Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 18-07-2017 Executado por Administrador (administrador) em WEBMASTER (22-07-2017 17:14:16) Executando a partir de E:\Programas Web\Novos 13\Indicado-imasters-forum Perfis Carregados: Administrador (Perfis Disponíveis: Administrador) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\ARQUIV~1\GbPlugin\gbpsv.exe (AVG Technologies CZ, s.r.o.) C:\Arquivos de programas\AVG\Antivirus\AVGSvc.exe (GAS Tecnologia) C:\ARQUIV~1\GbPlugin\gbpsv.exe (AVG Technologies CZ, s.r.o.) C:\Arquivos de programas\AVG\Framework\Common\avgsvcx.exe (Scarlet.Crush Productions) C:\Arquivos de programas\ScpServer\bin\ScpService.exe (VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe (Intel Corporation) C:\Arquivos de programas\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Microsoft Corporation) C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XBoxStat.exe (AVG Technologies CZ, s.r.o.) C:\Arquivos de programas\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) C:\Arquivos de programas\AVG\Antivirus\AVGUI.exe (Intel Corporation) C:\Arquivos de programas\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (GAS Tecnologia LTDA) C:\Arquivos de programas\Diebold\Warsaw\core.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [XboxStat] => C:\Arquivos de programas\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [AvgUi] => C:\Arquivos de programas\AVG\Framework\Common\avguirnx.exe [220288 2017-07-03] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [ISUSPM Startup] => C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe [249856 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG) HKLM\...\Run: [ISUSScheduler] => C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [AVGUI.exe] => C:\Arquivos de programas\AVG\Antivirus\AvLaunch.exe [263232 2017-07-19] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\ GbPluginCef: C:\Arquivos de programas\GbPlugin\gbiehCef.dll [2016-09-13] (Caixa Economica Federal) HKU\S-1-5-21-1214440339-1547161642-725345543-500\...\Run: [Google Update] => C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\ARQUIVOS DE PROGRAMAS\GbPlugin\gbiehcef.dll [1903328 2016-09-13] (Caixa Economica Federal) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Restrição ? <==== ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\..\Interfaces\{9F4C93A1-2D9E-4FDE-AD1D-9C4302E11544}: [NameServer] 185.121.177.177,8.8.4.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP HKU\S-1-5-21-1214440339-1547161642-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP HKU\S-1-5-21-1214440339-1547161642-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = &hxxp://home.microsoft.com/intl/br/access/allinone.asp HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D2%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP" <==== ATENÇÃO HKU\S-1-5-21-1214440339-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D2%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP" <==== ATENÇÃO SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKU\S-1-5-21-1214440339-1547161642-725345543-500 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} SearchScopes: HKU\S-1-5-21-1214440339-1547161642-725345543-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F4C1CA5F-7D91-49F0-9A37-1EDD3BFC154D}&mid=Unknown&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=1215av&pr=fr&d=2015-12-16 19:35:37&v=4.2.3.128&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO: Add-on do navegador para desativação do Google Analytics -> {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} -> C:\Arquivos de programas\Google\Google Analytics Opt-Out\gaoptout.dll [2014-04-03] (Google, Inc.) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2016-09-13] (Caixa Economica Federal) Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5zkkgn5b.default [2017-07-22] FF NewTab: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5zkkgn5b.default -> about:newtab FF DefaultSearchEngine: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5zkkgn5b.default -> Yahoo! Powered Search FF SelectedSearchEngine: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5zkkgn5b.default -> Yahoo! Powered Search FF Homepage: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5zkkgn5b.default -> hxxp://www.google.com.br FF Keyword.URL: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5zkkgn5b.default -> user_pref("keyword.URL", true); FF Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5zkkgn5b.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2017-04-09] FF Extension: (Download YouTube Videos as MP4) - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5zkkgn5b.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-03-06] FF Extension: (SearchStatus) - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5zkkgn5b.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2016-05-15] FF SearchPlugin: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\5zkkgn5b.default\searchplugins\yahoo! powered search.xml [2017-01-09] FF Extension: (Application Update Service Helper) - C:\Arquivos de programas\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi [2017-04-18] [não assinado] FF Extension: (Site Deployment Checker) - C:\Arquivos de programas\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-18] [não assinado] FF Extension: (Multi-process staged rollout) - C:\Arquivos de programas\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi [2017-04-18] [não assinado] FF Extension: (Pocket) - C:\Arquivos de programas\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi [2017-04-18] [não assinado] FF Extension: (Web Compat) - C:\Arquivos de programas\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi [2017-04-18] [não assinado] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-13] [não assinado] FF HKU\S-1-5-21-1214440339-1547161642-725345543-500\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi FF Extension: (GBBD Caixa Economica Federal) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\xpi [2015-01-10] [não assinado] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Arquivos de programas\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Arquivos de programas\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Arquivos de programas\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin HKU\S-1-5-21-1214440339-1547161642-725345543-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin HKU\S-1-5-21-1214440339-1547161642-725345543-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin HKU\S-1-5-21-1214440339-1547161642-725345543-500: gastecnologia.com.br/sf/cef -> C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_cef.dll [2015-01-10] (GAS Tecnologia) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.google.com.br/" CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default [2017-07-22] CHR Extension: (Link to Google Analytics | Shortcut) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\cgbofdajbjpegicggccpealogclcdiap [2016-07-10] CHR Extension: (MozBar) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2017-05-30] CHR Extension: (Add-on para desativação do Google Analytics) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-10-04] CHR Extension: (PageSpeed Insights (by Google)) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-07-22] CHR Extension: (Better Battlelog (BBLog)) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2016-11-26] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Simet) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nnokjffnngdgfplfmimjioknefmkjfgc [2016-11-02] CHR Extension: (Check My Links) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\ojkcdipcgfaekbeaelaapakgnjflfglf [2017-05-29] CHR Extension: (Google Publisher Toolbar) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\omioeahgfecgfpfldejlnideemfidnkc [2017-03-01] CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1214440339-1547161642-725345543-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\cef\sf.crx [2014-07-26] CHR HKU\S-1-5-21-1214440339-1547161642-725345543-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe StartMenuInternet: Google Chrome.N7C5BFF5D4L4PGMMKU3GB4KAO4 - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-11] (Adobe Systems Incorporated) [Arquivo não assinado] R2 AVG Antivirus; C:\Arquivos de programas\AVG\Antivirus\AVGSvc.exe [264432 2017-07-19] (AVG Technologies CZ, s.r.o.) S3 avgbIDSAgent; C:\Arquivos de programas\AVG\Antivirus\aswidsagent.exe [5866488 2017-07-19] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Arquivos de programas\AVG\Framework\Common\avgsvcx.exe [1189720 2017-07-03] (AVG Technologies CZ, s.r.o.) S4 DigitalWave.Update.Service; C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd.) [Arquivo não assinado] R2 Ds3Service; C:\Arquivos de programas\ScpServer\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [Arquivo não assinado] R2 GbpSv; C:\Arquivos de programas\GbPlugin\gbpsv.exe [631520 2016-09-13] (GAS Tecnologia) S2 gupdate; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.) S3 gupdatem; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.) R2 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88688 2010-12-14] (VIA Technologies, Inc.) R2 LMS; C:\Arquivos de programas\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656 2010-12-20] (Intel Corporation) S3 MozillaMaintenance; C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [172488 2017-04-18] (Mozilla Foundation) S3 NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [Arquivo não assinado] S3 ose; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation) R2 UNS; C:\Arquivos de programas\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280 2010-12-20] (Intel Corporation) R2 Warsaw Technology; C:\Arquivos de programas\Diebold\Warsaw\core.exe [792112 2016-06-22] (GAS Tecnologia LTDA) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiskx.sys [135872 2017-07-19] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdriverx.sys [260616 2017-07-19] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidshx.sys [151024 2017-07-19] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\WINDOWS\system32\drivers\avgblogx.sys [270344 2017-07-19] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbunivx.sys [43992 2017-07-19] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [35264 2017-07-19] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [116344 2017-07-19] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr.sys [62528 2017-07-19] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [63280 2017-07-19] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [766728 2017-07-19] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [489416 2017-07-19] (AVG Technologies CZ, s.r.o.) R3 avgStmXP; C:\WINDOWS\system32\drivers\avgStmXP.sys [195128 2017-07-19] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [288728 2017-07-19] (AVG Technologies CZ, s.r.o.) R0 GbpKm; C:\WINDOWS\System32\drivers\gbpkm.sys [49496 2015-09-03] (GAS Tecnologia) R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [62576 2010-09-27] (Atheros Communications, Inc.) R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) S3 Ndisrd; C:\WINDOWS\System32\DRIVERS\gbpndisrd.sys [31448 2017-07-22] (GAS Tecnologia) R3 NdisrdMP; C:\WINDOWS\System32\DRIVERS\gbpndisrd.sys [31448 2017-07-22] (GAS Tecnologia) R3 ScpVBus; C:\WINDOWS\System32\DRIVERS\ScpVBus.sys [33024 2013-05-19] (Scarlet.Crush Productions) S3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [Arquivo não assinado] R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2152944 2010-12-14] (VIA Technologies, Inc.) R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [80728 2017-07-22] (GAS Tecnologia) S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-07-22 12:03 - 2017-07-22 12:03 - 00000007 _____ C:\Documents and Settings\Administrador\Desktop\cidade-estados-unidos-muitas-visitas-diretas.txt 2017-07-21 00:52 - 2017-07-21 00:52 - 00000025 _____ C:\Documents and Settings\Administrador\Desktop\link-do-folkd.com.txt 2017-07-20 14:15 - 2017-07-20 14:16 - 00057294 _____ C:\Documents and Settings\Administrador\Desktop\Addition.txt 2017-07-20 14:14 - 2017-07-20 14:16 - 00037510 _____ C:\Documents and Settings\Administrador\Desktop\FRST.txt 2017-07-20 14:11 - 2017-07-22 17:14 - 00000000 ____D C:\FRST 2017-07-20 00:47 - 2017-07-20 00:47 - 00106496 _____ C:\WINDOWS\Minidump\Mini072017-01.dmp 2017-07-19 12:16 - 2017-07-19 12:16 - 00304400 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2017-07-19 00:07 - 2017-01-10 12:43 - 00000776 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170719-000733.backup 2017-07-18 23:41 - 2017-07-18 23:41 - 00000000 ____D C:\Arquivos de programas\Arquivos comuns\AV 2017-07-18 23:40 - 2017-07-18 23:40 - 00000000 ____D C:\Documents and Settings\LocalService\Menu Iniciar\Programas 2017-07-18 23:40 - 2017-07-18 23:40 - 00000000 ____D C:\Documents and Settings\LocalService\Menu Iniciar 2017-07-18 23:33 - 2017-07-22 17:03 - 00000087 _____ C:\WINDOWS\wininit.ini 2017-07-18 10:51 - 2017-07-21 11:22 - 00015005 _____ C:\Documents and Settings\Administrador\Desktop\style.css 2017-07-18 10:51 - 2017-07-18 10:51 - 00015009 _____ C:\Documents and Settings\Administrador\Desktop\style_orig.css 2017-07-16 12:47 - 2017-07-17 21:16 - 00000018 _____ C:\Documents and Settings\Administrador\Desktop\reotimizando-imagens.txt 2017-07-16 02:06 - 2017-07-16 02:06 - 00000472 _____ C:\WINDOWS\alceia.zip 2017-07-11 15:00 - 2017-07-11 15:00 - 00030906 _____ C:\Documents and Settings\Administrador\Desktop\template-imagem-grande-post-face.psd 2017-07-10 12:29 - 2017-07-10 12:29 - 01081528 _____ C:\Documents and Settings\Administrador\Meus documentos\favoritos_10_07_17.html 2017-06-30 10:28 - 2017-06-30 10:28 - 00000000 __SHD C:\Documents and Settings\Administrador\IECompatCache 2017-05-29 16:18 - 2017-07-17 17:30 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas\AVG 2017-05-26 20:06 - 2017-07-22 15:33 - 00000312 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job 2017-05-26 20:06 - 2017-07-19 12:16 - 00766728 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2017-05-26 20:06 - 2017-07-19 12:16 - 00489416 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2017-05-26 20:06 - 2017-07-19 12:16 - 00288728 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2017-05-26 20:06 - 2017-07-19 12:16 - 00195128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStmXP.sys 2017-05-26 20:06 - 2017-07-19 12:16 - 00116344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys 2017-05-26 20:06 - 2017-07-19 12:16 - 00063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2017-05-26 20:06 - 2017-07-19 12:16 - 00062528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr.sys 2017-05-26 20:06 - 2017-07-19 12:16 - 00035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys 2017-05-26 20:06 - 2017-07-19 12:15 - 00270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys 2017-05-26 20:06 - 2017-07-19 12:15 - 00260616 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys 2017-05-26 20:06 - 2017-07-19 12:15 - 00151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys 2017-05-26 20:06 - 2017-07-19 12:15 - 00135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys 2017-05-26 20:06 - 2017-07-19 12:15 - 00043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys 2017-05-26 19:47 - 2017-05-26 19:47 - 00000000 _____ C:\WINDOWS\system32\last.dump 2017-05-15 21:53 - 2017-05-15 21:53 - 00000084 _____ C:\Documents and Settings\Administrador\Meus documentos\protocolo-anatel.txt 2017-05-10 21:18 - 2017-07-12 00:36 - 00000000 ____D C:\Documents and Settings\Administrador\Desktop\imagens 2017-05-10 21:17 - 2017-07-14 21:34 - 00000000 ____D C:\Documents and Settings\Administrador\Desktop\TXT 2017-05-10 12:43 - 2017-05-10 12:43 - 00000253 _____ C:\Documents and Settings\Administrador\Meus documentos\texto-post-fixo-face.txt ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-07-22 17:14 - 2013-10-08 15:37 - 00000000 ____D C:\Documents and Settings\Administrador\Configurações locais\Temp 2017-07-22 17:06 - 2013-10-10 08:52 - 00000000 ____D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\ULTILITARIOS 2017-07-22 17:05 - 2014-07-22 12:09 - 00000000 ____D C:\Arquivos de programas\SUPERAntiSpyware 2017-07-22 17:05 - 2013-10-08 15:37 - 00000000 __RHD C:\Documents and Settings\Administrador\Dados de aplicativos 2017-07-22 17:05 - 2013-10-08 12:23 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Iniciar 2017-07-22 17:05 - 2013-10-08 12:22 - 00000000 __RHD C:\Documents and Settings\All Users\Dados de aplicativos 2017-07-22 17:04 - 2013-10-09 18:50 - 00000000 ____D C:\Documents and Settings\All Users\Menu Iniciar\Programas\ULTILITARIOS 2017-07-22 17:03 - 2014-02-05 11:53 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2017-07-22 17:03 - 2014-02-05 11:53 - 00000000 ____D C:\Arquivos de programas\Spybot - Search & Destroy 2 2017-07-22 16:59 - 2013-10-09 18:33 - 00001200 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1547161642-725345543-500UA.job 2017-07-22 16:30 - 2014-01-05 10:41 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2017-07-22 16:27 - 2013-11-08 21:11 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-07-22 15:34 - 2016-01-13 20:29 - 00080728 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys 2017-07-22 15:34 - 2013-10-10 08:31 - 00031448 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\GbpNdisrd.sys 2017-07-22 15:34 - 2013-10-10 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin 2017-07-22 15:33 - 2016-09-20 21:21 - 00000330 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job 2017-07-22 15:33 - 2014-03-09 17:37 - 00000238 _____ C:\WINDOWS\Tasks\Logon para Notificação de Término de Serviço do Microsoft Windows XP.job 2017-07-22 15:33 - 2014-01-05 10:41 - 00001068 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2017-07-22 15:33 - 2013-10-08 15:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-07-22 13:03 - 2013-10-08 15:37 - 00032558 _____ C:\WINDOWS\SchedLgU.Txt 2017-07-22 13:03 - 2013-10-08 15:37 - 00000210 ___SH C:\Documents and Settings\Administrador\ntuser.ini 2017-07-22 13:03 - 2013-10-08 15:37 - 00000000 ____D C:\Documents and Settings\Administrador 2017-07-21 23:59 - 2013-10-09 18:33 - 00001148 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1547161642-725345543-500Core.job 2017-07-21 23:30 - 2013-10-08 15:37 - 00000000 ___HD C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos 2017-07-20 00:47 - 2013-12-28 18:48 - 00000000 ____D C:\WINDOWS\Minidump 2017-07-19 12:17 - 2013-10-08 12:18 - 00000000 ___HD C:\WINDOWS\inf 2017-07-19 00:02 - 2013-10-08 12:23 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Iniciar\Programas 2017-07-18 23:41 - 2013-10-08 12:23 - 00000000 ____D C:\Arquivos de programas\Arquivos comuns 2017-07-18 23:40 - 2013-10-08 15:37 - 00000000 __SHD C:\Documents and Settings\LocalService 2017-07-18 23:34 - 2014-02-05 11:53 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt 2017-07-13 10:15 - 2013-10-12 16:20 - 00000122 _____ C:\Documents and Settings\Administrador\default.pls 2017-07-13 10:11 - 2013-10-12 16:18 - 00000116 _____ C:\WINDOWS\NeroDigital.ini 2017-07-11 20:27 - 2013-11-08 21:11 - 00803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2017-07-11 20:27 - 2013-11-08 21:11 - 00144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2017-07-11 20:27 - 2013-10-08 15:31 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-07-10 12:29 - 2013-10-08 15:37 - 00000000 ___RD C:\Documents and Settings\Administrador\Meus documentos 2017-07-03 17:57 - 2015-05-21 12:47 - 00000000 ____D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Avg 2017-06-27 11:57 - 2013-10-08 12:21 - 00000239 ___SH C:\boot.ini 2017-06-27 11:57 - 2001-10-28 15:07 - 00000615 _____ C:\WINDOWS\win.ini 2017-06-27 11:57 - 2001-10-28 15:07 - 00000227 _____ C:\WINDOWS\system.ini 2017-06-27 11:50 - 2015-12-01 20:36 - 00423680 _____ C:\WINDOWS\ntbtlog.txt ==================== Arquivos na raiz de alguns diretórios ======= 2014-04-30 14:30 - 2014-04-30 14:30 - 0018019 _____ () C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.dat 2014-04-30 14:30 - 2014-04-30 14:29 - 0730834 _____ () C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.exe 2013-10-10 09:18 - 2017-01-10 14:14 - 0011776 _____ () C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente ==================== Fim de FRST.txt ============================