Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:07-02-2016 Executado por Victor (administrador) em CASA_VITOR (11-02-2016 17:32:05) Executando a partir de C:\Users\Victor\Desktop Perfis Carregados: Victor (Perfis Disponíveis: Victor) Platform: Microsoft Windows 8.1 Pro (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe () C:\Program Files\ASUS\AXSP\1.01.02\atkexComSvc.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Yahoo Inc.) C:\Program Files\Yahoo!\yset\{C096C3EF-C60C-4646-9667-6861D0BC2337}\YSearchUtilSVC.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE () C:\ClientASU\ClientASU.exe () C:\ACBrMonitor\ACBrMonitor.exe () C:\ACBrNFeMonitor\ACBrNFeMonitor.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe () C:\Sistema\CAIXA6\CAIXA.EXE (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Sistema\ESTOQUE6\ESTOQUE.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM\...\Run: [CertificateRegistration] => C:\WINDOWS\system32\aetcrss1.exe [208896 2010-12-02] (A.E.T. Europe B.V.) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2013-10-07] (Banco do Brasil) Winlogon\Notify\ GbPluginUni: C:\Program Files\GbPlugin\gbiehUni.dll [2013-06-10] (Banco Itaú Unibanco) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-4261171341-52529390-1025842320-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [718208 2010-03-16] (Microsoft Corporation) HKU\S-1-5-21-4261171341-52529390-1025842320-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2016-01-22] (SUPERAntiSpyware) HKU\S-1-5-21-4261171341-52529390-1025842320-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd) HKU\S-1-5-21-4261171341-52529390-1025842320-1001\...\MountPoints2: {aa7ff460-4612-11e3-affc-00219783332d} - "G:\LaunchU3.exe" -a HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll => Nenhum Arquivo ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files\GbPlugin\gbiehuni.dll [1396792 2013-06-10] (Banco Itaú Unibanco) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1487912 2013-10-07] (Banco do Brasil) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ClientASU.lnk [2013-05-08] ShortcutTarget: ClientASU.lnk -> C:\ClientASU\ClientASU.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-05-09] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ACBrMonitor.lnk [2013-04-11] ShortcutTarget: ACBrMonitor.lnk -> C:\ACBrMonitor\ACBrMonitor.exe () Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ACBrNFeMonitor.lnk [2015-04-02] ShortcutTarget: ACBrNFeMonitor.lnk -> C:\ACBrNFeMonitor\ACBrNFeMonitor.exe () Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2014-05-07] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Project System DVR.lnk [2013-06-26] ShortcutTarget: Project System DVR.lnk -> C:\dvr\capture.exe () Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Project Vision USB.lnk [2013-06-27] ShortcutTarget: Project Vision USB.lnk -> C:\usbdvr\SUPERDVR.EXE () Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sub.bat - Atalho.lnk [2013-06-28] ShortcutTarget: sub.bat - Atalho.lnk -> C:\Sistema\sub.bat.bat () BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.) Tcpip\Parameters: [DhcpNameServer] 201.94.160.48 201.94.160.46 Tcpip\..\Interfaces\{1B675021-3356-4916-8DF4-CD1E6154218E}: [DhcpNameServer] 201.94.160.36 201.94.160.35 Tcpip\..\Interfaces\{92217020-21E7-4C77-98B4-C915FFEFF7B6}: [DhcpNameServer] 201.94.160.48 201.94.160.46 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\S-1-5-21-4261171341-52529390-1025842320-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-4261171341-52529390-1025842320-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.br.msn.com/ SearchScopes: HKU\S-1-5-21-4261171341-52529390-1025842320-1001 -> DefaultScope {237C4DCE-4EC6-4652-B13E-D03F900D1D3D} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&intl=br&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-4261171341-52529390-1025842320-1001 -> {237C4DCE-4EC6-4652-B13E-D03F900D1D3D} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&intl=br&fr=yset_ie_syc_oracle&type=orcl_default BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-10] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files\GbPlugin\gbieh.dll [2013-10-07] (Banco do Brasil) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files\GbPlugin\gbiehuni.dll [2013-06-10] (Banco Itaú Unibanco) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-10] (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-20] (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab FireFox: ======== FF ProfilePath: C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\hwewco7w.default FF Homepage: about:home FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-10] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin HKU\S-1-5-21-4261171341-52529390-1025842320-1001: gastecnologia.com.br/sf/cef -> C:\Users\Victor\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-4261171341-52529390-1025842320-1001: gastecnologia.com.br/sf/uni -> C:\Users\Victor\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia) FF HKU\S-1-5-21-4261171341-52529390-1025842320-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Victor\AppData\Local\GAS Tecnologia\GBBD\cef\xpi FF Extension: GBBD Caixa Economica Federal - C:\Users\Victor\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-06-23] [não assinado] Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => Nenhum Arquivo CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.109\pdf.dll => Nenhum Arquivo CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll => Nenhum Arquivo CHR Profile: C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Documentos Google off-line) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19] CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2015-04-24] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24] CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-01-20] CHR Extension: (Gmail) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4261171341-52529390-1025842320-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Victor\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com) R2 asComSvc; C:\Program Files\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] () R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Arquivo não assinado] S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [278344 2014-05-21] (Intel Corporation) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-08-21] (Macrovision Europe Ltd.) [Arquivo não assinado] R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [409640 2013-07-15] (GAS Tecnologia) R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [696320 2011-08-18] (Hewlett-Packard Co.) [Arquivo não assinado] R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [277320 2014-05-21] (Intel Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.0\my.ini [9258 2013-04-11] () [Arquivo não assinado] S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-23] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-23] (Microsoft Corporation) R2 YSearchUtilSvc; C:\Program Files\Yahoo!\yset\{C096C3EF-C60C-4646-9667-6861D0BC2337}\YSearchUtilSvc.exe [151832 2015-08-06] (Yahoo Inc.) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [14720 2013-07-04] () R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [137632 2012-10-19] (Windows (R) Win 7 DDK provider) R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [22432 2012-10-19] (Windows (R) Win 7 DDK provider) R0 GbpKm; C:\WINDOWS\System32\drivers\gbpkm.sys [46392 2013-06-10] (GAS Tecnologia) R3 GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [99840 2014-03-14] (Gemalto) S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation) R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) R1 MpKsl843b0b7d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09F6E968-442D-4673-A8B7-4E10A5E8F510}\MpKsl843b0b7d.sys [39168 2016-02-05] (Microsoft Corporation) R1 MpKslf0c6e561; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09F6E968-442D-4673-A8B7-4E10A5E8F510}\MpKslf0c6e561.sys [39168 2016-02-04] (Microsoft Corporation) S3 Ndisrd; C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys [31088 2016-02-05] (GbPlugin NDIS Device Driver) R3 NdisrdMP; C:\WINDOWS\system32\DRIVERS\gbpndisrd.sys [31088 2016-02-05] (GbPlugin NDIS Device Driver) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [30224 2014-03-23] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [219992 2014-03-23] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-23] (Microsoft Corporation) R3 WUDFSensorLP; C:\WINDOWS\System32\drivers\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation) S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-11 17:32 - 2016-02-11 17:32 - 00020476 _____ C:\Users\Victor\Desktop\FRST.txt 2016-02-11 17:31 - 2016-02-11 17:32 - 00000000 ____D C:\FRST 2016-02-11 11:20 - 2016-02-11 11:20 - 01721344 _____ (Farbar) C:\Users\Victor\Desktop\FRST.exe 2016-02-10 08:35 - 2016-02-10 08:35 - 00000000 ____D C:\Program Files\Common Files\Java 2016-02-06 08:58 - 2016-02-06 08:58 - 00010114 _____ C:\Users\Victor\Desktop\mor - 43160295422218000140550050005928961617011708-nfe.xml 2016-02-05 10:26 - 2016-02-05 10:26 - 00007939 _____ C:\Users\Victor\Desktop\echolife - 001573005022016095602.xml 2016-02-05 08:57 - 2016-02-05 08:57 - 00008218 _____ C:\Users\Victor\Desktop\multpesca - NFe479Autorizada.XML 2016-01-30 10:07 - 2016-01-30 10:07 - 00012087 _____ C:\Users\Victor\Desktop\2016-01-30T12-07-32.591Z.html 2016-01-27 10:20 - 2016-01-27 10:20 - 00061678 _____ C:\Users\Victor\Desktop\TABELA DE PREÇOS DE PEÇAS PARA CARABINAS DE PRESSÃO (2015-3) (1).pdf 2016-01-26 12:06 - 2016-01-26 12:06 - 00000000 ____D C:\Users\Victor\AppData\Local\CEF 2016-01-26 10:17 - 2016-01-26 10:17 - 00002204 _____ C:\Users\Victor\Desktop\Itaú.lnk 2016-01-26 10:17 - 2016-01-26 10:17 - 00000000 ____D C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú 2016-01-26 10:15 - 2016-01-26 10:17 - 00000000 ____D C:\Users\Victor\AppData\Local\Aplicativo Itau 2016-01-26 08:29 - 2016-01-26 08:29 - 01317282 _____ C:\Users\Victor\Desktop\TABELA COLEMAN OUT-2015 - CLIENTE DIFERENCIADO MIX -.xlsx 2016-01-22 09:32 - 2016-01-22 09:32 - 00000000 ____D C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas Secretaria da Fazenda 2016-01-22 09:02 - 2016-01-22 09:02 - 00005481 _____ C:\Users\Victor\Desktop\emissorNFe (1).jnlp 2016-01-15 10:59 - 2016-01-15 10:59 - 00331776 _____ C:\Users\Victor\Desktop\TABELA ALBATROZ 20151216.xls 2016-01-15 08:57 - 2016-01-15 08:57 - 00000000 ____D C:\Users\Victor\Desktop\bkp-dia-31 2016-01-11 10:35 - 2016-01-11 10:35 - 00179745 _____ C:\Users\Victor\Desktop\Boletos ROSSI.pdf 2015-12-30 12:58 - 2015-12-30 12:58 - 00000000 ____D C:\Users\Victor\AppData\Roaming\TightVNC 2015-12-23 11:17 - 2016-01-23 09:00 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-12-02 09:17 - 2015-12-02 09:17 - 00000000 ____D C:\Program Files\Common Files\AV 2015-11-24 10:37 - 2015-11-24 10:37 - 00153983 _____ C:\Users\Victor\Downloads\CORRETO ---INTRODUÇÃO - ETICA - RAFAEL.docx 2015-11-24 10:36 - 2015-11-24 10:36 - 00271541 _____ C:\Users\Victor\Downloads\Maioridade Penal.docx 2015-11-20 13:09 - 2016-01-18 09:48 - 00000805 _____ C:\Users\Victor\Desktop\ESTOQUE.lnk ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-11 17:17 - 2013-02-03 17:33 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-11 12:26 - 2013-04-08 10:02 - 13284864 ___SH C:\Users\Victor\Desktop\Thumbs.db 2016-02-11 11:42 - 2013-12-04 09:49 - 00000000 ____D C:\WINDOWS\Minidump 2016-02-11 11:42 - 2013-08-22 04:21 - 00000000 ____D C:\WINDOWS\inf 2016-02-11 11:42 - 2013-08-21 12:16 - 00000000 ____D C:\Users\Victor\AppData\Roaming\uTorrent 2016-02-11 10:58 - 2014-09-02 11:00 - 00000446 _____ C:\Users\Victor\Desktop\ALUGUEL MAQUINA CARTÃO.txt 2016-02-11 10:24 - 2015-02-27 11:24 - 00000000 ___RD C:\Users\Victor\Desktop\Site 2016-02-11 10:17 - 2014-12-01 16:19 - 00000000 ___RD C:\Users\Victor\Desktop\DEFEITO 2016-02-11 09:25 - 2014-06-23 13:33 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-02-11 09:20 - 2013-04-08 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-02-11 08:53 - 2013-11-21 16:31 - 00000000 ____D C:\Users\Victor\AppData\Roaming\ClassicShell 2016-02-11 08:17 - 2013-02-03 17:33 - 00001082 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-10 17:59 - 2013-02-03 18:07 - 00000000 ____D C:\Victor 2016-02-10 13:37 - 2013-08-22 06:17 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-10 13:37 - 2013-08-22 06:17 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-10 13:33 - 2013-04-08 10:02 - 00000000 ___RD C:\Users\Victor\Desktop\Wande 2016-02-10 10:06 - 2015-06-20 12:04 - 00000000 ___RD C:\Users\Victor\Desktop\Aluguel 2016-02-10 09:23 - 2013-08-22 06:17 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-02-10 08:57 - 2013-10-17 11:51 - 00000000 ____D C:\Users\Todos os Usuários\Oracle 2016-02-10 08:57 - 2013-10-17 11:51 - 00000000 ____D C:\ProgramData\Oracle 2016-02-10 08:35 - 2015-09-01 10:11 - 00000000 ____D C:\Users\Victor\.oracle_jre_usage 2016-02-10 08:35 - 2015-06-22 10:30 - 00002577 _____ C:\Users\Victor\Desktop\Emissor de Nota Fiscal Eletronica (NF-e) 3.10.lnk 2016-02-10 08:35 - 2014-10-24 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-10 08:35 - 2013-06-26 11:41 - 00000000 ____D C:\Program Files\Java 2016-02-10 08:34 - 2014-10-24 16:48 - 00095840 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2016-02-06 10:12 - 2013-11-21 13:14 - 00000000 __RDO C:\Users\Victor\SkyDrive 2016-02-05 08:07 - 2013-11-21 13:03 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\WINDOWS\system32\Drivers\GbpNdisrd.sys 2016-02-05 08:07 - 2013-08-22 05:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-04 08:23 - 2013-08-22 04:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-02-03 09:42 - 2013-04-16 12:01 - 00000000 ____D C:\Users\Victor\Desktop\NFE - Entradas 2016-02-02 09:06 - 2013-05-09 17:51 - 00000000 ____D C:\Users\Victor\Desktop\NFP 2016-02-02 08:59 - 2013-02-03 17:29 - 00000000 ____D C:\Users\Victor\AppData\Local\VirtualStore 2016-01-29 17:53 - 2013-11-21 12:57 - 00000000 ____D C:\Users\Victor 2016-01-28 17:28 - 2015-10-14 10:50 - 00000000 ____D C:\Users\Victor\Desktop\MOR 2016-01-28 17:16 - 2013-04-08 10:07 - 00000000 ___RD C:\Users\Victor\Desktop\Orçamento 2016-01-27 15:53 - 2013-04-11 11:57 - 00000000 ____D C:\ACBrNFeMonitor 2016-01-23 09:00 - 2015-06-23 15:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-01-22 15:49 - 2015-09-17 18:02 - 00000000 ____D C:\Users\Victor\Desktop\TCC 2016-01-22 11:49 - 2014-08-17 12:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-01-19 14:14 - 2013-04-21 13:25 - 00020428 _____ C:\Users\Victor\Desktop\ASU.xlsx 2016-01-15 13:58 - 2013-04-11 10:22 - 00000000 ___RD C:\Sistema 2016-01-15 12:45 - 2015-08-05 12:55 - 00000600 _____ C:\Users\Victor\PUTTY.RND ==================== Arquivos na raiz de alguns diretórios ======= 2013-11-25 10:01 - 2013-11-25 10:01 - 0034778 _____ () C:\Program Files\CMS Setup Log.txt 2015-04-24 17:17 - 2015-04-25 10:00 - 0030715 _____ () C:\Users\Victor\AppData\Roaming\unins000.dat 2015-04-25 10:00 - 2015-04-25 10:00 - 0720082 _____ () C:\Users\Victor\AppData\Roaming\unins000.exe 2015-06-23 15:30 - 2015-06-23 15:30 - 0017536 _____ () C:\Users\Victor\AppData\Roaming\unins001.dat 2015-06-23 15:30 - 2015-06-23 15:30 - 0730322 _____ () C:\Users\Victor\AppData\Roaming\unins001.exe 2014-08-18 13:52 - 2014-08-18 13:54 - 0000000 _____ () C:\Users\Victor\AppData\Local\{AEE53C18-DEF0-4985-9C67-79B0F568F02B} 2013-05-09 18:13 - 2013-05-09 18:35 - 0000821 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-02-05 08:17 ==================== Fim de FRST.txt ============================