Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-03-2017 Executado por Valdir Jr (administrador) em VALDIRJR-PC (07-04-2017 14:22:37) Executando a partir de C:\Users\Valdir Jr\Downloads Perfis Carregados: Valdir Jr (Perfis Disponíveis: Valdir Jr) Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [955952 2017-02-16] (GAS Tecnologia LTDA) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-01] (AVAST Software) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA) HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation) HKLM-x32\...\Run: [USB Gamepad] => C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-07] (Banco do Brasil) Winlogon\Notify\ GbPluginBnb: C:\Program Files (x86)\GbPlugin\gbiehBnb.dll [2016-12-12] (Banco do Nordeste do Brasil S.A.) Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-08-10] (Caixa Economica Federal) HKU\S-1-5-21-1209666206-3605538709-2883451563-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-1209666206-3605538709-2883451563-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-1209666206-3605538709-2883451563-1000\...\MountPoints2: {c0fc4240-760e-11e6-b518-806e6f6e6963} - F:\Bin\assetup.exe HKU\S-1-5-21-1209666206-3605538709-2883451563-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation) SSODL: EldosMountNotificator-cbfs4 - {21A34665-D5B5-41B9-B5CC-4337964B4A05} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator-cbfs4 - {21A34665-D5B5-41B9-B5CC-4337964B4A05} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-06-07] (Banco do Brasil) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399014} - C:\Program Files (x86)\GbPlugin\gbiehbnb.dll [1911520 2016-12-12] (Banco do Nordeste do Brasil S.A.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-01] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-01] (AVAST Software) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {0606A60F-CA14-4815-9610-DC9C49337673} => C:\Windows\system32\cbfsMntNtf4.dll [2012-12-24] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {0606A60F-CA14-4815-9610-DC9C49337673} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2012-12-24] (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 Tcpip\..\Interfaces\{4E76274D-3806-4523-B5A2-6B5968C28BFA}: [DhcpNameServer] 192.168.100.1 Internet Explorer: ================== HKU\S-1-5-21-1209666206-3605538709-2883451563-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-01] (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-09] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-01] (AVAST Software) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-07] (Banco do Brasil) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540014} -> C:\Program Files (x86)\GbPlugin\gbiehbnb.dll [2016-12-12] (Banco do Nordeste do Brasil S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-09] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Valdir Jr\AppData\Roaming\Mozilla\Firefox\Profiles\kwiigar2.default [2017-04-07] FF Extension: (Disable Prefetch) - C:\Users\Valdir Jr\AppData\Roaming\Mozilla\Firefox\Profiles\kwiigar2.default\features\{4479496c-74e3-46d0-b16f-84db3db3851c}\disable-prefetch@mozilla.org.xpi [2017-04-04] FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-01] [não assinado] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-01] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48 FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-01] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48 FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-09] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-09] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.uol.com.br/ CHR StartupUrls: Default -> "hxxp://www.uol.com.br/" CHR NewTab: Default -> Not-active:"chrome-extension://fpeepicldbpmefboahpolegllmiglnai/stubby.html" CHR Profile: C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default [2017-04-07] CHR Extension: (Google Apresentações) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-08] CHR Extension: (Google Docs) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-08] CHR Extension: (Google Drive) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-08] CHR Extension: (YouTube) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-08] CHR Extension: (Adblock Plus) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22] CHR Extension: (Adobe Acrobat) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03] CHR Extension: (Avast SafePrice) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-16] CHR Extension: (Planilhas do Google) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-08] CHR Extension: (Favoritos do iCloud) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-10-19] CHR Extension: (EverydayLookup) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpeepicldbpmefboahpolegllmiglnai [2017-03-14] CHR Extension: (Documentos Google off-line) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-08] CHR Extension: (GBBD Banco do Brasil) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll [2016-09-08] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2016-09-08] CHR Extension: (Gmail) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-08] CHR Extension: (Chrome Media Router) - C:\Users\Valdir Jr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-03-29] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-01] (AVAST Software) R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-06-07] (GAS Tecnologia) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [955952 2017-02-16] (GAS Tecnologia LTDA) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-03-29] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-03-29] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-03-29] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-03-29] (AVAST Software s.r.o.) S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [83312 2016-09-15] (AVAST Software) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-01] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-01] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-01] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-01] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-01] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-01] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-01] (AVAST Software) R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [375640 2012-12-24] (EldoS Corporation) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-04-07] (GAS Tecnologia) R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2017-04-07] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-05-09] (GAS Tecnologia) S3 h647906; C:\Windows\System32\drivers\h647906.sys [63856 2008-08-08] (Your Corporation) S3 h648101; C:\Windows\System32\drivers\h648101.sys [65776 2008-08-08] (Your Corporation) S3 h648103; C:\Windows\System32\drivers\h648103.sys [62960 2008-08-08] (Your Corporation) S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41272 2008-08-08] (Your Corporation) S3 hid8101; C:\Windows\SysWOW64\drivers\hid8101.sys [43192 2008-08-08] (Your Corporation) S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [40856 2008-08-08] (Your Corporation) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation) R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18776 2012-12-24] (EldoS Corporation) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-05-09] (GAS Tecnologia LTDA) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-04-07] (GAS Tecnologia) R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-11-11] (GAS Tecnologia) R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-11] (GAS Tecnologia) S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-10-10] (Microsoft Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-04-07 14:20 - 2017-04-07 14:21 - 00027649 _____ C:\Users\Valdir Jr\Downloads\Addition.txt 2017-04-07 14:19 - 2017-04-07 14:22 - 00019806 _____ C:\Users\Valdir Jr\Downloads\FRST.txt 2017-04-07 14:19 - 2017-04-07 14:22 - 00000000 ____D C:\FRST 2017-04-07 14:18 - 2017-04-07 14:18 - 02424832 _____ (Farbar) C:\Users\Valdir Jr\Downloads\FRST64.exe 2017-04-07 14:13 - 2017-04-07 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi 2017-04-07 14:12 - 2017-04-07 14:13 - 00000000 ____D C:\Program Files (x86)\Kodi 2017-04-07 13:35 - 2017-04-07 13:35 - 00000000 ____D C:\Users\Todos os Usuários\SWCUTemp 2017-04-07 13:35 - 2017-04-07 13:35 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-04-07 13:34 - 2017-04-07 13:48 - 83853671 _____ (XBMC-Foundation) C:\Users\Valdir Jr\Downloads\kodi-17.1-Krypton.exe 2017-04-07 13:34 - 2017-04-07 13:48 - 83853671 _____ (XBMC-Foundation) C:\Users\Valdir Jr\Downloads\kodi-17.1-Krypton (1).exe 2017-04-06 09:41 - 2017-04-06 09:41 - 00003918 _____ C:\Users\Valdir Jr\Downloads\comprovante Dirlene Doc 260.html 2017-04-06 09:30 - 2017-04-06 09:30 - 00003995 _____ C:\Users\Valdir Jr\Downloads\comprovante Deyse de Sousa 1660.html 2017-04-05 17:37 - 2017-04-05 17:37 - 00003915 _____ C:\Users\Valdir Jr\Downloads\comprovante Doc 40 BBrasil Jr.html 2017-04-04 17:23 - 2017-04-04 17:23 - 00003194 _____ C:\Windows\System32\Tasks\Install Warsaw CA on Firefox 2017-04-01 09:56 - 2017-04-01 09:56 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-03-31 11:13 - 2017-03-31 11:13 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-03-31 11:13 - 2017-03-31 11:13 - 00000000 ____D C:\Program Files (x86)\MSECache 2017-03-31 10:24 - 2017-03-31 10:24 - 00023552 _____ C:\Users\Valdir Jr\Desktop\AÇÕES BIO 4 2017 - Setor 413443 - José Alberto Araújo.xls 2017-03-31 10:21 - 2017-03-31 10:21 - 00011056 _____ C:\Users\Valdir Jr\Desktop\AÇÕES BIO 4 2017 - Setor 413443 - José Alberto COMPLETO.xlsx 2017-03-30 17:53 - 2017-03-30 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2017-03-30 17:49 - 2017-03-30 17:49 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-03-30 17:49 - 2017-03-30 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-03-30 17:49 - 2017-03-30 17:49 - 00000000 ____D C:\Program Files\iTunes 2017-03-30 17:49 - 2017-03-30 17:49 - 00000000 ____D C:\Program Files\iPod 2017-03-30 17:41 - 2017-03-30 17:41 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2017-03-30 17:41 - 2017-03-30 17:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2017-03-28 10:34 - 2017-03-28 10:34 - 00038312 _____ C:\Users\Valdir Jr\Downloads\extrato-0587-201703.pdf 2017-03-27 19:07 - 2017-03-27 19:07 - 00030855 _____ C:\Users\Valdir Jr\Downloads\Fatura-300001453394.pdf 2017-03-27 19:04 - 2017-03-27 19:04 - 00031875 _____ C:\Users\Valdir Jr\Downloads\Fatura-114400324613.pdf 2017-03-27 19:01 - 2017-03-27 19:01 - 00034935 _____ C:\Users\Valdir Jr\Downloads\Fatura-310429268015.pdf 2017-03-27 19:00 - 2017-03-27 19:00 - 00034935 _____ C:\Users\Valdir Jr\Downloads\Fatura-310479294430.pdf 2017-03-27 12:02 - 2017-03-27 12:02 - 00032753 _____ C:\Users\Valdir Jr\Downloads\RELATÓRIO DE PDV's VISITADOS DEZ 2016 - CARDIO-1 (1).xlsx 2017-03-24 16:31 - 2017-03-24 16:31 - 00245421 _____ C:\Users\Valdir Jr\Downloads\Impressão Cartão Corporativo (5).pdf 2017-03-24 16:28 - 2017-03-24 16:28 - 00244419 _____ C:\Users\Valdir Jr\Downloads\Impressão Cartão Corporativo (4).pdf 2017-03-24 15:56 - 2017-03-24 15:56 - 00244419 _____ C:\Users\Valdir Jr\Downloads\Impressão Cartão Corporativo (3).pdf 2017-03-24 15:55 - 2017-03-24 15:55 - 00245501 _____ C:\Users\Valdir Jr\Downloads\Impressão Cartão Corporativo (2).pdf 2017-03-24 15:54 - 2017-03-24 15:54 - 00245421 _____ C:\Users\Valdir Jr\Downloads\Impressão Cartão Corporativo (1).pdf 2017-03-23 17:01 - 2017-03-23 17:01 - 00003995 _____ C:\Users\Valdir Jr\Downloads\comprovante 850,00 Mãe-Mãe.html 2017-03-20 11:38 - 2017-03-20 11:38 - 00369664 _____ C:\Users\Valdir Jr\Downloads\PLANILHA RDV (1).xls 2017-03-20 11:37 - 2017-03-20 11:37 - 00369664 _____ C:\Users\Valdir Jr\Downloads\PLANILHA RDV.xls 2017-03-10 16:24 - 2017-04-01 09:56 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2017-03-10 16:24 - 2017-03-29 15:51 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys 2017-03-10 16:24 - 2017-03-29 15:51 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys 2017-03-10 16:24 - 2017-03-29 15:51 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys 2017-03-10 16:24 - 2017-03-29 15:51 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys 2017-03-08 17:21 - 2017-04-07 13:23 - 00000000 ____D C:\Users\Valdir Jr\AppData\Roaming\Kodi 2017-03-08 17:19 - 2017-04-07 13:52 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-03-08 17:19 - 2017-04-07 13:52 - 00000000 ____D C:\ProgramData\Package Cache ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-04-07 14:22 - 2016-09-08 19:18 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2017-04-07 13:46 - 2016-09-08 19:18 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2017-04-07 13:46 - 2016-09-08 19:18 - 00000000 ____D C:\ProgramData\GbPlugin 2017-04-07 13:46 - 2016-09-08 19:18 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-04-07 13:37 - 2016-09-08 19:18 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys 2017-04-07 13:30 - 2009-07-14 01:45 - 00020352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-04-07 13:30 - 2009-07-14 01:45 - 00020352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-04-07 13:25 - 2016-09-16 11:13 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BEA77BA5-D360-4B4C-8C0E-7A50D61515F5} 2017-04-07 13:24 - 2016-12-27 12:19 - 00028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2017-04-07 13:21 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-04-07 12:05 - 2016-12-16 12:09 - 00000000 ____D C:\Users\Valdir Jr\AppData\LocalLow\Mozilla 2017-04-07 11:55 - 2009-07-14 14:55 - 00705070 _____ C:\Windows\system32\prfh0416.dat 2017-04-07 11:55 - 2009-07-14 14:55 - 00146910 _____ C:\Windows\system32\prfc0416.dat 2017-04-07 11:55 - 2009-07-14 02:13 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI 2017-04-07 11:55 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2017-04-01 13:09 - 2016-09-16 11:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-04-01 11:21 - 2016-12-14 17:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-04-01 09:58 - 2016-09-08 19:40 - 00003904 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1473374416 2017-04-01 09:56 - 2016-09-08 19:35 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2017-04-01 09:56 - 2016-09-08 19:35 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2017-04-01 09:56 - 2016-09-08 19:35 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2017-04-01 09:56 - 2016-09-08 19:35 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2017-04-01 09:56 - 2016-09-08 19:35 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2017-04-01 09:56 - 2016-09-08 19:35 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2017-04-01 09:56 - 2016-09-08 19:35 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2017-04-01 09:55 - 2016-09-08 19:39 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2017-04-01 09:55 - 2016-09-08 19:35 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2017-03-31 12:01 - 2017-02-22 16:33 - 00000000 ____D C:\Users\Valdir Jr\Desktop\alberto biolab 2017-03-31 11:54 - 2016-09-08 19:32 - 00084928 _____ C:\Users\Valdir Jr\AppData\Local\GDIPFONTCACHEV1.DAT 2017-03-31 11:52 - 2009-07-14 01:45 - 00342560 _____ C:\Windows\system32\FNTCACHE.DAT 2017-03-31 11:31 - 2016-09-08 19:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Works 2017-03-31 11:31 - 2016-09-08 19:09 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2017-03-31 10:26 - 2016-09-08 19:16 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-30 17:48 - 2016-09-13 15:16 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-03-30 17:41 - 2016-09-13 15:17 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-03-27 11:58 - 2017-02-23 17:43 - 00011394 _____ C:\Users\Valdir Jr\Desktop\AÇÕES BIO 4 2017 - Setor 413443 - José Alberto COMPLETO.xlsm 2017-03-27 11:28 - 2017-02-24 16:15 - 00369664 _____ C:\Users\Valdir Jr\Desktop\PLANILHA RDV.xls 2017-03-22 15:57 - 2016-12-13 18:25 - 00000000 ____D C:\Users\Valdir Jr\Desktop\Alberto 2017-03-22 12:24 - 2016-09-09 10:21 - 00000000 ____D C:\Users\Valdir Jr\AppData\Roaming\uTorrent 2017-03-21 21:19 - 2016-09-09 10:34 - 00000000 ___SD C:\Users\Valdir Jr\AppData\LocalLow\Temp 2017-03-16 10:26 - 2016-09-08 19:32 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2017-03-16 10:26 - 2016-09-08 19:32 - 00000000 ____D C:\ProgramData\AVAST Software 2017-03-15 15:38 - 2017-01-24 12:38 - 00001258 _____ C:\Users\Valdir Jr\Desktop\Erro 0033 Possiveis Consertos.txt 2017-03-10 16:24 - 2016-09-08 19:35 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148917388020204 ==================== Arquivos na raiz de alguns diretórios ======= 2016-09-08 19:40 - 2016-09-08 19:40 - 0000057 _____ () C:\ProgramData\Ament.ini Alguns arquivos em TEMP: ==================== 2016-06-22 13:52 - 2016-06-22 13:52 - 0741440 _____ (Oracle Corporation) C:\Users\Valdir Jr\AppData\Local\Temp\jre-8u101-windows-au.exe 2006-05-24 01:10 - 2006-05-24 01:10 - 0455600 ____R (Macrovision Corporation) C:\Users\Valdir Jr\AppData\Local\Temp\_is5927.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-11-05 10:27 ==================== Fim de FRST.txt ============================