Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-09-2016
Executado por Evandro (administrador) em VAGNER-PC (25-09-2016 21:16:38)
Executando a partir de C:\Users\Evandro\Downloads
Perfis Carregados: Evandro (Perfis Disponíveis: Evandro)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(MDL Forum, mod by Ratiborus) C:\ProgramData\KMSAuto\bin\KMSSS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
() C:\Program Files (x86)\Viva\viva.exe
(Google Inc.) C:\Users\Evandro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evandro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evandro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evandro\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-25] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\Run: [Google Update] => C:\Users\Evandro\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2016-08-21] (Google Inc.)
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\MountPoints2: {23faae68-8355-11e6-aa9d-90e6ba130a7e} - F:\SETUP.EXE
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\MountPoints2: {904a0223-ca15-11e1-badf-90e6ba130a7e} - I:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-21] (AVAST Software)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4EE67B60-2BC7-4505-84CD-B1F2F15E15FA}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
URLSearchHook: HKU\S-1-5-21-866393489-2856413032-2875692847-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKU\S-1-5-21-866393489-2856413032-2875692847-1001 -> {F00CD406-A048-431F-8DC8-D953A5EE59CC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14674&src=kw&q={searchTerms}&locale=&apn_ptnrs=T9&apn_dtid=YYYYYYYYUS&apn_uid=5b50bf15-24d9-42c9-b656-f356319283ee&apn_sauid=FAC06862-F1F0-4B2E-8545-AC20914DCB66
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-09-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-21] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-09-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-09-25] (Microsoft Corporation)
BHO-x32: PSafe ClikSeguro -> {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} -> C:\Program Files (x86)\PSafe\ClikSeguro\ClikSeguro.dll => Nenhum Arquivo
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-21] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-09-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-25] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-866393489-2856413032-2875692847-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Evandro\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-866393489-2856413032-2875692847-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Evandro\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-21] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-21]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR Plugin: (Native Client) - C:\Users\Evandro\AppData\Local\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => Nenhum Arquivo
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Evandro\AppData\Local\Google\Chrome\Application\53.0.2785.116\pdf.dll => Nenhum Arquivo
CHR Plugin: (Shockwave Flash) - C:\Users\Evandro\AppData\Local\Google\Chrome\Application\53.0.2785.116\gcswf32.dll => Nenhum Arquivo
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => Nenhum Arquivo
CHR Plugin: (Google Update) - C:\Users\Evandro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Nenhum Arquivo
CHR Profile: C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default [2016-09-25]
CHR Extension: (Ask Toolbar) - C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoomnboffjcgcebabolakmhbblbk [2016-08-27] [UpdateUrl: hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php] <==== ATENÇÃO
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-27]
CHR HKLM-x32\...\Chrome\Extension: [aaaapoomnboffjcgcebabolakmhbblbk] - C:\Users\Evandro\AppData\Local\APN\GoogleCRXs\aaaapoomnboffjcgcebabolakmhbblbk_7.15.4.0.crx [2012-06-23]
CHR HKLM-x32\...\Chrome\Extension: [fpknlgclcjbgepbagcobhdainldkgggl] - C:\Program Files (x86)\PSafe\ClikSeguro\\chext\clikseguro.crx
StartMenuInternet: Google Chrome - C:\Users\Evandro\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-21] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3035848 2016-09-15] (Microsoft Corporation)
R2 COMLiveService; C:\Program Files (x86)\Viva\viva.exe [346624 2015-10-05] () [Arquivo não assinado]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 auto_7; C:\Windows\SysWOW64\gb_service.exe [X]
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-21] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-25] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MODEMCSA; C:\Windows\system32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Windows\SysWOW64\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Arquivo não assinado]
R1 vivadrv; C:\Windows\System32\drivers\vivadrv.sys [57600 2015-09-17] (Windows (R) Win 7 DDK provider)
S3 WinDivert1.1; C:\ProgramData\KMSAuto\bin\driver\x64WDV\WinDivert.sys [35376 2013-12-03] (Basil Projects)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-09-25 21:17 - 2016-09-25 21:17 - 00026229 _____ C:\Users\Evandro\Desktop\Addition2.txt
2016-09-25 21:17 - 2016-09-25 21:17 - 00026162 _____ C:\Users\Evandro\Desktop\FRST.txt
2016-09-25 21:16 - 2016-09-25 21:16 - 00026229 _____ C:\Users\Evandro\Desktop\Addition.txt
2016-09-25 21:15 - 2016-09-25 21:16 - 00026226 _____ C:\Users\Evandro\Downloads\Addition.txt
2016-09-25 21:14 - 2016-09-25 21:16 - 00015390 _____ C:\Users\Evandro\Downloads\FRST.txt
2016-09-25 21:14 - 2016-09-25 21:16 - 00000000 ____D C:\FRST
2016-09-25 21:13 - 2016-09-25 21:13 - 02403328 _____ (Farbar) C:\Users\Evandro\Downloads\FRST64.exe
2016-09-25 21:12 - 2016-09-25 21:12 - 00629006 _____ C:\Users\Evandro\Downloads\Windows6.1-KB2999226-x86 (1).msu
2016-09-25 21:11 - 2016-09-25 21:11 - 00629006 _____ C:\Users\Evandro\Downloads\Windows6.1-KB2999226-x86.msu
2016-09-25 21:10 - 2016-09-25 21:10 - 01034556 _____ C:\Users\Evandro\Downloads\Windows6.1-KB2999226-x64.msu
2016-09-25 21:04 - 2016-09-25 21:04 - 00000000 ____D C:\Users\Todos os Usuários\KMSAuto
2016-09-25 21:04 - 2016-09-25 21:04 - 00000000 ____D C:\Users\Evandro\AppData\Local\MSfree Inc
2016-09-25 21:04 - 2016-09-25 21:04 - 00000000 ____D C:\ProgramData\KMSAuto
2016-09-25 21:01 - 2016-09-25 21:01 - 00002169 _____ C:\Users\Evandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-25 21:01 - 2016-09-25 21:01 - 00002106 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-25 21:01 - 2016-09-25 21:01 - 00002106 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-25 21:01 - 2016-09-25 21:01 - 00002106 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-25 21:01 - 2016-09-25 21:01 - 00000000 ___RD C:\Users\Evandro\OneDrive
2016-09-25 21:01 - 2016-09-25 21:01 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2016-09-25 21:01 - 2016-09-25 21:01 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-25 21:01 - 2016-09-25 21:01 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-09-25 21:00 - 2016-09-25 21:00 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-09-25 20:27 - 2016-09-25 20:27 - 00002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-09-25 20:16 - 2016-09-25 21:00 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-09-25 20:16 - 2016-09-25 21:00 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-25 20:05 - 2016-09-25 20:16 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-25 20:04 - 2016-09-25 20:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-25 20:03 - 2016-09-25 20:03 - 00722130 _____ C:\Windows\unins000.exe
2016-09-25 20:03 - 2016-09-25 20:03 - 00000781 _____ C:\Windows\unins000.dat
2016-09-25 20:03 - 2016-09-25 20:03 - 00000000 ____D C:\viva
2016-09-25 20:03 - 2016-09-25 20:03 - 00000000 ____D C:\Program Files (x86)\Viva
2016-09-25 20:03 - 2015-09-17 21:27 - 00057600 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vivadrv.sys
2016-09-25 17:01 - 2016-09-25 21:04 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-09-25 17:00 - 2016-09-25 17:09 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-09-25 17:00 - 2016-09-25 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-25 17:00 - 2016-09-25 17:00 - 00000000 ____D C:\Users\Evandro\AppData\Local\Microsoft Help
2016-09-25 16:58 - 2016-09-25 16:58 - 00002562 _____ C:\Windows\diagwrn.xml
2016-09-25 16:58 - 2016-09-25 16:58 - 00001908 _____ C:\Windows\diagerr.xml
2016-09-25 16:58 - 2016-09-25 13:49 - 626238927 _____ C:\Users\Evandro\Desktop\Office 2010 Profissional.rar
2016-09-25 16:58 - 2014-12-18 10:34 - 00000000 ____D C:\Users\Evandro\Desktop\Microsoft Office 2010 Profissional Portugues x32 Bits Full ISO
2016-09-25 16:55 - 2016-09-25 16:55 - 00000000 ____D C:\Users\Evandro\AppData\Roaming\WinRAR
2016-09-25 16:55 - 2016-09-25 16:55 - 00000000 ____D C:\Users\Evandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-25 16:55 - 2016-09-25 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-25 16:54 - 2016-09-25 16:57 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-09-25 16:54 - 2016-09-25 16:55 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-09-25 16:54 - 2016-09-25 16:54 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-09-25 16:53 - 2016-09-25 16:59 - 00000000 ____D C:\Users\Evandro\AppData\Roaming\DAEMON Tools Lite
2016-09-25 16:53 - 2016-09-25 16:54 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-09-25 16:53 - 2016-09-25 16:53 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-09-25 16:53 - 2016-09-25 16:53 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2016-09-25 16:53 - 2016-09-25 16:53 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-09-15 12:09 - 2016-09-15 12:09 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00394504 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00334616 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-09-25 21:06 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-25 21:06 - 2009-07-14 01:45 - 00434096 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-25 21:05 - 2009-07-14 01:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-25 21:05 - 2009-07-14 01:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-25 21:01 - 2012-06-20 15:20 - 00000000 ____D C:\Users\Evandro
2016-09-25 21:00 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-09-25 20:59 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-09-25 20:47 - 2012-06-20 15:25 - 00001086 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-866393489-2856413032-2875692847-1001UA.job
2016-09-25 20:08 - 2012-06-20 15:23 - 00110176 _____ C:\Users\Evandro\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-25 17:08 - 2012-06-20 15:49 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-09-25 17:08 - 2012-06-20 15:49 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-09-25 17:03 - 2009-07-14 15:11 - 00000000 ____D C:\Windows\ShellNew
2016-09-25 17:02 - 2009-07-13 23:34 - 00000387 _____ C:\Windows\win.ini
2016-09-25 16:57 - 2009-07-14 14:55 - 03165994 _____ C:\Windows\system32\prfh0416.dat
2016-09-25 16:57 - 2009-07-14 14:55 - 02517580 _____ C:\Windows\system32\prfc0416.dat
2016-09-25 16:57 - 2009-07-14 02:13 - 00005200 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-25 16:29 - 2012-06-20 16:36 - 00002381 _____ C:\Users\Evandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Alguns arquivos em TEMP:
====================
C:\Users\Evandro\AppData\Local\Temp\buscape_nahora_plugin.exe
C:\Users\Evandro\AppData\Local\Temp\genteert.dll
C:\Users\Evandro\AppData\Local\Temp\ICReinstall_photoscape-363-baixaki-32-bits.exe
C:\Users\Evandro\AppData\Local\Temp\ose00000.exe
C:\Users\Evandro\AppData\Local\Temp\ose00001.exe
C:\Users\Evandro\AppData\Local\Temp\ose00002.exe
C:\Users\Evandro\AppData\Local\Temp\utiB0F0.tmp.exe
C:\Users\Evandro\AppData\Local\Temp\utiBCE7.tmp.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-08-21 18:14
==================== Fim de FRST.txt ============================
Executado por Evandro (administrador) em VAGNER-PC (25-09-2016 21:16:38)
Executando a partir de C:\Users\Evandro\Downloads
Perfis Carregados: Evandro (Perfis Disponíveis: Evandro)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(MDL Forum, mod by Ratiborus) C:\ProgramData\KMSAuto\bin\KMSSS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
() C:\Program Files (x86)\Viva\viva.exe
(Google Inc.) C:\Users\Evandro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evandro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evandro\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evandro\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-25] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\Run: [Google Update] => C:\Users\Evandro\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2016-08-21] (Google Inc.)
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-08-29] (Disc Soft Ltd)
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\MountPoints2: J - J:\SETUP.EXE
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\MountPoints2: {23faae68-8355-11e6-aa9d-90e6ba130a7e} - F:\SETUP.EXE
HKU\S-1-5-21-866393489-2856413032-2875692847-1001\...\MountPoints2: {904a0223-ca15-11e1-badf-90e6ba130a7e} - I:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-21] (AVAST Software)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4EE67B60-2BC7-4505-84CD-B1F2F15E15FA}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
URLSearchHook: HKU\S-1-5-21-866393489-2856413032-2875692847-1001 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKU\S-1-5-21-866393489-2856413032-2875692847-1001 -> {F00CD406-A048-431F-8DC8-D953A5EE59CC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14674&src=kw&q={searchTerms}&locale=&apn_ptnrs=T9&apn_dtid=YYYYYYYYUS&apn_uid=5b50bf15-24d9-42c9-b656-f356319283ee&apn_sauid=FAC06862-F1F0-4B2E-8545-AC20914DCB66
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-09-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-21] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-09-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-09-25] (Microsoft Corporation)
BHO-x32: PSafe ClikSeguro -> {802D2971-E7C7-4219-8D5C-AFDCD0DA939E} -> C:\Program Files (x86)\PSafe\ClikSeguro\ClikSeguro.dll => Nenhum Arquivo
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-21] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-09-25] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-25] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-25] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-09-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-866393489-2856413032-2875692847-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Evandro\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-866393489-2856413032-2875692847-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Evandro\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-21] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-21]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR Plugin: (Native Client) - C:\Users\Evandro\AppData\Local\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => Nenhum Arquivo
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Evandro\AppData\Local\Google\Chrome\Application\53.0.2785.116\pdf.dll => Nenhum Arquivo
CHR Plugin: (Shockwave Flash) - C:\Users\Evandro\AppData\Local\Google\Chrome\Application\53.0.2785.116\gcswf32.dll => Nenhum Arquivo
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => Nenhum Arquivo
CHR Plugin: (Google Update) - C:\Users\Evandro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Nenhum Arquivo
CHR Profile: C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default [2016-09-25]
CHR Extension: (Ask Toolbar) - C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoomnboffjcgcebabolakmhbblbk [2016-08-27] [UpdateUrl: hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php] <==== ATENÇÃO
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-27]
CHR Extension: (Chrome Media Router) - C:\Users\Evandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-27]
CHR HKLM-x32\...\Chrome\Extension: [aaaapoomnboffjcgcebabolakmhbblbk] - C:\Users\Evandro\AppData\Local\APN\GoogleCRXs\aaaapoomnboffjcgcebabolakmhbblbk_7.15.4.0.crx [2012-06-23]
CHR HKLM-x32\...\Chrome\Extension: [fpknlgclcjbgepbagcobhdainldkgggl] - C:\Program Files (x86)\PSafe\ClikSeguro\\chext\clikseguro.crx
StartMenuInternet: Google Chrome - C:\Users\Evandro\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-21] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3035848 2016-09-15] (Microsoft Corporation)
R2 COMLiveService; C:\Program Files (x86)\Viva\viva.exe [346624 2015-10-05] () [Arquivo não assinado]
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-08-29] (Disc Soft Ltd)
R2 KMSEmulator; C:\ProgramData\KMSAuto\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 auto_7; C:\Windows\SysWOW64\gb_service.exe [X]
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-21] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-09-25] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MODEMCSA; C:\Windows\system32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Windows\SysWOW64\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Arquivo não assinado]
R1 vivadrv; C:\Windows\System32\drivers\vivadrv.sys [57600 2015-09-17] (Windows (R) Win 7 DDK provider)
S3 WinDivert1.1; C:\ProgramData\KMSAuto\bin\driver\x64WDV\WinDivert.sys [35376 2013-12-03] (Basil Projects)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-09-25 21:17 - 2016-09-25 21:17 - 00026229 _____ C:\Users\Evandro\Desktop\Addition2.txt
2016-09-25 21:17 - 2016-09-25 21:17 - 00026162 _____ C:\Users\Evandro\Desktop\FRST.txt
2016-09-25 21:16 - 2016-09-25 21:16 - 00026229 _____ C:\Users\Evandro\Desktop\Addition.txt
2016-09-25 21:15 - 2016-09-25 21:16 - 00026226 _____ C:\Users\Evandro\Downloads\Addition.txt
2016-09-25 21:14 - 2016-09-25 21:16 - 00015390 _____ C:\Users\Evandro\Downloads\FRST.txt
2016-09-25 21:14 - 2016-09-25 21:16 - 00000000 ____D C:\FRST
2016-09-25 21:13 - 2016-09-25 21:13 - 02403328 _____ (Farbar) C:\Users\Evandro\Downloads\FRST64.exe
2016-09-25 21:12 - 2016-09-25 21:12 - 00629006 _____ C:\Users\Evandro\Downloads\Windows6.1-KB2999226-x86 (1).msu
2016-09-25 21:11 - 2016-09-25 21:11 - 00629006 _____ C:\Users\Evandro\Downloads\Windows6.1-KB2999226-x86.msu
2016-09-25 21:10 - 2016-09-25 21:10 - 01034556 _____ C:\Users\Evandro\Downloads\Windows6.1-KB2999226-x64.msu
2016-09-25 21:04 - 2016-09-25 21:04 - 00000000 ____D C:\Users\Todos os Usuários\KMSAuto
2016-09-25 21:04 - 2016-09-25 21:04 - 00000000 ____D C:\Users\Evandro\AppData\Local\MSfree Inc
2016-09-25 21:04 - 2016-09-25 21:04 - 00000000 ____D C:\ProgramData\KMSAuto
2016-09-25 21:01 - 2016-09-25 21:01 - 00002169 _____ C:\Users\Evandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-25 21:01 - 2016-09-25 21:01 - 00002106 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-25 21:01 - 2016-09-25 21:01 - 00002106 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-25 21:01 - 2016-09-25 21:01 - 00002106 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-25 21:01 - 2016-09-25 21:01 - 00000000 ___RD C:\Users\Evandro\OneDrive
2016-09-25 21:01 - 2016-09-25 21:01 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2016-09-25 21:01 - 2016-09-25 21:01 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-25 21:01 - 2016-09-25 21:01 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-09-25 21:00 - 2016-09-25 21:00 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-09-25 20:27 - 2016-09-25 20:27 - 00002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00002316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-09-25 20:27 - 2016-09-25 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-09-25 20:16 - 2016-09-25 21:00 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-09-25 20:16 - 2016-09-25 21:00 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-25 20:05 - 2016-09-25 20:16 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-25 20:04 - 2016-09-25 20:04 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-25 20:03 - 2016-09-25 20:03 - 00722130 _____ C:\Windows\unins000.exe
2016-09-25 20:03 - 2016-09-25 20:03 - 00000781 _____ C:\Windows\unins000.dat
2016-09-25 20:03 - 2016-09-25 20:03 - 00000000 ____D C:\viva
2016-09-25 20:03 - 2016-09-25 20:03 - 00000000 ____D C:\Program Files (x86)\Viva
2016-09-25 20:03 - 2015-09-17 21:27 - 00057600 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vivadrv.sys
2016-09-25 17:01 - 2016-09-25 21:04 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-09-25 17:00 - 2016-09-25 17:09 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-09-25 17:00 - 2016-09-25 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-25 17:00 - 2016-09-25 17:00 - 00000000 ____D C:\Users\Evandro\AppData\Local\Microsoft Help
2016-09-25 16:58 - 2016-09-25 16:58 - 00002562 _____ C:\Windows\diagwrn.xml
2016-09-25 16:58 - 2016-09-25 16:58 - 00001908 _____ C:\Windows\diagerr.xml
2016-09-25 16:58 - 2016-09-25 13:49 - 626238927 _____ C:\Users\Evandro\Desktop\Office 2010 Profissional.rar
2016-09-25 16:58 - 2014-12-18 10:34 - 00000000 ____D C:\Users\Evandro\Desktop\Microsoft Office 2010 Profissional Portugues x32 Bits Full ISO
2016-09-25 16:55 - 2016-09-25 16:55 - 00000000 ____D C:\Users\Evandro\AppData\Roaming\WinRAR
2016-09-25 16:55 - 2016-09-25 16:55 - 00000000 ____D C:\Users\Evandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-25 16:55 - 2016-09-25 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-25 16:54 - 2016-09-25 16:57 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-09-25 16:54 - 2016-09-25 16:55 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-09-25 16:54 - 2016-09-25 16:54 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-09-25 16:53 - 2016-09-25 16:59 - 00000000 ____D C:\Users\Evandro\AppData\Roaming\DAEMON Tools Lite
2016-09-25 16:53 - 2016-09-25 16:54 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-09-25 16:53 - 2016-09-25 16:53 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-09-25 16:53 - 2016-09-25 16:53 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2016-09-25 16:53 - 2016-09-25 16:53 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-09-15 12:09 - 2016-09-15 12:09 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00394504 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00334616 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-09-15 12:09 - 2016-09-15 12:09 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-09-25 21:06 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-25 21:06 - 2009-07-14 01:45 - 00434096 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-25 21:05 - 2009-07-14 01:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-25 21:05 - 2009-07-14 01:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-25 21:01 - 2012-06-20 15:20 - 00000000 ____D C:\Users\Evandro
2016-09-25 21:00 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-09-25 20:59 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-09-25 20:47 - 2012-06-20 15:25 - 00001086 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-866393489-2856413032-2875692847-1001UA.job
2016-09-25 20:08 - 2012-06-20 15:23 - 00110176 _____ C:\Users\Evandro\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-25 17:08 - 2012-06-20 15:49 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-09-25 17:08 - 2012-06-20 15:49 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-09-25 17:03 - 2009-07-14 15:11 - 00000000 ____D C:\Windows\ShellNew
2016-09-25 17:02 - 2009-07-13 23:34 - 00000387 _____ C:\Windows\win.ini
2016-09-25 16:57 - 2009-07-14 14:55 - 03165994 _____ C:\Windows\system32\prfh0416.dat
2016-09-25 16:57 - 2009-07-14 14:55 - 02517580 _____ C:\Windows\system32\prfc0416.dat
2016-09-25 16:57 - 2009-07-14 02:13 - 00005200 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-25 16:29 - 2012-06-20 16:36 - 00002381 _____ C:\Users\Evandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Alguns arquivos em TEMP:
====================
C:\Users\Evandro\AppData\Local\Temp\buscape_nahora_plugin.exe
C:\Users\Evandro\AppData\Local\Temp\genteert.dll
C:\Users\Evandro\AppData\Local\Temp\ICReinstall_photoscape-363-baixaki-32-bits.exe
C:\Users\Evandro\AppData\Local\Temp\ose00000.exe
C:\Users\Evandro\AppData\Local\Temp\ose00001.exe
C:\Users\Evandro\AppData\Local\Temp\ose00002.exe
C:\Users\Evandro\AppData\Local\Temp\utiB0F0.tmp.exe
C:\Users\Evandro\AppData\Local\Temp\utiBCE7.tmp.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-08-21 18:14
==================== Fim de FRST.txt ============================