Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:20-12-2015 Executado por Moises (administrador) em MASEGUROS (21-12-2015 09:32:47) Executando a partir de C:\Users\Moises\Desktop Perfis Carregados: Moises (Perfis Disponíveis: Moises) Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Users\Moises\AppData\Local\Crsoft\crsvc.exe () C:\Users\Moises\AppData\Roaming\DNSHelper\DNSSVC.exe (QNT) C:\Users\Moises\AppData\Roaming\Netlog\Netlog.exe (QNT) C:\Users\Moises\AppData\Roaming\NetService\netservice.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (GlavSoft LLC.) C:\Program Files (x86)\ShowMyPCService\tvnserver.exe () C:\Users\Moises\AppData\Roaming\WinNetSvc\WinNetSvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe () C:\ProgramData\carssc.exe () C:\Brother\BPRSP\resources\BrSupSsp.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (GlavSoft LLC.) C:\Program Files (x86)\ShowMyPCService\tvnserver.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\CalendarTool\2.0.0.11153\CalendarServ.exe () C:\Program Files (x86)\CalendarTool\2.0.0.11153\calendar.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-12-01] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [HomePageHelper] => c:\programdata\homepage.exe HKLM-x32\...\Run: [LightGate] => c:\programdata\lightgate.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil) Winlogon\Notify\ GbPluginBnt: C:\Program Files (x86)\GbPlugin\gbiehBnt.dll [2014-09-04] (Banco do Estado do Espirito Santo - BANESTES) Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-07-08] (Caixa Economica Federal) Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco) HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation) HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50755200 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\...\Run: [YeaInstaller] => C:\Users\Moises\AppData\Local\Temp\setup_767.exe [2223616 2015-12-16] (TZ) <===== ATENÇÃO HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\...\Run: [Birds] => C:\Users\Moises\AppData\Local\Birds\birds365.exe HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\...\Run: [-] => C:\ProgramData\carssc.exe [1876992 2015-12-17] () HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\...\Run: [Yeaplayer] => C:\Program Files (x86)\Yeaplayer\Yeaplayermd.exe /autostart ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1853256 2015-07-08] (Caixa Economica Federal) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399017} - C:\Program Files (x86)\GbPlugin\gbiehbnt.dll [1722880 2014-09-04] (Banco do Estado do Espirito Santo - BANESTES) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-01] (AVAST Software) ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Nenhum Arquivo ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Nenhum Arquivo ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Nenhum Arquivo ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Nenhum Arquivo ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => C:\Users\Moises\AppData\Roaming\Macwebtoise\explorerEx64.dll [2015-01-22] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother PAPPB.lnk [2014-01-29] ShortcutTarget: Brother PAPPB.lnk -> C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_44686FC076524EF5975EF92EE48E2958.exe (Flexera Software LLC) GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO CHR HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [.DEFAULT] => Proxy está habilitado. ProxyServer: [.DEFAULT] => http=127.0.0.1:51608;https=127.0.0.1:51608 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{6C7DD20E-4DE3-4532-82F6-CFB4345CC1C7}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{A41BA4D4-36AE-4CF9-B1ED-58A682663E3E}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=ca3bf34eb396d4d028cfe902bcda4f99 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=ca3bf34eb396d4d028cfe902bcda4f99 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dspp&ts=1434457680&from=xtab&uid=572A144739FF4e3086BE8A50B55D27E2&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=WD-WCAYU3220673_WDCWD3200AAJS-00YZCA0&tm=1428334311 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=WD-WCAYU3220673_WDCWD3200AAJS-00YZCA0&tm=1428334311 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1434457680&from=xtab&uid=572A144739FF4e3086BE8A50B55D27E2&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/ HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dspp&ts=1434457680&from=xtab&uid=572A144739FF4e3086BE8A50B55D27E2&q={searchTerms} HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=77301&st=home&tid=18144&ver=6.5&ts=1405652400000.000000&tguid=77301-18144-1405711298647-12771B6CC65F8C5B878DE115B7CD519D HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1434457680&from=xtab&uid=572A144739FF4e3086BE8A50B55D27E2&q={searchTerms} HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=ca3bf34eb396d4d028cfe902bcda4f99 HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=pt-BR&Src=MSRT&Tid=80033373&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhppp%26ts%3D1428335365%26from%3Dcmi%26uid%3DWDCXWD3200AAJS%2D00YZCA0%5FWD%2DWCAYU322067320673&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1428335365%26from%3Dcmi%26uid%3DWDCXWD3200AAJS%2D00YZCA0%5FWD%2DWCAYU322067320673%26q%3D%7BsearchTerms%7D HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=WD-WCAYU3220673_WDCWD3200AAJS-00YZCA0&tm=1428334311 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_17_ch&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CyC0EyDtAzy0AyBtAtD0DtN0D0Tzu0SzzyEyDtN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0Fzz0DyBtAyByCtGzz0AtCtCtGtB0EtDzytG0FtAyC0AtGyE0Azz0D0A0BtD0Czz0A0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzz0EyBzytByDyEtGtAyDtA0AtG0A0D0AzytGzz0A0DtCtGtCtCzztAzyyEzy0AyDtBtD0A2Q&cr=134942782&ir= SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites03_14_19_ch&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CyC0EyDtAzy0AyBtAtD0DtN0D0Tzu0SzzyDyBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtCyCtCtByD0D0DtG0F0A0ByBtG0B0AtDtBtG0A0E0FyCtGyCzz0B0D0F0FyE0B0B0ByBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzz0EyBzytByDyEtGtAyDtA0AtG0A0D0AzytGzz0A0DtCtGtCtCzztAzyyEzy0AyDtBtD0A2Q&cr=1162974043&ir= SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=WDCXWD3200AAJS-00YZCA0_WD-WCAYU322067320673&version=2.2.0.7859&pid=414031160&tid=295&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope valor está ausente SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRaCksnt3bQgejRANJMw-IPVBwyY5gn8OEbz3HK9CbcQxi8qmzj0hVZY7DoYhkoRWlnI_tlfMg14eG6c4cAtmxD_3ONl6r2ilr0zc_mPO1wKnEobJWFAudJO9zkZ2AyGn3G_Ezkt5U71wQ,,&q={searchTerms} SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=77301&st=bs&tid=18144&ver=6.5&ts=1405652400000.000000&tguid=77301-18144-1405711298647-12771B6CC65F8C5B878DE115B7CD519D&q={searchTerms} SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=WDCXWD3200AAJS-00YZCA0_WD-WCAYU322067320673&version=2.2.0.7859&pid=414031160&tid=295&q={searchTerms} SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> DefaultScope {CC05633C-21D3-4558-B068-BD2721E8CD99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> Web URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1434457680&from=xtab&uid=572A144739FF4e3086BE8A50B55D27E2&q={searchTerms} SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> {CC05633C-21D3-4558-B068-BD2721E8CD99} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2360970272-2839313709-1920729781-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-01] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01] (Oracle Corporation) BHO-x32: Sem Nome -> {68f4dacb-10fa-ca10-ad7d-91b574356f1d} -> Nenhum Arquivo BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-01] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-01] (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-07-08] (Caixa Economica Federal) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540017} -> C:\Program Files (x86)\GbPlugin\gbiehbnt.dll [2014-09-04] (Banco do Estado do Espirito Santo - BANESTES) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-01] (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo Toolbar: HKLM - Sem Nome - {ae07101b-46d4-4a98-af68-0333ea26e113} - Nenhum Arquivo Toolbar: HKLM-x32 - Sem Nome - {ae07101b-46d4-4a98-af68-0333ea26e113} - Nenhum Arquivo Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1442921105&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ient07031&uid=WDCXWD3200AAJS-00YZCA0_WD-WCAYU322067320673 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-12-01] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-01] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-01] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-12-01] () FF Plugin-x32: @ganymede/BOARDS,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\BOARDS\NPBOARDS.dll [2011-07-15] (Ganymede Technologies) FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll [2012-07-25] ( ) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-01] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2360970272-2839313709-1920729781-1000: gastecnologia.com.br/sf/bb -> C:\Users\Moises\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-01-13] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-2360970272-2839313709-1920729781-1000: gastecnologia.com.br/sf/bb64 -> C:\Users\Moises\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-01-13] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-2360970272-2839313709-1920729781-1000: gastecnologia.com.br/sf/cef -> C:\Users\Moises\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-2360970272-2839313709-1920729781-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\Moises\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-2360970272-2839313709-1920729781-1000: gastecnologia.com.br/sf/gas64 -> C:\Users\Moises\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [Nenhum Arquivo] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2012-07-25] ( ) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-01] Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com.br/ CHR StartupUrls: Default -> "","hxxp://www.google.com.br/" CHR DefaultSearchURL: Default -> hxxps://www.google.com/search?q={searchTerms}&trackid=sp-006 CHR DefaultSearchKeyword: Default -> google CHR DefaultSuggestURL: Default -> hxxps://www.google.com/complete/search?client=chrome&q={searchTerms} CHR Session Restore: Default -> está habilitado. CHR Profile: C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-04] CHR Extension: (Google Docs) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-07] CHR Extension: (Google Drive) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Java API Search) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\dphfngjamcomlehblpblaacingmaojnm [2015-04-17] CHR Extension: (Oracle EBS R12&11i Enablement for Chrome) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkagabmggbmpmncofhgkfigmeldifnc [2015-04-17] CHR Extension: (Planilhas do Google) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-04] CHR Extension: (Quick Javascript Switcher) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2015-04-17] CHR Extension: (Documentos Google off-line) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Avast Online Security) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-01] CHR Extension: (Script Executor) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlledchhaimjmakjdmjpldfanefbhikj [2015-05-29] CHR Extension: (Heavenly Cross) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\kepdlccjceknhloddohpnmciihblkann [2015-12-01] CHR Extension: (Mestre Ofertas) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcpkcdfnnagapoekkgilnglookcejomf [2015-11-30] CHR Extension: (iLivid) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-12-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24] CHR Extension: (Ver Closed Tabs) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\noefmckjndnmlfehcfnkelifmnldohhh [2015-12-17] CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-05-29] CHR Extension: (Gmail) - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16] CHR HKLM\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Moises\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx CHR HKU\S-1-5-21-2360970272-2839313709-1920729781-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ejocekekgcaldnmjngfdbmbeebcekelc] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-01] CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Moises\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-12-01] (AVAST Software) S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-12-01] (AVAST Software) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Arquivo não assinado] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) R2 Crashhd; C:\Users\Moises\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] () R2 DNSSVC; C:\Users\Moises\AppData\Roaming\DNSHelper\DNSSVC.exe [142792 2015-09-07] () R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia) S2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [Arquivo não assinado] R2 NetLogHandler; C:\Users\Moises\AppData\Roaming\Netlog\Netlog.exe [167704 2015-06-08] (QNT) R2 NetTcpHandler; C:\Users\Moises\AppData\Roaming\NetService\netservice.exe [211824 2015-03-20] (QNT) R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11153\CalendarServ.exe [153224 2015-12-10] () S4 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-23] () [Arquivo não assinado] <==== ATENÇÃO R2 tvnserver; C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WinNetSvc; C:\Users\Moises\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () S4 IePluginService; C:\ProgramData\IePluginService\PluginService.exe -service [X] S2 MySql; c:/mysql/bin/mysqld-nt.exe [X] S2 Update Solution Real; "C:\Program Files (x86)\Solution Real\updateSolutionReal.exe" [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-01] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-01] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-01] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-12-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-01] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-01] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-12-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-12-01] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-12-01] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-01] (AVAST Software) S3 AVerA706_x64; C:\Windows\System32\DRIVERS\AVerA706_x64.sys [1423872 2009-11-18] (AVerMedia TECHNOLOGIES, Inc.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia) S3 netmon_wfp; C:\Windows\System32\drivers\netmon_wfp.sys [49880 2014-12-03] (Windows (R) Win 7 DDK provider) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-05-02] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA) S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [122624 2011-01-13] (ZTE Incorporated) R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys [61112 2014-07-14] (StdLib) S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 cherimoya; system32\drivers\cherimoya.sys [X] S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] S1 innfd_1_10_0_13; system32\drivers\innfd_1_10_0_13.sys [X] S3 lmimirr; system32\DRIVERS\lmimirr.sys [X] S1 netfilter64; system32\drivers\netfilter64.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S1 ssnfd; system32\drivers\ssnfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2015-12-21 09:32 - 2015-12-21 09:33 - 00034744 _____ C:\Users\Moises\Desktop\FRST.txt 2015-12-21 09:31 - 2015-12-21 09:32 - 00000000 ____D C:\FRST 2015-12-21 09:31 - 2015-12-21 09:31 - 02370560 _____ (Farbar) C:\Users\Moises\Desktop\FRST64.exe 2015-12-21 09:29 - 2015-12-21 09:29 - 00001134 _____ C:\Users\Moises\Desktop\FSS.txt 2015-12-21 09:28 - 2015-12-21 09:29 - 00415744 _____ (Farbar) C:\Users\Moises\Desktop\FSS.exe 2015-12-21 09:13 - 2015-12-21 09:13 - 00000000 ____D C:\Program Files (x86)\CalendarTool 2015-12-18 12:34 - 2015-12-18 12:41 - 00000000 ____D C:\Users\Moises\Desktop\ATIVIDADES Mª JULYA 2015-12-18 08:32 - 2015-12-18 17:28 - 00000000 ____D C:\Users\Moises\AppData\Roaming\CalendarTool 2015-12-17 09:25 - 2015-12-17 09:26 - 00042644 _____ C:\Users\Moises\Desktop\Outlook.com.zip 2015-12-17 08:53 - 2015-12-17 08:53 - 00000000 ____D C:\Users\Moises\AppData\Local\Yeaplayer 2015-12-17 08:51 - 2015-11-14 21:08 - 02496403 _____ ( ) C:\Users\Moises\AppData\Roaming\yeaplayer_51475.exe 2015-12-17 08:48 - 2015-12-17 16:08 - 01876992 _____ C:\Users\Todos os Usuários\carssc.exe 2015-12-17 08:48 - 2015-12-17 16:08 - 01876992 _____ C:\ProgramData\carssc.exe 2015-12-17 08:44 - 2015-12-17 08:44 - 00000000 ____D C:\Users\Moises\AppData\Roaming\WinNetSvc 2015-12-16 09:44 - 2015-12-16 09:44 - 00000000 ____D C:\Users\Public\Documents\Guid 2015-12-16 09:11 - 2015-12-16 09:11 - 00001631 ____R C:\Yeabeats Browser.lnk 2015-12-16 09:03 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Todos os Usuários\upgsvr.exe 2015-12-16 09:03 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe 2015-12-16 08:59 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Moises\AppData\Roaming\upgsvr.exe 2015-12-16 08:50 - 2015-12-16 08:50 - 00002944 _____ C:\Windows\System32\Tasks\svchost 2015-12-14 13:04 - 2015-12-14 13:04 - 00695199 _____ C:\Users\Moises\Downloads\884.tmp 2015-12-11 08:06 - 2015-12-11 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-09 14:58 - 2015-12-09 15:10 - 00000000 ____D C:\Users\Moises\Desktop\Dropbox 2015-12-09 09:33 - 2015-12-09 09:33 - 00000000 ____D C:\Users\Moises\Desktop\FUNENSEG 2015-12-09 09:09 - 2015-11-20 16:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 09:09 - 2015-11-20 16:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 09:09 - 2015-11-20 16:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 09:09 - 2015-11-20 16:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 09:09 - 2015-11-20 16:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 09:09 - 2015-11-20 16:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 09:09 - 2015-11-20 16:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-09 09:09 - 2015-11-20 16:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 09:09 - 2015-11-20 16:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 09:09 - 2015-11-20 16:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-09 09:09 - 2015-11-20 16:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-09 09:09 - 2015-11-20 16:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-09 09:09 - 2015-11-20 16:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 09:09 - 2015-11-20 16:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-09 09:09 - 2015-11-20 16:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-09 09:09 - 2015-11-20 16:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-09 09:09 - 2015-11-05 17:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-09 09:09 - 2015-11-05 17:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-12-09 09:09 - 2015-11-03 17:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-09 09:09 - 2015-11-03 16:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-09 09:08 - 2015-11-11 19:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 09:08 - 2015-11-11 18:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 09:08 - 2015-11-11 16:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 09:08 - 2015-11-11 16:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 09:08 - 2015-11-11 16:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 09:08 - 2015-11-11 16:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 09:08 - 2015-11-11 14:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 09:08 - 2015-11-11 14:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 09:08 - 2015-11-11 13:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-09 09:08 - 2015-11-11 13:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 09:08 - 2015-11-11 13:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 09:08 - 2015-11-11 13:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 09:08 - 2015-11-11 12:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-09 09:08 - 2015-11-10 16:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 09:08 - 2015-11-10 16:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 09:08 - 2015-11-10 16:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 09:08 - 2015-11-10 16:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 09:08 - 2015-11-10 16:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 09:08 - 2015-11-10 15:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 09:08 - 2015-11-09 22:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-09 09:08 - 2015-11-09 22:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 09:08 - 2015-11-09 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-12-09 09:08 - 2015-11-09 22:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-09 09:08 - 2015-11-09 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-09 09:08 - 2015-11-09 22:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 09:08 - 2015-11-09 22:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 09:08 - 2015-11-09 22:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-09 09:08 - 2015-11-09 22:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-12-09 09:08 - 2015-11-09 22:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 09:08 - 2015-11-09 22:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-09 09:08 - 2015-11-09 22:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 09:08 - 2015-11-09 22:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-12-09 09:08 - 2015-11-09 21:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-09 09:08 - 2015-11-09 21:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-12-09 09:08 - 2015-11-09 21:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 09:08 - 2015-11-09 21:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-12-09 09:08 - 2015-11-09 21:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 09:08 - 2015-11-09 21:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 09:08 - 2015-11-09 21:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 09:08 - 2015-11-09 21:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-09 09:08 - 2015-11-09 21:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 09:08 - 2015-11-09 21:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 09:08 - 2015-11-09 21:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 09:08 - 2015-11-08 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-09 09:08 - 2015-11-08 20:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-09 09:08 - 2015-11-08 20:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-09 09:08 - 2015-11-08 20:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 09:08 - 2015-11-08 20:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 09:08 - 2015-11-08 20:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-09 09:08 - 2015-11-08 20:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-09 09:08 - 2015-11-08 20:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-09 09:08 - 2015-11-08 20:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-09 09:08 - 2015-11-08 20:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-09 09:08 - 2015-11-08 20:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 09:08 - 2015-11-08 20:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 09:08 - 2015-11-08 20:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 09:08 - 2015-11-08 20:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-09 09:08 - 2015-11-08 20:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-09 09:08 - 2015-11-08 20:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-09 09:08 - 2015-11-08 19:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-09 09:08 - 2015-11-08 19:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-09 09:08 - 2015-11-08 19:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 09:08 - 2015-11-08 19:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-09 09:08 - 2015-11-08 19:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 09:08 - 2015-11-08 19:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-09 09:08 - 2015-11-08 19:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 09:08 - 2015-11-08 19:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 09:08 - 2015-11-08 19:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 09:08 - 2015-11-08 19:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 09:08 - 2015-11-08 19:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-09 09:08 - 2015-11-08 19:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 09:08 - 2015-11-08 18:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 09:08 - 2015-11-08 18:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 09:08 - 2015-11-08 18:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 09:08 - 2015-11-05 17:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-09 09:08 - 2015-11-05 17:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-09 09:08 - 2015-11-05 07:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 09:08 - 2015-10-08 21:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-12-09 09:08 - 2015-10-08 21:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-09 09:08 - 2015-10-08 21:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-09 09:08 - 2015-10-08 21:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-09 09:08 - 2015-10-08 21:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-09 09:08 - 2015-10-08 21:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-09 09:08 - 2015-10-08 21:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-09 09:08 - 2015-10-08 21:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2015-12-09 09:08 - 2015-10-08 17:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls 2015-12-09 09:08 - 2015-10-08 16:52 - 00419928 _____ C:\Windows\system32\locale.nls 2015-12-09 09:05 - 2015-11-03 17:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 09:05 - 2015-11-03 16:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-04 09:13 - 2015-12-04 09:13 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-04 09:13 - 2015-12-04 09:13 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-02 10:27 - 2015-12-02 10:27 - 00000000 __SHD C:\found.000 2015-12-01 10:08 - 2015-12-01 10:08 - 00003028 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1448971650 2015-12-01 10:08 - 2015-12-01 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-12-01 10:07 - 2015-12-16 09:11 - 00001181 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2015-12-01 10:01 - 2015-12-01 10:01 - 00466400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-12-01 10:01 - 2015-12-01 10:01 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2015-12-01 10:01 - 2015-12-01 08:53 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-12-01 09:16 - 2015-12-01 09:11 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2015-12-01 09:12 - 2015-12-01 09:15 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-12-01 08:55 - 2015-12-01 08:55 - 00000000 ____D C:\Users\Moises\AppData\Roaming\AVAST Software 2015-12-01 08:54 - 2015-12-17 08:39 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-01 08:53 - 2015-12-01 08:53 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-12-01 08:53 - 2015-12-01 08:53 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-12-01 08:53 - 2015-12-01 08:53 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-12-01 08:53 - 2015-12-01 08:53 - 00154256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-12-01 08:53 - 2015-12-01 08:53 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-12-01 08:53 - 2015-12-01 08:53 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-12-01 08:53 - 2015-12-01 08:53 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-12-01 08:53 - 2015-12-01 08:53 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-01 08:53 - 2015-12-01 08:53 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-12-01 08:51 - 2015-12-01 10:01 - 00000000 ____D C:\Program Files\AVAST Software 2015-12-01 08:43 - 2015-12-01 08:43 - 00276872 _____ C:\Windows\Minidump\120115-19094-01.dmp 2015-11-30 08:38 - 2015-11-30 08:38 - 00000000 ____D C:\Users\Moises\AppData\Roaming\Google 2015-11-24 11:43 - 2015-12-01 12:19 - 00000000 ___SD C:\Users\Moises\AppData\LocalLow\Temp 2015-11-23 11:06 - 2015-11-23 11:06 - 00584288 _____ (Oracle Corporation) C:\Users\Moises\Downloads\JavaSetup8u66.exe ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2015-12-21 09:31 - 2009-07-14 01:20 - 00000000 ____D C:\Windows 2015-12-21 09:17 - 2013-04-18 09:57 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-21 09:17 - 2013-04-18 09:57 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-21 09:13 - 2013-04-16 08:44 - 00000000 ____D C:\Users\Moises\AppData\Roaming\Skype 2015-12-21 09:03 - 2009-07-14 02:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-21 09:03 - 2009-07-14 02:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-21 08:53 - 2013-07-16 11:24 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2015-12-21 08:52 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-18 17:56 - 2015-09-23 16:12 - 00000000 ____D C:\Users\Moises\Desktop\DIGITALIZAÇÕES 2015-12-18 17:35 - 2013-10-01 09:18 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-18 16:39 - 2013-04-17 11:17 - 00085368 _____ C:\Users\Moises\AppData\Local\GDIPFONTCACHEV1.DAT 2015-12-18 15:25 - 2013-04-18 15:09 - 00000000 ____D C:\Users\Moises\AppData\Roaming\GanymedeNet 2015-12-18 08:17 - 2009-07-14 02:45 - 00340032 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-17 17:53 - 2015-04-06 18:19 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-12-17 17:53 - 2015-04-06 18:19 - 00000000 ___SD C:\Windows\system32\GWX 2015-12-17 17:09 - 2015-10-06 17:38 - 00000000 ____D C:\Users\Moises\AppData\LocalLow\Unity 2015-12-17 17:09 - 2015-10-06 17:38 - 00000000 ____D C:\Users\Moises\AppData\Local\Unity 2015-12-17 08:45 - 2014-04-24 16:19 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol 2015-12-17 08:45 - 2014-04-24 16:19 - 00000286 __RSH C:\ProgramData\ntuser.pol 2015-12-17 08:44 - 2015-06-10 09:48 - 00000000 ____D C:\Users\Moises\AppData\Roaming\logpath 2015-12-17 08:44 - 2015-04-06 13:31 - 00000000 ____D C:\Users\Moises\AppData\Roaming\RunDir 2015-12-15 08:43 - 2015-04-06 16:10 - 00001530 _____ C:\Users\Moises\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2015-12-11 08:07 - 2013-04-16 08:41 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2015-12-11 08:07 - 2013-04-16 08:41 - 00000000 ____D C:\ProgramData\Skype 2015-12-11 08:06 - 2014-02-12 08:40 - 00000000 ____D C:\Users\Moises\AppData\Local\Skype 2015-12-11 08:06 - 2013-04-16 08:44 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-10 13:49 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache 2015-12-10 08:30 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf 2015-12-09 17:42 - 2014-03-24 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-09 17:41 - 2014-03-24 14:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-09 17:41 - 2014-03-24 14:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-09 17:40 - 2013-04-15 20:14 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2015-12-09 17:40 - 2013-04-15 20:14 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-09 15:15 - 2009-07-29 13:39 - 00705798 _____ C:\Windows\system32\prfh0416.dat 2015-12-09 15:15 - 2009-07-29 13:39 - 00147638 _____ C:\Windows\system32\prfc0416.dat 2015-12-09 15:15 - 2009-07-14 03:13 - 01635826 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-07 09:12 - 2013-04-18 09:57 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-07 09:12 - 2013-04-18 09:57 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-03 08:25 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-12-02 13:43 - 2015-10-30 14:29 - 00000000 ____D C:\Users\Moises\Desktop\MT VIANA 2015-12-02 13:18 - 2013-04-16 08:41 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-12-01 10:59 - 2015-09-23 15:55 - 00000000 ____D C:\Users\Moises\Desktop\BACKUP 2015-12-01 10:01 - 2013-04-16 08:26 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2015-12-01 10:01 - 2013-04-16 08:26 - 00000000 ____D C:\ProgramData\AVAST Software 2015-12-01 09:37 - 2014-06-26 17:20 - 00000000 ____D C:\Program Files (x86)\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8 2015-12-01 09:17 - 2013-10-01 09:18 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-01 09:17 - 2013-08-07 11:04 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-01 09:17 - 2013-08-07 11:04 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-01 09:16 - 2015-10-01 11:43 - 00000000 ____D C:\Users\Moises\.oracle_jre_usage 2015-12-01 09:16 - 2013-12-13 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-01 09:15 - 2013-07-18 14:17 - 00000000 ____D C:\Program Files (x86)\Java 2015-12-01 09:11 - 2015-08-28 10:44 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-12-01 09:09 - 2015-08-28 10:44 - 00000000 ____D C:\Program Files\Java 2015-12-01 08:43 - 2013-10-29 09:32 - 00000000 ____D C:\Windows\Minidump 2015-12-01 08:42 - 2015-10-15 13:10 - 256449183 _____ C:\Windows\MEMORY.DMP 2015-11-26 14:35 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF 2015-11-26 13:42 - 2009-07-14 03:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-11-26 11:52 - 2015-11-13 11:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-24 12:14 - 2013-07-18 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive ==================== Arquivos na raiz de alguns diretórios ======= 2015-03-26 17:14 - 2015-03-26 17:14 - 0005542 _____ () C:\Users\Moises\AppData\Roaming\ABYRWS 2014-04-24 15:51 - 2014-07-15 09:46 - 0000322 _____ () C:\Users\Moises\AppData\Roaming\aps.uninstall.scan.results 2015-03-26 17:14 - 2015-03-26 17:14 - 0005542 _____ () C:\Users\Moises\AppData\Roaming\BHQKSBND 2015-03-26 17:14 - 2015-03-26 17:14 - 0005542 _____ () C:\Users\Moises\AppData\Roaming\CMTHK 2015-03-26 17:14 - 2015-03-26 17:14 - 0005542 _____ () C:\Users\Moises\AppData\Roaming\IIGEKNHV 2014-03-25 11:45 - 2014-03-25 17:09 - 0000965 _____ () C:\Users\Moises\AppData\Roaming\LiveSupport.exe_log.txt 2014-03-25 11:45 - 2014-03-25 11:48 - 0000092 _____ () C:\Users\Moises\AppData\Roaming\regsvr32.exe_log.txt 2015-01-30 10:02 - 2015-04-16 15:42 - 0065845 _____ () C:\Users\Moises\AppData\Roaming\unins000.dat 2015-05-29 15:23 - 2015-05-29 15:23 - 0016527 _____ () C:\Users\Moises\AppData\Roaming\unins001.dat 2015-05-29 15:23 - 2015-05-29 15:23 - 0730322 _____ () C:\Users\Moises\AppData\Roaming\unins001.exe 2015-12-16 08:59 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\Moises\AppData\Roaming\upgsvr.exe 2014-05-06 16:54 - 2015-01-30 07:44 - 0000153 _____ () C:\Users\Moises\AppData\Roaming\WB.CFG 2013-07-16 10:25 - 2013-07-24 09:25 - 0000005 _____ () C:\Users\Moises\AppData\Roaming\WBPU-TTL.DAT 2015-12-17 08:51 - 2015-11-14 21:08 - 2496403 _____ ( ) C:\Users\Moises\AppData\Roaming\yeaplayer_51475.exe 2015-03-26 17:14 - 2015-03-26 17:14 - 0005542 _____ () C:\Users\Moises\AppData\Roaming\YOIQ 2014-04-24 16:17 - 2014-07-14 15:11 - 0573339 _____ (ClickMeIn Limited) C:\Users\Moises\AppData\Local\AnyProtectScannerSetup.exe 2015-01-29 17:43 - 2015-01-29 17:43 - 0000010 _____ () C:\Users\Moises\AppData\Local\DSI.DAT 2015-03-12 09:06 - 2015-03-12 09:06 - 0000000 _____ () C:\Users\Moises\AppData\Local\{777E8DE8-A5CB-47A3-8A6B-941C3DE31BE1} 2015-12-17 08:48 - 2015-12-17 16:08 - 1876992 _____ () C:\ProgramData\carssc.exe 2015-12-16 09:03 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe Arquivos para serem movidos ou deletados: ==================== C:\Users\Moises\AppData\Local\Temp\setup_767.exe C:\ProgramData\carssc.exe C:\ProgramData\upgsvr.exe C:\Users\Moises\SafariSetup.exe C:\Users\Moises\Silverlight.exe C:\Users\Moises\sweetimsetup.exe C:\Users\Todos os Usuários\carssc.exe C:\Users\Todos os Usuários\upgsvr.exe Alguns arquivos em TEMP: ==================== C:\Users\Moises\AppData\Local\Temp\19C2.exe C:\Users\Moises\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\Moises\AppData\Local\Temp\setup_767.exe Alguns com tamanho de zero byte arquivos/pastas: ========================== C:\Windows\SysWOW64\Drivers\ati0qaxx.sys C:\Windows\SysWOW64\Drivers\ati2xhxx.sys C:\Windows\SysWOW64\Drivers\clbdriver.sys C:\Windows\SysWOW64\Drivers\msvtch.sys ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2015-12-10 11:37 ==================== Fim de FRST.txt ============================