Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Bel (administrator) on BELA (29-04-2017 14:21:45)
Running from C:\Users\Bel\Desktop
Loaded Profiles: Bel (Available Profiles: Bel)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Windows\SysWOW64\WIN8_MBIM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-01-18] (GAS Tecnologia LTDA)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-06] (Microsoft Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54576 2009-04-17] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-24] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-07-14] (Caixa Economica Federal)
HKU\S-1-5-21-3384688840-1966269466-4186571649-1001\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2009-04-17] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-3384688840-1966269466-4186571649-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1903328 2016-07-14] (Caixa Economica Federal)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-24] (Banco do Brasil)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 201.6.2.80 201.6.2.180
Tcpip\..\Interfaces\{4ec0d376-1aaf-42b1-abc8-2eff01ca35ea}: [NameServer] 8.8.8.8,4.4.4.4
Tcpip\..\Interfaces\{4ec0d376-1aaf-42b1-abc8-2eff01ca35ea}: [DhcpNameServer] 200.204.0.10 200.204.0.138
Tcpip\..\Interfaces\{5f13e427-4b2a-40e0-8cbd-df76e869ca8b}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8fec918a-8171-4626-b2fb-22c2ead958a7}: [NameServer] 8.8.8.8,4.4.4.4
Tcpip\..\Interfaces\{8fec918a-8171-4626-b2fb-22c2ead958a7}: [DhcpNameServer] 201.6.2.80 201.6.2.180
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3384688840-1966269466-4186571649-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={9E2AA3E3-D246-411B-AE52-B6FCE66147A0}&mid=c5bdc75e154f47cd9d27b91405e42648-e6b3850a13993201d3aa973a34e50bd9db317bbb&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0715avt&pr=fr&d=2015-07-18 07:59:11&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {D92D6DF4-55A7-48A3-A5EE-CC0EA700CD64} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&intl=br&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {EDAE51EE-7137-425A-9506-0443FFB4D340} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^BR&gct=&itbv=12.24.1.51&apn_uid=464CB487-7471-4507-8762-E6010EE88077&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^BR&apn_dbr=ie_11.0.9600.17416&doi=2015-03-07&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-18] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-24] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2016-07-14] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
Toolbar: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
FireFox:
========
FF ProfilePath: C:\Users\Bel\AppData\Roaming\Mozilla\Firefox\Profiles\kivmIbGm.default [2016-11-30]
FF Extension: (Avira Browser Safety) - C:\Users\Bel\AppData\Roaming\Mozilla\Firefox\Profiles\kivmIbGm.default\Extensions\abs@avira.com [2016-11-30]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin HKU\S-1-5-21-3384688840-1966269466-4186571649-1001: gastecnologia.com.br/sf/abn -> C:\Users\Bel\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-19] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3384688840-1966269466-4186571649-1001: gastecnologia.com.br/sf/abn64 -> C:\Users\Bel\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll [2015-02-19] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3384688840-1966269466-4186571649-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\Bel\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [No File]
FF Plugin HKU\S-1-5-21-3384688840-1966269466-4186571649-1001: gastecnologia.com.br/sf/cef -> C:\Users\Bel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-05-30] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3384688840-1966269466-4186571649-1001: gastecnologia.com.br/sf/cef64 -> C:\Users\Bel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-05-30] (GAS Tecnologia)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default [2017-04-29]
CHR Extension: (Google Apresentações) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Google Docs) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Planilhas do Google) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-30]
CHR Extension: (Documentos Google off-line) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-09]
CHR Profile: C:\Users\Bel\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3384688840-1966269466-4186571649-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-28] (Avira Operations GmbH & Co. KG)
R2 AutoRun_MBIM; C:\WINDOWS\SysWOW64\WIN8_MBIM.exe [163840 2014-03-06] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-26] (GAS Tecnologia)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-20] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-22] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-22] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-22] (McAfee, Inc.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-01-18] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2015-10-22] (The OpenVPN Project)
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [67552 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-03] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [295400 2015-06-15] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-03] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [48584 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2017-04-25] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-05-04] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [48096 2012-08-10] (Windows (R) Win 7 DDK provider)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2016-11-11] (GAS Tecnologia)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [47176 2016-06-21] (GAS Tecnologia)
S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [25184 2016-11-11] (GAS Tecnologia)
S3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [25184 2016-11-11] (GAS Tecnologia)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)
U0 aswVmm; no ImagePath
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-29 14:21 - 2017-04-29 14:23 - 00025638 _____ C:\Users\Bel\Desktop\FRST.txt
2017-04-29 14:18 - 2017-04-29 14:21 - 00000000 ____D C:\FRST
2017-04-29 14:14 - 2017-04-29 14:18 - 02427392 _____ (Farbar) C:\Users\Bel\Desktop\FRST64.exe
2017-04-26 20:40 - 2017-04-27 00:15 - 00012632 _____ C:\Users\Bel\Documents\IR FInanciamento APTO 2012 em diante.xlsx
2017-04-25 08:08 - 2017-04-25 08:09 - 00334555 _____ C:\Users\Bel\Documents\_CV_Izabela_Ribeiro_2017_Negócios.pdf
2017-04-23 23:24 - 2017-04-23 23:24 - 00000000 ____D C:\ProgramData\TrueKey
2017-04-23 12:10 - 2017-04-13 21:12 - 77918161 _____ C:\Users\Bel\Documents\Mapa Astral Fernanda Chacel 13.4.17.m4a
2017-04-23 10:04 - 2017-04-25 07:05 - 00000000 ____D C:\Users\Bel\Documents\APTO Joaquim Antunes
2017-04-23 08:13 - 2017-04-23 08:13 - 00000000 ____D C:\Users\Bel\.fontconfig
2017-04-23 08:12 - 2017-04-23 08:12 - 00000000 ____D C:\Users\Bel\AppData\Local\converter
2017-04-23 08:11 - 2017-04-23 08:11 - 00001164 _____ C:\Users\Public\Desktop\Movavi Video Converter 17.lnk
2017-04-23 08:11 - 2017-04-23 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 17
2017-04-23 08:10 - 2017-04-23 08:11 - 00000000 ____D C:\Program Files (x86)\Movavi Video Converter 17
2017-04-23 08:09 - 2017-04-23 08:09 - 00005041 _____ C:\ProgramData\mudtcpaz.vzs
2017-04-23 08:09 - 2017-04-23 08:09 - 00000000 ____D C:\ProgramData\Movavi Video Converter 17
2017-04-22 23:28 - 2017-04-23 08:09 - 42296976 _____ (Movavi) C:\Users\Bel\Downloads\MovaviVideoConverterSetupC.exe
2017-04-22 23:23 - 2017-04-23 08:12 - 00000000 ____D C:\Users\Bel\AppData\Local\Movavi
2017-04-22 23:23 - 2017-04-22 23:23 - 00000000 ____D C:\Users\Bel\AppData\Local\PhotoEditor
2017-04-22 23:22 - 2017-04-22 23:22 - 00000000 ____D C:\ProgramData\Movavi
2017-04-22 23:11 - 2017-04-22 23:11 - 00005085 _____ C:\ProgramData\cgbpfizu.hkv
2017-04-22 23:11 - 2017-04-22 23:11 - 00000016 _____ C:\ProgramData\mntemp
2017-04-22 23:11 - 2017-04-22 23:11 - 00000000 ____D C:\ProgramData\Movavi Photo Editor 4
2017-04-22 19:09 - 2017-04-22 19:09 - 00001209 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-04-18 20:22 - 2017-04-18 20:22 - 00000000 ____D C:\Users\Bel\AppData\Roaming\Yahoo
2017-04-18 20:21 - 2017-04-18 20:21 - 00000000 ____D C:\Users\Bel\AppData\Local\YSearchUtil
2017-04-11 01:02 - 2017-04-11 01:02 - 01534247 _____ C:\Users\Bel\Downloads\AnaliseEconomicaeFinanceiradeEmpresas (1) (1).zip
2017-04-10 23:47 - 2017-04-10 23:47 - 01534247 _____ C:\Users\Bel\Downloads\AnaliseEconomicaeFinanceiradeEmpresas (1).zip
2017-04-10 09:51 - 2017-04-10 09:52 - 00000000 ____D C:\Users\Bel\.irpf
2017-04-09 17:24 - 2017-04-09 17:24 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-09 17:24 - 2017-04-09 17:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-09 17:24 - 2017-04-09 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-09 11:05 - 2017-04-09 21:58 - 00015728 _____ C:\Users\Bel\Documents\Voluntariado_Lar Idosas.xlsx
2017-04-08 09:50 - 2017-04-08 09:50 - 03039829 _____ C:\Users\Bel\Downloads\OperacoesDeInvestimento40503.zip
2017-04-08 09:48 - 2017-04-08 09:48 - 01534247 _____ C:\Users\Bel\Downloads\AnaliseEconomicaeFinanceiradeEmpresas.zip
2017-04-08 08:44 - 2017-04-08 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-04-06 09:31 - 2017-04-06 09:31 - 00099413 _____ C:\Users\Bel\Downloads\GerarPDF_06042017093112.pdf
2017-03-16 06:53 - 2017-03-16 06:53 - 00000165 ____H C:\Users\Bel\Documents\~$Almoço mineiro.xlsx
2017-03-14 08:10 - 2017-03-20 21:07 - 00013901 _____ C:\Users\Bel\Documents\Almoço mineiro.xlsx
2017-03-10 21:25 - 2017-03-10 21:25 - 00483824 _____ (IBM Corp.) C:\Users\Bel\Downloads\RapportSetup (2).exe
2017-03-10 21:25 - 2017-03-10 21:25 - 00000000 ____D C:\ProgramData\Trusteer
2017-03-07 00:02 - 2017-03-07 00:02 - 00001765 _____ C:\Users\Bel\Desktop\Carnê-Leão 2016.lnk
2017-03-06 23:39 - 2017-03-06 23:39 - 17942704 _____ (Receita Federal do Brasil) C:\Users\Bel\Downloads\LEAO2016Win32v1.1.exe
2017-03-05 19:24 - 2017-03-05 19:25 - 06709168 _____ C:\Users\Bel\Downloads\eBook-7-passos-autoconhecimento.pdf
2017-03-01 23:26 - 2017-03-01 23:26 - 00001765 _____ C:\Users\Public\Desktop\IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
2017-03-01 23:26 - 2017-03-01 23:26 - 00000000 ____D C:\Users\Bel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
2017-03-01 23:26 - 2017-03-01 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
2017-03-01 23:24 - 2017-03-01 23:25 - 28203488 _____ (Receita Federal do Brasil) C:\Users\Bel\Downloads\IRPF2017Win32v1.0.exe
2017-03-01 22:18 - 2017-03-01 22:19 - 00000000 ____D C:\Users\Bel\Documents\TJ SP 2017
2017-02-28 17:54 - 2017-04-25 06:44 - 00051121 _____ C:\Users\Bel\Documents\GASTOS_2017.xlsx
2017-02-28 17:54 - 2017-02-28 17:54 - 00000165 ____H C:\Users\Bel\Documents\~$GASTOS_2017.xlsx
2017-02-15 06:39 - 2017-04-08 08:44 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-02-15 06:28 - 2017-02-15 06:28 - 03242842 _____ C:\Users\Bel\Downloads\Docto financ imob parte 2.zip
2017-02-15 06:26 - 2017-02-15 06:26 - 02710334 _____ C:\Users\Bel\Downloads\Docto Financ imob parte 1.zip
2017-02-15 06:09 - 2017-04-12 07:31 - 00004602 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-15 06:09 - 2017-04-08 08:44 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-02-15 06:09 - 2017-03-16 21:23 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-15 06:09 - 2017-02-15 06:09 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-02-05 21:31 - 2017-02-05 21:31 - 00483824 _____ (IBM Corp.) C:\Users\Bel\Downloads\RapportSetup (1).exe
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-29 14:22 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-29 14:21 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-29 13:52 - 2017-01-02 23:36 - 00003586 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 13:52 - 2017-01-02 23:36 - 00003462 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 13:27 - 2015-03-02 18:30 - 00000000 ____D C:\Users\Bel\AppData\Roaming\Skype
2017-04-29 13:18 - 2016-11-05 21:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-29 12:46 - 2015-03-07 11:13 - 00000000 __SHD C:\Users\Bel\IntelGraphicsProfiles
2017-04-27 00:16 - 2016-11-05 21:34 - 00000000 ____D C:\Users\Bel
2017-04-27 00:15 - 2015-03-07 13:39 - 00000000 ____D C:\Users\Bel\.receitanet
2017-04-26 21:32 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-25 22:09 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-25 08:09 - 2016-02-24 18:19 - 00000000 ____D C:\Users\Bel\Documents\CVs
2017-04-25 06:49 - 2015-08-18 03:32 - 00028888 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpddfac64.sys
2017-04-25 06:46 - 2016-11-05 22:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-25 06:46 - 2015-03-02 20:59 - 00000000 ____D C:\ProgramData\GbPlugin
2017-04-25 06:46 - 2015-03-02 20:59 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-04-25 06:45 - 2016-07-16 03:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-22 19:09 - 2016-11-30 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-22 19:09 - 2015-02-23 23:09 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-18 20:24 - 2015-03-04 22:44 - 00000000 ____D C:\ProgramData\Oracle
2017-04-18 20:22 - 2015-03-04 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-18 20:22 - 2015-03-04 22:44 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-18 20:18 - 2015-03-04 22:44 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-04-12 07:31 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-12 07:31 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 01:03 - 2013-07-25 12:02 - 01607022 _____ C:\Users\Bel\Documents\AnaliseEcoFin1.pdf
2017-04-11 01:03 - 2012-09-18 12:20 - 00097726 _____ C:\Users\Bel\Documents\Exercicios.pdf
2017-04-10 09:51 - 2015-03-28 14:17 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-09 17:24 - 2015-03-02 18:16 - 00000000 ____D C:\ProgramData\Skype
2017-04-08 08:40 - 2016-12-13 06:16 - 00003264 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-08 08:40 - 2015-08-03 21:54 - 00002395 _____ C:\Users\Bel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-08 08:40 - 2015-08-03 21:54 - 00000000 ___RD C:\Users\Bel\OneDrive
2017-04-06 09:32 - 2016-02-23 19:23 - 00000000 ____D C:\Users\Bel\Documents\IR
2017-04-06 09:31 - 2017-01-02 23:37 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 09:31 - 2017-01-02 23:37 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-04 22:33 - 2016-11-05 21:33 - 01203178 _____ C:\WINDOWS\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2017-01-02 21:59 - 2017-01-02 21:59 - 7680000 _____ () C:\Program Files (x86)\GUT4F9D.tmp
2016-06-26 21:27 - 2016-06-26 21:27 - 0016004 _____ () C:\Users\Bel\AppData\Roaming\unins000.dat
2015-03-09 18:35 - 2015-04-30 20:08 - 0115140 _____ () C:\Users\Bel\AppData\Roaming\unins002.dat
2017-04-22 23:11 - 2017-04-22 23:11 - 0005085 _____ () C:\ProgramData\cgbpfizu.hkv
2017-04-22 23:11 - 2017-04-22 23:11 - 0000016 _____ () C:\ProgramData\mntemp
2017-04-23 08:09 - 2017-04-23 08:09 - 0005041 _____ () C:\ProgramData\mudtcpaz.vzs
Some files in TEMP:
====================
2017-04-18 20:17 - 2017-04-18 20:17 - 0739904 _____ (Oracle Corporation) C:\Users\Bel\AppData\Local\Temp\jre-8u131-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-20 00:23
==================== End of FRST.txt ============================
Ran by Bel (administrator) on BELA (29-04-2017 14:21:45)
Running from C:\Users\Bel\Desktop
Loaded Profiles: Bel (Available Profiles: Bel)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Windows\SysWOW64\WIN8_MBIM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-01-18] (GAS Tecnologia LTDA)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-06] (Microsoft Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54576 2009-04-17] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-24] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-07-14] (Caixa Economica Federal)
HKU\S-1-5-21-3384688840-1966269466-4186571649-1001\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2009-04-17] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-3384688840-1966269466-4186571649-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1903328 2016-07-14] (Caixa Economica Federal)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-24] (Banco do Brasil)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 201.6.2.80 201.6.2.180
Tcpip\..\Interfaces\{4ec0d376-1aaf-42b1-abc8-2eff01ca35ea}: [NameServer] 8.8.8.8,4.4.4.4
Tcpip\..\Interfaces\{4ec0d376-1aaf-42b1-abc8-2eff01ca35ea}: [DhcpNameServer] 200.204.0.10 200.204.0.138
Tcpip\..\Interfaces\{5f13e427-4b2a-40e0-8cbd-df76e869ca8b}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8fec918a-8171-4626-b2fb-22c2ead958a7}: [NameServer] 8.8.8.8,4.4.4.4
Tcpip\..\Interfaces\{8fec918a-8171-4626-b2fb-22c2ead958a7}: [DhcpNameServer] 201.6.2.80 201.6.2.180
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3384688840-1966269466-4186571649-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={9E2AA3E3-D246-411B-AE52-B6FCE66147A0}&mid=c5bdc75e154f47cd9d27b91405e42648-e6b3850a13993201d3aa973a34e50bd9db317bbb&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0715avt&pr=fr&d=2015-07-18 07:59:11&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {D92D6DF4-55A7-48A3-A5EE-CC0EA700CD64} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&intl=br&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> {EDAE51EE-7137-425A-9506-0443FFB4D340} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^BR&gct=&itbv=12.24.1.51&apn_uid=464CB487-7471-4507-8762-E6010EE88077&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^BR&apn_dbr=ie_11.0.9600.17416&doi=2015-03-07&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-18] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-24] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2016-07-14] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
Toolbar: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3384688840-1966269466-4186571649-1001 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
FireFox:
========
FF ProfilePath: C:\Users\Bel\AppData\Roaming\Mozilla\Firefox\Profiles\kivmIbGm.default [2016-11-30]
FF Extension: (Avira Browser Safety) - C:\Users\Bel\AppData\Roaming\Mozilla\Firefox\Profiles\kivmIbGm.default\Extensions\abs@avira.com [2016-11-30]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin HKU\S-1-5-21-3384688840-1966269466-4186571649-1001: gastecnologia.com.br/sf/abn -> C:\Users\Bel\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-19] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3384688840-1966269466-4186571649-1001: gastecnologia.com.br/sf/abn64 -> C:\Users\Bel\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll [2015-02-19] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3384688840-1966269466-4186571649-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\Bel\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [No File]
FF Plugin HKU\S-1-5-21-3384688840-1966269466-4186571649-1001: gastecnologia.com.br/sf/cef -> C:\Users\Bel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-05-30] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3384688840-1966269466-4186571649-1001: gastecnologia.com.br/sf/cef64 -> C:\Users\Bel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-05-30] (GAS Tecnologia)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default [2017-04-29]
CHR Extension: (Google Apresentações) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Google Docs) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Planilhas do Google) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-30]
CHR Extension: (Documentos Google off-line) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Bel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-09]
CHR Profile: C:\Users\Bel\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3384688840-1966269466-4186571649-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-28] (Avira Operations GmbH & Co. KG)
R2 AutoRun_MBIM; C:\WINDOWS\SysWOW64\WIN8_MBIM.exe [163840 2014-03-06] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-26] (GAS Tecnologia)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-20] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-22] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-22] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-22] (McAfee, Inc.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-01-18] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2015-10-22] (The OpenVPN Project)
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [67552 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-03] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [295400 2015-06-15] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-03] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [48584 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2017-04-25] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-05-04] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [48096 2012-08-10] (Windows (R) Win 7 DDK provider)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2016-11-11] (GAS Tecnologia)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [47176 2016-06-21] (GAS Tecnologia)
S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [25184 2016-11-11] (GAS Tecnologia)
S3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [25184 2016-11-11] (GAS Tecnologia)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows (R) Win 7 DDK provider)
U0 aswVmm; no ImagePath
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-29 14:21 - 2017-04-29 14:23 - 00025638 _____ C:\Users\Bel\Desktop\FRST.txt
2017-04-29 14:18 - 2017-04-29 14:21 - 00000000 ____D C:\FRST
2017-04-29 14:14 - 2017-04-29 14:18 - 02427392 _____ (Farbar) C:\Users\Bel\Desktop\FRST64.exe
2017-04-26 20:40 - 2017-04-27 00:15 - 00012632 _____ C:\Users\Bel\Documents\IR FInanciamento APTO 2012 em diante.xlsx
2017-04-25 08:08 - 2017-04-25 08:09 - 00334555 _____ C:\Users\Bel\Documents\_CV_Izabela_Ribeiro_2017_Negócios.pdf
2017-04-23 23:24 - 2017-04-23 23:24 - 00000000 ____D C:\ProgramData\TrueKey
2017-04-23 12:10 - 2017-04-13 21:12 - 77918161 _____ C:\Users\Bel\Documents\Mapa Astral Fernanda Chacel 13.4.17.m4a
2017-04-23 10:04 - 2017-04-25 07:05 - 00000000 ____D C:\Users\Bel\Documents\APTO Joaquim Antunes
2017-04-23 08:13 - 2017-04-23 08:13 - 00000000 ____D C:\Users\Bel\.fontconfig
2017-04-23 08:12 - 2017-04-23 08:12 - 00000000 ____D C:\Users\Bel\AppData\Local\converter
2017-04-23 08:11 - 2017-04-23 08:11 - 00001164 _____ C:\Users\Public\Desktop\Movavi Video Converter 17.lnk
2017-04-23 08:11 - 2017-04-23 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 17
2017-04-23 08:10 - 2017-04-23 08:11 - 00000000 ____D C:\Program Files (x86)\Movavi Video Converter 17
2017-04-23 08:09 - 2017-04-23 08:09 - 00005041 _____ C:\ProgramData\mudtcpaz.vzs
2017-04-23 08:09 - 2017-04-23 08:09 - 00000000 ____D C:\ProgramData\Movavi Video Converter 17
2017-04-22 23:28 - 2017-04-23 08:09 - 42296976 _____ (Movavi) C:\Users\Bel\Downloads\MovaviVideoConverterSetupC.exe
2017-04-22 23:23 - 2017-04-23 08:12 - 00000000 ____D C:\Users\Bel\AppData\Local\Movavi
2017-04-22 23:23 - 2017-04-22 23:23 - 00000000 ____D C:\Users\Bel\AppData\Local\PhotoEditor
2017-04-22 23:22 - 2017-04-22 23:22 - 00000000 ____D C:\ProgramData\Movavi
2017-04-22 23:11 - 2017-04-22 23:11 - 00005085 _____ C:\ProgramData\cgbpfizu.hkv
2017-04-22 23:11 - 2017-04-22 23:11 - 00000016 _____ C:\ProgramData\mntemp
2017-04-22 23:11 - 2017-04-22 23:11 - 00000000 ____D C:\ProgramData\Movavi Photo Editor 4
2017-04-22 19:09 - 2017-04-22 19:09 - 00001209 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-04-18 20:22 - 2017-04-18 20:22 - 00000000 ____D C:\Users\Bel\AppData\Roaming\Yahoo
2017-04-18 20:21 - 2017-04-18 20:21 - 00000000 ____D C:\Users\Bel\AppData\Local\YSearchUtil
2017-04-11 01:02 - 2017-04-11 01:02 - 01534247 _____ C:\Users\Bel\Downloads\AnaliseEconomicaeFinanceiradeEmpresas (1) (1).zip
2017-04-10 23:47 - 2017-04-10 23:47 - 01534247 _____ C:\Users\Bel\Downloads\AnaliseEconomicaeFinanceiradeEmpresas (1).zip
2017-04-10 09:51 - 2017-04-10 09:52 - 00000000 ____D C:\Users\Bel\.irpf
2017-04-09 17:24 - 2017-04-09 17:24 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-09 17:24 - 2017-04-09 17:24 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-09 17:24 - 2017-04-09 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-09 11:05 - 2017-04-09 21:58 - 00015728 _____ C:\Users\Bel\Documents\Voluntariado_Lar Idosas.xlsx
2017-04-08 09:50 - 2017-04-08 09:50 - 03039829 _____ C:\Users\Bel\Downloads\OperacoesDeInvestimento40503.zip
2017-04-08 09:48 - 2017-04-08 09:48 - 01534247 _____ C:\Users\Bel\Downloads\AnaliseEconomicaeFinanceiradeEmpresas.zip
2017-04-08 08:44 - 2017-04-08 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-04-06 09:31 - 2017-04-06 09:31 - 00099413 _____ C:\Users\Bel\Downloads\GerarPDF_06042017093112.pdf
2017-03-16 06:53 - 2017-03-16 06:53 - 00000165 ____H C:\Users\Bel\Documents\~$Almoço mineiro.xlsx
2017-03-14 08:10 - 2017-03-20 21:07 - 00013901 _____ C:\Users\Bel\Documents\Almoço mineiro.xlsx
2017-03-10 21:25 - 2017-03-10 21:25 - 00483824 _____ (IBM Corp.) C:\Users\Bel\Downloads\RapportSetup (2).exe
2017-03-10 21:25 - 2017-03-10 21:25 - 00000000 ____D C:\ProgramData\Trusteer
2017-03-07 00:02 - 2017-03-07 00:02 - 00001765 _____ C:\Users\Bel\Desktop\Carnê-Leão 2016.lnk
2017-03-06 23:39 - 2017-03-06 23:39 - 17942704 _____ (Receita Federal do Brasil) C:\Users\Bel\Downloads\LEAO2016Win32v1.1.exe
2017-03-05 19:24 - 2017-03-05 19:25 - 06709168 _____ C:\Users\Bel\Downloads\eBook-7-passos-autoconhecimento.pdf
2017-03-01 23:26 - 2017-03-01 23:26 - 00001765 _____ C:\Users\Public\Desktop\IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
2017-03-01 23:26 - 2017-03-01 23:26 - 00000000 ____D C:\Users\Bel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
2017-03-01 23:26 - 2017-03-01 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
2017-03-01 23:24 - 2017-03-01 23:25 - 28203488 _____ (Receita Federal do Brasil) C:\Users\Bel\Downloads\IRPF2017Win32v1.0.exe
2017-03-01 22:18 - 2017-03-01 22:19 - 00000000 ____D C:\Users\Bel\Documents\TJ SP 2017
2017-02-28 17:54 - 2017-04-25 06:44 - 00051121 _____ C:\Users\Bel\Documents\GASTOS_2017.xlsx
2017-02-28 17:54 - 2017-02-28 17:54 - 00000165 ____H C:\Users\Bel\Documents\~$GASTOS_2017.xlsx
2017-02-15 06:39 - 2017-04-08 08:44 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-02-15 06:28 - 2017-02-15 06:28 - 03242842 _____ C:\Users\Bel\Downloads\Docto financ imob parte 2.zip
2017-02-15 06:26 - 2017-02-15 06:26 - 02710334 _____ C:\Users\Bel\Downloads\Docto Financ imob parte 1.zip
2017-02-15 06:09 - 2017-04-12 07:31 - 00004602 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-15 06:09 - 2017-04-08 08:44 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-02-15 06:09 - 2017-03-16 21:23 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-15 06:09 - 2017-02-15 06:09 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-02-05 21:31 - 2017-02-05 21:31 - 00483824 _____ (IBM Corp.) C:\Users\Bel\Downloads\RapportSetup (1).exe
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-29 14:22 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-29 14:21 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-29 13:52 - 2017-01-02 23:36 - 00003586 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 13:52 - 2017-01-02 23:36 - 00003462 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 13:27 - 2015-03-02 18:30 - 00000000 ____D C:\Users\Bel\AppData\Roaming\Skype
2017-04-29 13:18 - 2016-11-05 21:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-29 12:46 - 2015-03-07 11:13 - 00000000 __SHD C:\Users\Bel\IntelGraphicsProfiles
2017-04-27 00:16 - 2016-11-05 21:34 - 00000000 ____D C:\Users\Bel
2017-04-27 00:15 - 2015-03-07 13:39 - 00000000 ____D C:\Users\Bel\.receitanet
2017-04-26 21:32 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-25 22:09 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-25 08:09 - 2016-02-24 18:19 - 00000000 ____D C:\Users\Bel\Documents\CVs
2017-04-25 06:49 - 2015-08-18 03:32 - 00028888 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpddfac64.sys
2017-04-25 06:46 - 2016-11-05 22:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-25 06:46 - 2015-03-02 20:59 - 00000000 ____D C:\ProgramData\GbPlugin
2017-04-25 06:46 - 2015-03-02 20:59 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-04-25 06:45 - 2016-07-16 03:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-22 19:09 - 2016-11-30 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-22 19:09 - 2015-02-23 23:09 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-18 20:24 - 2015-03-04 22:44 - 00000000 ____D C:\ProgramData\Oracle
2017-04-18 20:22 - 2015-03-04 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-18 20:22 - 2015-03-04 22:44 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-18 20:18 - 2015-03-04 22:44 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-04-12 07:31 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-12 07:31 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-11 01:03 - 2013-07-25 12:02 - 01607022 _____ C:\Users\Bel\Documents\AnaliseEcoFin1.pdf
2017-04-11 01:03 - 2012-09-18 12:20 - 00097726 _____ C:\Users\Bel\Documents\Exercicios.pdf
2017-04-10 09:51 - 2015-03-28 14:17 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-09 17:24 - 2015-03-02 18:16 - 00000000 ____D C:\ProgramData\Skype
2017-04-08 08:40 - 2016-12-13 06:16 - 00003264 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-08 08:40 - 2015-08-03 21:54 - 00002395 _____ C:\Users\Bel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-08 08:40 - 2015-08-03 21:54 - 00000000 ___RD C:\Users\Bel\OneDrive
2017-04-06 09:32 - 2016-02-23 19:23 - 00000000 ____D C:\Users\Bel\Documents\IR
2017-04-06 09:31 - 2017-01-02 23:37 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 09:31 - 2017-01-02 23:37 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-04 22:33 - 2016-11-05 21:33 - 01203178 _____ C:\WINDOWS\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2017-01-02 21:59 - 2017-01-02 21:59 - 7680000 _____ () C:\Program Files (x86)\GUT4F9D.tmp
2016-06-26 21:27 - 2016-06-26 21:27 - 0016004 _____ () C:\Users\Bel\AppData\Roaming\unins000.dat
2015-03-09 18:35 - 2015-04-30 20:08 - 0115140 _____ () C:\Users\Bel\AppData\Roaming\unins002.dat
2017-04-22 23:11 - 2017-04-22 23:11 - 0005085 _____ () C:\ProgramData\cgbpfizu.hkv
2017-04-22 23:11 - 2017-04-22 23:11 - 0000016 _____ () C:\ProgramData\mntemp
2017-04-23 08:09 - 2017-04-23 08:09 - 0005041 _____ () C:\ProgramData\mudtcpaz.vzs
Some files in TEMP:
====================
2017-04-18 20:17 - 2017-04-18 20:17 - 0739904 _____ (Oracle Corporation) C:\Users\Bel\AppData\Local\Temp\jre-8u131-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-20 00:23
==================== End of FRST.txt ============================