Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 21-08-2016
Executado por Arthur Alisson (administrador) em ARTHUR (21-08-2016 09:46:20)
Executando a partir de C:\Users\Arthur Alisson\Desktop
Perfis Carregados: Arthur Alisson (Perfis Disponíveis: UpdatusUser & Arthur Alisson & Administrador)
Platform: Windows 8.1 Enterprise (Update) (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(skype.cog.cc) C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
() C:\Users\Arthur Alisson\AppData\Roaming\WinNetSvc\WinNetSvc.exe
() C:\Users\Arthur Alisson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
() C:\Users\Arthur Alisson\AppData\Roaming\4C4C4544-1436404388-4710-8030-B8C04F315931\jnsq70A5.tmp
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Google Inc.) C:\Users\Arthur Alisson\AppData\Local\Google\Update\GoogleUpdate.exe
(Akamai Technologies, Inc.) C:\Users\Arthur Alisson\AppData\Local\Akamai\netsession_win.exe
(Dell) C:\Users\Arthur Alisson\AppData\Local\Apps\2.0\ZY7EJ04Y.N7J\6XOV38ZW.XAV\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\Arthur Alisson\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [831064 2016-08-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-07-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ GbPluginAbn: C:\Program Files (x86)\GbPlugin\gbiehAbn.dll [2014-11-18] (Banco Real)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-22] (Banco do Brasil)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Run: [Google Update] => C:\Users\Arthur Alisson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-23] (Google Inc.)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Run: [PCLink] => C:\Program Files (x86)\ASUS\PC Link\PCLink.exe [640272 2015-10-29] (ASUSTek Computer Inc.)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Arthur Alisson\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Run: [DellSystemDetect] => C:\Users\Arthur Alisson\AppData\Local\Apps\2.0\ZY7EJ04Y.N7J\6XOV38ZW.XAV\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [283432 2015-02-06] (Dell)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Policies\Explorer: []
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\MountPoints2: {60ca0153-b829-11e4-825d-0c84dcd43eec} - "E:\AutoRun.exe"
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\MountPoints2: {6b120819-6c38-11e5-828c-0c84dcd43eec} - "E:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll [1939512 2014-11-18] (Banco Real)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-06-22] (Banco do Brasil)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Oexufafono64.dll Nenhum Arquivo
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Oexufafono64.dll Nenhum Arquivo
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Oexufafono64.dll Nenhum Arquivo
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Oexufafono64.dll Nenhum Arquivo
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\Oexufafono64.dll Nenhum Arquivo
Hosts: O arquivo Hosts não foi detectado no seu diretório padrão
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39E8CA92-3A9A-49D5-8485-166F0C40F536}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BD9B9049-543F-4160-9FA6-AF8125E097AB}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=unknown&uid=S2VMJ5BD603950_ST1000LM024HN-M101MBB&tm=1471534059
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=unknown&uid=S2VMJ5BD603950_ST1000LM024HN-M101MBB&tm=1471534059
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=unknown&uid=S2VMJ5BD603950_ST1000LM024HN-M101MBB&tm=1471534059
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=unknown&uid=S2VMJ5BD603950_ST1000LM024HN-M101MBB&tm=1471534059
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-597540426-287658067-1748461302-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-597540426-287658067-1748461302-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-597540426-287658067-1748461302-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-597540426-287658067-1748461302-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST1000LM024XHN-M101MBB_S2VMJ5BD603950603950&ts=1437587294&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-597540426-287658067-1748461302-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST1000LM024XHN-M101MBB_S2VMJ5BD603950603950&ts=1437587294&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-597540426-287658067-1748461302-1002 -> {E3FF031A-4A3E-4830-8794-85E8D806CE40} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-597540426-287658067-1748461302-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST1000LM024XHN-M101MBB_S2VMJ5BD603950603950&ts=1437587294&type=default&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Sem Nome -> {3c9ce603-44cc-4997-a166-239e6186c6ef} -> Nenhum Arquivo
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Sem Nome -> {3c9ce603-44cc-4997-a166-239e6186c6ef} -> Nenhum Arquivo
BHO-x32: Sem Nome -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-22] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files (x86)\GbPlugin\gbiehabn.dll [2014-11-18] (Banco Real)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-24] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Arthur Alisson\AppData\Roaming\Mozilla\Firefox\Profiles\cqdaldjk.default
FF Homepage: hxxps://search.avira.net"); user_pref("browser.startup.homepage_override.buildID", "20160604131506
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-26] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2015-04-13] ()
FF Plugin HKU\S-1-5-21-597540426-287658067-1748461302-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Arthur Alisson\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-597540426-287658067-1748461302-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Arthur Alisson\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-597540426-287658067-1748461302-1002: gastecnologia.com.br/sf/abn -> C:\Users\Arthur Alisson\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-19] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-597540426-287658067-1748461302-1002: gastecnologia.com.br/sf/abn64 -> C:\Users\Arthur Alisson\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll [2015-02-19] (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox => não encontrado (a)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1437587250&z=411456ba6f0c0aa0bf6fd0eg1zac4m4wcb7m6odgez&from=cmi&uid=ST1000LM024XHN-M101MBB_S2VMJ5BD603950603950"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (SavePages) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfcamfllailmlhibpelbdcpehpegbbjk [2016-01-07]
CHR Extension: (Real-time) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\epiigdnioginncdapahfgjfcckgabdod [2015-11-21]
CHR Extension: (Planilhas do Google) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Documentos Google off-line) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-06]
CHR Extension: (Easy Search) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnadicfhkbpdafdildanpbjapjlmkab [2016-02-06]
CHR Extension: (AutoReload) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopfedkhklpgeibpgfidepmdfbhhcllc [2015-11-30]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Yahoo Web) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2015-12-23]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-02-21]
CHR Extension: (Gmail) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [989696 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [472112 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [472112 2016-08-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1453696 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [319648 2016-07-25] (Avira Operations GmbH & Co. KG)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-21] (GAS Tecnologia)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S2 NetTcpHandler; C:\Users\Arthur Alisson\AppData\Roaming\NetService\netservice.exe [173848 2015-06-12] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [Arquivo não assinado]
R2 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [168376 2016-05-05] (skype.cog.cc)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1699800 2016-05-14] (Microsoft Corporation)
R2 WinNetSvc; C:\Users\Arthur Alisson\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()
R2 WMPNetworkAcSvc; C:\Users\Arthur Alisson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-07] ()
R2 zejytose; C:\Users\Arthur Alisson\AppData\Roaming\4C4C4544-1436404388-4710-8030-B8C04F315931\jnsq70A5.tmp [199168 2015-07-08] () [Arquivo não assinado]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-06-02] (Avira Operations GmbH & Co. KG)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2015-12-11] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-23] (GAS Tecnologia)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [Arquivo não assinado]
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-08-21] (GAS Tecnologia)
R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-21 09:46 - 2016-08-21 09:47 - 00025786 _____ C:\Users\Arthur Alisson\Desktop\FRST.txt
2016-08-21 09:46 - 2016-08-21 09:46 - 00000000 ____D C:\FRST
2016-08-21 09:45 - 2016-08-21 09:45 - 02395648 _____ (Farbar) C:\Users\Arthur Alisson\Desktop\FRST64.exe
2016-08-21 09:33 - 2016-08-21 09:33 - 14749120 _____ (Microsoft Corporation) C:\Users\Arthur Alisson\Downloads\vc_redist.x64.exe
2016-08-21 09:04 - 2016-08-21 09:04 - 06220638 _____ C:\Users\Arthur Alisson\Downloads\MAPA.CIDADE14(1).dwg
2016-08-19 22:21 - 2016-08-19 22:21 - 00082898 _____ C:\Users\Arthur Alisson\Downloads\GerarPDF_19082016222048.pdf
2016-08-19 22:16 - 2016-08-19 22:16 - 00075759 _____ C:\Users\Arthur Alisson\Downloads\DAS-PGMEI-23364739000188(3).pdf
2016-08-19 12:00 - 2016-08-19 12:00 - 00044851 _____ C:\Users\Arthur Alisson\Downloads\00000000000129609073_00000000400181418327.pdf
2016-08-18 12:27 - 2016-08-18 12:27 - 00000000 ____D C:\Users\Arthur Alisson\AppData\Roaming\excdir
2016-08-18 01:43 - 2016-08-18 01:43 - 00001076 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-597540426-287658067-1748461302-1002Core1d1f90bbed7bf2.job
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-21 09:40 - 2015-02-04 07:47 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-08-21 09:40 - 2015-02-04 07:47 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-21 09:20 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-21 09:19 - 2015-05-05 18:57 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-08-21 09:18 - 2016-05-11 20:01 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-08-21 09:18 - 2016-02-04 18:56 - 00101080 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2016-08-21 09:17 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-20 21:36 - 2016-03-21 14:36 - 00000000 ____D C:\Users\Arthur Alisson\AppData\Roaming\WMPNetworkAcSvc
2016-08-18 12:10 - 2014-03-18 07:32 - 01797166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-18 12:10 - 2014-03-18 06:45 - 00774900 _____ C:\WINDOWS\system32\prfh0416.dat
2016-08-18 12:10 - 2014-03-18 06:45 - 00158494 _____ C:\WINDOWS\system32\prfc0416.dat
2016-08-18 12:10 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Inf
2016-08-18 01:53 - 2015-02-03 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-08-18 01:50 - 2015-12-22 16:39 - 00002635 _____ C:\Users\Arthur Alisson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-18 01:50 - 2015-12-22 16:39 - 00002627 _____ C:\Users\Arthur Alisson\Desktop\Google Chrome.lnk
2016-08-18 01:43 - 2016-05-10 21:02 - 00001076 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-597540426-287658067-1748461302-1002Core1d1ab185e2b6b81.job
2016-08-18 01:29 - 2015-02-03 10:50 - 00154392 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-08-18 01:29 - 2015-02-03 10:50 - 00144664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
==================== Arquivos na raiz de alguns diretórios =======
2015-11-04 20:05 - 2015-11-04 20:05 - 0042259 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2015-12-05 21:22 - 2015-12-05 21:22 - 0018424 _____ () C:\Program Files (x86)\CMS Uninstall Log.txt
2015-02-21 22:27 - 2015-05-05 18:57 - 0067240 _____ () C:\Users\Arthur Alisson\AppData\Roaming\unins000.dat
2015-07-22 14:49 - 2015-07-22 14:49 - 0613255 _____ (CMI Limited) C:\Users\Arthur Alisson\AppData\Local\nsaB40D.tmp
2015-07-20 09:58 - 2015-07-20 09:58 - 0613255 _____ (CMI Limited) C:\Users\Arthur Alisson\AppData\Local\nsf3D45.tmp
2015-07-22 14:09 - 2015-07-22 14:09 - 0613255 _____ (CMI Limited) C:\Users\Arthur Alisson\AppData\Local\nshEA5.tmp
2015-07-08 22:58 - 2015-07-08 22:58 - 0613255 _____ (CMI Limited) C:\Users\Arthur Alisson\AppData\Local\nsl17B4.tmp
Alguns arquivos em TEMP:
====================
C:\Users\Arthur Alisson\AppData\Local\Temp\1436482867.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\1436997511.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\AcDeltree.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\APNSetup.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\appshat_generic.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\avgnt.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\bjgA46A.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\DesktopTool.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\GUR5D94.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\GUR9FF6.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\GURD1D2.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\JSE_install_app-1436481869557.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\nsp6921.tmp.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\oprun26551.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\smt_oursurfing.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\Uninstall.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\UninstallModule.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2015-07-15 11:45
==================== Fim de FRST.txt ============================
Executado por Arthur Alisson (administrador) em ARTHUR (21-08-2016 09:46:20)
Executando a partir de C:\Users\Arthur Alisson\Desktop
Perfis Carregados: Arthur Alisson (Perfis Disponíveis: UpdatusUser & Arthur Alisson & Administrador)
Platform: Windows 8.1 Enterprise (Update) (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(skype.cog.cc) C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
() C:\Users\Arthur Alisson\AppData\Roaming\WinNetSvc\WinNetSvc.exe
() C:\Users\Arthur Alisson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
() C:\Users\Arthur Alisson\AppData\Roaming\4C4C4544-1436404388-4710-8030-B8C04F315931\jnsq70A5.tmp
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Google Inc.) C:\Users\Arthur Alisson\AppData\Local\Google\Update\GoogleUpdate.exe
(Akamai Technologies, Inc.) C:\Users\Arthur Alisson\AppData\Local\Akamai\netsession_win.exe
(Dell) C:\Users\Arthur Alisson\AppData\Local\Apps\2.0\ZY7EJ04Y.N7J\6XOV38ZW.XAV\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\Arthur Alisson\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [831064 2016-08-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-07-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ GbPluginAbn: C:\Program Files (x86)\GbPlugin\gbiehAbn.dll [2014-11-18] (Banco Real)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-22] (Banco do Brasil)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Run: [Google Update] => C:\Users\Arthur Alisson\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-23] (Google Inc.)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Run: [PCLink] => C:\Program Files (x86)\ASUS\PC Link\PCLink.exe [640272 2015-10-29] (ASUSTek Computer Inc.)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Arthur Alisson\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Run: [DellSystemDetect] => C:\Users\Arthur Alisson\AppData\Local\Apps\2.0\ZY7EJ04Y.N7J\6XOV38ZW.XAV\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [283432 2015-02-06] (Dell)
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\Policies\Explorer: []
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\MountPoints2: {60ca0153-b829-11e4-825d-0c84dcd43eec} - "E:\AutoRun.exe"
HKU\S-1-5-21-597540426-287658067-1748461302-1002\...\MountPoints2: {6b120819-6c38-11e5-828c-0c84dcd43eec} - "E:\AutoRun.exe"
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll [1939512 2014-11-18] (Banco Real)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-06-22] (Banco do Brasil)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-23]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Oexufafono64.dll Nenhum Arquivo
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Oexufafono64.dll Nenhum Arquivo
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Oexufafono64.dll Nenhum Arquivo
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Oexufafono64.dll Nenhum Arquivo
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\Oexufafono64.dll Nenhum Arquivo
Hosts: O arquivo Hosts não foi detectado no seu diretório padrão
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39E8CA92-3A9A-49D5-8485-166F0C40F536}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BD9B9049-543F-4160-9FA6-AF8125E097AB}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=unknown&uid=S2VMJ5BD603950_ST1000LM024HN-M101MBB&tm=1471534059
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=unknown&uid=S2VMJ5BD603950_ST1000LM024HN-M101MBB&tm=1471534059
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=unknown&uid=S2VMJ5BD603950_ST1000LM024HN-M101MBB&tm=1471534059
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=unknown&uid=S2VMJ5BD603950_ST1000LM024HN-M101MBB&tm=1471534059
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-597540426-287658067-1748461302-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-597540426-287658067-1748461302-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-597540426-287658067-1748461302-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-597540426-287658067-1748461302-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST1000LM024XHN-M101MBB_S2VMJ5BD603950603950&ts=1437587294&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-597540426-287658067-1748461302-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST1000LM024XHN-M101MBB_S2VMJ5BD603950603950&ts=1437587294&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-597540426-287658067-1748461302-1002 -> {E3FF031A-4A3E-4830-8794-85E8D806CE40} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-597540426-287658067-1748461302-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=ST1000LM024XHN-M101MBB_S2VMJ5BD603950603950&ts=1437587294&type=default&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Sem Nome -> {3c9ce603-44cc-4997-a166-239e6186c6ef} -> Nenhum Arquivo
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Sem Nome -> {3c9ce603-44cc-4997-a166-239e6186c6ef} -> Nenhum Arquivo
BHO-x32: Sem Nome -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-22] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files (x86)\GbPlugin\gbiehabn.dll [2014-11-18] (Banco Real)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-24] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Arthur Alisson\AppData\Roaming\Mozilla\Firefox\Profiles\cqdaldjk.default
FF Homepage: hxxps://search.avira.net"); user_pref("browser.startup.homepage_override.buildID", "20160604131506
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-26] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-26] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2015-04-13] ()
FF Plugin HKU\S-1-5-21-597540426-287658067-1748461302-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Arthur Alisson\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-597540426-287658067-1748461302-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Arthur Alisson\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-597540426-287658067-1748461302-1002: gastecnologia.com.br/sf/abn -> C:\Users\Arthur Alisson\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-19] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-597540426-287658067-1748461302-1002: gastecnologia.com.br/sf/abn64 -> C:\Users\Arthur Alisson\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll [2015-02-19] (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox => não encontrado (a)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1437587250&z=411456ba6f0c0aa0bf6fd0eg1zac4m4wcb7m6odgez&from=cmi&uid=ST1000LM024XHN-M101MBB_S2VMJ5BD603950603950"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (SavePages) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfcamfllailmlhibpelbdcpehpegbbjk [2016-01-07]
CHR Extension: (Real-time) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\epiigdnioginncdapahfgjfcckgabdod [2015-11-21]
CHR Extension: (Planilhas do Google) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Documentos Google off-line) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-07-06]
CHR Extension: (Easy Search) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnadicfhkbpdafdildanpbjapjlmkab [2016-02-06]
CHR Extension: (AutoReload) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mopfedkhklpgeibpgfidepmdfbhhcllc [2015-11-30]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Yahoo Web) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2015-12-23]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-02-21]
CHR Extension: (Gmail) - C:\Users\Arthur Alisson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [989696 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [472112 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [472112 2016-08-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1453696 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [319648 2016-07-25] (Avira Operations GmbH & Co. KG)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-21] (GAS Tecnologia)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S2 NetTcpHandler; C:\Users\Arthur Alisson\AppData\Roaming\NetService\netservice.exe [173848 2015-06-12] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [Arquivo não assinado]
R2 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [168376 2016-05-05] (skype.cog.cc)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1699800 2016-05-14] (Microsoft Corporation)
R2 WinNetSvc; C:\Users\Arthur Alisson\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()
R2 WMPNetworkAcSvc; C:\Users\Arthur Alisson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-07] ()
R2 zejytose; C:\Users\Arthur Alisson\AppData\Roaming\4C4C4544-1436404388-4710-8030-B8C04F315931\jnsq70A5.tmp [199168 2015-07-08] () [Arquivo não assinado]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-08-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-06-02] (Avira Operations GmbH & Co. KG)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2015-12-11] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-23] (GAS Tecnologia)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [Arquivo não assinado]
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-08-21] (GAS Tecnologia)
R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-21 09:46 - 2016-08-21 09:47 - 00025786 _____ C:\Users\Arthur Alisson\Desktop\FRST.txt
2016-08-21 09:46 - 2016-08-21 09:46 - 00000000 ____D C:\FRST
2016-08-21 09:45 - 2016-08-21 09:45 - 02395648 _____ (Farbar) C:\Users\Arthur Alisson\Desktop\FRST64.exe
2016-08-21 09:33 - 2016-08-21 09:33 - 14749120 _____ (Microsoft Corporation) C:\Users\Arthur Alisson\Downloads\vc_redist.x64.exe
2016-08-21 09:04 - 2016-08-21 09:04 - 06220638 _____ C:\Users\Arthur Alisson\Downloads\MAPA.CIDADE14(1).dwg
2016-08-19 22:21 - 2016-08-19 22:21 - 00082898 _____ C:\Users\Arthur Alisson\Downloads\GerarPDF_19082016222048.pdf
2016-08-19 22:16 - 2016-08-19 22:16 - 00075759 _____ C:\Users\Arthur Alisson\Downloads\DAS-PGMEI-23364739000188(3).pdf
2016-08-19 12:00 - 2016-08-19 12:00 - 00044851 _____ C:\Users\Arthur Alisson\Downloads\00000000000129609073_00000000400181418327.pdf
2016-08-18 12:27 - 2016-08-18 12:27 - 00000000 ____D C:\Users\Arthur Alisson\AppData\Roaming\excdir
2016-08-18 01:43 - 2016-08-18 01:43 - 00001076 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-597540426-287658067-1748461302-1002Core1d1f90bbed7bf2.job
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-08-21 09:40 - 2015-02-04 07:47 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-08-21 09:40 - 2015-02-04 07:47 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-21 09:20 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-21 09:19 - 2015-05-05 18:57 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-08-21 09:18 - 2016-05-11 20:01 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-08-21 09:18 - 2016-02-04 18:56 - 00101080 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2016-08-21 09:17 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-20 21:36 - 2016-03-21 14:36 - 00000000 ____D C:\Users\Arthur Alisson\AppData\Roaming\WMPNetworkAcSvc
2016-08-18 12:10 - 2014-03-18 07:32 - 01797166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-18 12:10 - 2014-03-18 06:45 - 00774900 _____ C:\WINDOWS\system32\prfh0416.dat
2016-08-18 12:10 - 2014-03-18 06:45 - 00158494 _____ C:\WINDOWS\system32\prfc0416.dat
2016-08-18 12:10 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Inf
2016-08-18 01:53 - 2015-02-03 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-08-18 01:50 - 2015-12-22 16:39 - 00002635 _____ C:\Users\Arthur Alisson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-18 01:50 - 2015-12-22 16:39 - 00002627 _____ C:\Users\Arthur Alisson\Desktop\Google Chrome.lnk
2016-08-18 01:43 - 2016-05-10 21:02 - 00001076 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-597540426-287658067-1748461302-1002Core1d1ab185e2b6b81.job
2016-08-18 01:29 - 2015-02-03 10:50 - 00154392 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-08-18 01:29 - 2015-02-03 10:50 - 00144664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
==================== Arquivos na raiz de alguns diretórios =======
2015-11-04 20:05 - 2015-11-04 20:05 - 0042259 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2015-12-05 21:22 - 2015-12-05 21:22 - 0018424 _____ () C:\Program Files (x86)\CMS Uninstall Log.txt
2015-02-21 22:27 - 2015-05-05 18:57 - 0067240 _____ () C:\Users\Arthur Alisson\AppData\Roaming\unins000.dat
2015-07-22 14:49 - 2015-07-22 14:49 - 0613255 _____ (CMI Limited) C:\Users\Arthur Alisson\AppData\Local\nsaB40D.tmp
2015-07-20 09:58 - 2015-07-20 09:58 - 0613255 _____ (CMI Limited) C:\Users\Arthur Alisson\AppData\Local\nsf3D45.tmp
2015-07-22 14:09 - 2015-07-22 14:09 - 0613255 _____ (CMI Limited) C:\Users\Arthur Alisson\AppData\Local\nshEA5.tmp
2015-07-08 22:58 - 2015-07-08 22:58 - 0613255 _____ (CMI Limited) C:\Users\Arthur Alisson\AppData\Local\nsl17B4.tmp
Alguns arquivos em TEMP:
====================
C:\Users\Arthur Alisson\AppData\Local\Temp\1436482867.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\1436997511.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\AcDeltree.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\APNSetup.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\appshat_generic.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\avgnt.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\bjgA46A.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\DesktopTool.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\GUR5D94.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\GUR9FF6.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\GURD1D2.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\JSE_install_app-1436481869557.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\nsp6921.tmp.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\oprun26551.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\smt_oursurfing.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\Uninstall.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\UninstallModule.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe
C:\Users\Arthur Alisson\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2015-07-15 11:45
==================== Fim de FRST.txt ============================