Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:31-12-2015 Executado por celia brito liberato (administrador) em CELIABRITOLIBER (03-01-2016 11:16:07) Executando a partir de C:\Users\celia brito liberato\Desktop Perfis Carregados: celia brito liberato (Perfis Disponíveis: celia brito liberato) Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\loggingserver.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Users\celia brito liberato\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\celia brito liberato\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\celia brito liberato\AppData\Local\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-04] (Realtek Semiconductor) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-12-09] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-21] (Dropbox, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-3666854713-2403461899-235797688-1000\...\MountPoints2: {027667e6-544f-11e2-b7dd-9cb70da5f9f1} - E:\AutoRun.exe HKU\S-1-5-21-3666854713-2403461899-235797688-1000\...\MountPoints2: {4da24661-52a8-11e2-a7c6-9cb70da5f9f1} - E:\AutoRun.exe HKU\S-1-5-21-3666854713-2403461899-235797688-1000\...\MountPoints2: {4da24675-52a8-11e2-a7c6-9cb70da5f9f1} - E:\AutoRun.exe HKU\S-1-5-21-3666854713-2403461899-235797688-1000\...\MountPoints2: {4da24699-52a8-11e2-a7c6-047d7b8afed7} - E:\AutoRun.exe HKU\S-1-5-21-3666854713-2403461899-235797688-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] () HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{395AD77F-70F2-4271-A5C2-95E439AABA8D}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{670F08C9-EFBD-4421-9AFF-2A49E0AAB560}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3666854713-2403461899-235797688-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={146F4675-D02A-4581-A43F-5F90E01F079D}&mid=d03629bf191e47cd8de8d5343d6e1724-292b93d14cd6189de1cfbbf64641971c5ec74e2f&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0715av&pr=fr&d=2015-07-19 18:00:13&v=4.2.4.155&pid=wtu&sg=&sap=hp HKU\S-1-5-21-3666854713-2403461899-235797688-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3666854713-2403461899-235797688-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={146F4675-D02A-4581-A43F-5F90E01F079D}&mid=d03629bf191e47cd8de8d5343d6e1724-292b93d14cd6189de1cfbbf64641971c5ec74e2f&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-07-19 18:00:13&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3666854713-2403461899-235797688-1000 -> {322804FB-A9CF-4515-A42E-4DA450E065FD} URL = hxxp://www.search.ask.com/web?tpid=ATU4SP-MED&o=APN11391&pf=V7&p2=^BAY^YYYYYY^YY^BR&gct=&itbv=12.29.0.1462&apn_uid=787A831F-7444-4375-8801-888C715F766B&apn_ptnrs=^BAY&apn_dtid=^YYYYYY^YY^BR&apn_dbr=cr_43.0.2357.81&doi=2015-06-07&trgb=IE&q={searchTerms}&psv=&pt=tb SearchScopes: HKU\S-1-5-21-3666854713-2403461899-235797688-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={146F4675-D02A-4581-A43F-5F90E01F079D}&mid=d03629bf191e47cd8de8d5343d6e1724-292b93d14cd6189de1cfbbf64641971c5ec74e2f&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-07-19 18:00:13&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll [2016-01-01] (AVG) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [Nenhum Arquivo] FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-29] (Nero AG) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3666854713-2403461899-235797688-1000: @tools.google.com/Google Update;version=3 -> C:\Users\celia brito liberato\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-3666854713-2403461899-235797688-1000: @tools.google.com/Google Update;version=9 -> C:\Users\celia brito liberato\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-17] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-26] [não assinado] FF HKU\S-1-5-21-3666854713-2403461899-235797688-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: Default -> mysearch.avg.com/?rvt=1 CHR StartupUrls: Default -> "hxxp://www.hotmail.com/" CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms} CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1 CHR Session Restore: Default -> está habilitado. CHR Plugin: (Shockwave Flash) - C:\Users\celia brito liberato\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll => Nenhum Arquivo CHR Plugin: (Shockwave Flash) - C:\Users\celia brito liberato\AppData\Local\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => Nenhum Arquivo CHR Plugin: (Native Client) - C:\Users\celia brito liberato\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => Nenhum Arquivo CHR Plugin: (Chrome PDF Viewer) - C:\Users\celia brito liberato\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => Nenhum Arquivo CHR Plugin: (McAfee SiteAdvisor) - C:\Users\celia brito liberato\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => Nenhum Arquivo CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll => Nenhum Arquivo CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\celia brito liberato\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Nenhum Arquivo CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => Nenhum Arquivo CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => Nenhum Arquivo CHR Profile: C:\Users\celia brito liberato\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (AVG Secure Search) - C:\Users\celia brito liberato\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-01-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\celia brito liberato\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02] CHR HKU\S-1-5-21-3666854713-2403461899-235797688-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3666854713-2403461899-235797688-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\celia brito liberato\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx StartMenuInternet: Google Chrome.Z4OW62PPCFWEMTSL74UPRHEVCE - C:\Users\celia brito liberato\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-12-09] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-12-09] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-12-09] (AVG Technologies CZ, s.r.o.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-02] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-02] (Dropbox, Inc.) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Arquivo não assinado] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] R2 vToolbarUpdater40.2.4; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2016-01-01] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2016-01-01] () ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-01-03 11:16 - 2016-01-03 11:17 - 00021837 _____ C:\Users\celia brito liberato\Desktop\FRST.txt 2016-01-03 11:15 - 2016-01-03 11:16 - 00000000 ____D C:\FRST 2016-01-02 18:11 - 2016-01-02 18:28 - 00000000 ____D C:\Users\celia brito liberato\Dropbox 2016-01-02 18:11 - 2016-01-02 18:11 - 02370560 _____ (Farbar) C:\Users\celia brito liberato\Desktop\FRST64.exe 2016-01-02 18:11 - 2016-01-02 18:11 - 00001230 _____ C:\Users\celia brito liberato\Desktop\Dropbox.lnk 2016-01-02 18:10 - 2016-01-02 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-01-02 18:08 - 2016-01-02 18:08 - 00000000 ____D C:\Users\celia brito liberato\AppData\Roaming\Dropbox 2016-01-02 18:07 - 2016-01-03 11:12 - 00001048 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-01-02 18:07 - 2016-01-02 18:07 - 00004044 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2016-01-02 18:06 - 2016-01-02 18:11 - 00001044 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-01-02 18:06 - 2016-01-02 18:11 - 00000000 ____D C:\Users\celia brito liberato\AppData\Local\Dropbox 2016-01-02 18:06 - 2016-01-02 18:10 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-01-02 18:06 - 2016-01-02 18:06 - 00690072 _____ (Dropbox, Inc.) C:\Users\celia brito liberato\Downloads\DropboxInstaller.exe 2016-01-02 18:06 - 2016-01-02 18:06 - 00003792 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2016-01-02 18:06 - 2016-01-02 18:06 - 00000000 ____D C:\Users\Todos os Usuários\Dropbox 2016-01-02 18:06 - 2016-01-02 18:06 - 00000000 ____D C:\ProgramData\Dropbox 2016-01-01 19:54 - 2016-01-01 19:54 - 00000000 ____D C:\Windows\pss 2016-01-01 19:52 - 2016-01-01 19:52 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search 2015-12-17 21:13 - 2015-12-17 21:13 - 00000896 _____ C:\Users\Public\Desktop\AVG.lnk 2015-12-17 21:13 - 2015-12-17 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2015-11-06 15:50 - 2015-11-06 15:50 - 00184240 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2015-11-06 15:49 - 2015-11-06 15:49 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2015-11-06 15:49 - 2015-11-06 15:49 - 00256432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2015-10-21 16:16 - 2015-10-21 16:16 - 00284080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2015-10-08 07:46 - 2015-10-08 07:46 - 00302000 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-01-03 11:16 - 2007-07-11 23:48 - 00000000 ____D C:\Windows 2016-01-03 11:15 - 2012-09-02 18:04 - 00001138 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666854713-2403461899-235797688-1000UA.job 2016-01-03 11:14 - 2013-02-14 20:21 - 00000000 ____D C:\Windows\AutoKMS 2016-01-03 06:05 - 2015-07-10 10:59 - 00000000 ____D C:\Users\Todos os Usuários\MFAData 2016-01-03 06:05 - 2015-07-10 10:59 - 00000000 ____D C:\ProgramData\MFAData 2016-01-02 21:14 - 2012-09-02 18:04 - 00001086 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666854713-2403461899-235797688-1000Core.job 2016-01-02 19:23 - 2009-07-14 02:45 - 00022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-02 19:23 - 2009-07-14 02:45 - 00022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-02 18:11 - 2012-08-19 20:16 - 00000000 ____D C:\Users\celia brito liberato 2016-01-02 18:06 - 2012-08-19 20:35 - 00000000 ____D C:\Users\Todos os Usuários\clear.fi 2016-01-02 18:06 - 2012-08-19 20:35 - 00000000 ____D C:\ProgramData\clear.fi 2016-01-02 18:02 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-01 22:18 - 2015-07-10 12:23 - 00000000 ____D C:\Users\celia brito liberato\AppData\Local\AVG 2016-01-01 20:06 - 2012-04-03 19:02 - 00704236 _____ C:\Windows\system32\prfh0416.dat 2016-01-01 20:06 - 2012-04-03 19:02 - 00146764 _____ C:\Windows\system32\prfc0416.dat 2016-01-01 20:06 - 2009-07-14 03:13 - 01630592 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-01 20:06 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf 2016-01-01 19:53 - 2015-07-19 18:59 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp 2016-01-01 19:50 - 2012-04-03 14:19 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess 2016-01-01 19:50 - 2012-04-03 14:19 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-01-01 19:48 - 2015-07-10 11:14 - 00000000 ____D C:\Program Files (x86)\AVG 2015-12-17 21:24 - 2015-07-10 12:20 - 00000000 ____D C:\Users\celia brito liberato\AppData\Roaming\AVG 2015-12-17 21:23 - 2015-07-10 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-12-17 21:23 - 2015-07-10 11:15 - 00000000 ___HD C:\$AVG 2015-12-17 21:22 - 2015-07-10 11:16 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-17 21:18 - 2015-07-10 12:19 - 00000000 ____D C:\Users\Todos os Usuários\AVG 2015-12-17 21:18 - 2015-07-10 12:19 - 00000000 ____D C:\ProgramData\AVG 2015-12-17 21:13 - 2015-07-19 19:00 - 00000000 ____D C:\Users\celia brito liberato\AppData\Local\AVG Web TuneUp 2015-12-17 21:10 - 2012-09-02 18:04 - 00004138 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3666854713-2403461899-235797688-1000UA 2015-12-17 21:09 - 2012-09-02 18:04 - 00003742 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3666854713-2403461899-235797688-1000Core ==================== Arquivos na raiz de alguns diretórios ======= 2015-06-28 01:06 - 2015-06-28 01:06 - 0000017 _____ () C:\Users\celia brito liberato\AppData\Local\resmon.resmoncfg 2012-04-03 14:28 - 2012-04-03 14:31 - 0015224 _____ () C:\ProgramData\ArcadeDeluxe5.log 2013-12-26 15:34 - 2013-12-26 16:09 - 0000883 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-01-01 21:15 ==================== Fim de FRST.txt ============================