Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 17-12-2016
Executado por marcelo (administrador) em MARCELO-PC (19-12-2016 11:57:51)
Executando a partir de C:\Users\marcelo\Desktop
Perfis Carregados: marcelo (Perfis Disponíveis: marcelo)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Corel Corporation) C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDRW.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-04-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-10-03] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal)
HKU\S-1-5-21-201733743-844242722-110362520-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [445624 2012-05-31] (Sony)
HKU\S-1-5-21-201733743-844242722-110362520-1000\...\MountPoints2: {6b25c6d7-4ce8-11e6-917a-e81132bedde8} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-201733743-844242722-110362520-1000\...\MountPoints2: {ac1bba9e-279a-11e6-b21b-e81132bedde8} - E:\startme.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: 0.0.0.1	mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 189.5.128.61 189.5.128.66
Tcpip\..\Interfaces\{03EA9361-5AA8-4E88-A448-822D7E6FCCEE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2AE5B28B-A346-496D-B4C2-537A25EDCA68}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{84D9459F-2858-4FBB-858B-2B7F7546CA0D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A74B9814-9558-49E8-94B2-E57D13B39E08}: [DhcpNameServer] 189.5.128.61 189.5.128.66
Tcpip\..\Interfaces\{C05368A8-E79F-4C0C-91DC-ADF1A72370C2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C1655A1F-6A26-46E2-8695-824F084F8325}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E4078C8D-3062-40B0-94B3-6A9B1E047C9B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=818225b0a7c69212eb60add02165f551
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=818225b0a7c69212eb60add02165f551
HKU\S-1-5-21-201733743-844242722-110362520-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=818225b0a7c69212eb60add02165f551
HKU\S-1-5-21-201733743-844242722-110362520-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\S-1-5-21-201733743-844242722-110362520-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A666E37-9875-4B5B-B983-6D00A5D3185C}&mid=f8a8896dcc9547ccbece3958745a341b-94224e5de34ec8ef2e46c4e2309e2b2438dc60db&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-14 11:48:18&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-201733743-844242722-110362520-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={3A666E37-9875-4B5B-B983-6D00A5D3185C}&mid=f8a8896dcc9547ccbece3958745a341b-94224e5de34ec8ef2e46c4e2309e2b2438dc60db&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-14 11:48:18&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-10-03] (AVG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: bu7o0p0d.default
FF ProfilePath: C:\Users\marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\bu7o0p0d.default [2016-12-19]
FF Homepage: Mozilla\Firefox\Profiles\bu7o0p0d.default -> hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=818225b0a7c69212eb60add02165f551
FF Extension: (AVG Web TuneUp) - C:\Users\marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\bu7o0p0d.default\Extensions\avg@toolbar.xpi [2016-10-03]
FF Extension: (Firefox Hotfix) - C:\Users\marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\bu7o0p0d.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-12-08]
FF SearchPlugin: C:\Users\marcelo\AppData\Roaming\Mozilla\Firefox\Profiles\bu7o0p0d.default\searchplugins\avg-secure-search.xml [2016-10-03]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [não assinado]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-19] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [Nenhum Arquivo]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=818225b0a7c69212eb60add02165f551"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default [2016-12-19]
CHR Extension: (Google Docs) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-23]
CHR Extension: (Google Drive) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-23]
CHR Extension: (YouTube) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-23]
CHR Extension: (AVG Secure Search) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-06-28]
CHR Extension: (Google Search) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-23]
CHR Extension: (Planilhas do Google) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-23]
CHR Extension: (EverydayLookup) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpeepicldbpmefboahpolegllmiglnai [2016-10-02]
CHR Extension: (Documentos Google off-line) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AVG SafePrice) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2016-12-19]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-23]
CHR Extension: (Chrome Media Router) - C:\Users\marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
CHR HKU\S-1-5-21-201733743-844242722-110362520-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-201733743-844242722-110362520-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337696 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-11-02] (AVG Technologies CZ, s.r.o.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [Arquivo não assinado]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [Arquivo não assinado]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [Arquivo não assinado]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [1926616 2016-09-14] (Scopus Soluções em TI Ltda)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [Arquivo não assinado]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-03] ()

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-10-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [267520 2016-10-19] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 bmfilter; C:\Windows\System32\DRIVERS\qcusbfilter.sys [40448 2015-04-24] (QUALCOMM Incorporated) [Arquivo não assinado]
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-08-21] (Marvell Semiconductor, Inc.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-12-19 11:57 - 2016-12-19 11:58 - 00019367 _____ C:\Users\marcelo\Desktop\FRST.txt
2016-12-19 11:56 - 2016-12-19 11:57 - 00000000 ____D C:\FRST
2016-12-19 11:54 - 2016-12-19 11:55 - 02420224 _____ (Farbar) C:\Users\marcelo\Desktop\FRST64.exe
2016-12-15 15:10 - 2016-12-15 15:10 - 00909957 _____ C:\Users\marcelo\Desktop\metrica.cdr
2016-12-09 14:13 - 2016-12-09 14:13 - 00925841 _____ C:\Users\marcelo\Desktop\3.pdf
2016-12-09 14:12 - 2016-12-09 14:12 - 01450219 _____ C:\Users\marcelo\Desktop\2.pdf
2016-12-09 14:11 - 2016-12-09 14:11 - 15407191 _____ C:\Users\marcelo\Desktop\1.cdr
2016-12-09 14:10 - 2016-12-09 14:10 - 08236517 _____ C:\Users\marcelo\Desktop\ct.cdr
2016-12-09 13:49 - 2016-12-09 13:50 - 01240064 _____ C:\Users\marcelo\Downloads\Termo de Aceite_Shopping Cidade.xls
2016-12-09 13:49 - 2016-12-09 13:49 - 00000216 _____ C:\Users\marcelo\Downloads\ATT00001 (1).htm
2016-12-09 13:48 - 2016-12-09 13:48 - 00018541 _____ C:\Users\marcelo\Downloads\Contrato_Permanência_Internet_.XLSX
2016-12-09 13:42 - 2016-12-09 13:42 - 00067689 _____ C:\Users\marcelo\Desktop\nono.pdf
2016-12-09 13:33 - 2016-12-09 13:33 - 00067692 _____ C:\Users\marcelo\Desktop\tabea p chem.pdf
2016-12-09 13:19 - 2016-12-09 13:19 - 00023627 _____ C:\Users\marcelo\Downloads\1804B_Marcelo Alcantara Silva.pdf
2016-12-09 13:19 - 2016-12-09 13:19 - 00000334 _____ C:\Users\marcelo\Downloads\ATT00001.htm
2016-12-09 08:37 - 2016-12-09 08:37 - 00331493 _____ C:\Users\marcelo\Desktop\comprovangte 2.pdf
2016-12-09 08:36 - 2016-12-09 08:36 - 00684682 _____ C:\Users\marcelo\Desktop\comprovangte.cdr
2016-12-08 10:55 - 2014-05-02 20:37 - 00384512 ____R C:\Users\marcelo\Desktop\Keygen.exe
2016-12-08 10:47 - 2016-12-08 10:45 - 00002523 _____ C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
2016-12-08 10:47 - 2016-12-08 10:42 - 00003063 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk
2016-12-08 10:47 - 2016-12-08 10:42 - 00003060 _____ C:\Users\Public\Desktop\Corel CAPTURE X7 (64-Bit).lnk
2016-12-08 10:47 - 2016-12-08 10:42 - 00002343 _____ C:\Users\Public\Desktop\Corel CONNECT X7 (64-Bit).lnk
2016-12-08 10:47 - 2016-12-08 10:41 - 00003015 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2016-12-08 10:46 - 2016-12-08 10:46 - 00000367 _____ C:\Users\marcelo\Desktop\Computador - Atalho.lnk
2016-12-08 10:44 - 2016-12-08 10:44 - 00000000 ____D C:\Program Files\Common Files\Protexis
2016-12-08 10:42 - 2016-12-08 10:42 - 00000000 ____D C:\Users\Public\Documents\Corel
2016-12-08 10:41 - 2016-12-08 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2016-12-08 10:29 - 2016-12-08 10:34 - 486325880 _____ (Acresso Software Inc. ) C:\Users\marcelo\Downloads\CorelDRAWGraphicsSuiteX7Installer_EN64Bit.exe
2016-12-08 10:17 - 2016-12-08 10:17 - 01683651 _____ C:\Users\marcelo\Desktop\(sem assunto) - mas.mee@gmail.com - Gmail.html
2016-12-08 10:17 - 2016-12-08 10:17 - 00000000 ____D C:\Users\marcelo\Desktop\(sem assunto) - mas.mee@gmail.com - Gmail_files
2016-12-06 09:07 - 2016-12-06 09:07 - 00000000 ____D C:\Users\marcelo\Documents\My Palettes
2016-12-05 10:07 - 2016-12-05 10:07 - 01851435 _____ C:\Users\marcelo\Downloads\img164.pdf
2016-12-05 10:07 - 2016-12-05 10:07 - 01105948 _____ C:\Users\marcelo\Downloads\img163.pdf
2016-12-05 09:50 - 2016-12-05 09:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\marcelo\Downloads\HijackThis.exe
2016-12-04 13:06 - 2016-12-04 13:06 - 00102188 _____ C:\Users\marcelo\Downloads\solomon.zip
2016-11-24 19:44 - 2014-12-03 00:01 - 00206104 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2016-11-24 19:44 - 2014-12-03 00:01 - 00110488 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2016-11-24 19:05 - 2016-11-24 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-11-24 19:03 - 2016-11-24 19:06 - 00000000 ____D C:\Users\marcelo\AppData\Roaming\Samsung
2016-11-24 19:03 - 2016-11-24 19:04 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-11-24 19:03 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2016-11-24 13:50 - 2016-11-24 13:50 - 00000000 ____D C:\Program Files\SAMSUNG
2016-11-24 13:48 - 2016-11-24 13:48 - 00000000 ____D C:\Users\Todos os Usuários\Samsung
2016-11-24 13:48 - 2016-11-24 13:48 - 00000000 ____D C:\ProgramData\Samsung
2016-11-14 17:07 - 2016-11-26 12:15 - 00000000 ____D C:\ongame
2016-11-14 15:27 - 2016-11-14 15:27 - 00000000 ____D C:\Users\Todos os Usuários\Avg_Update_1116sp
2016-11-14 15:27 - 2016-11-14 15:27 - 00000000 ____D C:\ProgramData\Avg_Update_1116sp
2016-11-13 21:37 - 2016-11-13 21:37 - 00000000 ____D C:\Users\marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-11-13 21:25 - 2016-11-13 21:26 - 00000000 ____D C:\Users\marcelo\AppData\LocalLow\raidcall
2016-11-13 21:25 - 2016-11-13 21:25 - 00000000 ____D C:\Users\marcelo\AppData\Roaming\raidcall
2016-11-13 21:24 - 2016-11-13 21:24 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall.lnk
2016-11-13 21:24 - 2016-11-13 21:24 - 00000808 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall RaidCall.lnk
2016-11-13 20:35 - 2016-12-19 11:35 - 00000282 _____ C:\Windows\Tasks\PC-Mechanic Maintenance.job
2016-11-13 20:35 - 2016-12-19 11:17 - 00000296 _____ C:\Windows\Tasks\PC-Mechanic Startup.job
2016-11-13 20:35 - 2016-11-13 20:35 - 00003228 _____ C:\Windows\System32\Tasks\PC-Mechanic Maintenance
2016-11-13 20:35 - 2016-11-13 20:35 - 00002596 _____ C:\Windows\System32\Tasks\PC-Mechanic Startup
2016-11-13 20:35 - 2016-11-13 20:35 - 00000000 ____D C:\Users\marcelo\AppData\Roaming\Uniblue
2016-11-13 20:35 - 2016-11-13 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2016-11-13 20:35 - 2016-11-13 20:35 - 00000000 ____D C:\Program Files (x86)\Uniblue
2016-11-13 11:42 - 2016-11-13 21:44 - 00000000 ____D C:\Users\marcelo\AppData\Local\PointBlank
2016-11-12 14:18 - 2016-11-12 14:18 - 00000000 ____D C:\Users\marcelo\AppData\LocalLow\Temp
2016-10-19 14:13 - 2016-10-19 14:13 - 00267520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2016-10-19 13:28 - 2016-10-19 13:28 - 00000165 ____H C:\Users\marcelo\Downloads\~$fonte fisica caixa conjuntGABRIELLA.xlsx
2016-10-19 09:30 - 2016-04-13 11:01 - 00000000 ____D C:\Users\TEMP.marcelo-PC.001\AppData\Local\Google
2016-10-19 09:30 - 2016-03-11 15:40 - 00000000 ____D C:\Users\TEMP.marcelo-PC.001\AppData\Roaming\TuneUp Software
2016-10-19 09:30 - 2009-07-14 05:45 - 00000000 ____D C:\Users\TEMP.marcelo-PC.001\AppData\Roaming\Media Center Programs
2016-10-19 09:29 - 2016-10-19 09:37 - 00000000 ____D C:\Users\TEMP.marcelo-PC.001
2016-10-17 17:19 - 2016-10-17 17:19 - 00312576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2016-10-10 10:28 - 2016-11-30 18:03 - 00000000 ____D C:\Users\marcelo\Documents\bia
2016-10-05 15:01 - 2016-10-05 15:01 - 00267008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2016-10-01 17:58 - 2016-10-01 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2016-10-01 17:57 - 2016-10-01 17:59 - 00000000 ____D C:\Users\marcelo\AppData\Roaming\Anvsoft
2016-10-01 17:57 - 2011-11-28 15:51 - 00033872 _____ (AnvSoft Inc.) C:\Windows\system32\Drivers\anvsnddrv.sys
2016-10-01 17:56 - 2016-10-01 17:56 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2016-09-26 18:19 - 2016-09-26 18:19 - 00254208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2016-09-20 21:22 - 2016-12-19 11:30 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-09-20 19:50 - 2016-09-20 19:50 - 00000000 ____D C:\Users\Todos os Usuários\GeoComply
2016-09-20 19:50 - 2016-09-20 19:50 - 00000000 ____D C:\ProgramData\GeoComply
2016-09-20 19:24 - 2016-12-10 00:02 - 00000000 ____D C:\Users\marcelo\AppData\Local\PokerStars
2016-09-20 19:24 - 2016-09-20 19:24 - 00001949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.lnk
2016-09-20 19:24 - 2016-09-20 19:24 - 00001943 _____ C:\Users\Public\Desktop\PokerStars.lnk
2016-09-20 19:24 - 2016-09-20 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2016-09-20 16:10 - 2016-09-20 16:10 - 00000165 ____H C:\Users\marcelo\Downloads\~$kamylla (3).xlsx
2016-09-20 13:26 - 2016-09-20 13:26 - 00000165 ____H C:\Users\marcelo\Downloads\~$kamylla (2).xlsx

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-12-19 11:44 - 2016-02-23 22:27 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-19 11:44 - 2016-02-23 22:27 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-19 11:36 - 2016-02-27 19:59 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-19 11:36 - 2016-02-27 19:59 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-19 11:36 - 2016-02-27 19:59 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-19 11:36 - 2016-02-27 19:59 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-19 11:36 - 2016-02-27 19:59 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-19 11:36 - 2016-02-27 19:59 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-19 11:31 - 2016-02-23 22:36 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2016-12-19 11:31 - 2016-02-23 22:36 - 00000000 ____D C:\ProgramData\MFAData
2016-12-19 11:25 - 2009-07-14 02:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-19 11:25 - 2009-07-14 02:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-19 11:22 - 2009-07-29 14:08 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2016-12-19 11:22 - 2009-07-29 14:08 - 00147108 _____ C:\Windows\system32\prfc0416.dat
2016-12-19 11:22 - 2009-07-14 03:13 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-19 11:22 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-12-19 11:16 - 2016-03-14 12:31 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-12-19 11:16 - 2009-07-14 03:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-19 11:16 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-09 19:45 - 2016-02-23 22:28 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-09 13:19 - 2016-02-23 22:59 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2016-12-09 13:19 - 2016-02-23 22:59 - 00000000 ____D C:\ProgramData\Corel
2016-12-08 10:47 - 2016-02-23 22:41 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X7 x64
2016-12-08 10:47 - 2016-02-23 22:41 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2016-12-08 10:40 - 2016-08-31 22:20 - 00000000 ____D C:\Program Files\Corel
2016-11-27 16:14 - 2016-03-01 14:28 - 00000000 ____D C:\Users\marcelo\AppData\Local\CrashDumps
2016-11-27 04:19 - 2016-07-10 12:31 - 00000000 ____D C:\Program Files (x86)\PokerStars
2016-11-24 19:03 - 2016-02-23 12:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-21 13:36 - 2016-02-23 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

Alguns arquivos em TEMP:
====================
C:\Users\marcelo\AppData\Local\Temp\287c499808bcff52a39d16f78044882a.dll
C:\Users\marcelo\AppData\Local\Temp\42f539ce97608229eaac9e6f354b6033.dll
C:\Users\marcelo\AppData\Local\Temp\avg-cca72913-03ad-4353-b423-9a687688f63f.exe
C:\Users\marcelo\AppData\Local\Temp\avguirn_081132359530.exe
C:\Users\marcelo\AppData\Local\Temp\avguirn_081416059356.exe
C:\Users\marcelo\AppData\Local\Temp\avguirn_08533547427.exe
C:\Users\marcelo\AppData\Local\Temp\avguirn_08776562510.exe
C:\Users\marcelo\AppData\Local\Temp\avguirn_08931703788.exe
C:\Users\marcelo\AppData\Local\Temp\avguirn_08996559479.exe
C:\Users\marcelo\AppData\Local\Temp\cabex.dll
C:\Users\marcelo\AppData\Local\Temp\kp2t9tpp.dll
C:\Users\marcelo\AppData\Local\Temp\MSN38CD.exe
C:\Users\marcelo\AppData\Local\Temp\ose00000.exe
C:\Users\marcelo\AppData\Local\Temp\unelevate.exe


==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2016-12-14 00:11

==================== Fim de FRST.txt ============================