Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 10-02-2017
Executado por uae (administrador) em UAE-VAIO (11-02-2017 00:43:59)
Executando a partir de C:\Users\uae\Downloads
Perfis Carregados: uae & (Perfis Disponíveis: uae & Convidado)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fb_inet_server.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\systips\tipssvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\uae\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-03-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-22] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60120 2016-11-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2016-03-19] (alch)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [Facebook Update] => C:\Users\uae\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-29] (Facebook Inc.)
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [HW_OPENEYE_OUC_Claro] => "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe"
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [Spotify Web Helper] => C:\Users\uae\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-10-14] (Spotify Ltd)
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe [4535192 2016-03-15] ()
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe [7763384 2016-07-15] (AO Kaspersky Lab)
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {0ad82c4e-43f1-11e4-83e5-642737bcc2f8} - E:\AutoRun.exe
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {a62b03c4-e954-11e3-925b-642737bcc2f8} - E:\AutoRun.exe
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {fdd78037-e8c9-11e3-9e84-642737bcc2f8} - F:\AutoRun.exe
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {fdd78044-e8c9-11e3-9e84-642737bcc2f8} - E:\AutoRun.exe
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {fdd78099-e8c9-11e3-9e84-642737bcc2f8} - E:\AutoRun.exe
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-4222321392-2254865489-2065712015-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [HW_OPENEYE_OUC_Claro] => "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe"
HKU\S-1-5-18\...\Run: [WiFi Protector] => C:\Program Files (x86)\WiFi Protector\WiFiProtLauncher.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-12-06]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\Users\uae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-06]
ShortcutTarget: Start.lnk -> C:\Users\uae\AppData\Roaming\evgrei\lnardpfbj64.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{D3BDFB55-ECA9-4382-ADE2-64559BD9BFDA}: [DhcpNameServer] 192.168.2.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
BHO: Sem Nome -> {22ad50a5-4d58-47d0-b850-f35b616e9b5d} -> Nenhum Arquivo
BHO: Sem Nome -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Nenhum Arquivo
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Sem Nome -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Nenhum Arquivo
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-23] (Atheros Commnucations)
BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo
Toolbar: HKLM - Sem Nome - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Nenhum Arquivo
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 35tllo9r.default-1416778096862
FF ProfilePath: C:\Users\uae\AppData\Roaming\Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 [2017-02-10]
FF user.js: detected! => C:\Users\uae\AppData\Roaming\Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862\user.js [2016-12-06]
FF NewTab: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> about:newtab
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> hxxps://www.google.com/search?trackid=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> Google (avast)
FF Homepage: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> www.qqovd.com?oem=sv1&uid=J211008BJ59EBA_HTS547550A9E&tm=1454510724
FF Keyword.URL: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> hxxps://www.google.com/search?trackid=sp-006
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> Google (avast)
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> Google (avast)
FF SearchPlugin: C:\Users\uae\AppData\Roaming\Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862\searchplugins\google-avast.xml [2016-01-14]
FF HKU\S-1-5-21-4222321392-2254865489-2065712015-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => não encontrado (a)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-4222321392-2254865489-2065712015-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\uae\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.123rede.com?oem=sv1&uid=J211008BJ59EBA_HTS547550A9E&tm=1451351344
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default [2017-02-11]
CHR Extension: (Google Drive) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [Arquivo não assinado]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) [Arquivo não assinado]
R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fb_inet_server.exe [2723840 2009-07-22] (Firebird Project) [Arquivo não assinado]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
R2 NetExpress Updater; C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe [20568 2015-08-21] ()
S2 NetLogHandler; C:\Users\uae\AppData\Roaming\Netlog\Netlog.exe [167704 2015-06-08] (QNT)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 TipsService; C:\Program Files (x86)\systips\tipssvc.exe [317440 2015-07-06] () [Arquivo não assinado]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-10-10] (TuneUp Software)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1634304 2015-03-16] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [Arquivo não assinado]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35864 2016-12-06] (Avira Operations GmbH & Co. KG)
R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
R3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-13] (Microsoft Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [223744 2011-12-02] (Huawei Technologies Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-10] (Malwarebytes)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
U0 aswVmm; não ImagePath
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-11 00:40 - 2017-02-11 00:43 - 00062597 _____ C:\Users\uae\Downloads\Addition.txt
2017-02-11 00:37 - 2017-02-11 00:44 - 00025762 _____ C:\Users\uae\Downloads\FRST.txt
2017-02-11 00:37 - 2017-02-11 00:43 - 00000000 ____D C:\FRST
2017-02-11 00:35 - 2017-02-11 00:35 - 00001078 _____ C:\Users\uae\Desktop\FRST64 - Atalho.lnk
2017-02-11 00:32 - 2017-02-11 00:33 - 02421248 _____ (Farbar) C:\Users\uae\Downloads\FRST64.exe
2017-02-03 13:56 - 2017-02-03 13:58 - 46148705 _____ C:\Users\uae\Downloads\O Demonio Da Teoria (COMPAGNON)- COMPLETO.pdf
2017-02-02 22:41 - 2017-02-02 22:43 - 00000000 ____D C:\Users\uae\AppData\Roaming\.clamwin
2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\Users\Todos os Usuários\.clamwin
2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\ProgramData\.clamwin
2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\Program Files (x86)\ClamWin
2017-02-02 22:13 - 2017-02-02 22:20 - 120690586 _____ (alch ) C:\Users\uae\Downloads\clamwin-0.99.1-setup.exe
2017-02-02 20:25 - 2017-02-02 20:25 - 00001136 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-02-02 18:33 - 2017-02-02 18:33 - 00014730 _____ C:\Windows\IntegraOS Setup Log.txt
2017-02-02 18:33 - 2017-02-02 18:33 - 00001905 _____ C:\Users\uae\Desktop\IntegraOS.lnk
2017-02-02 18:33 - 2017-02-02 18:33 - 00000000 ____D C:\Windows\IntegraOS
2017-02-02 18:33 - 2017-02-02 18:33 - 00000000 ____D C:\Users\uae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IntegraOS
2017-02-02 18:33 - 2017-02-02 18:33 - 00000000 ____D C:\Program Files (x86)\IntegraOS
2017-02-02 18:29 - 2017-02-02 18:31 - 18903004 _____ C:\Users\uae\Downloads\IntegraOS.exe
2017-01-22 23:52 - 2017-01-22 23:52 - 00060620 _____ C:\Users\uae\Downloads\Texto 3.pdf
2017-01-19 23:40 - 2017-01-19 23:45 - 58853023 _____ C:\Users\uae\Downloads\B7$ 4gu$7 D - 4gu$7 D [kpopdownloadscmm.blogspot.com].7z
2017-01-18 23:08 - 2017-01-18 23:08 - 00088749 _____ C:\Users\uae\Downloads\6410-19677-1-PB.pdf
2017-01-17 01:24 - 2017-01-17 01:24 - 00259831 _____ C:\Users\uae\Downloads\Poe CARTA ROUBADA.pdf
2017-01-17 01:16 - 2017-01-17 01:16 - 00001771 _____ C:\Users\uae\Downloads\Meanie..txt
2017-01-17 01:16 - 2017-01-17 01:16 - 00001771 _____ C:\Users\uae\Downloads\Meanie. (1).txt
2017-01-13 14:04 - 2017-01-13 14:04 - 00149484 _____ C:\Windows\system32\s000007.dat
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-11 00:44 - 2013-01-29 00:39 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4222321392-2254865489-2065712015-1000UA.job
2017-02-11 00:44 - 2013-01-29 00:39 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4222321392-2254865489-2065712015-1000Core.job
2017-02-11 00:07 - 2012-10-19 21:19 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-10 21:30 - 2009-07-14 02:45 - 00022816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-10 21:30 - 2009-07-14 02:45 - 00022816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-10 21:28 - 2016-12-08 10:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-10 21:19 - 2016-04-20 18:38 - 00000000 ____D C:\Program Files (x86)\Nero
2017-02-10 21:19 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-10 21:16 - 2016-04-20 18:38 - 00000000 ____D C:\Users\Todos os Usuários\Nero
2017-02-10 21:16 - 2016-04-20 18:38 - 00000000 ____D C:\ProgramData\Nero
2017-02-09 22:20 - 2016-04-14 16:08 - 00000000 ____D C:\Users\uae\AppData\Roaming\Audacity
2017-02-09 19:59 - 2013-06-03 12:49 - 00000000 ____D C:\Users\uae\AppData\Local\ElevatedDiagnostics
2017-02-09 17:04 - 2014-08-28 16:07 - 00000000 ____D C:\Users\uae\Documents\Raony
2017-02-07 15:56 - 2016-10-06 10:19 - 00000000 ____D C:\Users\uae\Desktop\Samea
2017-02-02 21:59 - 2012-10-20 09:07 - 00000000 ____D C:\Users\uae
2017-02-02 20:25 - 2016-12-31 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-02 20:25 - 2016-04-20 17:28 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-02-02 20:25 - 2016-04-20 17:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-31 23:16 - 2016-06-14 16:34 - 00000000 ____D C:\Users\uae\AppData\Local\osu!
2017-01-30 01:45 - 2016-04-20 20:02 - 00000000 ____D C:\Users\uae\AppData\Local\Nero
2017-01-30 01:41 - 2012-10-19 19:38 - 00714790 _____ C:\Windows\system32\prfh0416.dat
2017-01-30 01:41 - 2012-10-19 19:38 - 00154384 _____ C:\Windows\system32\prfc0416.dat
2017-01-30 01:41 - 2009-07-14 03:13 - 01667006 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-30 01:41 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2017-01-27 11:26 - 2015-06-08 02:13 - 00004608 _____ C:\Users\uae\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-25 10:37 - 2014-07-30 18:28 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-01-25 10:37 - 2014-07-30 18:28 - 00000286 __RSH C:\ProgramData\ntuser.pol
2017-01-21 02:43 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
2017-01-20 19:12 - 2016-10-12 22:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-13 13:50 - 2013-01-17 15:57 - 00000612 _____ C:\Windows\system32\sstates.sdt
2017-01-13 13:50 - 2013-01-17 15:57 - 00000040 _____ C:\Windows\system32\sstate_prev.sdt
==================== Arquivos na raiz de alguns diretórios =======
2016-06-07 11:15 - 2016-06-07 11:15 - 0000034 _____ () C:\Program Files\Common Files\9E3EC1B1.zq
2014-07-30 18:41 - 2014-11-04 22:20 - 0000548 _____ () C:\Users\uae\AppData\Roaming\FileShred.log
2014-07-30 17:05 - 2015-02-17 00:05 - 0000093 _____ () C:\Users\uae\AppData\Roaming\WB.CFG
2015-06-08 02:13 - 2017-01-27 11:26 - 0004608 _____ () C:\Users\uae\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-20 09:36 - 2012-10-20 09:36 - 0017408 _____ () C:\Users\uae\AppData\Local\WebpageIcons.db
2012-10-22 00:36 - 2012-10-22 00:37 - 0000000 _____ () C:\ProgramData\DwmRestart.txt
Alguns arquivos em TEMP:
====================
2016-10-22 18:02 - 2016-10-22 18:02 - 0000000 ____D () C:\Users\uae\AppData\Local\Temp\CatchVideo.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
ATENÇÃO: ==> Não foi possível acessar BCD.
LastRegBack: 2017-02-03 00:53
==================== Fim de FRST.txt ============================
Executado por uae (administrador) em UAE-VAIO (11-02-2017 00:43:59)
Executando a partir de C:\Users\uae\Downloads
Perfis Carregados: uae & (Perfis Disponíveis: uae & Convidado)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fb_inet_server.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\systips\tipssvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\uae\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-03-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-22] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60120 2016-11-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2016-03-19] (alch)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [Facebook Update] => C:\Users\uae\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-29] (Facebook Inc.)
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [HW_OPENEYE_OUC_Claro] => "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe"
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [Spotify Web Helper] => C:\Users\uae\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-10-14] (Spotify Ltd)
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe [4535192 2016-03-15] ()
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe [7763384 2016-07-15] (AO Kaspersky Lab)
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {0ad82c4e-43f1-11e4-83e5-642737bcc2f8} - E:\AutoRun.exe
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {a62b03c4-e954-11e3-925b-642737bcc2f8} - E:\AutoRun.exe
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {fdd78037-e8c9-11e3-9e84-642737bcc2f8} - F:\AutoRun.exe
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {fdd78044-e8c9-11e3-9e84-642737bcc2f8} - E:\AutoRun.exe
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {fdd78099-e8c9-11e3-9e84-642737bcc2f8} - E:\AutoRun.exe
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-4222321392-2254865489-2065712015-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [HW_OPENEYE_OUC_Claro] => "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe"
HKU\S-1-5-18\...\Run: [WiFi Protector] => C:\Program Files (x86)\WiFi Protector\WiFiProtLauncher.exe
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-12-06]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)
Startup: C:\Users\uae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-06]
ShortcutTarget: Start.lnk -> C:\Users\uae\AppData\Roaming\evgrei\lnardpfbj64.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{D3BDFB55-ECA9-4382-ADE2-64559BD9BFDA}: [DhcpNameServer] 192.168.2.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net
HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL =
BHO: Sem Nome -> {22ad50a5-4d58-47d0-b850-f35b616e9b5d} -> Nenhum Arquivo
BHO: Sem Nome -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Nenhum Arquivo
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Sem Nome -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Nenhum Arquivo
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-23] (Atheros Commnucations)
BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo
Toolbar: HKLM - Sem Nome - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Nenhum Arquivo
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 35tllo9r.default-1416778096862
FF ProfilePath: C:\Users\uae\AppData\Roaming\Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 [2017-02-10]
FF user.js: detected! => C:\Users\uae\AppData\Roaming\Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862\user.js [2016-12-06]
FF NewTab: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> about:newtab
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> hxxps://www.google.com/search?trackid=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> Google (avast)
FF Homepage: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> www.qqovd.com?oem=sv1&uid=J211008BJ59EBA_HTS547550A9E&tm=1454510724
FF Keyword.URL: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> hxxps://www.google.com/search?trackid=sp-006
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> Google (avast)
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> Google (avast)
FF SearchPlugin: C:\Users\uae\AppData\Roaming\Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862\searchplugins\google-avast.xml [2016-01-14]
FF HKU\S-1-5-21-4222321392-2254865489-2065712015-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => não encontrado (a)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-13] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-4222321392-2254865489-2065712015-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\uae\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.123rede.com?oem=sv1&uid=J211008BJ59EBA_HTS547550A9E&tm=1451351344
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default [2017-02-11]
CHR Extension: (Google Drive) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [Arquivo não assinado]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) [Arquivo não assinado]
R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fb_inet_server.exe [2723840 2009-07-22] (Firebird Project) [Arquivo não assinado]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
R2 NetExpress Updater; C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe [20568 2015-08-21] ()
S2 NetLogHandler; C:\Users\uae\AppData\Roaming\Netlog\Netlog.exe [167704 2015-06-08] (QNT)
S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 TipsService; C:\Program Files (x86)\systips\tipssvc.exe [317440 2015-07-06] () [Arquivo não assinado]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-10-10] (TuneUp Software)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1634304 2015-03-16] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [Arquivo não assinado]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-12-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-12-06] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35864 2016-12-06] (Avira Operations GmbH & Co. KG)
R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
R3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-13] (Microsoft Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [223744 2011-12-02] (Huawei Technologies Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-10] (Malwarebytes)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software)
U0 aswVmm; não ImagePath
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-11 00:40 - 2017-02-11 00:43 - 00062597 _____ C:\Users\uae\Downloads\Addition.txt
2017-02-11 00:37 - 2017-02-11 00:44 - 00025762 _____ C:\Users\uae\Downloads\FRST.txt
2017-02-11 00:37 - 2017-02-11 00:43 - 00000000 ____D C:\FRST
2017-02-11 00:35 - 2017-02-11 00:35 - 00001078 _____ C:\Users\uae\Desktop\FRST64 - Atalho.lnk
2017-02-11 00:32 - 2017-02-11 00:33 - 02421248 _____ (Farbar) C:\Users\uae\Downloads\FRST64.exe
2017-02-03 13:56 - 2017-02-03 13:58 - 46148705 _____ C:\Users\uae\Downloads\O Demonio Da Teoria (COMPAGNON)- COMPLETO.pdf
2017-02-02 22:41 - 2017-02-02 22:43 - 00000000 ____D C:\Users\uae\AppData\Roaming\.clamwin
2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\Users\Todos os Usuários\.clamwin
2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\ProgramData\.clamwin
2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\Program Files (x86)\ClamWin
2017-02-02 22:13 - 2017-02-02 22:20 - 120690586 _____ (alch ) C:\Users\uae\Downloads\clamwin-0.99.1-setup.exe
2017-02-02 20:25 - 2017-02-02 20:25 - 00001136 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-02-02 18:33 - 2017-02-02 18:33 - 00014730 _____ C:\Windows\IntegraOS Setup Log.txt
2017-02-02 18:33 - 2017-02-02 18:33 - 00001905 _____ C:\Users\uae\Desktop\IntegraOS.lnk
2017-02-02 18:33 - 2017-02-02 18:33 - 00000000 ____D C:\Windows\IntegraOS
2017-02-02 18:33 - 2017-02-02 18:33 - 00000000 ____D C:\Users\uae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IntegraOS
2017-02-02 18:33 - 2017-02-02 18:33 - 00000000 ____D C:\Program Files (x86)\IntegraOS
2017-02-02 18:29 - 2017-02-02 18:31 - 18903004 _____ C:\Users\uae\Downloads\IntegraOS.exe
2017-01-22 23:52 - 2017-01-22 23:52 - 00060620 _____ C:\Users\uae\Downloads\Texto 3.pdf
2017-01-19 23:40 - 2017-01-19 23:45 - 58853023 _____ C:\Users\uae\Downloads\B7$ 4gu$7 D - 4gu$7 D [kpopdownloadscmm.blogspot.com].7z
2017-01-18 23:08 - 2017-01-18 23:08 - 00088749 _____ C:\Users\uae\Downloads\6410-19677-1-PB.pdf
2017-01-17 01:24 - 2017-01-17 01:24 - 00259831 _____ C:\Users\uae\Downloads\Poe CARTA ROUBADA.pdf
2017-01-17 01:16 - 2017-01-17 01:16 - 00001771 _____ C:\Users\uae\Downloads\Meanie..txt
2017-01-17 01:16 - 2017-01-17 01:16 - 00001771 _____ C:\Users\uae\Downloads\Meanie. (1).txt
2017-01-13 14:04 - 2017-01-13 14:04 - 00149484 _____ C:\Windows\system32\s000007.dat
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-11 00:44 - 2013-01-29 00:39 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4222321392-2254865489-2065712015-1000UA.job
2017-02-11 00:44 - 2013-01-29 00:39 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4222321392-2254865489-2065712015-1000Core.job
2017-02-11 00:07 - 2012-10-19 21:19 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-10 21:30 - 2009-07-14 02:45 - 00022816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-10 21:30 - 2009-07-14 02:45 - 00022816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-10 21:28 - 2016-12-08 10:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-10 21:19 - 2016-04-20 18:38 - 00000000 ____D C:\Program Files (x86)\Nero
2017-02-10 21:19 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-10 21:16 - 2016-04-20 18:38 - 00000000 ____D C:\Users\Todos os Usuários\Nero
2017-02-10 21:16 - 2016-04-20 18:38 - 00000000 ____D C:\ProgramData\Nero
2017-02-09 22:20 - 2016-04-14 16:08 - 00000000 ____D C:\Users\uae\AppData\Roaming\Audacity
2017-02-09 19:59 - 2013-06-03 12:49 - 00000000 ____D C:\Users\uae\AppData\Local\ElevatedDiagnostics
2017-02-09 17:04 - 2014-08-28 16:07 - 00000000 ____D C:\Users\uae\Documents\Raony
2017-02-07 15:56 - 2016-10-06 10:19 - 00000000 ____D C:\Users\uae\Desktop\Samea
2017-02-02 21:59 - 2012-10-20 09:07 - 00000000 ____D C:\Users\uae
2017-02-02 20:25 - 2016-12-31 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-02 20:25 - 2016-04-20 17:28 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-02-02 20:25 - 2016-04-20 17:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-31 23:16 - 2016-06-14 16:34 - 00000000 ____D C:\Users\uae\AppData\Local\osu!
2017-01-30 01:45 - 2016-04-20 20:02 - 00000000 ____D C:\Users\uae\AppData\Local\Nero
2017-01-30 01:41 - 2012-10-19 19:38 - 00714790 _____ C:\Windows\system32\prfh0416.dat
2017-01-30 01:41 - 2012-10-19 19:38 - 00154384 _____ C:\Windows\system32\prfc0416.dat
2017-01-30 01:41 - 2009-07-14 03:13 - 01667006 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-30 01:41 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2017-01-27 11:26 - 2015-06-08 02:13 - 00004608 _____ C:\Users\uae\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-25 10:37 - 2014-07-30 18:28 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-01-25 10:37 - 2014-07-30 18:28 - 00000286 __RSH C:\ProgramData\ntuser.pol
2017-01-21 02:43 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
2017-01-20 19:12 - 2016-10-12 22:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-13 13:50 - 2013-01-17 15:57 - 00000612 _____ C:\Windows\system32\sstates.sdt
2017-01-13 13:50 - 2013-01-17 15:57 - 00000040 _____ C:\Windows\system32\sstate_prev.sdt
==================== Arquivos na raiz de alguns diretórios =======
2016-06-07 11:15 - 2016-06-07 11:15 - 0000034 _____ () C:\Program Files\Common Files\9E3EC1B1.zq
2014-07-30 18:41 - 2014-11-04 22:20 - 0000548 _____ () C:\Users\uae\AppData\Roaming\FileShred.log
2014-07-30 17:05 - 2015-02-17 00:05 - 0000093 _____ () C:\Users\uae\AppData\Roaming\WB.CFG
2015-06-08 02:13 - 2017-01-27 11:26 - 0004608 _____ () C:\Users\uae\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-20 09:36 - 2012-10-20 09:36 - 0017408 _____ () C:\Users\uae\AppData\Local\WebpageIcons.db
2012-10-22 00:36 - 2012-10-22 00:37 - 0000000 _____ () C:\ProgramData\DwmRestart.txt
Alguns arquivos em TEMP:
====================
2016-10-22 18:02 - 2016-10-22 18:02 - 0000000 ____D () C:\Users\uae\AppData\Local\Temp\CatchVideo.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
ATENÇÃO: ==> Não foi possível acessar BCD.
LastRegBack: 2017-02-03 00:53
==================== Fim de FRST.txt ============================