Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01 Executado por Jorge Chumbo (administrador) em JORGECHUMBO (22-03-2016 09:10:06) Executando a partir de C:\Users\Jorge Chumbo\Desktop Perfis Carregados: Jorge Chumbo & (Perfis Disponíveis: Jorge Chumbo) Platform: Windows 8.1 Pro (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: IE) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe (Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Orolix Desenvolvimento de Software LTDA.) C:\Program Files (x86)\TIM Communicator\module\devicemon.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Google, Inc) C:\Users\Jorge Chumbo\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe (© 2015 Microsoft Corporation) C:\Users\Jorge Chumbo\AppData\Local\Microsoft\BingSvc\BingSvc.exe (POLARIS OFFICE Corp.) C:\Program Files (x86)\Polaris Office\POSyncCenter.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (POLARIS OFFICE Corp.) C:\Program Files (x86)\Polaris Office\PSNoticeChecker.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-18] (AVAST Software) HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-11] (Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [Google Update] => C:\Users\Jorge Chumbo\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-07] (Google Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [MusicManager] => C:\Users\Jorge Chumbo\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [GoogleChromeAutoLaunch_C99C3D2213F5BF091DA9054CDCE1877B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-07] (Google Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [Google Photos Backup] => C:\Users\Jorge Chumbo\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [BingSvc] => C:\Users\Jorge Chumbo\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-23] (© 2015 Microsoft Corporation) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Run: [PolarisOffice] => C:\Program Files (x86)\Polaris Office\POSyncCenter.exe [392640 2016-03-10] (POLARIS OFFICE Corp.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\MountPoints2: {049429ca-eae2-11e5-8351-e81132a850dc} - "D:\autorun.exe" HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\MountPoints2: {04942a12-eae2-11e5-8351-e81132a850dc} - "D:\autorun.exe" HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\MountPoints2: {470a89b0-1f09-11e4-8261-e81132a850dc} - "D:\AutoRun.exe" HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> none HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Jorge Chumbo\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-07] (Google Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Users\Jorge Chumbo\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_C99C3D2213F5BF091DA9054CDCE1877B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-07] (Google Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Photos Backup] => C:\Users\Jorge Chumbo\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\Jorge Chumbo\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-23] (© 2015 Microsoft Corporation) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PolarisOffice] => C:\Program Files (x86)\Polaris Office\POSyncCenter.exe [392640 2016-03-10] (POLARIS OFFICE Corp.) HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {049429ca-eae2-11e5-8351-e81132a850dc} - "D:\autorun.exe" HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {04942a12-eae2-11e5-8351-e81132a850dc} - "D:\autorun.exe" HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {470a89b0-1f09-11e4-8261-e81132a850dc} - "D:\AutoRun.exe" HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> none ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-11-04] (Banco do Brasil) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-14] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-09-14] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-23] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [.DEFAULT] => Proxy está habilitado. ProxyServer: [.DEFAULT] => http=127.0.0.1:54463;https=127.0.0.1:54463 Hosts: 0.0.0.1 mssplus.mcafee.com Tcpip\Parameters: [DhcpNameServer] 94.102.53.185 8.8.8.8 Tcpip\..\Interfaces\{E30EC239-378E-4A65-913B-C799E2E7CA60}: [DhcpNameServer] 192.168.0.4 192.168.0.4 Tcpip\..\Interfaces\{EE9AD1AB-80A3-4096-8779-C50A00673C6B}: [DhcpNameServer] 94.102.53.185 8.8.8.8 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://uportal.upcleaner.net/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdks_inner_hp_09_hao123_br&fr=EUsc4l0yRP999idrAAps6xFMHedVIAm3NQ%3D%3D HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://uportal.upcleaner.net/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://uportal.upcleaner.net/ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uol.com.br/ HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.br.msn.com/ HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.uol.com.br/ HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.br.msn.com/ SearchScopes: HKLM -> DefaultScope {B5197E6D-9596-4AE3-85E8-47C5122BC7E6} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM -> {B5197E6D-9596-4AE3-85E8-47C5122BC7E6} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {B5197E6D-9596-4AE3-85E8-47C5122BC7E6} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {B5197E6D-9596-4AE3-85E8-47C5122BC7E6} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\S-1-5-21-2527664994-1075259347-2330048758-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-2527664994-1075259347-2330048758-1001 -> {935A4A0B-EAE2-43C9-A2DC-064CA705103A} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-2527664994-1075259347-2330048758-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = SearchScopes: HKU\S-1-5-21-2527664994-1075259347-2330048758-1001 -> {B5197E6D-9596-4AE3-85E8-47C5122BC7E6} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2527664994-1075259347-2330048758-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {935A4A0B-EAE2-43C9-A2DC-064CA705103A} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = SearchScopes: HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B5197E6D-9596-4AE3-85E8-47C5122BC7E6} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-14] (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-27] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-14] (AVAST Software) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-11-04] (Banco do Brasil) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-27] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Jorge Chumbo\AppData\Roaming\Mozilla\Firefox\Profiles\qogmrly9.default FF DefaultSearchEngine: Bing FF DefaultSearchEngine,S: WebSearch FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.1,S: WebSearch FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF SelectedSearchEngine,S: WebSearch FF Homepage: hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=pt-br hxxps://br.yahoo.com/?type=orcl_hpset FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q= FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2527664994-1075259347-2330048758-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jorge Chumbo\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-2527664994-1075259347-2330048758-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jorge Chumbo\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-2527664994-1075259347-2330048758-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\Jorge Chumbo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [Nenhum Arquivo] FF Plugin HKU\S-1-5-21-2527664994-1075259347-2330048758-1001: gastecnologia.com.br/sf/gas64 -> C:\Users\Jorge Chumbo\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [Nenhum Arquivo] FF Plugin HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Jorge Chumbo\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Jorge Chumbo\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: gastecnologia.com.br/sf/bb64 -> C:\Users\Jorge Chumbo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [Nenhum Arquivo] FF Plugin HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: gastecnologia.com.br/sf/gas64 -> C:\Users\Jorge Chumbo\AppData\Local\GAS Tecnologia\GBBD\npsf_gas_64.dll [Nenhum Arquivo] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Jorge Chumbo\AppData\Roaming\Mozilla\Firefox\Profiles\qogmrly9.default\searchplugins\bing-.xml [2016-02-18] FF SearchPlugin: C:\Users\Jorge Chumbo\AppData\Roaming\Mozilla\Firefox\Profiles\qogmrly9.default\searchplugins\yahoo-avast.xml [2014-11-03] FF SearchPlugin: C:\Users\Jorge Chumbo\AppData\Roaming\Mozilla\Firefox\Profiles\qogmrly9.default\searchplugins\yahoo-ysp.xml [2016-01-26] FF Extension: Bing Search - C:\Users\Jorge Chumbo\AppData\Roaming\Mozilla\Firefox\Profiles\qogmrly9.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-02-18] FF Extension: Easy Youtube Video Downloader Express - C:\Users\Jorge Chumbo\AppData\Roaming\Mozilla\Firefox\Profiles\qogmrly9.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-10-12] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Sem Nome - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-21] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Sem Nome - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-21] [não assinado] FF HKU\S-1-5-21-2527664994-1075259347-2330048758-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Jorge Chumbo\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => não encontrado (a) FF HKU\S-1-5-21-2527664994-1075259347-2330048758-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Jorge Chumbo\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => não encontrado (a) Chrome: ======= CHR HomePage: Default -> hxxp://www.uol.com.br/ CHR StartupUrls: Default -> "hxxp://www.uol.com.br/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jorge Chumbo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => Nenhum Arquivo CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\Jorge Chumbo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Dictanote - Speech Recognizer) - C:\Users\Jorge Chumbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk [2015-11-04] CHR Extension: (Google Play Música) - C:\Users\Jorge Chumbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-03-17] CHR Extension: (Favoritos do iCloud) - C:\Users\Jorge Chumbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-10-26] CHR Extension: (Avast Online Security) - C:\Users\Jorge Chumbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-12] CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Jorge Chumbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2016-02-02] CHR Extension: (GBBD Banco do Brasil) - C:\Users\Jorge Chumbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll [2015-10-13] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-14] CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-14] (AVAST Software) R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [Arquivo não assinado] R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [Arquivo não assinado] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-25] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-25] (Dropbox, Inc.) R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123904 2015-09-02] (Dassault Systèmes) [Arquivo não assinado] R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-11-04] (GAS Tecnologia) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Arquivo não assinado] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-27] () S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] R2 OrolixDeviceMonitor; C:\Program Files (x86)\TIM Communicator\module\devicemon.exe [32672 2011-10-05] (Orolix Desenvolvimento de Software LTDA.) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [Arquivo não assinado] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-14] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-14] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-14] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-25] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-14] (AVAST Software) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-03-21] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-21] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-22] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) S3 onda_cdc_acm; C:\Windows\system32\DRIVERS\onda_cdc_acm.sys [79872 2011-10-21] (ONDA) S3 onda_cdc_ecm; C:\Windows\system32\DRIVERS\onda_cdc_ecm.sys [60416 2011-10-21] (ONDA) S3 onda_ecm_enum; C:\Windows\System32\drivers\onda_ecm_enum.sys [56832 2011-10-21] (ONDA) S3 onda_ecm_enum_filter; C:\Windows\System32\drivers\onda_ecm_enum_filter.sys [56832 2011-10-21] (ONDA) S3 onda_wcpo; C:\Windows\system32\DRIVERS\onda_wcpo.sys [10752 2011-10-21] (ONDA) S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-06-02] (Basil Projects) S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-22 09:10 - 2016-03-22 09:11 - 00035641 _____ C:\Users\Jorge Chumbo\Desktop\FRST.txt 2016-03-22 09:07 - 2016-03-22 09:10 - 00000000 ____D C:\FRST 2016-03-22 09:06 - 2016-03-22 09:06 - 02374144 _____ (Farbar) C:\Users\Jorge Chumbo\Desktop\FRST64.exe 2016-03-21 15:01 - 2016-03-21 15:01 - 520175482 _____ C:\Windows\MEMORY.DMP 2016-03-21 09:59 - 2016-03-18 07:32 - 00968136 _____ (MalwareBytes) C:\Users\Jorge Chumbo\Downloads\winlogon.exe 2016-03-21 09:59 - 2016-03-18 07:31 - 00968136 _____ (MalwareBytes) C:\Users\Jorge Chumbo\Downloads\windows.exe 2016-03-21 09:59 - 2016-03-18 07:30 - 00968136 _____ (MalwareBytes) C:\Users\Jorge Chumbo\Downloads\rundll32.exe 2016-03-21 09:59 - 2016-03-18 07:27 - 00968136 _____ (MalwareBytes) C:\Users\Jorge Chumbo\Downloads\iexplore.exe 2016-03-21 09:59 - 2016-03-10 14:05 - 00235882 _____ C:\Users\Jorge Chumbo\Downloads\chameleon.chm 2016-03-19 15:17 - 2016-03-19 15:17 - 01351424 _____ (Uniblue Systems Limited ) C:\Users\Jorge Chumbo\Downloads\speedupmypc.exe 2016-03-18 18:00 - 2016-03-18 18:01 - 46219584 _____ (IGC) C:\Users\Jorge Chumbo\Downloads\bravafreedwg_7.3.exe 2016-03-18 16:16 - 2016-03-18 16:18 - 00000000 ____D C:\Autodesk 2016-03-18 15:35 - 2016-03-18 15:35 - 00001246 _____ C:\Users\Jorge Chumbo\Desktop\Dropbox.lnk 2016-03-18 15:31 - 2016-03-21 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-03-18 14:59 - 2003-05-28 12:19 - 00245408 ____R (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll 2016-03-18 14:59 - 2003-03-18 22:20 - 01060864 ____N (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll 2016-03-18 09:57 - 2016-03-18 09:59 - 00013382 _____ C:\Users\Jorge Chumbo\Desktop\Estoque M111 BTC 1803.XLSX 2016-03-17 14:21 - 2016-03-17 14:25 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Roaming\Pamela 2016-03-17 14:20 - 2016-03-17 14:20 - 07077080 _____ (PamConsult GmbH) C:\Users\Jorge Chumbo\Downloads\PamelaSetup_Pro.exe 2016-03-17 11:24 - 2016-03-17 11:24 - 00000000 _____ C:\Users\Jorge Chumbo\AppData\Local\{FEA2C751-F240-473E-9C3D-77729E23C226} 2016-03-16 17:17 - 2016-03-16 17:21 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Acess Modelos 2016-03-16 10:18 - 2016-03-16 10:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_onda_ecm_enum_01009.Wdf 2016-03-16 09:58 - 2016-03-16 09:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_onda_cdc_ecm_01009.Wdf 2016-03-16 09:58 - 2016-03-16 09:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_onda_cdc_acm_01009.Wdf 2016-03-16 09:57 - 2016-03-16 09:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_onda_wcpo_01009.Wdf 2016-03-16 09:52 - 2016-03-16 09:52 - 00000000 ____D C:\Program Files (x86)\ONDA 2016-03-16 09:51 - 2016-03-16 10:10 - 00000000 ____D C:\Program Files (x86)\TIM Communicator 2016-03-15 15:27 - 2016-03-21 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polaris Office 2016-03-15 15:27 - 2016-03-18 16:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-15 15:27 - 2016-03-15 15:27 - 00001950 _____ C:\Users\Public\Desktop\Polaris Office.lnk 2016-03-15 15:24 - 2016-03-15 16:09 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Roaming\PolarisOffice 2016-03-15 15:24 - 2016-03-15 15:27 - 00000000 ____D C:\Program Files (x86)\Polaris Office 2016-03-15 15:16 - 2016-03-15 15:19 - 174195088 _____ (POLARIS OFFICE Corp.) C:\Users\Jorge Chumbo\Downloads\PolarisOfficeSetup.exe 2016-03-15 14:58 - 2016-03-15 15:01 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\My IBA Reader 2016-03-14 14:37 - 2016-03-14 14:37 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2016-03-14 14:37 - 2016-03-14 14:37 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-03-14 09:13 - 2016-03-14 09:13 - 00416342 _____ C:\Users\Jorge Chumbo\Desktop\Fatura Net.pdf 2016-03-09 09:42 - 2016-03-09 09:42 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Jorge Chumbo\Downloads\SkypeSetup.exe 2016-03-09 08:51 - 2016-02-20 12:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-03-09 08:51 - 2016-02-20 12:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-03-09 08:51 - 2016-02-20 12:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-03-09 08:51 - 2016-02-20 12:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-03-09 08:51 - 2016-02-20 12:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-03-09 08:51 - 2016-02-20 12:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-03-09 08:51 - 2016-02-05 16:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-03-09 08:51 - 2016-01-06 15:25 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-03-09 08:51 - 2015-12-30 18:53 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2016-03-09 08:50 - 2016-02-08 18:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-03-09 08:50 - 2016-02-08 17:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-03-09 08:50 - 2016-02-08 17:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-03-09 08:50 - 2016-02-08 17:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2016-03-09 08:50 - 2016-02-08 17:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-03-09 08:50 - 2016-02-08 17:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-03-09 08:50 - 2016-02-08 17:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-03-09 08:50 - 2016-02-08 17:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-03-09 08:50 - 2016-02-08 17:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-03-09 08:50 - 2016-02-08 17:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-03-09 08:50 - 2016-02-08 17:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-03-09 08:50 - 2016-02-08 17:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-03-09 08:50 - 2016-02-08 16:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-03-09 08:50 - 2016-02-08 16:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-03-09 08:50 - 2016-02-08 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-03-09 08:50 - 2016-02-08 15:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-03-09 08:50 - 2016-02-08 15:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-03-09 08:50 - 2016-02-08 15:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-03-09 08:50 - 2016-02-08 15:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2016-03-09 08:50 - 2016-02-08 15:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-03-09 08:50 - 2016-02-08 14:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-03-09 08:50 - 2016-02-08 14:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-03-09 08:50 - 2016-02-08 14:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-03-09 08:50 - 2016-02-08 14:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-03-09 08:50 - 2016-02-08 14:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-03-09 08:50 - 2016-02-08 14:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-03-09 08:50 - 2016-02-08 14:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-03-09 08:50 - 2016-02-08 14:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2016-03-09 08:50 - 2016-02-08 14:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-03-09 08:50 - 2016-02-08 13:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-03-09 08:49 - 2016-02-05 11:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-03-09 08:49 - 2016-02-05 11:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-03-09 08:49 - 2016-02-05 11:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-03-09 08:49 - 2016-02-05 11:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2016-03-09 08:48 - 2016-02-12 16:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-03-09 08:48 - 2016-02-12 12:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-03-09 08:48 - 2016-02-12 11:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2016-03-09 08:48 - 2016-02-12 11:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-03-09 08:48 - 2016-02-12 11:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-03-09 08:48 - 2016-02-12 11:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-03-09 08:48 - 2016-02-12 11:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-03-09 08:48 - 2016-02-12 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-03-09 08:48 - 2016-02-12 11:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-03-09 08:48 - 2016-02-12 11:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-03-09 08:48 - 2016-02-12 11:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-03-09 08:48 - 2016-02-12 11:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-03-09 08:48 - 2016-02-06 15:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2016-03-09 08:48 - 2016-01-05 12:00 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2016-03-09 08:48 - 2015-12-20 11:57 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2016-03-09 08:48 - 2015-12-20 11:43 - 00696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll 2016-03-09 08:47 - 2016-02-03 17:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-03-09 08:47 - 2016-02-03 17:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-03-09 08:47 - 2016-02-03 12:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-03-09 08:47 - 2016-02-03 12:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-03-09 08:47 - 2016-02-03 12:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-03-09 08:47 - 2016-01-24 15:19 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2016-03-09 08:47 - 2016-01-24 15:19 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2016-03-09 08:47 - 2016-01-24 15:19 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2016-03-09 08:47 - 2016-01-24 08:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll 2016-03-09 08:47 - 2016-01-24 08:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll 2016-03-09 08:47 - 2016-01-08 22:38 - 00091992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2016-03-09 08:47 - 2016-01-06 20:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll 2016-03-09 08:47 - 2016-01-06 20:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll 2016-03-09 08:47 - 2016-01-06 13:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll 2016-03-09 08:46 - 2015-11-19 11:33 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-03-09 08:45 - 2016-02-11 11:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2016-03-09 08:45 - 2016-02-11 11:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2016-03-09 08:45 - 2016-02-11 11:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2016-03-09 08:45 - 2016-02-11 11:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2016-03-09 08:45 - 2016-02-06 13:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-03-09 08:45 - 2016-02-06 13:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-03-09 08:45 - 2016-02-05 16:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL 2016-03-09 08:45 - 2016-02-05 16:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL 2016-03-09 08:45 - 2016-02-05 12:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-03-09 08:45 - 2016-02-05 12:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-03-09 08:45 - 2016-02-04 15:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-03-09 08:45 - 2016-02-04 15:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-03-09 08:45 - 2016-02-04 15:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-03-09 08:45 - 2016-02-04 14:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-03-09 08:45 - 2016-02-04 14:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-03-09 08:45 - 2016-02-04 14:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2016-03-09 08:45 - 2016-02-04 14:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2016-03-09 08:45 - 2016-01-31 16:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2016-03-09 08:45 - 2016-01-10 13:41 - 01707008 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2016-03-09 08:45 - 2016-01-10 13:31 - 01344512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2016-03-09 08:45 - 2016-01-08 22:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll 2016-03-09 08:45 - 2016-01-08 22:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll 2016-03-09 08:45 - 2015-12-30 17:49 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2016-03-09 08:45 - 2015-12-20 11:56 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe 2016-03-09 08:45 - 2015-11-19 11:26 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2016-03-09 08:44 - 2016-01-15 13:56 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll 2016-03-09 08:44 - 2016-01-15 13:45 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll 2016-03-05 12:38 - 2016-03-21 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-03-05 12:38 - 2016-03-05 12:38 - 00001898 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-03-05 12:38 - 2016-03-05 12:38 - 00001013 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-03-05 12:31 - 2016-02-14 09:10 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-03-02 09:05 - 2016-03-11 16:27 - 00414720 _____ C:\Users\Jorge Chumbo\Desktop\Formulário Cadastro Clientes Nacionais 2016.XLS 2016-03-01 15:02 - 2016-03-22 08:44 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Local\3C9645EA-BB51-45C6-92DF-E8E9A6A2E8EF.aplzod 2016-02-28 14:16 - 2016-02-28 14:16 - 00250271 _____ C:\Users\Jorge Chumbo\Downloads\radares_maparadar_OV2.zip 2016-02-28 13:58 - 2016-02-28 13:58 - 00000000 ____D C:\Program Files (x86)\TomTom DesktopSuite 2016-02-27 19:42 - 2016-02-27 19:46 - 28135788 _____ C:\Users\Jorge Chumbo\Downloads\Educacion medica Nuevos enfoques, metas y metodos.pdf 2016-02-25 15:16 - 2016-02-25 15:16 - 00000913 _____ C:\Users\Jorge Chumbo\Documents\Downloads - Atalho.lnk 2016-02-23 08:00 - 2016-02-23 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-22 09:08 - 2015-09-07 20:47 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2527664994-1075259347-2330048758-1001UA.job 2016-03-22 09:08 - 2015-09-07 20:47 - 00001078 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2527664994-1075259347-2330048758-1001Core.job 2016-03-22 09:03 - 2015-09-27 20:00 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Arquivos do Outlook 2016-03-22 08:52 - 2015-03-30 21:00 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS 2016-03-22 08:46 - 2015-09-25 18:40 - 00001056 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-03-22 08:44 - 2014-09-23 16:44 - 00000338 _____ C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{5CBC8F9C-F3CB-4C1C-B4B8-7A00F69720BE}.job 2016-03-22 08:43 - 2015-04-16 22:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-22 08:42 - 2015-09-25 18:40 - 00001052 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-03-22 08:42 - 2015-09-14 10:02 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-22 08:42 - 2014-06-03 10:15 - 00000000 __RDO C:\Users\Jorge Chumbo\SkyDrive 2016-03-22 00:30 - 2015-09-14 10:02 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-22 00:26 - 2015-04-16 22:30 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Roaming\Skype 2016-03-22 00:23 - 2015-09-14 12:05 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-03-22 00:23 - 2015-04-16 22:29 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-03-22 00:23 - 2015-04-16 22:29 - 00000000 ____D C:\ProgramData\Skype 2016-03-22 00:20 - 2014-06-02 23:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-21 23:38 - 2015-11-26 07:07 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys 2016-03-21 23:37 - 2014-06-03 14:05 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2016-03-21 23:36 - 2014-06-02 17:26 - 00000000 ____D C:\Users\Jorge Chumbo 2016-03-21 23:36 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-21 23:35 - 2015-12-03 17:39 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-03-21 23:35 - 2015-04-04 10:28 - 00000000 ___SD C:\Windows\system32\GWX 2016-03-21 23:35 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Inf 2016-03-21 23:34 - 2015-07-06 20:44 - 00000000 ____D C:\Users\Todos os Usuários\McAfee Security Scan 2016-03-21 23:34 - 2015-07-06 20:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2016-03-21 23:32 - 2013-08-22 12:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-21 23:26 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\registration 2016-03-21 23:25 - 2014-06-03 11:12 - 00000000 ____D C:\Users\Jorge Chumbo\Downloads\Malwarebytes Anti-Malware 2016-03-21 23:08 - 2015-01-25 07:58 - 00000000 ____D C:\Windows\Minidump 2016-03-21 21:18 - 2014-06-02 23:23 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Local\Mozilla 2016-03-21 15:39 - 2014-06-02 22:48 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2527664994-1075259347-2330048758-1001 2016-03-21 15:18 - 2013-08-22 10:25 - 01310720 ___SH C:\Windows\system32\config\BBI(82) 2016-03-21 15:18 - 2013-08-22 10:25 - 01310720 ___SH C:\Windows\system32\config\BBI 2016-03-21 13:35 - 2015-02-07 18:34 - 00000000 ____D C:\Program Files\Recuva 2016-03-21 12:13 - 2014-06-03 09:50 - 00000000 ____D C:\MACCAFERRI 2016-03-21 12:11 - 2015-10-21 11:33 - 00000000 ____D C:\Users\Jorge Chumbo\Desktop\ABC - CC 2016-03-21 11:17 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF 2016-03-21 10:01 - 2015-04-16 22:29 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-03-21 09:00 - 2014-06-02 17:29 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B6CC47EF-2A4C-4379-BA90-36FDD65CBFFE} 2016-03-20 19:58 - 2015-09-19 11:35 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-20 13:46 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\Branding 2016-03-19 11:47 - 2013-08-22 10:25 - 01310720 ___SH C:\Windows\system32\config\BBI(13) 2016-03-19 04:56 - 2013-08-22 11:45 - 00000000 ____D C:\Windows\ServiceProfiles 2016-03-19 04:55 - 2014-09-23 16:44 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\LocalLow\Company 2016-03-18 18:39 - 2015-04-16 22:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-03-18 18:39 - 2014-06-03 19:25 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Roaming\Dropbox 2016-03-18 18:17 - 2015-04-16 22:29 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-03-18 18:17 - 2015-04-16 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-03-18 17:10 - 2014-06-03 18:57 - 00000000 ____D C:\Users\Jorge Chumbo\IGC 2016-03-18 16:46 - 2014-06-03 19:29 - 00000000 ___RD C:\Users\Jorge Chumbo\Dropbox 2016-03-18 15:35 - 2015-06-17 16:38 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Local\Dropbox 2016-03-18 15:32 - 2015-09-25 18:40 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-03-18 14:12 - 2014-06-03 13:46 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Local\Downloaded Installations 2016-03-18 11:56 - 2014-10-17 13:53 - 00000000 ____D C:\Users\Jorge Chumbo\Desktop\Centro 2016-03-18 11:41 - 2015-09-27 20:00 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Despesas Pessoais 2016-03-18 09:57 - 2014-06-02 17:27 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Local\Packages 2016-03-17 20:05 - 2014-06-02 17:31 - 00051346 ____H C:\Users\Jorge Chumbo\AppData\Local\IconCache.db.backup 2016-03-17 19:38 - 2014-06-02 17:31 - 01805058 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-17 19:38 - 2013-08-31 13:31 - 00777804 _____ C:\Windows\system32\prfh0416.dat 2016-03-17 19:38 - 2013-08-31 13:31 - 00159338 _____ C:\Windows\system32\prfc0416.dat 2016-03-17 16:39 - 2014-06-23 12:22 - 00003440 _____ C:\Windows\System32\Tasks\Apple Diagnostics 2016-03-17 14:41 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\LiveKernelReports 2016-03-16 17:31 - 2015-09-25 14:31 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Roaming\PolarisOfficeLink 2016-03-16 17:23 - 2015-09-29 09:53 - 00000000 _RSHD C:\Users\Jorge Chumbo\Documents\.POLARIS.cache 2016-03-16 17:21 - 2015-09-25 14:41 - 00000000 __SHD C:\Users\Jorge Chumbo\Documents\~!@$12Sync 2016-03-16 11:27 - 2015-09-27 20:35 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Youcam 2016-03-16 11:25 - 2015-09-27 20:32 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Revista RC 2016-03-16 11:23 - 2015-09-27 20:28 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Power Point 2016-03-16 11:23 - 2015-09-27 20:28 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Pazzinatto Repres 2016-03-16 11:00 - 2015-09-27 20:28 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Pasta Star 2016-03-16 10:35 - 2015-09-27 20:02 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Modelos Personalizados do Office 2016-03-16 10:35 - 2015-09-27 20:02 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Minhas fontes de dados 2016-03-16 10:34 - 2015-10-02 16:01 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\MaxComputerCleaner 2016-03-16 10:34 - 2015-10-02 16:01 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Excel 2016-03-16 10:34 - 2015-09-27 20:02 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Minhas Formas 2016-03-16 10:34 - 2015-09-27 20:01 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\MBA - FGV 2016-03-16 10:34 - 2014-10-02 18:56 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Meu DocsToGo 2016-03-15 15:00 - 2015-09-27 20:16 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Nf-e Motriz 2016-03-15 14:58 - 2015-10-02 16:01 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\My Weblog Posts 2016-03-15 14:58 - 2015-10-02 15:58 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Livros 2016-03-15 14:58 - 2015-10-02 15:58 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Apostilas 2016-03-15 14:58 - 2015-09-27 20:35 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Word 2016-03-15 14:58 - 2015-09-27 20:33 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\TomTom 2016-03-15 14:58 - 2015-09-27 20:33 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\SelfMV 2016-03-15 14:58 - 2015-09-27 20:19 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Pasta MacDrain 2016-03-15 14:58 - 2015-09-27 20:16 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Pasta de Arames 2016-03-15 14:58 - 2015-09-27 20:16 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\My Videos 2016-03-15 14:58 - 2015-09-27 20:07 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\My DocsToGo 2016-03-15 14:58 - 2015-09-27 20:02 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Motriz 2016-03-15 14:58 - 2015-09-27 20:01 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Minhas digitalizações 2016-03-15 14:58 - 2015-09-27 20:01 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Inbox 2016-03-15 14:58 - 2015-09-27 20:00 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Documentos Motriz 2016-03-15 14:58 - 2015-09-27 20:00 - 00000000 ___RD C:\Users\Jorge Chumbo\Documents\Blocos de Anotações do OneNote 2016-03-15 14:57 - 2015-09-25 14:31 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Roaming\InstallShield Installation Information 2016-03-15 12:37 - 2014-06-02 22:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-03-15 12:35 - 2014-06-02 22:55 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2016-03-14 14:37 - 2014-06-23 12:09 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-03-12 16:28 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache 2016-03-12 16:09 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp 2016-03-11 12:44 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness 2016-03-09 13:25 - 2014-06-02 23:06 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2016-03-09 13:25 - 2014-06-02 23:06 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2016-03-09 13:15 - 2013-08-22 11:44 - 00409992 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-09 13:11 - 2014-12-14 11:28 - 00000000 ____D C:\Windows\system32\appraiser 2016-03-09 13:08 - 2014-06-03 08:32 - 00000000 ____D C:\Windows\system32\MRT 2016-03-09 12:45 - 2014-06-03 08:32 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-03-09 09:27 - 2013-08-22 10:25 - 00000202 _____ C:\Windows\win.ini 2016-03-08 16:17 - 2015-09-28 14:27 - 00000000 ____D C:\Users\Todos os Usuários\Temp 2016-03-08 16:17 - 2015-09-28 14:27 - 00000000 ____D C:\ProgramData\Temp 2016-03-08 14:27 - 2015-07-06 20:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-08 04:00 - 2015-11-11 12:21 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-08 04:00 - 2015-11-11 12:21 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-05 12:38 - 2016-02-14 09:20 - 00003060 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455452385 2016-03-05 12:38 - 2016-02-14 09:19 - 00001013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-03-05 12:32 - 2014-06-02 23:06 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-03-01 14:46 - 2014-09-22 18:13 - 00000000 ___RD C:\Users\Jorge Chumbo\iCloudDrive 2016-02-28 08:43 - 2014-07-01 17:45 - 00000000 ____D C:\Program Files (x86)\WinRAR 2016-02-27 20:57 - 2015-02-07 11:40 - 00000000 ____D C:\Users\Jorge Chumbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-02-27 20:57 - 2014-07-01 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-02-27 20:56 - 2014-10-19 07:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-27 20:56 - 2014-06-02 23:03 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2016-02-27 20:55 - 2014-10-19 07:46 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-02-27 20:54 - 2014-10-19 07:45 - 00000000 ____D C:\Program Files (x86)\Java 2016-02-26 18:08 - 2015-04-04 10:28 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-02-25 10:43 - 2014-06-02 23:06 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-02-23 08:00 - 2015-11-17 07:02 - 00000000 ____D C:\Program Files\McAfee Security Scan ==================== Arquivos na raiz de alguns diretórios ======= 2014-06-03 19:59 - 2015-05-08 12:06 - 0012690 _____ () C:\Users\Jorge Chumbo\AppData\Roaming\Rim.Desktop.Exception.log 2014-06-03 19:58 - 2015-09-08 10:33 - 0011495 _____ () C:\Users\Jorge Chumbo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2014-06-03 19:59 - 2015-05-08 12:06 - 0004543 _____ () C:\Users\Jorge Chumbo\AppData\Roaming\Rim.DesktopHelper.Exception.log 2014-12-29 12:15 - 2015-05-08 12:06 - 0001155 _____ () C:\Users\Jorge Chumbo\AppData\Roaming\Rim.Transcoder.Exception.log 2015-09-28 14:35 - 2015-09-28 14:34 - 0815826 _____ () C:\Users\Jorge Chumbo\AppData\Roaming\unins000.exe 2014-06-03 20:25 - 2015-04-16 11:45 - 0000114 _____ () C:\Users\Jorge Chumbo\AppData\Roaming\WB.CFG 2014-11-04 14:26 - 2015-04-24 18:36 - 0022528 _____ () C:\Users\Jorge Chumbo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-02 18:50 - 2014-10-02 18:50 - 0007605 ____N () C:\Users\Jorge Chumbo\AppData\Local\resmon.resmoncfg 2016-03-17 11:24 - 2016-03-17 11:24 - 0000000 _____ () C:\Users\Jorge Chumbo\AppData\Local\{FEA2C751-F240-473E-9C3D-77729E23C226} 2014-12-26 08:35 - 2015-06-18 19:19 - 0002624 _____ () C:\ProgramData\hpzinstall.log 2015-08-30 19:16 - 2015-09-12 10:37 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-03-18 23:36 ==================== Fim de FRST.txt ============================