwanapi.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5be0a8
Código de exceção: 0xc0000005
Deslocamento com falha: 0x0000000000030306
Identificação do processo com falha: 0x824
Hora de início do aplicativo com falha: 0x01d2728944a7f400
Caminho do aplicativo com falha: C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
FCaminho do módulo de falhas: C:\Windows\system32\wwanapi.dll
Identificação do Relatório: c5d40aee-de99-11e6-a638-78843cb270f1

Error: (01/19/2017 04:55:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: RAWDriveRecovery.exe, versão: 5.6.8.0, carimbo de hora: 0x58116660
Nome do módulo de falhas: MSVCR90.dll, versão: 9.0.30729.6161, carimbo de hora: 0x4dace5b9
Código de exceção: 0xc0000417
Deslocamento com falha: 0x00036d36
Identificação do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d27290281c0ac2
Caminho do aplicativo com falha: C:\Program Files (x86)\M3 Software\M3 RAW Drive Recovery\RAWDriveRecovery.exe
FCaminho do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Identificação do Relatório: a5b2f475-de89-11e6-a638-78843cb270f1

Error: (01/19/2017 03:36:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa VAIO Messenger.exe versão 2.0.550.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 1720

Hora de Início: 01d272891e54baba

Hora de Término: 208

Caminho do Aplicativo: C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

Id do Relatório: 7da42b20-de7e-11e6-a638-78843cb270f1

Error: (01/19/2017 03:13:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/18/2017 05:44:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (01/20/2017 06:34:43 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{8bb2e130-df3a-11e6-a1ed-78843cb270f1} não podem ser lidas.

Error: (01/20/2017 06:25:12 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{51ced5a0-de7b-11e6-a638-78843cb270f1} não podem ser lidas.

Error: (01/20/2017 06:25:12 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{51ced59c-de7b-11e6-a638-78843cb270f1} não podem ser lidas.

Error: (01/20/2017 06:25:12 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{51ced59e-de7b-11e6-a638-78843cb270f1} não podem ser lidas.

Error: (01/20/2017 02:58:32 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{6ad60279-b04c-11e6-9a7c-78843cb270f1} não podem ser lidas.

Error: (01/20/2017 02:50:56 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT)
Description: Verificação de volume criptografado: as informações de volume em \\?\Volume{6ad60279-b04c-11e6-9a7c-78843cb270f1} não podem ser lidas.

Error: (01/20/2017 02:04:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/20/2017 02:04:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/20/2017 02:04:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (01/20/2017 02:04:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 59%
Total physical RAM: 4043.86 MB
Available physical RAM: 1633.34 MB
Total Virtual: 8085.89 MB
Available Virtual: 4769.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:310.72 GB) (Free:104.68 GB) NTFS
Drive d: () (Fixed) (Total:274.2 GB) (Free:19.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 90547D58)
Partition 1: (Not Active) - (Size=11.2 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=310.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=274.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:58 AM

Posted 20 January 2017 - 06:51 PM

Thank you.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\MountPoints2: {24b6844f-c400-11e3-ad44-a65fba829510} - D:\Startme.exe
ShellExecuteHooks: No Name - {B5C518CC-9E92-11E6-A998-64006A5CFC23} -  -> No File
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\tucbvczq.default\Profiles\tucbvczq.default [not found]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-14] <==== ATTENTION
S2 Grzerck; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Grzerck; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Ivan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 GrdKey; system32\DRIVERS\grdkey.sys [X]
U3 iswSvc; no ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S2 UbarCalloutDriver; \??\C:\Program Files\UBar\UbarDriver.sys [X]
2016-12-26 15:46 - 2016-12-26 15:47 - 00000000 ____D C:\Program Files (x86)\GUM6C59.tmp
Task: {0C27557E-D4E6-4617-B3E0-C79A849D55DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {69E36298-7B49-4FAB-82E9-6417D0114011} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B308B8CE-167D-4EE8-A0B1-129DDE49A1BA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:25EB0427_Cef.gbp [2]
AlternateDataStreams: C:\Windows\System32:25EB0427_Isg.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2166]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 21 January 2017 - 12:02 AM

Greetings!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by Ivan (20-01-2017 23:24:17) Run:1
Running from C:\Users\Ivan\Desktop
Loaded Profiles: Ivan (Available Profiles: Ivan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\MountPoints2: {24b6844f-c400-11e3-ad44-a65fba829510} - D:\Startme.exe
ShellExecuteHooks: No Name - {B5C518CC-9E92-11E6-A998-64006A5CFC23} -  -> No File
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\tucbvczq.default\Profiles\tucbvczq.default [not found]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-14] <==== ATTENTION
S2 Grzerck; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Grzerck; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Ivan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 GrdKey; system32\DRIVERS\grdkey.sys [X]
U3 iswSvc; no ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S2 UbarCalloutDriver; \??\C:\Program Files\UBar\UbarDriver.sys [X]
2016-12-26 15:46 - 2016-12-26 15:47 - 00000000 ____D C:\Program Files (x86)\GUM6C59.tmp
Task: {0C27557E-D4E6-4617-B3E0-C79A849D55DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {69E36298-7B49-4FAB-82E9-6417D0114011} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B308B8CE-167D-4EE8-A0B1-129DDE49A1BA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:25EB0427_Cef.gbp [2]
AlternateDataStreams: C:\Windows\System32:25EB0427_Isg.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2166]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
hosts:
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-3714546670-946274982-931039520-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24b6844f-c400-11e3-ad44-a65fba829510} => key removed successfully
HKCR\CLSID\{24b6844f-c400-11e3-ad44-a65fba829510} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5C518CC-9E92-11E6-A998-64006A5CFC23} => value removed successfully
HKCR\CLSID\{B5C518CC-9E92-11E6-A998-64006A5CFC23} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3714546670-946274982-931039520-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-4300-7A786E7484D7} => value removed successfully
HKCR\Wow6432Node\CLSID\{41564952-412D-5637-4300-7A786E7484D7} => key not found.
HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41564952-412D-5637-4300-7A786E7484D7} => value removed successfully
HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7} => key not found.
HKCR\PROTOCOLS\Handler\WSKVAllmytubechrome => key not found.
C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\tucbvczq.default\Profiles\tucbvczq.default => path removed successfully
C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\tucbvczq.default\Profiles\tucbvczq.default => path removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1 => key removed successfully
C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => moved successfully
HKLM\System\CurrentControlSet\Services\Grzerck => key removed successfully
Grzerck => service removed successfully
Grzerck => service not found.
HKLM\System\CurrentControlSet\Services\cpuz134 => key removed successfully
cpuz134 => service removed successfully
HKLM\System\CurrentControlSet\Services\gbpddfac => key removed successfully
gbpddfac => service removed successfully
HKLM\System\CurrentControlSet\Services\gbpddreg => key removed successfully
gbpddreg => service removed successfully
HKLM\System\CurrentControlSet\Services\GrdKey => key removed successfully
GrdKey => service removed successfully
HKLM\System\CurrentControlSet\Services\iswSvc => key removed successfully
iswSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\taphss6 => key removed successfully
taphss6 => service removed successfully
HKLM\System\CurrentControlSet\Services\UbarCalloutDriver => key removed successfully
UbarCalloutDriver => service removed successfully
C:\Program Files (x86)\GUM6C59.tmp => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C27557E-D4E6-4617-B3E0-C79A849D55DB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C27557E-D4E6-4617-B3E0-C79A849D55DB} => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69E36298-7B49-4FAB-82E9-6417D0114011} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69E36298-7B49-4FAB-82E9-6417D0114011} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B308B8CE-167D-4EE8-A0B1-129DDE49A1BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B308B8CE-167D-4EE8-A0B1-129DDE49A1BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
C:\Windows\Tasks\AutoKMS.job => moved successfully
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removed successfully.
C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removed successfully.
C:\Windows\System32 => ":25EB0427_Cef.gbp" ADS removed successfully.
C:\Windows\System32 => ":25EB0427_Isg.gbp" ADS removed successfully.
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removed successfully.
C:\ProgramData\GbPlugin => ":IncompleteStartGbprcm.cnt" ADS removed successfully.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-01-2017 23:32:41)

"C:\Windows\System32\Drivers\etc\hosts" => Could not move
Could not restore Hosts.

==== End of Fixlog 23:32:41 ====

 

# AdwCleaner v6.042 - Logfile created 21/01/2017 at 00:04:06
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-20.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Ivan - IVAN-VAIO
# Running from : C:\Users\Ivan\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Program Files (x86)\D3673061-1478057454-11E1-9415-5CC403BCBAEC
Folder Found:  C:\Users\Ivan\AppData\Local\AskPartnerNetwork
Folder Found:  C:\Users\Ivan\AppData\Local\FileViewPro
Folder Found:  C:\Program Files\Caster
Folder Found:  C:\ProgramData\apn
Folder Found:  C:\ProgramData\AskPartnerNetwork
Folder Found:  C:\ProgramData\Application Data\apn
Folder Found:  C:\ProgramData\Application Data\AskPartnerNetwork
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found:  C:\Program Files (x86)\AskPartnerNetwork
Folder Found:  C:\Program Files (x86)\myfree codec
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Auslogics
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PackageAware
Folder Found:  C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\naweriweentcofise


***** [ Files ] *****

File Found:  C:\Windows\Reimage.ini


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found:  HKU\.DEFAULT\Software\jhdbca
Key Found:  HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Myfree Codec
Key Found:  HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Reimage
Key Found:  HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  HKU\S-1-5-21-3714546670-946274982-931039520-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3714546670-946274982-931039520-1005\Software\AskPartnerNetwork
Key Found:  HKU\S-1-5-18\Software\jhdbca
Key Found:  HKCU\Software\Myfree Codec
Key Found:  HKCU\Software\Reimage
Key Found:  HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  HKLM\SOFTWARE\Myfree Codec
Key Found:  HKLM\SOFTWARE\UCBrowserPID
Key Found:  HKLM\SOFTWARE\jhdbca
Key Found:  HKLM\SOFTWARE\Auslogics
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41564952-412D-5637-4300-A758B70C1D00}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3714546670-946274982-931039520-1005\Software\AskPartnerNetwork
Key Found:  [x64] HKCU\Software\Myfree Codec
Key Found:  [x64] HKCU\Software\Reimage
Key Found:  [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  [x64] HKLM\SOFTWARE\Reimage
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Key Found:  [x64] HKLM\SOFTWARE\jhdbca
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found:  HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnTBMon
Key Found:  HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Web data] - isearch.avg.com
Chrome pref Found:  [C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.conduit.com
Chrome pref Found:  [C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Web data] - crawler.com
Chrome pref Found:  [C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Web data] - br.ask.com
Chrome pref Found:  [C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Web data] - start.facemoods.com
Chrome pref Found:  [C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Web data] - websearch.ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [8429 Bytes] - [21/01/2017 00:04:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8502 Bytes] ##########
 

What I noticed was that Firefox, IE and Chrome were reset and all my favorites bookmarks list was gone. How can I get it back?

Computer behavior is ok so far.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:58 AM

Posted 21 January 2017 - 10:34 AM

That's odd. Please do this.

===================================================

Selecting Previous System Restore Point Windows 7/Vista

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type rstrui and press Enter
  • Patiently wait for the System Restore window to appear
  • Click Next
  • If necessary check Show more restore points to expose the following Restore Point
  • Left click on a restore point dated on or near 20-01-2017 23:24:17
  • Click Next, then Finish
  • Allow your computer to reboot and complete the process
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3714546670-946274982-931039520-1005\...\MountPoints2: {24b6844f-c400-11e3-ad44-a65fba829510} - D:\Startme.exe
ShellExecuteHooks: No Name - {B5C518CC-9E92-11E6-A998-64006A5CFC23} -  -> No File
GroupPolicy: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-3714546670-946274982-931039520-1005 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
S2 Grzerck; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Grzerck; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\Ivan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 GrdKey; system32\DRIVERS\grdkey.sys [X]
U3 iswSvc; no ImagePath
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S2 UbarCalloutDriver; \??\C:\Program Files\UBar\UbarDriver.sys [X]
2016-12-26 15:46 - 2016-12-26 15:47 - 00000000 ____D C:\Program Files (x86)\GUM6C59.tmp
Task: {0C27557E-D4E6-4617-B3E0-C79A849D55DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {69E36298-7B49-4FAB-82E9-6417D0114011} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B308B8CE-167D-4EE8-A0B1-129DDE49A1BA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:25EB0427_Cef.gbp [2]
AlternateDataStreams: C:\Windows\System32:25EB0427_Isg.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2166]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Restore Point?
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 21 January 2017 - 12:18 PM

Hi! I've already restored the latest bookmarks from FF options. No need to run restore point. It is located at: c:\users\your name\AppData\Roaming\Mozilla\Firefox\Profiles\xxxx.default\bookmarkbackups\. You have to go to FF, bookmark, show all bookmark, then import/backup option. Select restore, input the path and then the latest file. Voilà! That's it!


Edited by igirao, 21 January 2017 - 12:23 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:58 AM

Posted 21 January 2017 - 12:45 PM

OK, but what about the other bookmarks?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 igirao

igirao
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 21 January 2017 - 01:23 PM

No need to worry about them. I have FF as my default browser. I barely run IE or Chrome so no significant bookmarks at all.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users