cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 02-11-2017
Executado por Rose (administrador) em GOSTOSA (09-11-2017 12:15:31)
Executando a partir de C:\Users\Rose\Desktop
Perfis Carregados: Rose (Perfis Disponíveis: Rose)
Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Solid Documents Limited) C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Facebook) C:\Users\Rose\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The CefSharp Authors) C:\Users\Rose\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-19] (Dritek System Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\ GbPluginAbn-x32: C:\Program Files (x86)\GbPlugin\gbiehAbn.dll [X]
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll [X]
Winlogon\Notify\ GbPluginBnt: C:\Program Files (x86)\GbPlugin\gbiehBnt.dll [2017-10-18] (Banco do Estado do Espirito Santo - BANESTES)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2017-11-03] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2017-11-03] (Banco Itaú Unibanco)
HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd)
HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\...\MountPoints2: {41b3d1b6-a83b-11e4-bf63-208984082313} - "E:\setup.exe"
HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\...\MountPoints2: {831f600d-3680-11e6-bfde-208984082313} - "F:\setup.exe"
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399017} - C:\Program Files (x86)\GbPlugin\gbiehbnt.dll [1914080 2017-10-18] (Banco do Estado do Espirito Santo - BANESTES)
ShellExecuteHooks-x32: Sem Nome - {E37CB5F0-51F5-4395-A808-5FA49E399007} - -> Nenhum Arquivo
ShellExecuteHooks-x32: GbIehObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\Diebold\Warsaw\wsaxbco.dll [971312 2017-09-20] (GAS Tecnologia LTDA)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2017-11-03] (Caixa Economica Federal)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1951968 2017-11-03] (Banco Itaú Unibanco)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-03-31]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-06-01]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Rose\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{F2A74D62-F8D4-473A-8E6A-92DFA723C025}: [DhcpNameServer] 192.168.25.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4234301874-2312579503-1689864410-1002 -> DefaultScope {3CA58438-5FF2-4EB4-88FF-8ECA12785DA5} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4234301874-2312579503-1689864410-1002 -> {3CA58438-5FF2-4EB4-88FF-8ECA12785DA5} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4234301874-2312579503-1689864410-1002 -> {BCF68BCD-31A8-43F3-A964-68E44BEEAE67} URL =
BHO: Sem Nome -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> Nenhum Arquivo
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-03] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-03] (Oracle Corporation)
BHO-x32: Sem Nome -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> Nenhum Arquivo
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll => Nenhum Arquivo
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2017-11-03] (Caixa Economica Federal)
BHO-x32: Sem Nome -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> Nenhum Arquivo
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2017-11-03] (Banco Itaú Unibanco)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540017} -> C:\Program Files (x86)\GbPlugin\gbiehbnt.dll [2017-10-18] (Banco do Estado do Espirito Santo - BANESTES)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BB49BD6F-DD0D-4DCA-A40E-EE3D84C2840A} hxxp://download.multview.com.br/web.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Nenhum Arquivo

FireFox:
========
FF DefaultProfile: naftgb1e.default-1408542561373
FF ProfilePath: C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\naftgb1e.default-1408542561373 [2017-10-30]
FF Extension: (IBM Security Rapport) - C:\Users\Rose\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\rapportext@trusteer.com.xpi [2017-11-06]
FF Extension: (Módulo de Proteção - Banco do Estado do Espírito Santo - BANESTES) - C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\naftgb1e.default-1408542561373\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8817} [2014-08-20] [não assinado]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => não encontrado (a)
FF HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-01-18] [não assinado]
FF HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015-01-27] [não assinado]
FF HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => não encontrado (a)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2014-08-20] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-08-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-05-23] ()
FF Plugin HKU\S-1-5-21-4234301874-2312579503-1689864410-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rose\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4234301874-2312579503-1689864410-1002: gastecnologia.com.br/sf/abn -> C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-21] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-4234301874-2312579503-1689864410-1002: gastecnologia.com.br/sf/bb -> C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2014-08-15] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-4234301874-2312579503-1689864410-1002: gastecnologia.com.br/sf/cef -> C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2015-01-18] (GAS Tecnologia)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2017-11-09] <==== ATENÇÃO

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "","hxxps://www.google.com.br/"
CHR Profile: C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default [2017-11-09]
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface [2014-07-21]
CHR Extension: (Google Drive) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-26]
CHR Extension: (Google Search) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Documentos Google off-line) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf [2015-03-03]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2014-07-26]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2014-12-14]
CHR Extension: (Gmail) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-09]
CHR Profile: C:\Users\Rose\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [abmojiekfpcmkkfamgfcpgfgipocface] - C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx [2013-09-16]
CHR HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4234301874-2312579503-1689864410-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2014-07-26]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128432 2017-10-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [490968 2017-10-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [490968 2017-10-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1525240 2017-10-12] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [408944 2017-10-16] (Avira Operations GmbH & Co. KG)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [Arquivo não assinado]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-05-23] (WildTangent)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [590048 2017-11-09] (GAS Tecnologia)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-31] (Hi-Rez Studios) [Arquivo não assinado]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
S4 Radar Remoto; C:\WKRadar\Pgms\Radar\RadarRemotoService.exe [36864 2015-03-02] (WK Sistemas) [Arquivo não assinado]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2350064 2017-09-28] (IBM Corp.)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-19] (Dritek System INC.)
R2 SPDFCreatorReadSpool; C:\Program Files (x86)\SolidDocuments\SolidPDFCreator\SPC\SolidPdfServicex64.exe [262576 2016-09-07] (Solid Documents Limited)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1056304 2017-09-20] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 wksauto; C:\WKRadar\Pgms\Radar\WKSAuto.exe [330240 2015-03-02] (WK Sistemas) [Arquivo não assinado]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros) [Arquivo não assinado]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-21] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-10-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-28] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-28] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2017-11-09] (GAS Tecnologia)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-19] (Dritek System Inc.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [384312 2017-09-28] (IBM Corp.)
R1 RapportCerberus_1804077; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804077.sys [1271448 2017-10-02] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [585432 2017-09-28] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [253912 2017-09-28] (IBM Corp.)
R3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [384544 2017-10-02] (IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [507960 2017-09-28] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [610616 2017-09-28] (IBM Corp.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2017-04-19] (GAS Tecnologia)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [25184 2017-04-19] (GAS Tecnologia)
S3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [25184 2017-04-19] (GAS Tecnologia)
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
U5 GbpKm; C:\Windows\SysWOW64\Drivers\GbpKm.sys [42696 2012-10-01] (GAS Tecnologia)
S3 GBPRCM; \??\C:\Program Files (x86)\GbPlugin\gbprcm64.sys [X]
S3 Warsaw_PP; \??\C:\PROGRA~2\GbPlugin\wsftprp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-11-09 12:15 - 2017-11-09 12:18 - 000027278 _____ C:\Users\Rose\Desktop\FRST.txt
2017-11-09 12:10 - 2017-11-09 12:12 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-11-09 12:10 - 2017-11-09 12:12 - 000000000 ____D C:\ProgramData\GbPlugin
2017-11-09 12:03 - 2017-11-09 12:15 - 000000000 ____D C:\FRST
2017-11-09 12:02 - 2017-11-09 12:02 - 002403328 _____ (Farbar) C:\Users\Rose\Desktop\FRST64.exe
2017-11-04 09:16 - 2017-11-04 09:16 - 000004377 _____ C:\Users\Rose\Desktop\222.txt
2017-11-04 08:24 - 2017-11-04 09:00 - 000004114 _____ C:\Users\Rose\Desktop\ocorrencia.txt
2017-11-03 11:21 - 2017-11-03 11:18 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-11-03 11:19 - 2017-11-03 11:18 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-11-03 11:17 - 2017-11-03 11:17 - 000000000 ____D C:\Program Files\Java
2017-11-03 11:01 - 2017-11-03 12:47 - 000000000 ____D C:\Users\Rose\AppData\Local\CutePDF Writer
2017-11-03 11:00 - 2017-11-03 11:00 - 000000000 ____D C:\Program Files (x86)\GPLGS
2017-11-03 10:56 - 2017-11-03 10:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2017-11-03 10:56 - 2017-11-03 10:56 - 000000000 ____D C:\Program Files (x86)\Acro Software
2017-11-03 10:56 - 2017-05-26 06:47 - 000090096 _____ C:\WINDOWS\system32\cpwmon64_v32.dll
2017-11-03 10:49 - 2017-11-03 10:49 - 000000000 ____D C:\Users\Rose\AppData\Roaming\SolidDocuments
2017-11-03 10:47 - 2017-11-03 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidDocuments
2017-11-03 10:47 - 2017-11-03 10:47 - 000000000 ____D C:\Program Files (x86)\SolidDocuments
2017-11-03 10:47 - 2016-09-07 10:02 - 000030640 _____ C:\WINDOWS\system32\solidlocalmon.dll
2017-11-03 10:47 - 2016-09-07 10:02 - 000018864 _____ C:\WINDOWS\system32\solidlocalui.dll
2017-11-03 10:44 - 2017-11-03 10:44 - 000918952 _____ (Oracle Corporation) C:\Users\Rose\Downloads\chromeinstall-7u65.exe
2017-10-30 18:46 - 2017-10-30 18:46 - 008261584 _____ (Malwarebytes) C:\Users\Rose\Desktop\adwcleaner_7.0.4.0.exe
2017-10-30 17:39 - 2017-10-30 17:39 - 000003872 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2017-10-30 17:39 - 2017-10-30 17:39 - 000000838 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-10-29 02:58 - 2017-10-29 02:59 - 001418517 _____ C:\Users\Rose\Downloads\2017_SSP_Agente_ed01.pdf
2017-10-26 14:46 - 2017-10-26 14:46 - 000089985 _____ C:\Users\Rose\Downloads\Extrato_25-10-2017.pdf
2017-10-16 01:51 - 2017-10-16 01:51 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-15 18:46 - 2017-10-15 18:46 - 000460907 _____ C:\Users\Rose\Downloads\646-1-2285-1-10-20140827.pdf
2017-10-12 13:25 - 2017-10-12 13:25 - 000003316 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2017-10-10 17:53 - 2017-09-14 17:30 - 007439704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-10 17:53 - 2017-09-13 23:18 - 001384216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-10 17:53 - 2017-09-13 23:14 - 001124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-10 17:53 - 2017-09-13 11:31 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-10 17:53 - 2017-09-09 16:53 - 022361864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-10 17:53 - 2017-09-09 15:55 - 019790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-10 17:53 - 2017-09-09 14:10 - 003631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-10 17:53 - 2017-09-09 13:49 - 002749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-10 17:53 - 2017-09-09 13:47 - 014466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-10 17:53 - 2017-09-09 13:21 - 012879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-10 17:53 - 2017-09-09 01:50 - 002013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-10 17:53 - 2017-09-09 01:50 - 001364552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-10-10 17:53 - 2017-09-08 16:21 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-10-10 17:53 - 2017-09-07 19:15 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-10-10 17:53 - 2017-09-07 19:08 - 025729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-10 17:53 - 2017-09-07 19:00 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-10 17:53 - 2017-09-07 18:40 - 005982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-10 17:53 - 2017-09-07 17:44 - 015262720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-10 17:53 - 2017-09-07 17:40 - 003240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-10 17:53 - 2017-09-07 17:27 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-10 17:53 - 2017-09-07 17:10 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-10-10 17:53 - 2017-09-07 17:04 - 020267008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-10 17:53 - 2017-09-07 17:03 - 002292736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-10-10 17:53 - 2017-09-07 16:58 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-10 17:53 - 2017-09-07 16:29 - 004547072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-10 17:53 - 2017-09-07 16:17 - 013677568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-10 17:53 - 2017-09-07 16:01 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-10 17:53 - 2017-09-07 15:57 - 001316864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-10 17:53 - 2017-08-13 15:10 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-10 17:53 - 2017-08-11 00:20 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-10 17:52 - 2017-09-14 17:30 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-10-10 17:52 - 2017-09-14 17:29 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-10-10 17:52 - 2017-09-13 11:32 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-10 17:52 - 2017-09-13 11:27 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2017-10-10 17:52 - 2017-09-09 15:38 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-10 17:52 - 2017-09-09 11:13 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-10 17:52 - 2017-09-09 11:13 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-10 17:52 - 2017-09-09 11:13 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-10 17:52 - 2017-09-08 16:15 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-10 17:52 - 2017-09-08 15:39 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-10 17:52 - 2017-09-08 14:57 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-10-10 17:52 - 2017-09-07 19:33 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-10 17:52 - 2017-09-07 19:33 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-10 17:52 - 2017-09-07 19:32 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-10 17:52 - 2017-09-07 19:32 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-10-10 17:52 - 2017-09-07 19:17 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-10-10 17:52 - 2017-09-07 19:17 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-10-10 17:52 - 2017-09-07 18:32 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-10-10 17:52 - 2017-09-07 18:31 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-10-10 17:52 - 2017-09-07 18:29 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-10-10 17:52 - 2017-09-07 18:21 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-10-10 17:52 - 2017-09-07 18:13 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-10-10 17:52 - 2017-09-07 18:11 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-10-10 17:52 - 2017-09-07 18:10 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-10-10 17:52 - 2017-09-07 18:10 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-10-10 17:52 - 2017-09-07 18:08 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-10-10 17:52 - 2017-09-07 18:08 - 000656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-10 17:52 - 2017-09-07 17:54 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-10-10 17:52 - 2017-09-07 17:17 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-10-10 17:52 - 2017-09-07 17:09 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-10-10 17:52 - 2017-09-07 16:39 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-10-10 17:52 - 2017-09-07 16:38 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-10-10 17:52 - 2017-09-07 16:37 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-10-10 17:52 - 2017-09-07 16:33 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-10-10 17:52 - 2017-09-07 16:29 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-10-10 17:52 - 2017-09-07 16:27 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-10-10 17:52 - 2017-09-07 16:26 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-10-10 17:52 - 2017-09-07 16:25 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-10-10 17:52 - 2017-09-07 16:24 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-10 17:52 - 2017-09-07 15:57 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-10-10 17:52 - 2017-08-13 17:48 - 000202592 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-10 17:52 - 2017-08-13 15:52 - 000174944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-10 17:52 - 2017-08-13 14:33 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-10 17:52 - 2017-08-11 00:54 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-10-10 17:52 - 2017-08-11 00:22 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-10-10 17:52 - 2017-08-11 00:16 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-10-10 17:52 - 2017-08-10 23:57 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-10-10 17:52 - 2017-08-06 19:50 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-10-10 17:52 - 2017-08-06 19:20 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-10-10 17:52 - 2017-08-06 19:13 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-10-10 17:52 - 2017-08-06 05:08 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-10-10 17:52 - 2017-08-02 00:19 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-10-10 17:52 - 2017-08-01 06:25 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-10-04 12:20 - 2017-10-04 14:18 - 433265725 _____ C:\Users\Rose\Downloads\Informática - Nishimura.zip
2017-10-03 00:35 - 2017-10-03 00:35 - 000109871 _____ C:\Users\Rose\Downloads\Rose Das vivo
2017-10-03 00:18 - 2017-01-18 13:56 - 000236908 ____N C:\Users\Rose\VID-20170118-WA0025.mp4
2017-10-03 00:16 - 2017-09-27 11:19 - 000115423 ____N C:\Users\Rose\VID-20170927-WA0018.mp4
2017-10-03 00:16 - 2017-06-20 13:05 - 000365341 ____N C:\Users\Rose\VID-20170620-WA0011.mp4
2017-10-03 00:16 - 2017-05-10 02:47 - 000043157 ____N C:\Users\Rose\VID-20170510-WA0000.mp4
2017-10-01 12:36 - 2017-11-09 12:19 - 000028888 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpddfac64.sys
2017-09-28 10:12 - 2017-09-28 10:12 - 000069922 _____ C:\Users\Rose\Downloads\7171727100465419.pdf
2017-09-18 17:15 - 2017-09-18 17:15 - 000041070 _____ C:\Users\Rose\Downloads\boleto_58356467bfd4b928ac3aa4fbe958d6f3c77b3399.pdf
2017-09-17 11:58 - 2017-09-17 12:10 - 000000000 ____D C:\FOTOS CELULAR
2017-09-15 23:52 - 2017-09-15 23:52 - 000014472 _____ C:\Users\Rose\Downloads\Planilha emails chefias.xlsx
2017-09-15 18:00 - 2017-09-15 18:00 - 000152081 _____ C:\Users\Rose\Downloads\1699-5398-1-PB.pdf
2017-09-15 17:38 - 2017-09-15 17:38 - 001342467 _____ C:\Users\Rose\Downloads\folha_de_redacao.pdf
2017-09-13 13:08 - 2017-08-19 15:27 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 13:08 - 2017-08-19 14:48 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 13:08 - 2017-08-17 20:07 - 000537200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 13:08 - 2017-08-17 20:07 - 000140016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 13:08 - 2017-08-17 20:03 - 000450392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 13:08 - 2017-08-17 20:03 - 000136832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 13:08 - 2017-08-13 15:19 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 13:08 - 2017-08-13 14:15 - 007078912 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-09-13 13:08 - 2017-08-13 13:52 - 005274624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-09-13 13:08 - 2017-08-13 13:52 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-13 13:08 - 2017-08-13 13:25 - 007797248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 13:08 - 2017-08-13 13:18 - 005270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 13:08 - 2017-08-11 18:46 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-09-13 13:08 - 2017-08-11 18:29 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-09-13 13:08 - 2017-08-11 18:13 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 13:08 - 2017-08-11 01:27 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 13:08 - 2017-08-11 00:38 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-09-13 13:08 - 2017-08-11 00:08 - 001753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 13:08 - 2017-08-10 23:52 - 001491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 13:08 - 2017-08-10 23:49 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 13:08 - 2017-08-10 23:44 - 001095680 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 13:08 - 2017-08-10 23:43 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 13:08 - 2017-08-10 23:41 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 13:08 - 2017-08-06 19:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-09-13 13:08 - 2017-08-06 05:13 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-09-13 13:08 - 2017-07-22 16:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-09-13 13:08 - 2017-07-22 15:32 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-09-13 13:08 - 2017-07-17 17:53 - 004298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 13:08 - 2017-07-16 21:55 - 003551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 13:08 - 2017-07-12 18:29 - 000420440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-13 13:08 - 2017-07-12 18:29 - 000075440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-13 13:08 - 2017-07-12 18:25 - 000308872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-13 13:08 - 2017-07-12 18:25 - 000066112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-13 13:08 - 2017-07-08 17:03 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-09-13 13:08 - 2017-07-08 16:43 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-09-13 13:08 - 2017-07-08 16:30 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-09-13 13:08 - 2017-07-08 01:14 - 000100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2017-09-12 12:55 - 2017-09-12 12:55 - 000003122 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger
2017-09-05 03:20 - 2017-09-05 03:20 - 000001088 _____ C:\Users\Rose\Desktop\FLV-Media Player.lnk
2017-09-05 03:20 - 2017-09-05 03:20 - 000000000 ____D C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV-Media Player
2017-09-05 03:20 - 2017-09-05 03:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV-Media Player
2017-09-05 03:20 - 2017-09-05 03:20 - 000000000 ____D C:\Program Files (x86)\FLV-Media Player
2017-09-03 19:16 - 2017-09-03 19:16 - 000322704 _____ C:\Users\Rose\EU E SANDRA.htm
2017-08-31 17:40 - 2017-08-31 17:40 - 000004096 ____H C:\Users\Rose\AppData\Local\keyfile3.drm
2017-08-26 14:10 - 2017-08-26 14:10 - 000002062 _____ C:\Users\Rose\Downloads\Declaracao.pdf
2017-08-25 15:33 - 2017-08-25 15:33 - 000069942 _____ C:\Users\Rose\Downloads\7171723781103901.pdf
2017-08-13 13:49 - 2017-08-13 13:49 - 000397185 _____ C:\Users\Rose\Downloads\Junho - 2017.pdf
2017-08-11 12:39 - 2017-08-11 12:40 - 000036715 _____ C:\Users\Rose\Downloads\recadastramento_1363816.pdf

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-11-09 12:11 - 2014-02-15 04:56 - 000000000 ____D C:\Bruno
2017-11-09 12:09 - 2013-08-22 12:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-09 12:09 - 2013-05-16 16:39 - 000000000 ____D C:\Program Files (x86)\GbPlugin
2017-11-09 11:16 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\Inf
2017-11-09 11:14 - 2014-10-22 02:19 - 000000000 ____D C:\Users\Rose
2017-11-04 23:41 - 2013-05-12 00:13 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4234301874-2312579503-1689864410-1002
2017-11-03 11:21 - 2014-08-11 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-03 11:21 - 2013-05-16 16:39 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-03 02:00 - 2014-09-24 12:04 - 000005636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-03 02:00 - 2014-09-24 11:19 - 000797208 _____ C:\WINDOWS\system32\prfh0416.dat
2017-11-03 02:00 - 2014-09-24 11:19 - 000179282 _____ C:\WINDOWS\system32\prfc0416.dat
2017-10-30 18:55 - 2016-12-26 08:43 - 000000000 ____D C:\AdwCleaner
2017-10-30 18:35 - 2013-09-16 20:30 - 000000000 ____D C:\Users\Todos os Usuários\Skype
2017-10-30 18:35 - 2013-09-16 20:30 - 000000000 ____D C:\ProgramData\Skype
2017-10-30 18:18 - 2012-12-17 21:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-30 18:16 - 2015-11-30 19:55 - 000000000 ____D C:\Users\Rose\AppData\Local\EgisTec
2017-10-30 17:40 - 2016-01-05 17:38 - 000000000 ____D C:\Program Files\CCleaner
2017-10-26 10:05 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-24 01:02 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-20 20:49 - 2012-07-26 05:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-19 12:42 - 2013-08-22 13:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-18 21:49 - 2014-08-09 09:44 - 000003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1D08E79F-D03A-4FD0-9E90-E5970B7E72D1}
2017-10-17 16:01 - 2014-11-25 10:42 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-10-17 16:01 - 2014-11-25 10:42 - 000000000 ____D C:\ProgramData\Package Cache
2017-10-17 16:00 - 2015-02-11 02:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-10-16 20:21 - 2013-08-22 12:44 - 000482392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-16 20:10 - 2013-08-22 13:36 - 000000000 ___RD C:\WINDOWS\ToastData
2017-10-16 02:00 - 2013-07-13 14:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-16 01:51 - 2013-05-13 15:29 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-16 01:50 - 2013-05-16 19:30 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-10-16 01:44 - 2013-08-22 13:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-10-12 20:25 - 2017-07-18 12:08 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-12 20:25 - 2017-07-18 12:08 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 13:21 - 2014-07-19 22:47 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-10-10 18:52 - 2017-04-30 23:42 - 000000000 ____D C:\Users\Rose\Camera imagens

==================== Arquivos na raiz de alguns diretórios =======

2014-08-16 10:05 - 2014-08-16 10:05 - 004422112 _____ (BlueSprig ) C:\Program Files\jetclean-setup.exe
2015-10-12 11:32 - 2015-10-12 11:33 - 000043370 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2013-09-16 11:39 - 2013-09-16 11:39 - 000012366 _____ () C:\Users\Rose\AppData\Roaming\unins000.dat
2014-12-29 11:27 - 2014-12-29 11:32 - 000016842 _____ () C:\Users\Rose\AppData\Roaming\unins001.dat
2014-01-20 17:32 - 2014-01-20 17:32 - 000015708 _____ () C:\Users\Rose\AppData\Roaming\unins002.dat
2015-05-15 21:40 - 2015-05-15 21:40 - 000000038 ___SH () C:\Users\Rose\AppData\Local\69ff07055291669bb2b218.72821112
2017-08-31 17:40 - 2017-08-31 17:40 - 000004096 ____H () C:\Users\Rose\AppData\Local\keyfile3.drm
2015-10-16 00:56 - 2015-10-16 00:56 - 000000000 _____ () C:\Users\Rose\AppData\Local\{076D8E3E-7C36-439D-9299-83E56FDC2EE1}
2013-12-17 19:34 - 2013-12-17 19:34 - 000000000 _____ () C:\Users\Rose\AppData\Local\{E23E5C50-960B-4386-BBFB-2E2B3E8AD2D6}
2013-05-16 18:47 - 2013-05-16 18:47 - 000000057 _____ () C:\ProgramData\Ament.ini

Alguns arquivos em TEMP:
====================
2017-11-03 11:00 - 2017-11-03 11:00 - 008108488 _____ () C:\Users\Rose\AppData\Local\Temp\converter.exe
2016-12-15 04:06 - 2016-12-15 04:06 - 002458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Rose\AppData\Local\Temp\libeay32.dll
2016-12-15 04:06 - 2016-12-15 04:06 - 000970912 _____ (Microsoft Corporation) C:\Users\Rose\AppData\Local\Temp\msvcr120.dll
2016-12-15 04:06 - 2016-12-15 04:06 - 000772672 _____ () C:\Users\Rose\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2016-03-27 20:41

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité