Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 20-04-2017
Executado por gilvando 123 (administrador) em NEIVA (21-04-2017 12:09:17)
Executando a partir de C:\Users\gilvando 123\Desktop
Perfis Carregados: gilvando 123 (Perfis Disponíveis: gilvando 123)
Platform: Windows 8 Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 10 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Positivo Informática S.A) C:\Program Files\Positivo Informática\Positivo Bateria\BatteryManagerService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Positivo Informática) C:\Positivo\Deskmedia\DeskmediaService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\KMS-R@1n.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Positivo Informática S.A.) C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosService.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [Deskmedia] => C:\Positivo\Deskmedia\GerenciadorLocal.exe [1347488 2016-03-10] (Positivo Informática)
HKLM\...\Run: [Posibar] => C:\Positivo\Deskmedia\Posibar\Posibar.exe [1331104 2016-03-10] (Positivo Informática)
HKLM\...\Run: [StartUpManagerPositivo] => C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe [261912 2013-05-16] (Positivo Informática SA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-10] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-20] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [692160 2016-01-19] (Autodesk, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\...\Run: [SmartProtect] => C:\ProgramData\SmartProtect\SmartProtect.exe [54584 2013-08-19] ()
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\...\Run: [Chromium] => c:\users\gilvando 123\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-20] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iBrightness.lnk [2014-02-12]
ShortcutTarget: iBrightness.lnk -> C:\Windows\Installer\{B351A468-173F-43D8-B6E6-5A6E9A0125A8}\_5CA7EB0450877D7F6842BB.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IPM.lnk [2014-02-12]
ShortcutTarget: IPM.lnk -> C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_5B69F777C044777290665A.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Positivo Bateria.lnk [2014-02-12]
ShortcutTarget: Positivo Bateria.lnk -> C:\Program Files\Positivo Informática\Positivo Bateria\BatteryAppManager.exe (Positivo Informática S.A)
GroupPolicy: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AD70AF98-71BF-4D0F-8CCB-E68CC4E56EA0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FDEE4CF4-D7A0-4681-AD2C-11C8412344CC}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1a93f666
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1a93f666
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131256316377583497&GUID=385C27E7-C8E6-42CF-AE2A-211906E52609
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem.msn.com/?pc=NMJB
SearchScopes: HKLM -> DefaultScope {9AE482A6-FAD9-45DD-BB8F-EFD5F4CF9CC3} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1a93f666&q={searchTerms}
SearchScopes: HKLM -> {9AE482A6-FAD9-45DD-BB8F-EFD5F4CF9CC3} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1a93f666&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9AE482A6-FAD9-45DD-BB8F-EFD5F4CF9CC3} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1a93f666&q={searchTerms}
SearchScopes: HKLM-x32 -> {9AE482A6-FAD9-45DD-BB8F-EFD5F4CF9CC3} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1a93f666&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3069889820-3373727436-1154643513-1001 -> DefaultScope {9AE482A6-FAD9-45DD-BB8F-EFD5F4CF9CC3} URL =
SearchScopes: HKU\S-1-5-21-3069889820-3373727436-1154643513-1001 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1a93f666&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-04-20] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-20] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-20] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-04-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-20] (AVAST Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-21] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 6bip2evc.default
FF ProfilePath: C:\Users\gilvando 123\AppData\Roaming\Mozilla\Firefox\Profiles\6bip2evc.default [2017-04-21]
FF Homepage: Mozilla\Firefox\Profiles\6bip2evc.default -> www.google.com.br
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-20]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-20] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-04-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\gilvando 123\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-21]
CHR Extension: (Avast SafePrice) - C:\Users\gilvando 123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-21]
CHR Extension: (Avast Online Security) - C:\Users\gilvando 123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\gilvando 123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\gilvando 123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1222664 2016-01-19] (Autodesk Inc.)
R2 AppManagerService; C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosService.exe [65304 2013-11-05] (Positivo Informática S.A.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-20] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-20] (AVAST Software)
R2 BatteryManagerSrv; C:\Program Files\Positivo Informática\Positivo Bateria\BatteryManagerService.exe [65816 2013-09-04] (Positivo Informática S.A)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736768 2017-04-09] (Microsoft Corporation)
R2 DeskmediaService; C:\Positivo\Deskmedia\DeskmediaService.exe [310688 2016-03-10] (Positivo Informática)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129488 2012-12-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165328 2012-12-19] (Intel Corporation)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-04-20] () [Arquivo não assinado]
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-20] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-20] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-20] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-20] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-20] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-04-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-04-21] (Disc Soft Ltd)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2014-03-14] ()
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1549384 2013-05-02] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-10] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-10] (Synaptics Incorporated)
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2010-08-19] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 DIRECTIO; \??\C:\wst2\programs\BurnInTest\DirectIo64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-04-21 12:09 - 2017-04-21 12:10 - 00019512 _____ C:\Users\gilvando 123\Desktop\FRST.txt
2017-04-21 12:08 - 2017-04-21 12:09 - 00000000 ____D C:\FRST
2017-04-21 12:00 - 2017-04-21 12:01 - 00150018 _____ C:\Windows\ntbtlog.txt
2017-04-21 11:32 - 2017-04-21 11:32 - 00000000 ____D C:\Users\gilvando 123\Desktop\ATIVADOR ATCAD2017 - AlohaDownloads
2017-04-21 10:01 - 2017-04-21 10:02 - 00000000 ____D C:\Users\Todos os Usuários\FLEXnet
2017-04-21 10:01 - 2017-04-21 10:02 - 00000000 ____D C:\ProgramData\FLEXnet
2017-04-21 09:53 - 2017-04-21 09:53 - 00002107 _____ C:\Users\Public\Desktop\AutoCAD 2017 - Português - Brasil (Brazilian Portuguese).lnk
2017-04-21 09:53 - 2017-04-21 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2017 - Português - Brasil (Brazilian Portuguese)
2017-04-21 09:48 - 2017-04-21 09:48 - 00000000 ____D C:\Autodesk
2017-04-21 09:44 - 2017-04-21 09:44 - 00001464 _____ C:\Users\Public\Desktop\Autodesk Desktop App.lnk
2017-04-21 09:31 - 2017-04-21 09:31 - 00002082 _____ C:\Users\Public\Desktop\Autodesk ReCap 360.lnk
2017-04-21 09:31 - 2017-04-21 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap 360
2017-04-21 09:16 - 2017-04-21 09:43 - 00000000 ____D C:\Program Files (x86)\Autodesk
2017-04-21 09:15 - 2017-04-21 09:15 - 02424832 _____ (Farbar) C:\Users\gilvando 123\Desktop\FRST64.exe
2017-04-21 09:14 - 2017-04-21 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2017 - English
2017-04-21 09:13 - 2017-04-21 10:01 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\Autodesk
2017-04-21 09:13 - 2017-04-21 09:13 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2017-04-21 09:10 - 2017-04-21 09:10 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-04-21 09:09 - 2017-04-21 09:09 - 00000000 ____D C:\Users\gilvando 123\Documents\Inventor Server SDK ACAD 2017
2017-04-21 09:07 - 2017-04-21 10:05 - 00000517 _____ C:\Users\gilvando 123\Desktop\Novo Documento de Texto.txt
2017-04-21 08:57 - 2017-04-21 09:52 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-04-21 08:57 - 2017-04-21 09:51 - 00000000 ____D C:\Program Files\Autodesk
2017-04-21 08:52 - 2017-04-21 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-04-21 08:49 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-04-21 08:49 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-04-21 08:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-04-21 08:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-04-21 08:49 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-04-21 08:49 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-04-21 08:48 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-04-21 08:48 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-04-21 08:48 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-04-21 08:48 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-04-21 08:48 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-04-21 08:48 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-04-21 08:48 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-04-21 08:48 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-04-21 08:47 - 2017-04-21 08:47 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-21 08:47 - 2017-04-21 08:47 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-21 08:42 - 2017-04-21 10:09 - 00000000 ____D C:\Users\Todos os Usuários\Autodesk
2017-04-21 08:42 - 2017-04-21 10:09 - 00000000 ____D C:\ProgramData\Autodesk
2017-04-21 08:42 - 2017-04-21 10:01 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\Autodesk
2017-04-21 08:31 - 2017-04-21 08:31 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\Disc_Soft_Ltd
2017-04-21 08:27 - 2017-04-21 08:27 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-04-21 08:25 - 2017-04-21 08:25 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-04-21 08:22 - 2017-04-21 08:39 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\DAEMON Tools Lite
2017-04-21 08:22 - 2017-04-21 08:22 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-04-21 08:22 - 2017-04-21 08:22 - 00001780 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-04-21 08:22 - 2017-04-21 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-04-21 08:22 - 2017-04-21 08:22 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-04-21 08:21 - 2017-04-21 08:26 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-04-21 08:21 - 2017-04-21 08:21 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2017-04-21 08:21 - 2017-04-21 08:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-04-20 23:18 - 2017-04-20 23:18 - 00000000 ____D C:\Users\Todos os Usuários\SWCUTemp
2017-04-20 23:18 - 2017-04-20 23:18 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-20 21:18 - 2017-04-20 23:11 - 00000000 ____D C:\KVRT_Data
2017-04-20 20:59 - 2017-04-20 20:59 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-04-20 20:59 - 2017-04-20 20:59 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-20 20:59 - 2017-04-20 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-20 20:59 - 2017-04-20 20:59 - 00000000 ____D C:\Program Files\CCleaner
2017-04-20 20:54 - 2017-04-20 20:55 - 00000916 _____ C:\DelFix.txt
2017-04-20 20:33 - 2017-04-20 20:33 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1492731167
2017-04-20 20:33 - 2017-04-20 20:33 - 00001050 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-04-20 20:33 - 2017-04-20 20:33 - 00001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-20 20:31 - 2017-04-20 20:30 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-20 20:22 - 2017-04-20 20:22 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\AVAST Software
2017-04-20 20:22 - 2017-04-20 20:22 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\CEF
2017-04-20 20:21 - 2017-04-20 20:21 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-20 20:21 - 2017-04-20 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-20 20:20 - 2017-04-20 20:20 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-20 20:20 - 2017-04-20 20:20 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-04-20 20:20 - 2017-04-20 20:20 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-20 20:20 - 2017-04-20 20:18 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-20 20:20 - 2017-04-20 20:17 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-20 20:19 - 2017-04-20 20:18 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-20 20:19 - 2017-04-20 20:16 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-20 20:19 - 2017-04-20 20:16 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-20 20:19 - 2017-04-20 20:16 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-20 20:19 - 2017-04-20 20:16 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-20 20:03 - 2017-04-20 20:03 - 00000000 ____D C:\Program Files\Common Files\Corel
2017-04-20 19:45 - 2017-04-20 19:45 - 00000000 ____D C:\Users\gilvando 123\Documents\Minhas paletas
2017-04-20 19:37 - 2017-04-20 19:37 - 00003144 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTask
2017-04-20 19:34 - 2017-04-20 19:26 - 00003056 _____ C:\Users\Public\Desktop\Corel CAPTURE X8 (64-Bit).lnk
2017-04-20 19:34 - 2017-04-20 19:26 - 00002350 _____ C:\Users\Public\Desktop\Corel CONNECT X8 (64-Bit).lnk
2017-04-20 19:34 - 2017-04-20 19:25 - 00003063 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X8 (64-Bit).lnk
2017-04-20 19:34 - 2017-04-20 19:25 - 00003015 _____ C:\Users\Public\Desktop\CorelDRAW X8 (64-Bit).lnk
2017-04-20 19:34 - 2017-04-20 19:25 - 00002263 _____ C:\Users\Public\Desktop\Corel Font Manager X8 (64-Bit).lnk
2017-04-20 19:33 - 2017-04-20 19:33 - 00000000 ____D C:\Program Files (x86)\gs
2017-04-20 19:32 - 2017-04-20 19:34 - 00003324 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTaskCore
2017-04-20 19:32 - 2017-04-20 19:32 - 00000000 ____D C:\Users\Todos os Usuários\VsTelemetry
2017-04-20 19:32 - 2017-04-20 19:32 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-04-20 19:32 - 2017-04-20 19:32 - 00000000 ____D C:\Program Files (x86)\Corel
2017-04-20 19:27 - 2017-04-20 19:27 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-04-20 19:25 - 2017-04-20 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)
2017-04-20 19:24 - 2017-04-20 19:39 - 00000000 ____D C:\Users\gilvando 123\Documents\Corel
2017-04-20 19:24 - 2017-04-20 19:34 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\Corel
2017-04-20 19:22 - 2017-04-20 19:37 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2017-04-20 19:22 - 2017-04-20 19:37 - 00000000 ____D C:\ProgramData\Corel
2017-04-20 19:21 - 2017-04-20 19:32 - 00000000 ____D C:\Program Files\Corel
2017-04-20 19:09 - 2017-04-20 19:09 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-04-20 19:09 - 2017-04-20 19:09 - 00987848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-04-20 19:09 - 2017-04-20 19:09 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-04-20 19:09 - 2017-04-20 19:09 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-04-20 19:09 - 2017-04-20 19:09 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-04-20 19:09 - 2017-04-20 19:09 - 00027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-04-20 19:09 - 2017-04-07 19:06 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-04-20 18:59 - 2017-04-20 18:59 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\mpress
2017-04-20 18:58 - 2017-04-20 18:59 - 00000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2017-04-20 18:58 - 2017-04-20 18:58 - 00026112 _____ C:\Windows\KMS-R@1n.exe
2017-04-20 18:58 - 2017-04-20 18:58 - 00005120 _____ C:\Windows\KMS-R@1nHook.exe
2017-04-20 18:58 - 2017-04-20 18:58 - 00004096 _____ C:\Windows\KMS-R@1nHook.dll
2017-04-20 18:57 - 2017-04-20 18:57 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\WinRAR
2017-04-20 18:56 - 2017-04-20 18:56 - 00002257 _____ C:\Users\gilvando 123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-20 18:56 - 2017-04-20 18:56 - 00002218 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-20 18:56 - 2017-04-20 18:56 - 00002218 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-20 18:56 - 2017-04-20 18:56 - 00002218 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-20 18:56 - 2017-04-20 18:56 - 00000000 ___RD C:\Users\gilvando 123\OneDrive
2017-04-20 18:56 - 2017-04-20 18:56 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2017-04-20 18:55 - 2017-04-20 18:55 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2017-04-20 18:55 - 2017-04-20 18:55 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-20 18:40 - 2017-04-20 18:40 - 00002151 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-04-20 18:40 - 2017-04-20 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-04-20 16:46 - 2017-04-20 16:46 - 00002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
2017-04-20 15:31 - 2017-04-21 12:05 - 00000000 ____D C:\Users\gilvando 123\AppData\LocalLow\Mozilla
2017-04-20 15:31 - 2017-04-20 16:22 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\Mozilla
2017-04-20 15:31 - 2017-04-20 15:31 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-20 15:31 - 2017-04-20 15:31 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\Mozilla
2017-04-20 15:31 - 2017-04-20 15:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-20 15:31 - 2017-04-20 15:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-20 15:17 - 2017-04-20 15:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-04-20 15:07 - 2017-04-20 15:07 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-20 15:07 - 2017-04-20 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-20 15:07 - 2017-04-20 15:07 - 00000000 ____D C:\Program Files\WinRAR
2017-04-20 14:43 - 2017-04-20 14:54 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\ZHP
2017-04-20 14:43 - 2017-04-20 14:44 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\ZHP
2017-03-05 17:56 - 2017-03-05 17:56 - 00087792 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-03-05 17:56 - 2017-03-05 17:56 - 00083696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00633072 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00440048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00395520 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00333592 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00267520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00243992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-04-21 12:03 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-21 12:02 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-21 11:54 - 2015-06-19 10:52 - 00619552 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-21 11:52 - 2016-09-17 09:52 - 00000000 ____D C:\Windows\system32\MRT
2017-04-21 11:44 - 2016-09-17 09:52 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-21 11:42 - 2012-07-26 04:59 - 00000000 ____D C:\Windows\CbsTemp
2017-04-21 11:38 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\NDF
2017-04-21 11:23 - 2016-11-12 07:23 - 00000298 _____ C:\Windows\Tasks\{28FCC88A-7956-A95B-0AC9-138ECE70F77F}.job
2017-04-21 10:25 - 2012-07-26 07:32 - 00763854 _____ C:\Windows\system32\prfh0416.dat
2017-04-21 10:25 - 2012-07-26 07:32 - 00155144 _____ C:\Windows\system32\prfc0416.dat
2017-04-21 10:25 - 2012-07-26 04:28 - 01769104 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-21 10:25 - 2012-07-26 02:37 - 00000000 ____D C:\Windows\Inf
2017-04-21 09:52 - 2012-07-26 05:12 - 00000000 ___SD C:\Windows\Downloaded Program Files
2017-04-21 08:47 - 2014-02-12 08:03 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-04-21 08:47 - 2014-02-12 08:03 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-21 08:25 - 2012-07-26 05:12 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2017-04-21 08:25 - 2012-07-26 05:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-21 08:22 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-21 08:12 - 2016-09-01 12:56 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-21 08:08 - 2014-02-12 13:42 - 00000000 ____D C:\Windows\Panther
2017-04-20 23:40 - 2014-08-13 10:40 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\Packages
2017-04-20 22:13 - 2014-02-12 08:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-04-20 21:57 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\AUInstallAgent
2017-04-20 21:55 - 2012-07-26 05:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-20 21:40 - 2016-10-07 13:40 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\{C3CEF575-E69C-9803-8DAA-BFD1517842EF}
2017-04-20 21:25 - 2016-09-26 17:01 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2017-04-20 21:25 - 2016-09-26 17:01 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-20 20:59 - 2016-09-21 09:57 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\{903CA687-B56E-CBF1-DE58-EC23028A111D}
2017-04-20 20:30 - 2016-09-26 17:06 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-20 19:21 - 2016-12-08 14:25 - 00000000 ___HD C:\Users\gilvando 123\AppData\Local\3041c3b317d1a284
2017-04-20 19:18 - 2016-09-21 09:55 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-04-20 19:18 - 2016-09-21 09:55 - 00000286 __RSH C:\ProgramData\ntuser.pol
2017-04-20 19:10 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-04-20 19:07 - 2014-08-14 09:50 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-20 18:56 - 2014-08-13 10:40 - 00000000 ____D C:\Users\gilvando 123
2017-04-20 18:39 - 2014-08-14 09:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-20 15:50 - 2014-08-14 09:47 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3069889820-3373727436-1154643513-1001
2017-04-20 15:23 - 2016-11-12 07:23 - 00000000 ____D C:\Users\Todos os Usuários\{33BAF6D9-B9F8-7C1F-3F3E-E25DA57C6993}
2017-04-20 15:23 - 2016-11-12 07:23 - 00000000 ____D C:\ProgramData\{33BAF6D9-B9F8-7C1F-3F3E-E25DA57C6993}
2017-04-20 15:20 - 2016-12-07 07:57 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-20 14:35 - 2014-02-12 08:20 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2017-04-20 14:35 - 2014-02-12 08:20 - 00000000 ____D C:\ProgramData\McAfee
2017-04-20 14:28 - 2016-02-01 15:52 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-20 14:28 - 2014-08-14 09:48 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-20 14:18 - 2014-08-13 10:44 - 00000000 ___HD C:\Users\Todos os Usuários\SmartProtect
2017-04-20 14:18 - 2014-08-13 10:44 - 00000000 ___HD C:\ProgramData\SmartProtect
2017-04-20 14:09 - 2012-07-26 05:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-04-20 13:58 - 2016-09-01 13:37 - 00000331 _____ C:\Users\gilvando 123\AppData\Roaming\WB.CFG
==================== Arquivos na raiz de alguns diretórios =======
2016-09-01 13:37 - 2017-04-20 13:58 - 0000331 _____ () C:\Users\gilvando 123\AppData\Roaming\WB.CFG
2014-02-12 08:08 - 2014-02-12 08:08 - 0510976 _____ () C:\ProgramData\DRV10.tmp
2014-02-12 08:08 - 2014-02-12 08:08 - 5501952 _____ (OEM) C:\ProgramData\E1010.tmp
2014-08-13 10:43 - 2014-08-13 10:43 - 0000139 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\{28FCC88A-7956-A95B-0AC9-138ECE70F77F}.job
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-04-20 15:50
==================== Fim de FRST.txt ============================
Executado por gilvando 123 (administrador) em NEIVA (21-04-2017 12:09:17)
Executando a partir de C:\Users\gilvando 123\Desktop
Perfis Carregados: gilvando 123 (Perfis Disponíveis: gilvando 123)
Platform: Windows 8 Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 10 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Positivo Informática S.A) C:\Program Files\Positivo Informática\Positivo Bateria\BatteryManagerService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Positivo Informática) C:\Positivo\Deskmedia\DeskmediaService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\KMS-R@1n.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Positivo Informática S.A.) C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosService.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [Deskmedia] => C:\Positivo\Deskmedia\GerenciadorLocal.exe [1347488 2016-03-10] (Positivo Informática)
HKLM\...\Run: [Posibar] => C:\Positivo\Deskmedia\Posibar\Posibar.exe [1331104 2016-03-10] (Positivo Informática)
HKLM\...\Run: [StartUpManagerPositivo] => C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe [261912 2013-05-16] (Positivo Informática SA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-10] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-20] (AVAST Software)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [692160 2016-01-19] (Autodesk, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\...\Run: [SmartProtect] => C:\ProgramData\SmartProtect\SmartProtect.exe [54584 2013-08-19] ()
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\...\Run: [Chromium] => c:\users\gilvando 123\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-20] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iBrightness.lnk [2014-02-12]
ShortcutTarget: iBrightness.lnk -> C:\Windows\Installer\{B351A468-173F-43D8-B6E6-5A6E9A0125A8}\_5CA7EB0450877D7F6842BB.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IPM.lnk [2014-02-12]
ShortcutTarget: IPM.lnk -> C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_5B69F777C044777290665A.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Positivo Bateria.lnk [2014-02-12]
ShortcutTarget: Positivo Bateria.lnk -> C:\Program Files\Positivo Informática\Positivo Bateria\BatteryAppManager.exe (Positivo Informática S.A)
GroupPolicy: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AD70AF98-71BF-4D0F-8CCB-E68CC4E56EA0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FDEE4CF4-D7A0-4681-AD2C-11C8412344CC}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1a93f666
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-1a93f666
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131256316377583497&GUID=385C27E7-C8E6-42CF-AE2A-211906E52609
HKU\S-1-5-21-3069889820-3373727436-1154643513-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem.msn.com/?pc=NMJB
SearchScopes: HKLM -> DefaultScope {9AE482A6-FAD9-45DD-BB8F-EFD5F4CF9CC3} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1a93f666&q={searchTerms}
SearchScopes: HKLM -> {9AE482A6-FAD9-45DD-BB8F-EFD5F4CF9CC3} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1a93f666&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9AE482A6-FAD9-45DD-BB8F-EFD5F4CF9CC3} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1a93f666&q={searchTerms}
SearchScopes: HKLM-x32 -> {9AE482A6-FAD9-45DD-BB8F-EFD5F4CF9CC3} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1a93f666&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3069889820-3373727436-1154643513-1001 -> DefaultScope {9AE482A6-FAD9-45DD-BB8F-EFD5F4CF9CC3} URL =
SearchScopes: HKU\S-1-5-21-3069889820-3373727436-1154643513-1001 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-1a93f666&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-04-20] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-20] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-20] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-04-21] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-20] (AVAST Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-21] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: 6bip2evc.default
FF ProfilePath: C:\Users\gilvando 123\AppData\Roaming\Mozilla\Firefox\Profiles\6bip2evc.default [2017-04-21]
FF Homepage: Mozilla\Firefox\Profiles\6bip2evc.default -> www.google.com.br
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-04-20]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-04-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-20] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-04-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\gilvando 123\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-21]
CHR Extension: (Avast SafePrice) - C:\Users\gilvando 123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-21]
CHR Extension: (Avast Online Security) - C:\Users\gilvando 123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\gilvando 123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\gilvando 123\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1222664 2016-01-19] (Autodesk Inc.)
R2 AppManagerService; C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosService.exe [65304 2013-11-05] (Positivo Informática S.A.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-20] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-20] (AVAST Software)
R2 BatteryManagerSrv; C:\Program Files\Positivo Informática\Positivo Bateria\BatteryManagerService.exe [65816 2013-09-04] (Positivo Informática S.A)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736768 2017-04-09] (Microsoft Corporation)
R2 DeskmediaService; C:\Positivo\Deskmedia\DeskmediaService.exe [310688 2016-03-10] (Positivo Informática)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129488 2012-12-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165328 2012-12-19] (Intel Corporation)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-04-20] () [Arquivo não assinado]
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-20] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-20] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-20] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-20] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-20] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-20] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-04-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-04-21] (Disc Soft Ltd)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2014-03-14] ()
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1549384 2013-05-02] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-10] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-10] (Synaptics Incorporated)
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2010-08-19] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 DIRECTIO; \??\C:\wst2\programs\BurnInTest\DirectIo64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-04-21 12:09 - 2017-04-21 12:10 - 00019512 _____ C:\Users\gilvando 123\Desktop\FRST.txt
2017-04-21 12:08 - 2017-04-21 12:09 - 00000000 ____D C:\FRST
2017-04-21 12:00 - 2017-04-21 12:01 - 00150018 _____ C:\Windows\ntbtlog.txt
2017-04-21 11:32 - 2017-04-21 11:32 - 00000000 ____D C:\Users\gilvando 123\Desktop\ATIVADOR ATCAD2017 - AlohaDownloads
2017-04-21 10:01 - 2017-04-21 10:02 - 00000000 ____D C:\Users\Todos os Usuários\FLEXnet
2017-04-21 10:01 - 2017-04-21 10:02 - 00000000 ____D C:\ProgramData\FLEXnet
2017-04-21 09:53 - 2017-04-21 09:53 - 00002107 _____ C:\Users\Public\Desktop\AutoCAD 2017 - Português - Brasil (Brazilian Portuguese).lnk
2017-04-21 09:53 - 2017-04-21 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2017 - Português - Brasil (Brazilian Portuguese)
2017-04-21 09:48 - 2017-04-21 09:48 - 00000000 ____D C:\Autodesk
2017-04-21 09:44 - 2017-04-21 09:44 - 00001464 _____ C:\Users\Public\Desktop\Autodesk Desktop App.lnk
2017-04-21 09:31 - 2017-04-21 09:31 - 00002082 _____ C:\Users\Public\Desktop\Autodesk ReCap 360.lnk
2017-04-21 09:31 - 2017-04-21 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap 360
2017-04-21 09:16 - 2017-04-21 09:43 - 00000000 ____D C:\Program Files (x86)\Autodesk
2017-04-21 09:15 - 2017-04-21 09:15 - 02424832 _____ (Farbar) C:\Users\gilvando 123\Desktop\FRST64.exe
2017-04-21 09:14 - 2017-04-21 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2017 - English
2017-04-21 09:13 - 2017-04-21 10:01 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\Autodesk
2017-04-21 09:13 - 2017-04-21 09:13 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2017-04-21 09:10 - 2017-04-21 09:10 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-04-21 09:09 - 2017-04-21 09:09 - 00000000 ____D C:\Users\gilvando 123\Documents\Inventor Server SDK ACAD 2017
2017-04-21 09:07 - 2017-04-21 10:05 - 00000517 _____ C:\Users\gilvando 123\Desktop\Novo Documento de Texto.txt
2017-04-21 08:57 - 2017-04-21 09:52 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-04-21 08:57 - 2017-04-21 09:51 - 00000000 ____D C:\Program Files\Autodesk
2017-04-21 08:52 - 2017-04-21 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-04-21 08:49 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-04-21 08:49 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-04-21 08:49 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-04-21 08:49 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-04-21 08:49 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-04-21 08:49 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-04-21 08:48 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-04-21 08:48 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-04-21 08:48 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-04-21 08:48 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-04-21 08:48 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-04-21 08:48 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-04-21 08:48 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-04-21 08:48 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-04-21 08:48 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-04-21 08:47 - 2017-04-21 08:47 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-21 08:47 - 2017-04-21 08:47 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-21 08:42 - 2017-04-21 10:09 - 00000000 ____D C:\Users\Todos os Usuários\Autodesk
2017-04-21 08:42 - 2017-04-21 10:09 - 00000000 ____D C:\ProgramData\Autodesk
2017-04-21 08:42 - 2017-04-21 10:01 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\Autodesk
2017-04-21 08:31 - 2017-04-21 08:31 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\Disc_Soft_Ltd
2017-04-21 08:27 - 2017-04-21 08:27 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-04-21 08:25 - 2017-04-21 08:25 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-04-21 08:22 - 2017-04-21 08:39 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\DAEMON Tools Lite
2017-04-21 08:22 - 2017-04-21 08:22 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-04-21 08:22 - 2017-04-21 08:22 - 00001780 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-04-21 08:22 - 2017-04-21 08:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-04-21 08:22 - 2017-04-21 08:22 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-04-21 08:21 - 2017-04-21 08:26 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-04-21 08:21 - 2017-04-21 08:21 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2017-04-21 08:21 - 2017-04-21 08:21 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-04-20 23:18 - 2017-04-20 23:18 - 00000000 ____D C:\Users\Todos os Usuários\SWCUTemp
2017-04-20 23:18 - 2017-04-20 23:18 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-20 21:18 - 2017-04-20 23:11 - 00000000 ____D C:\KVRT_Data
2017-04-20 20:59 - 2017-04-20 20:59 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-04-20 20:59 - 2017-04-20 20:59 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-20 20:59 - 2017-04-20 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-20 20:59 - 2017-04-20 20:59 - 00000000 ____D C:\Program Files\CCleaner
2017-04-20 20:54 - 2017-04-20 20:55 - 00000916 _____ C:\DelFix.txt
2017-04-20 20:33 - 2017-04-20 20:33 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1492731167
2017-04-20 20:33 - 2017-04-20 20:33 - 00001050 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-04-20 20:33 - 2017-04-20 20:33 - 00001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-20 20:31 - 2017-04-20 20:30 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-20 20:22 - 2017-04-20 20:22 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\AVAST Software
2017-04-20 20:22 - 2017-04-20 20:22 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\CEF
2017-04-20 20:21 - 2017-04-20 20:21 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-20 20:21 - 2017-04-20 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-20 20:20 - 2017-04-20 20:20 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-04-20 20:20 - 2017-04-20 20:20 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-04-20 20:20 - 2017-04-20 20:20 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-20 20:20 - 2017-04-20 20:18 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-20 20:20 - 2017-04-20 20:18 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-20 20:20 - 2017-04-20 20:17 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-20 20:19 - 2017-04-20 20:18 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-20 20:19 - 2017-04-20 20:16 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-04-20 20:19 - 2017-04-20 20:16 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-04-20 20:19 - 2017-04-20 20:16 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-04-20 20:19 - 2017-04-20 20:16 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-04-20 20:03 - 2017-04-20 20:03 - 00000000 ____D C:\Program Files\Common Files\Corel
2017-04-20 19:45 - 2017-04-20 19:45 - 00000000 ____D C:\Users\gilvando 123\Documents\Minhas paletas
2017-04-20 19:37 - 2017-04-20 19:37 - 00003144 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTask
2017-04-20 19:34 - 2017-04-20 19:26 - 00003056 _____ C:\Users\Public\Desktop\Corel CAPTURE X8 (64-Bit).lnk
2017-04-20 19:34 - 2017-04-20 19:26 - 00002350 _____ C:\Users\Public\Desktop\Corel CONNECT X8 (64-Bit).lnk
2017-04-20 19:34 - 2017-04-20 19:25 - 00003063 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X8 (64-Bit).lnk
2017-04-20 19:34 - 2017-04-20 19:25 - 00003015 _____ C:\Users\Public\Desktop\CorelDRAW X8 (64-Bit).lnk
2017-04-20 19:34 - 2017-04-20 19:25 - 00002263 _____ C:\Users\Public\Desktop\Corel Font Manager X8 (64-Bit).lnk
2017-04-20 19:33 - 2017-04-20 19:33 - 00000000 ____D C:\Program Files (x86)\gs
2017-04-20 19:32 - 2017-04-20 19:34 - 00003324 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTaskCore
2017-04-20 19:32 - 2017-04-20 19:32 - 00000000 ____D C:\Users\Todos os Usuários\VsTelemetry
2017-04-20 19:32 - 2017-04-20 19:32 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-04-20 19:32 - 2017-04-20 19:32 - 00000000 ____D C:\Program Files (x86)\Corel
2017-04-20 19:27 - 2017-04-20 19:27 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-04-20 19:25 - 2017-04-20 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)
2017-04-20 19:24 - 2017-04-20 19:39 - 00000000 ____D C:\Users\gilvando 123\Documents\Corel
2017-04-20 19:24 - 2017-04-20 19:34 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\Corel
2017-04-20 19:22 - 2017-04-20 19:37 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2017-04-20 19:22 - 2017-04-20 19:37 - 00000000 ____D C:\ProgramData\Corel
2017-04-20 19:21 - 2017-04-20 19:32 - 00000000 ____D C:\Program Files\Corel
2017-04-20 19:09 - 2017-04-20 19:09 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-04-20 19:09 - 2017-04-20 19:09 - 00987848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-04-20 19:09 - 2017-04-20 19:09 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-04-20 19:09 - 2017-04-20 19:09 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-04-20 19:09 - 2017-04-20 19:09 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-04-20 19:09 - 2017-04-20 19:09 - 00027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-04-20 19:09 - 2017-04-07 19:06 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-04-20 18:59 - 2017-04-20 18:59 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\mpress
2017-04-20 18:58 - 2017-04-20 18:59 - 00000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2017-04-20 18:58 - 2017-04-20 18:58 - 00026112 _____ C:\Windows\KMS-R@1n.exe
2017-04-20 18:58 - 2017-04-20 18:58 - 00005120 _____ C:\Windows\KMS-R@1nHook.exe
2017-04-20 18:58 - 2017-04-20 18:58 - 00004096 _____ C:\Windows\KMS-R@1nHook.dll
2017-04-20 18:57 - 2017-04-20 18:57 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\WinRAR
2017-04-20 18:56 - 2017-04-20 18:56 - 00002257 _____ C:\Users\gilvando 123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-20 18:56 - 2017-04-20 18:56 - 00002218 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-20 18:56 - 2017-04-20 18:56 - 00002218 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-20 18:56 - 2017-04-20 18:56 - 00002218 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-20 18:56 - 2017-04-20 18:56 - 00000000 ___RD C:\Users\gilvando 123\OneDrive
2017-04-20 18:56 - 2017-04-20 18:56 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2017-04-20 18:55 - 2017-04-20 18:55 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2017-04-20 18:55 - 2017-04-20 18:55 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-20 18:40 - 2017-04-20 18:40 - 00002151 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-04-20 18:40 - 2017-04-20 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-04-20 16:46 - 2017-04-20 16:46 - 00002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002424 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00002329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-04-20 16:46 - 2017-04-20 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
2017-04-20 15:31 - 2017-04-21 12:05 - 00000000 ____D C:\Users\gilvando 123\AppData\LocalLow\Mozilla
2017-04-20 15:31 - 2017-04-20 16:22 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\Mozilla
2017-04-20 15:31 - 2017-04-20 15:31 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-20 15:31 - 2017-04-20 15:31 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\Mozilla
2017-04-20 15:31 - 2017-04-20 15:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-04-20 15:31 - 2017-04-20 15:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-20 15:17 - 2017-04-20 15:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-04-20 15:07 - 2017-04-20 15:07 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-20 15:07 - 2017-04-20 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-20 15:07 - 2017-04-20 15:07 - 00000000 ____D C:\Program Files\WinRAR
2017-04-20 14:43 - 2017-04-20 14:54 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\ZHP
2017-04-20 14:43 - 2017-04-20 14:44 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\ZHP
2017-03-05 17:56 - 2017-03-05 17:56 - 00087792 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-03-05 17:56 - 2017-03-05 17:56 - 00083696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00633072 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00440048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00395520 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00333592 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00267520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2017-03-05 17:50 - 2017-03-05 17:50 - 00243992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-04-21 12:03 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-21 12:02 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-04-21 11:54 - 2015-06-19 10:52 - 00619552 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-21 11:52 - 2016-09-17 09:52 - 00000000 ____D C:\Windows\system32\MRT
2017-04-21 11:44 - 2016-09-17 09:52 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-21 11:42 - 2012-07-26 04:59 - 00000000 ____D C:\Windows\CbsTemp
2017-04-21 11:38 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\NDF
2017-04-21 11:23 - 2016-11-12 07:23 - 00000298 _____ C:\Windows\Tasks\{28FCC88A-7956-A95B-0AC9-138ECE70F77F}.job
2017-04-21 10:25 - 2012-07-26 07:32 - 00763854 _____ C:\Windows\system32\prfh0416.dat
2017-04-21 10:25 - 2012-07-26 07:32 - 00155144 _____ C:\Windows\system32\prfc0416.dat
2017-04-21 10:25 - 2012-07-26 04:28 - 01769104 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-21 10:25 - 2012-07-26 02:37 - 00000000 ____D C:\Windows\Inf
2017-04-21 09:52 - 2012-07-26 05:12 - 00000000 ___SD C:\Windows\Downloaded Program Files
2017-04-21 08:47 - 2014-02-12 08:03 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-04-21 08:47 - 2014-02-12 08:03 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-21 08:25 - 2012-07-26 05:12 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2017-04-21 08:25 - 2012-07-26 05:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-21 08:22 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-21 08:12 - 2016-09-01 12:56 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-21 08:08 - 2014-02-12 13:42 - 00000000 ____D C:\Windows\Panther
2017-04-20 23:40 - 2014-08-13 10:40 - 00000000 ____D C:\Users\gilvando 123\AppData\Local\Packages
2017-04-20 22:13 - 2014-02-12 08:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-04-20 21:57 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\AUInstallAgent
2017-04-20 21:55 - 2012-07-26 05:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-20 21:40 - 2016-10-07 13:40 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\{C3CEF575-E69C-9803-8DAA-BFD1517842EF}
2017-04-20 21:25 - 2016-09-26 17:01 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2017-04-20 21:25 - 2016-09-26 17:01 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-20 20:59 - 2016-09-21 09:57 - 00000000 ____D C:\Users\gilvando 123\AppData\Roaming\{903CA687-B56E-CBF1-DE58-EC23028A111D}
2017-04-20 20:30 - 2016-09-26 17:06 - 00000000 ____D C:\Program Files\AVAST Software
2017-04-20 19:21 - 2016-12-08 14:25 - 00000000 ___HD C:\Users\gilvando 123\AppData\Local\3041c3b317d1a284
2017-04-20 19:18 - 2016-09-21 09:55 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-04-20 19:18 - 2016-09-21 09:55 - 00000286 __RSH C:\ProgramData\ntuser.pol
2017-04-20 19:10 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-04-20 19:07 - 2014-08-14 09:50 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-20 18:56 - 2014-08-13 10:40 - 00000000 ____D C:\Users\gilvando 123
2017-04-20 18:39 - 2014-08-14 09:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-20 15:50 - 2014-08-14 09:47 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3069889820-3373727436-1154643513-1001
2017-04-20 15:23 - 2016-11-12 07:23 - 00000000 ____D C:\Users\Todos os Usuários\{33BAF6D9-B9F8-7C1F-3F3E-E25DA57C6993}
2017-04-20 15:23 - 2016-11-12 07:23 - 00000000 ____D C:\ProgramData\{33BAF6D9-B9F8-7C1F-3F3E-E25DA57C6993}
2017-04-20 15:20 - 2016-12-07 07:57 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-20 14:35 - 2014-02-12 08:20 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2017-04-20 14:35 - 2014-02-12 08:20 - 00000000 ____D C:\ProgramData\McAfee
2017-04-20 14:28 - 2016-02-01 15:52 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-20 14:28 - 2014-08-14 09:48 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-20 14:18 - 2014-08-13 10:44 - 00000000 ___HD C:\Users\Todos os Usuários\SmartProtect
2017-04-20 14:18 - 2014-08-13 10:44 - 00000000 ___HD C:\ProgramData\SmartProtect
2017-04-20 14:09 - 2012-07-26 05:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-04-20 13:58 - 2016-09-01 13:37 - 00000331 _____ C:\Users\gilvando 123\AppData\Roaming\WB.CFG
==================== Arquivos na raiz de alguns diretórios =======
2016-09-01 13:37 - 2017-04-20 13:58 - 0000331 _____ () C:\Users\gilvando 123\AppData\Roaming\WB.CFG
2014-02-12 08:08 - 2014-02-12 08:08 - 0510976 _____ () C:\ProgramData\DRV10.tmp
2014-02-12 08:08 - 2014-02-12 08:08 - 5501952 _____ (OEM) C:\ProgramData\E1010.tmp
2014-08-13 10:43 - 2014-08-13 10:43 - 0000139 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\{28FCC88A-7956-A95B-0AC9-138ECE70F77F}.job
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-04-20 15:50
==================== Fim de FRST.txt ============================