Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 23-07-2016 02
Executado por Batata (administrador) em BATATA-PC (23-07-2016 09:42:45)
Executando a partir de C:\Users\Batata\Downloads
Perfis Carregados: Batata (Perfis Disponíveis: Batata)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{21F13C85-8AA6-8E43-96D4-27A46DAE22E7}\YSearchUtilSVC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-11] (AVAST Software)
HKLM-x32\...\Run: [RaidCall] => D:\RaidCall.BR\raidcall.exe [6573720 2014-12-23] (RAIDCALL.COM)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-07-08] (Caixa Economica Federal)
HKU\S-1-5-21-284504730-510344305-3838310482-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-284504730-510344305-3838310482-1000\...\Run: [Chromium] => c:\users\batata\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-284504730-510344305-3838310482-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-07-08] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-11] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C922198C-79C6-455C-BEAD-F98346B14E7E}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-284504730-510344305-3838310482-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-284504730-510344305-3838310482-1000 -> DefaultScope {C46EA33F-06AD-4FF8-9B62-54845D11FB75} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-284504730-510344305-3838310482-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_vidtmp_15_50¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyEtAyBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCzytA0E0CtCtCtDtGyBtC0B0CtGtDyC0A0CtGtCyByB0BtGyD0ByByCtBtDyEyD0EtAyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D631259045%26a%3Dwncy_vidtmp_15_50%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-284504730-510344305-3838310482-1000 -> {C46EA33F-06AD-4FF8-9B62-54845D11FB75} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-11] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-11] (AVAST Software)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-07-08] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo! Powered
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Yahoo! Powered
FF Homepage: hxxps://www.google.com.br/
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Batata\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-12-23] (Raidcall)
FF Plugin HKU\S-1-5-21-284504730-510344305-3838310482-1000: gastecnologia.com.br/sf/cef -> C:\Users\Batata\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-284504730-510344305-3838310482-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\Batata\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2015-02-11] (GAS Tecnologia)
FF SearchPlugin: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\searchplugins\google-avast.xml [2015-05-21]
FF SearchPlugin: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\searchplugins\Search Provided by Yahoo.xml [2016-01-28]
FF SearchPlugin: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\searchplugins\search-provided-by-yahoo.xml [2015-12-08]
FF SearchPlugin: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\searchplugins\yahoo! powered.xml [2016-06-09]
FF SearchPlugin: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\searchplugins\yahoo-ysp.xml [2015-11-20]
FF Extension: Personas Plus - C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\extensions\personas@christopher.beard.xpi [2016-06-09]
FF Extension: Nova guia do Yahoo - C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [não assinado]
FF Extension: Adblock Plus - C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-11]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-284504730-510344305-3838310482-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Batata\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-19]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-11] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-07-08] (GAS Tecnologia)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Arquivo não assinado]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Arquivo não assinado]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{21F13C85-8AA6-8E43-96D4-27A46DAE22E7}\YSearchUtilSvc.exe [160536 2015-10-19] (Yahoo Inc.)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-07-11] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-01-28] (Duplex Secure Ltd.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-11-03] (GAS Tecnologia LTDA)
U3 am1g9iv4; C:\Windows\System32\Drivers\am1g9iv4.sys [0 ] (Advanced Micro Devices) <==== ATENÇÃO (zero byte Arquivo/Pasta)
U3 anzu6erg; C:\Windows\System32\Drivers\anzu6erg.sys [0 ] (Advanced Micro Devices) <==== ATENÇÃO (zero byte Arquivo/Pasta)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-07-23 09:42 - 2016-07-23 09:43 - 00020835 _____ C:\Users\Batata\Downloads\FRST.txt
2016-07-23 09:41 - 2016-07-23 09:42 - 00000000 ____D C:\FRST
2016-07-23 09:40 - 2016-07-23 09:40 - 02394112 _____ (Farbar) C:\Users\Batata\Downloads\FRST64.exe
2016-07-23 09:38 - 2016-07-23 09:38 - 01744384 _____ (Farbar) C:\Users\Batata\Downloads\FRST.exe
2016-07-12 18:03 - 2016-07-12 18:03 - 00003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468357383
2016-07-12 18:03 - 2016-07-12 18:03 - 00001044 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-07-12 18:03 - 2016-07-12 18:03 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-11 19:08 - 2016-07-11 19:08 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-11 19:08 - 2016-07-11 19:08 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-11 19:08 - 2016-07-11 19:08 - 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-11 19:08 - 2016-07-11 19:08 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-07-11 19:08 - 2016-07-11 19:08 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-25 13:03 - 2016-07-09 17:59 - 00000000 ____D C:\Users\Batata\Desktop\FOTOS SITE MERCADO LIVRE
2016-06-23 06:37 - 2016-07-16 09:11 - 00000000 ___SD C:\Users\Batata\AppData\LocalLow\Temp
2016-06-20 18:33 - 2016-06-20 18:33 - 02885288 _____ (CAIXA) C:\Users\Batata\Downloads\iGBPCEFwr.exe
2016-06-18 18:03 - 2016-06-18 18:04 - 00987728 _____ (Google Inc.) C:\Users\Batata\Downloads\ChromeSetup.exe
2016-06-10 20:29 - 2016-06-10 20:29 - 00000000 ____D C:\Users\Batata\AppData\Local\CrashRpt
2016-06-10 20:25 - 2016-06-10 20:25 - 00000000 ____D C:\Users\Todos os Usuários\RapidSolution
2016-06-10 20:25 - 2016-06-10 20:25 - 00000000 ____D C:\ProgramData\RapidSolution
2016-06-10 20:25 - 2016-06-10 20:25 - 00000000 ____D C:\Program Files (x86)\Music Recorder
2016-06-10 20:22 - 2016-06-10 20:29 - 00000000 ____D C:\Users\Batata\AppData\Local\RapidSolution
2016-06-10 20:19 - 2016-06-10 20:19 - 00000000 ____D C:\Users\Todos os Usuários\simplitec
2016-06-10 20:19 - 2016-06-10 20:19 - 00000000 ____D C:\ProgramData\simplitec
2016-06-10 20:18 - 2016-07-22 21:09 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-06-10 20:18 - 2016-07-22 21:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-10 20:18 - 2016-06-16 19:47 - 00000000 ____D C:\Users\Todos os Usuários\Nero
2016-06-10 20:18 - 2016-06-16 19:47 - 00000000 ____D C:\ProgramData\Nero
2016-06-10 20:11 - 2016-06-10 20:35 - 00000000 ____D C:\Users\Batata\AppData\Roaming\Nero
2016-06-10 20:11 - 2016-06-10 20:11 - 02563536 _____ (Nero AG) C:\Users\Batata\Downloads\Nero_BurningROM2016-04.03.2016_stub_trial.exe
2016-06-09 21:16 - 2016-06-09 21:17 - 00000000 ____D C:\Users\Batata\AppData\Local\{816CB730-A5C4-DB88-C85C-FE60EC3402F8}
2016-06-09 21:15 - 2016-06-09 21:15 - 07983040 _____ (Alcohol Soft Development Team) C:\Users\Batata\Downloads\Alcohol120_trial_2.0.3.8806_e03dfa41b782f0a6a302e0c290a3593d.exe
2016-06-09 20:23 - 2016-06-18 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-31 18:07 - 2016-05-31 18:07 - 01024592 _____ (Jodix Technologies Ltd. ) C:\Users\Batata\Downloads\free-dvd-mp3-ripper.exe
2016-05-28 16:34 - 2016-05-28 16:34 - 00000000 ____D C:\Users\Batata\AppData\Roaming\dvdcss
2016-05-28 16:33 - 2016-05-31 18:11 - 00000000 ____D C:\Users\Batata\Documents\Icepine Free DVD to AVI Converter
2016-05-28 16:33 - 2016-05-28 16:33 - 00000000 ____D C:\Users\Batata\AppData\Roaming\iceda
2016-05-28 16:32 - 2016-05-28 16:32 - 05455635 _____ ( ) C:\Users\Batata\Downloads\i-free-dvd-to-avi-converter.exe
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-07-23 09:39 - 2009-07-14 01:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-23 09:39 - 2009-07-14 01:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-23 07:39 - 2014-12-22 18:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-23 06:57 - 2015-05-05 18:18 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-07-23 06:57 - 2015-05-05 18:18 - 00000000 ____D C:\ProgramData\GbPlugin
2016-07-23 06:56 - 2015-05-05 18:18 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-07-23 06:55 - 2014-12-09 16:07 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-07-23 06:55 - 2014-12-09 16:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-23 06:55 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-21 19:43 - 2014-12-14 12:22 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-21 19:42 - 2014-12-21 20:45 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-07-21 19:41 - 2014-12-14 12:22 - 00000000 ____D C:\Users\Batata\AppData\Local\Battle.net
2016-07-13 19:03 - 2014-12-09 16:23 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-12 18:08 - 2013-05-19 20:15 - 00001600 _____ C:\Users\Batata\Desktop\Bruno.txt
2016-07-11 19:09 - 2014-12-09 16:23 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-11 19:08 - 2014-12-09 16:23 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.146827495578102
2016-07-11 19:08 - 2014-12-09 16:23 - 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-07-11 19:08 - 2014-12-09 16:21 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-07-11 19:08 - 2014-12-09 16:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-11 19:08 - 2014-12-09 16:21 - 00000000 ____D C:\Program Files\AVAST Software
2016-07-06 21:04 - 2015-06-30 22:56 - 00014795 _____ C:\Users\Batata\Desktop\CONTROLE DESPESAS.xlsx
2016-07-05 05:43 - 2014-12-09 15:14 - 00000000 ____D C:\Users\Batata\AppData\Roaming\Skype
2016-07-05 05:40 - 2014-12-09 15:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-07-05 05:40 - 2014-12-09 15:10 - 00000000 ____D C:\ProgramData\Skype
2016-06-25 13:16 - 2010-11-21 06:37 - 00702882 _____ C:\Windows\system32\prfh0416.dat
2016-06-25 13:16 - 2010-11-21 06:37 - 00145668 _____ C:\Windows\system32\prfc0416.dat
2016-06-25 13:16 - 2009-07-14 02:13 - 01626900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-25 13:16 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
==================== Arquivos na raiz de alguns diretórios =======
2015-02-11 18:38 - 2015-02-11 18:39 - 0017958 _____ () C:\Users\Batata\AppData\Roaming\unins000.dat
2015-02-11 18:38 - 2015-02-11 18:38 - 0730322 _____ () C:\Users\Batata\AppData\Roaming\unins000.exe
2015-09-26 17:16 - 2015-09-26 17:16 - 0004156 _____ () C:\Users\Batata\AppData\Local\recently-used.xbel
Alguns arquivos em TEMP:
====================
C:\Users\Batata\AppData\Local\Temp\apptemp.1.exe
C:\Users\Batata\AppData\Local\Temp\kernel32.dll
C:\Users\Batata\AppData\Local\Temp\npp.5.9.6.2.Installer.exe
C:\Users\Batata\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Batata\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Batata\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-07-18 19:34
==================== Fim de FRST.txt ============================
Executado por Batata (administrador) em BATATA-PC (23-07-2016 09:42:45)
Executando a partir de C:\Users\Batata\Downloads
Perfis Carregados: Batata (Perfis Disponíveis: Batata)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{21F13C85-8AA6-8E43-96D4-27A46DAE22E7}\YSearchUtilSVC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-11] (AVAST Software)
HKLM-x32\...\Run: [RaidCall] => D:\RaidCall.BR\raidcall.exe [6573720 2014-12-23] (RAIDCALL.COM)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-07-08] (Caixa Economica Federal)
HKU\S-1-5-21-284504730-510344305-3838310482-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-284504730-510344305-3838310482-1000\...\Run: [Chromium] => c:\users\batata\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-284504730-510344305-3838310482-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-07-08] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-11] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C922198C-79C6-455C-BEAD-F98346B14E7E}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-284504730-510344305-3838310482-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-284504730-510344305-3838310482-1000 -> DefaultScope {C46EA33F-06AD-4FF8-9B62-54845D11FB75} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-284504730-510344305-3838310482-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_vidtmp_15_50¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyEtAyBtN1L2XzutAtFtCyDtFtAtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCzytA0E0CtCtCtDtGyBtC0B0CtGtDyC0A0CtGtCyByB0BtGyD0ByByCtBtDyEyD0EtAyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D631259045%26a%3Dwncy_vidtmp_15_50%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-284504730-510344305-3838310482-1000 -> {C46EA33F-06AD-4FF8-9B62-54845D11FB75} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_24¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0C0CtDtAzz0ByE0DtA0D0F0CyCtN0D0Tzu0StCyCtBtCtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEzy0BzztBtB0DyCtGtA0CyE0DtG0FtCyCyBtGtB0Dzz0CtG0B0C0CyDtD0ByEyD0CyB0D0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0E0FtCyByEyCtAtGyBtCzytBtGyEtDzz0EtGzyyE0E0DtG0AzzzzzztBtAtCyCyCtCtAyD2QtN0A0LzuyE%26cr%3D1874293269%26a%3Dwbf_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-11] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-11] (AVAST Software)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-07-08] (Caixa Economica Federal)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-20] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo! Powered
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Yahoo! Powered
FF Homepage: hxxps://www.google.com.br/
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-20] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Batata\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-12-23] (Raidcall)
FF Plugin HKU\S-1-5-21-284504730-510344305-3838310482-1000: gastecnologia.com.br/sf/cef -> C:\Users\Batata\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-284504730-510344305-3838310482-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\Batata\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2015-02-11] (GAS Tecnologia)
FF SearchPlugin: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\searchplugins\google-avast.xml [2015-05-21]
FF SearchPlugin: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\searchplugins\Search Provided by Yahoo.xml [2016-01-28]
FF SearchPlugin: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\searchplugins\search-provided-by-yahoo.xml [2015-12-08]
FF SearchPlugin: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\searchplugins\yahoo! powered.xml [2016-06-09]
FF SearchPlugin: C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\searchplugins\yahoo-ysp.xml [2015-11-20]
FF Extension: Personas Plus - C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\extensions\personas@christopher.beard.xpi [2016-06-09]
FF Extension: Nova guia do Yahoo - C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [não assinado]
FF Extension: Adblock Plus - C:\Users\Batata\AppData\Roaming\Mozilla\Firefox\Profiles\v0e13f0a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-11]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-284504730-510344305-3838310482-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Batata\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-19]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-11] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-07-08] (GAS Tecnologia)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Arquivo não assinado]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Arquivo não assinado]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{21F13C85-8AA6-8E43-96D4-27A46DAE22E7}\YSearchUtilSvc.exe [160536 2015-10-19] (Yahoo Inc.)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-07-11] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-01-28] (Duplex Secure Ltd.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-11-03] (GAS Tecnologia LTDA)
U3 am1g9iv4; C:\Windows\System32\Drivers\am1g9iv4.sys [0 ] (Advanced Micro Devices) <==== ATENÇÃO (zero byte Arquivo/Pasta)
U3 anzu6erg; C:\Windows\System32\Drivers\anzu6erg.sys [0 ] (Advanced Micro Devices) <==== ATENÇÃO (zero byte Arquivo/Pasta)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-07-23 09:42 - 2016-07-23 09:43 - 00020835 _____ C:\Users\Batata\Downloads\FRST.txt
2016-07-23 09:41 - 2016-07-23 09:42 - 00000000 ____D C:\FRST
2016-07-23 09:40 - 2016-07-23 09:40 - 02394112 _____ (Farbar) C:\Users\Batata\Downloads\FRST64.exe
2016-07-23 09:38 - 2016-07-23 09:38 - 01744384 _____ (Farbar) C:\Users\Batata\Downloads\FRST.exe
2016-07-12 18:03 - 2016-07-12 18:03 - 00003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468357383
2016-07-12 18:03 - 2016-07-12 18:03 - 00001044 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-07-12 18:03 - 2016-07-12 18:03 - 00001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-11 19:08 - 2016-07-11 19:08 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-11 19:08 - 2016-07-11 19:08 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-11 19:08 - 2016-07-11 19:08 - 00390984 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-07-11 19:08 - 2016-07-11 19:08 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-07-11 19:08 - 2016-07-11 19:08 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-06-25 13:03 - 2016-07-09 17:59 - 00000000 ____D C:\Users\Batata\Desktop\FOTOS SITE MERCADO LIVRE
2016-06-23 06:37 - 2016-07-16 09:11 - 00000000 ___SD C:\Users\Batata\AppData\LocalLow\Temp
2016-06-20 18:33 - 2016-06-20 18:33 - 02885288 _____ (CAIXA) C:\Users\Batata\Downloads\iGBPCEFwr.exe
2016-06-18 18:03 - 2016-06-18 18:04 - 00987728 _____ (Google Inc.) C:\Users\Batata\Downloads\ChromeSetup.exe
2016-06-10 20:29 - 2016-06-10 20:29 - 00000000 ____D C:\Users\Batata\AppData\Local\CrashRpt
2016-06-10 20:25 - 2016-06-10 20:25 - 00000000 ____D C:\Users\Todos os Usuários\RapidSolution
2016-06-10 20:25 - 2016-06-10 20:25 - 00000000 ____D C:\ProgramData\RapidSolution
2016-06-10 20:25 - 2016-06-10 20:25 - 00000000 ____D C:\Program Files (x86)\Music Recorder
2016-06-10 20:22 - 2016-06-10 20:29 - 00000000 ____D C:\Users\Batata\AppData\Local\RapidSolution
2016-06-10 20:19 - 2016-06-10 20:19 - 00000000 ____D C:\Users\Todos os Usuários\simplitec
2016-06-10 20:19 - 2016-06-10 20:19 - 00000000 ____D C:\ProgramData\simplitec
2016-06-10 20:18 - 2016-07-22 21:09 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-06-10 20:18 - 2016-07-22 21:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-10 20:18 - 2016-06-16 19:47 - 00000000 ____D C:\Users\Todos os Usuários\Nero
2016-06-10 20:18 - 2016-06-16 19:47 - 00000000 ____D C:\ProgramData\Nero
2016-06-10 20:11 - 2016-06-10 20:35 - 00000000 ____D C:\Users\Batata\AppData\Roaming\Nero
2016-06-10 20:11 - 2016-06-10 20:11 - 02563536 _____ (Nero AG) C:\Users\Batata\Downloads\Nero_BurningROM2016-04.03.2016_stub_trial.exe
2016-06-09 21:16 - 2016-06-09 21:17 - 00000000 ____D C:\Users\Batata\AppData\Local\{816CB730-A5C4-DB88-C85C-FE60EC3402F8}
2016-06-09 21:15 - 2016-06-09 21:15 - 07983040 _____ (Alcohol Soft Development Team) C:\Users\Batata\Downloads\Alcohol120_trial_2.0.3.8806_e03dfa41b782f0a6a302e0c290a3593d.exe
2016-06-09 20:23 - 2016-06-18 18:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-31 18:07 - 2016-05-31 18:07 - 01024592 _____ (Jodix Technologies Ltd. ) C:\Users\Batata\Downloads\free-dvd-mp3-ripper.exe
2016-05-28 16:34 - 2016-05-28 16:34 - 00000000 ____D C:\Users\Batata\AppData\Roaming\dvdcss
2016-05-28 16:33 - 2016-05-31 18:11 - 00000000 ____D C:\Users\Batata\Documents\Icepine Free DVD to AVI Converter
2016-05-28 16:33 - 2016-05-28 16:33 - 00000000 ____D C:\Users\Batata\AppData\Roaming\iceda
2016-05-28 16:32 - 2016-05-28 16:32 - 05455635 _____ ( ) C:\Users\Batata\Downloads\i-free-dvd-to-avi-converter.exe
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-07-23 09:39 - 2009-07-14 01:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-23 09:39 - 2009-07-14 01:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-23 07:39 - 2014-12-22 18:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-23 06:57 - 2015-05-05 18:18 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-07-23 06:57 - 2015-05-05 18:18 - 00000000 ____D C:\ProgramData\GbPlugin
2016-07-23 06:56 - 2015-05-05 18:18 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-07-23 06:55 - 2014-12-09 16:07 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-07-23 06:55 - 2014-12-09 16:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-23 06:55 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-21 19:43 - 2014-12-14 12:22 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-21 19:42 - 2014-12-21 20:45 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-07-21 19:41 - 2014-12-14 12:22 - 00000000 ____D C:\Users\Batata\AppData\Local\Battle.net
2016-07-13 19:03 - 2014-12-09 16:23 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-07-12 18:08 - 2013-05-19 20:15 - 00001600 _____ C:\Users\Batata\Desktop\Bruno.txt
2016-07-11 19:09 - 2014-12-09 16:23 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-07-11 19:08 - 2014-12-09 16:23 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00473592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.146827495578102
2016-07-11 19:08 - 2014-12-09 16:23 - 00290088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00162904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00108304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-07-11 19:08 - 2014-12-09 16:23 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-07-11 19:08 - 2014-12-09 16:21 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-07-11 19:08 - 2014-12-09 16:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-11 19:08 - 2014-12-09 16:21 - 00000000 ____D C:\Program Files\AVAST Software
2016-07-06 21:04 - 2015-06-30 22:56 - 00014795 _____ C:\Users\Batata\Desktop\CONTROLE DESPESAS.xlsx
2016-07-05 05:43 - 2014-12-09 15:14 - 00000000 ____D C:\Users\Batata\AppData\Roaming\Skype
2016-07-05 05:40 - 2014-12-09 15:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-07-05 05:40 - 2014-12-09 15:10 - 00000000 ____D C:\ProgramData\Skype
2016-06-25 13:16 - 2010-11-21 06:37 - 00702882 _____ C:\Windows\system32\prfh0416.dat
2016-06-25 13:16 - 2010-11-21 06:37 - 00145668 _____ C:\Windows\system32\prfc0416.dat
2016-06-25 13:16 - 2009-07-14 02:13 - 01626900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-25 13:16 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
==================== Arquivos na raiz de alguns diretórios =======
2015-02-11 18:38 - 2015-02-11 18:39 - 0017958 _____ () C:\Users\Batata\AppData\Roaming\unins000.dat
2015-02-11 18:38 - 2015-02-11 18:38 - 0730322 _____ () C:\Users\Batata\AppData\Roaming\unins000.exe
2015-09-26 17:16 - 2015-09-26 17:16 - 0004156 _____ () C:\Users\Batata\AppData\Local\recently-used.xbel
Alguns arquivos em TEMP:
====================
C:\Users\Batata\AppData\Local\Temp\apptemp.1.exe
C:\Users\Batata\AppData\Local\Temp\kernel32.dll
C:\Users\Batata\AppData\Local\Temp\npp.5.9.6.2.Installer.exe
C:\Users\Batata\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Batata\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Batata\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-07-18 19:34
==================== Fim de FRST.txt ============================