cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-01-2017 01
Executado por Hozanir Andrade (administrador) em HOZANIRANDRADE (26-01-2017 21:58:59)
Executando a partir de C:\Users\Hozanir Andrade\Desktop
Perfis Carregados: Hozanir Andrade (Perfis Disponíveis: Hozanir Andrade & Convidado)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII4E.EXE
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-09-13] (NVIDIA Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-24] (AVAST Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1985335273-3085297699-2053629641-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1985335273-3085297699-2053629641-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-1985335273-3085297699-2053629641-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1985335273-3085297699-2053629641-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1985335273-3085297699-2053629641-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1985335273-3085297699-2053629641-1000\...\MountPoints2: {4e2f891b-f9c4-11e5-8d85-0025224a1e1d} - E:\setup\rsrc\Autorun.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-26] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2016-10-27]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe (Mediatek Inc.)
GroupPolicy: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2996C5A5-019C-483D-9447-563B319CCC5D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9FA250F0-4605-4848-821A-BADDF7CD6158}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_39_orgnl¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByE0AtC0EtC0DyBtByDyBtN0D0Tzu0StCyBtAyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0E0D0CyByEtC0BtGyB0C0EtAtGtAtAyBtCtGyEzz0EtCtG0B0DzzyCyByCyD0AyE0F0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0CyB0BtAzy0EyDtGtAzz0B0FtGyEyEyDzztGzzzzzyzztG0CzyyCyCyEtDzyzytBzyzy0C2QtN0A0LzuyE%26cr%3D350001599%26a%3Dhdr_s_16_39_orgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_39_orgnl¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByE0AtC0EtC0DyBtByDyBtN0D0Tzu0StCyBtAyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0E0D0CyByEtC0BtGyB0C0EtAtGtAtAyBtCtGyEzz0EtCtG0B0DzzyCyByCyD0AyE0F0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0CyB0BtAzy0EyDtGtAzz0B0FtGyEyEyDzztGzzzzzyzztG0CzyyCyCyEtDzyzytBzyzy0C2QtN0A0LzuyE%26cr%3D350001599%26a%3Dhdr_s_16_39_orgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1985335273-3085297699-2053629641-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1985335273-3085297699-2053629641-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_39_orgnl¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByE0AtC0EtC0DyBtByDyBtN0D0Tzu0StCyBtAyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0E0D0CyByEtC0BtGyB0C0EtAtGtAtAyBtCtGyEzz0EtCtG0B0DzzyCyByCyD0AyE0F0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0CyB0BtAzy0EyDtGtAzz0B0FtGyEyEyDzztGzzzzzyzztG0CzyyCyCyEtDzyzytBzyzy0C2QtN0A0LzuyE%26cr%3D350001599%26a%3Dhdr_s_16_39_orgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1985335273-3085297699-2053629641-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_39_orgnl¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByE0AtC0EtC0DyBtByDyBtN0D0Tzu0StCyBtAyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0E0D0CyByEtC0BtGyB0C0EtAtGtAtAyBtCtGyEzz0EtCtG0B0DzzyCyByCyD0AyE0F0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0CyB0BtAzy0EyDtGtAzz0B0FtGyEyEyDzztGzzzzzyzztG0CzyyCyCyEtDzyzytBzyzy0C2QtN0A0LzuyE%26cr%3D350001599%26a%3Dhdr_s_16_39_orgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_39_orgnl¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByE0AtC0EtC0DyBtByDyBtN0D0Tzu0StCyBtAyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0E0D0CyByEtC0BtGyB0C0EtAtGtAtAyBtCtGyEzz0EtCtG0B0DzzyCyByCyD0AyE0F0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0CyB0BtAzy0EyDtGtAzz0B0FtGyEyEyDzztGzzzzzyzztG0CzyyCyCyEtDzyzytBzyzy0C2QtN0A0LzuyE%26cr%3D350001599%26a%3Dhdr_s_16_39_orgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_39_orgnl¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByE0AtC0EtC0DyBtByDyBtN0D0Tzu0StCyBtAyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0E0D0CyByEtC0BtGyB0C0EtAtGtAtAyBtCtGyEzz0EtCtG0B0DzzyCyByCyD0AyE0F0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0CyB0BtAzy0EyDtGtAzz0B0FtGyEyEyDzztGzzzzzyzztG0CzyyCyCyEtDzyzytBzyzy0C2QtN0A0LzuyE%26cr%3D350001599%26a%3Dhdr_s_16_39_orgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_39_orgnl¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByE0AtC0EtC0DyBtByDyBtN0D0Tzu0StCyBtAyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0E0D0CyByEtC0BtGyB0C0EtAtGtAtAyBtCtGyEzz0EtCtG0B0DzzyCyByCyD0AyE0F0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0CyB0BtAzy0EyDtGtAzz0B0FtGyEyEyDzztGzzzzzyzztG0CzyyCyCyEtDzyzytBzyzy0C2QtN0A0LzuyE%26cr%3D350001599%26a%3Dhdr_s_16_39_orgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1985335273-3085297699-2053629641-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_39_orgnl¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByE0AtC0EtC0DyBtByDyBtN0D0Tzu0StCyBtAyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0E0D0CyByEtC0BtGyB0C0EtAtGtAtAyBtCtGyEzz0EtCtG0B0DzzyCyByCyD0AyE0F0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0CyB0BtAzy0EyDtGtAzz0B0FtGyEyEyDzztGzzzzzyzztG0CzyyCyCyEtDzyzytBzyzy0C2QtN0A0LzuyE%26cr%3D350001599%26a%3Dhdr_s_16_39_orgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1985335273-3085297699-2053629641-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1985335273-3085297699-2053629641-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_39_orgnl¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByE0AtC0EtC0DyBtByDyBtN0D0Tzu0StCyBtAyDtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0E0D0CyByEtC0BtGyB0C0EtAtGtAtAyBtCtGyEzz0EtCtG0B0DzzyCyByCyD0AyE0F0AtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0CyB0BtAzy0EyDtGtAzz0B0FtGyEyEyDzztGzzzzzyzztG0CzyyCyCyEtDzyzytBzyzy0C2QtN0A0LzuyE%26cr%3D350001599%26a%3Dhdr_s_16_39_orgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1985335273-3085297699-2053629641-1000 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-09-16] (Intel Security)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-09-16] (Intel Security)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-18]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default [2017-01-26]
CHR Extension: (Google Apresentações) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-02]
CHR Extension: (Google Docs) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-02]
CHR Extension: (Google Drive) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-02]
CHR Extension: (YouTube) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-02]
CHR Extension: (Avast SafePrice) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-24]
CHR Extension: (Planilhas do Google) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02]
CHR Extension: (Avast Online Security) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Hozanir Andrade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Arquivo não assinado]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [401040 2014-07-31] (Mediatek Inc.)
R2 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-07-31] (Mediatek Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-09-13] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-09-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-09-13] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2016-04-05] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2016-04-05] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S3 RaMediaServer; C:\Program Files (x86)\MediatekWiFi\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S2 TrueKey; "C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe" [X]
S2 TrueKeyScheduler; "C:\Program Files\TrueKey\McTkSchedulerService.exe" [X]
S2 TrueKeyServiceHelper; "C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe" [X]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2212496 2014-07-04] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-09-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-09-13] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2016-04-03] () [Arquivo não assinado]
U3 avuzzqlq; C:\Windows\System32\Drivers\avuzzqlq.sys [0 ] (Microsoft Corporation) <==== ATENÇÃO (zero byte Arquivo/Pasta)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-01-26 21:58 - 2017-01-26 21:59 - 00024662 _____ C:\Users\Hozanir Andrade\Desktop\FRST.txt
2017-01-26 21:58 - 2017-01-26 21:58 - 02420736 _____ (Farbar) C:\Users\Hozanir Andrade\Downloads\FRST64.exe
2017-01-26 21:58 - 2017-01-26 21:58 - 02420736 _____ (Farbar) C:\Users\Hozanir Andrade\Desktop\FRST64.exe
2017-01-26 21:58 - 2017-01-26 21:58 - 00000000 ____D C:\FRST
2017-01-26 21:41 - 2017-01-26 21:42 - 15068056 _____ (Microsoft Corporation) C:\Users\Hozanir Andrade\Downloads\vc_redist.x64 (1).exe
2017-01-25 23:23 - 2017-01-25 23:24 - 14572000 _____ (Microsoft Corporation) C:\Users\Hozanir Andrade\Downloads\vc_redist.x64.exe
2017-01-25 23:17 - 2017-01-25 23:17 - 00002158 _____ C:\Users\Public\Desktop\Style Builder 2017.lnk
2017-01-25 23:17 - 2017-01-25 23:17 - 00002072 _____ C:\Users\Public\Desktop\LayOut 2017.lnk
2017-01-25 23:17 - 2017-01-25 23:17 - 00001987 _____ C:\Users\Public\Desktop\SketchUp 2017.lnk
2017-01-25 23:17 - 2017-01-25 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017
2017-01-23 00:40 - 2017-01-25 23:16 - 00000000 ____D C:\Program Files\SketchUp
2017-01-23 00:38 - 2017-01-25 23:08 - 00000000 ____D C:\sketchup
2017-01-22 19:20 - 2017-01-22 19:20 - 00000000 ____D C:\Users\Hozanir Andrade\Documents\Minhas paletas
2017-01-22 19:15 - 2017-01-23 00:34 - 00000000 ____D C:\Users\Hozanir Andrade\Documents\Corel
2017-01-22 19:13 - 2017-01-23 00:21 - 00000000 ____D C:\Users\Hozanir Andrade\AppData\Roaming\Corel
2017-01-22 19:13 - 2017-01-22 19:15 - 00000000 ____D C:\Users\Todos os Usuários\Protexis64
2017-01-22 19:13 - 2017-01-22 19:15 - 00000000 ____D C:\ProgramData\Protexis64
2017-01-22 19:12 - 2017-01-22 19:10 - 00002523 _____ C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
2017-01-22 19:12 - 2017-01-22 19:09 - 00003060 _____ C:\Users\Public\Desktop\Corel CAPTURE X7 (64-Bit).lnk
2017-01-22 19:12 - 2017-01-22 19:09 - 00002343 _____ C:\Users\Public\Desktop\Corel CONNECT X7 (64-Bit).lnk
2017-01-22 19:12 - 2017-01-22 19:08 - 00003063 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk
2017-01-22 19:12 - 2017-01-22 19:08 - 00003015 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2017-01-22 19:09 - 2017-01-22 19:09 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-01-22 19:09 - 2017-01-22 19:09 - 00000000 ____D C:\Program Files\Common Files\Protexis
2017-01-22 19:08 - 2017-01-22 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2017-01-22 19:01 - 2017-01-22 19:20 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2017-01-22 19:01 - 2017-01-22 19:20 - 00000000 ____D C:\ProgramData\Corel
2017-01-22 19:00 - 2017-01-22 19:00 - 00000000 ____D C:\Program Files\Common Files\Corel
2017-01-22 18:57 - 2017-01-22 19:08 - 00000000 ____D C:\Program Files\Corel
2017-01-22 18:40 - 2017-01-22 19:12 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X7 x64
2017-01-22 18:40 - 2017-01-22 19:12 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2017-01-22 17:33 - 2017-01-22 19:04 - 00000000 ____D C:\Corel Draw X7
2017-01-22 17:16 - 2017-01-22 17:16 - 00283960 _____ C:\Windows\Minidump\012217-22343-01.dmp
2017-01-22 15:12 - 2017-01-22 15:18 - 159484416 _____ (Trimble, Inc.) C:\Users\Hozanir Andrade\Downloads\SketchUpMake-pt-BR-x64.exe
2017-01-19 21:45 - 2017-01-19 21:46 - 00000126 _____ C:\Users\Hozanir Andrade\Desktop\Youtube.url
2017-01-18 23:49 - 2017-01-18 23:49 - 00000000 ____D C:\Users\Hozanir Andrade\AppData\Local\CrashDumps
2017-01-18 23:47 - 2017-01-18 23:47 - 00000000 ____D C:\Users\Hozanir Andrade\AppData\Local\YSearchUtil
2017-01-18 23:40 - 2017-01-18 23:40 - 00000000 ____D C:\Users\Hozanir Andrade\Documents\Arquivos do Outlook
2017-01-14 02:35 - 2017-01-14 02:36 - 04035950 _____ C:\Users\Hozanir Andrade\Downloads\Brasao.zip
2017-01-02 22:59 - 2017-01-02 23:41 - 00729450 _____ C:\Users\Hozanir Andrade\Documents\sala de musica.skb
2017-01-02 02:33 - 2017-01-02 23:50 - 00703545 _____ C:\Users\Hozanir Andrade\Documents\sala de musica.skp
2016-12-28 21:20 - 2016-12-28 21:28 - 00032253 _____ C:\Users\Hozanir Andrade\Documents\modelo casa.dwg

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-01-26 21:54 - 2009-07-14 00:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-26 21:54 - 2009-07-14 00:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-26 21:46 - 2016-04-02 01:53 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-01-26 21:46 - 2016-04-02 01:53 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-26 21:46 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-26 21:45 - 2016-10-09 19:27 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-01-26 21:45 - 2016-10-09 19:27 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-25 23:37 - 2016-04-17 13:28 - 00000000 ____D C:\Users\Hozanir Andrade\AppData\Local\Microsoft Games
2017-01-25 23:12 - 2010-11-21 05:37 - 00705798 _____ C:\Windows\system32\prfh0416.dat
2017-01-25 23:12 - 2010-11-21 05:37 - 00147638 _____ C:\Windows\system32\prfc0416.dat
2017-01-25 23:12 - 2009-07-14 01:13 - 01635826 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-25 23:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-01-23 00:51 - 2016-04-02 19:57 - 00000000 ____D C:\Users\Todos os Usuários\Reprise
2017-01-23 00:51 - 2016-04-02 19:57 - 00000000 ____D C:\Users\Hozanir Andrade\AppData\Roaming\SketchUp
2017-01-23 00:51 - 2016-04-02 19:57 - 00000000 ____D C:\ProgramData\Reprise
2017-01-23 00:40 - 2016-04-02 19:57 - 00000000 ____D C:\Users\Todos os Usuários\SketchUp
2017-01-23 00:40 - 2016-04-02 19:57 - 00000000 ____D C:\ProgramData\SketchUp
2017-01-22 19:40 - 2009-07-14 00:45 - 00608976 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-22 19:15 - 2016-04-01 22:47 - 00182272 _____ C:\Users\Hozanir Andrade\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-22 19:11 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-01-22 18:02 - 2016-04-07 00:13 - 00000000 ____D C:\corte_certo
2017-01-22 17:16 - 2016-09-02 23:26 - 344877158 _____ C:\Windows\MEMORY.DMP
2017-01-22 17:16 - 2016-09-02 23:26 - 00000000 ____D C:\Windows\Minidump
2017-01-22 15:03 - 2016-10-09 20:46 - 00000000 ____D C:\Windows\system32\appmgmt
2017-01-22 14:49 - 2016-04-02 11:47 - 01600212 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-01-22 10:42 - 2016-10-09 15:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 23:02 - 2016-05-06 13:26 - 00000000 ____D C:\Users\Convidado\AppData\Local\Microsoft Games
2017-01-20 00:27 - 2016-04-03 09:49 - 00000000 ____D C:\Users\Hozanir Andrade\AppData\Local\cache
2017-01-19 20:34 - 2016-04-02 11:55 - 00000000 ____D C:\Users\Hozanir Andrade\AppData\Local\NVIDIA
2017-01-18 23:48 - 2016-04-02 13:38 - 00000000 ____D C:\Users\Hozanir Andrade\AppData\Local\NVIDIA Corporation
2017-01-18 23:48 - 2016-04-02 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-18 23:48 - 2016-04-02 11:50 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2017-01-18 23:48 - 2016-04-02 11:50 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-18 23:48 - 2016-04-02 11:50 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-18 23:48 - 2016-04-02 11:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-18 23:45 - 2016-04-02 01:47 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2017-01-18 23:45 - 2016-04-02 01:47 - 00000000 ____D C:\ProgramData\Oracle
2017-01-18 23:45 - 2016-04-02 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-18 23:45 - 2016-04-02 01:47 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-18 23:44 - 2016-04-02 01:47 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-13 23:43 - 2016-04-16 21:36 - 00000000 ____D C:\Users\Hozanir Andrade\AppData\Roaming\Epson
2017-01-10 23:29 - 2016-10-09 15:45 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-02 23:56 - 2016-04-02 00:37 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-12-29 21:40 - 2016-07-15 19:30 - 00208695 _____ C:\Users\Hozanir Andrade\Documents\Sem nome.skp

==================== Arquivos na raiz de alguns diretórios =======

2016-10-01 21:24 - 2016-10-01 21:24 - 3187734 _____ () C:\Users\Hozanir Andrade\AppData\Roaming\sb265.dat
2016-10-01 21:24 - 2016-10-01 21:24 - 0357888 _____ () C:\Users\Hozanir Andrade\AppData\Roaming\Setup77175.exe
2016-09-21 10:24 - 2016-10-08 17:24 - 0000141 _____ () C:\Users\Hozanir Andrade\AppData\Roaming\WB.CFG

Alguns arquivos em TEMP:
====================
2016-04-03 08:47 - 2013-01-18 17:24 - 0040328 _____ (Autodesk, Inc.) C:\Users\Hozanir Andrade\AppData\Local\Temp\AcDeltree.exe
2016-10-21 00:54 - 2016-10-21 00:56 - 17618816 _____ (DsNET Corp ) C:\Users\Hozanir Andrade\AppData\Local\Temp\atcMedia9801477011270.exe
2016-05-25 01:23 - 2016-05-25 01:23 - 1245296 _____ () C:\Users\Hozanir Andrade\AppData\Local\Temp\ICReinstall_PDFWriterSetup.exe
2016-04-28 19:48 - 2016-04-28 19:48 - 1092328 _____ (Dahapehenu ) C:\Users\Hozanir Andrade\AppData\Local\Temp\ICReinstall_Planilha-Simplificada-de-Orcamento-Domestico.exe
2016-09-22 13:55 - 2016-09-22 13:55 - 0741440 _____ (Oracle Corporation) C:\Users\Hozanir Andrade\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-12-27 20:33 - 2016-12-27 20:33 - 0737856 _____ (Oracle Corporation) C:\Users\Hozanir Andrade\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-18 23:34 - 2017-01-18 23:34 - 0739904 _____ (Oracle Corporation) C:\Users\Hozanir Andrade\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-04-27 21:50 - 2016-04-27 21:51 - 0739904 _____ (Oracle Corporation) C:\Users\Hozanir Andrade\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-04-02 11:51 - 2016-01-29 05:05 - 1220984 _____ (NVIDIA Corporation) C:\Users\Hozanir Andrade\AppData\Local\Temp\nvSCPAPI.dll
2016-10-13 09:49 - 2016-01-29 05:04 - 0833472 _____ (NVIDIA Corporation) C:\Users\Hozanir Andrade\AppData\Local\Temp\nvStInst.exe
2010-03-12 04:59 - 2010-03-12 04:59 - 0149352 ____R (Microsoft Corporation) C:\Users\Hozanir Andrade\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2017-01-23 22:07

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité