[Resolvido] Computador lento e páginas abrindo aleatóriamente

[Alisson C. Lisboa 0]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:22:24, on 14/07/2015

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

C:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1430145934&from=ient04230&uid=ST3160813AS_9SY1760NXXXX9SY1760N

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1430145934&from=ient04230&uid=ST3160813AS_9SY1760NXXXX9SY1760N&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1430145934&from=ient04230&uid=ST3160813AS_9SY1760NXXXX9SY1760N&q={searchTerms}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1430145934&from=ient04230&uid=ST3160813AS_9SY1760NXXXX9SY1760N

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1430145934&from=ient04230&uid=ST3160813AS_9SY1760NXXXX9SY1760N

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=1402081688&from=kmp&uid=ST3160813AS_9SY1760NXXXX9SY1760N&q={searchTerms}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=1402081688&from=kmp&uid=ST3160813AS_9SY1760NXXXX9SY1760N&q={searchTerms}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1430145934&from=ient04230&uid=ST3160813AS_9SY1760NXXXX9SY1760N

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\XTab\SupTab.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - (no file)

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: http://www.bb.com.br

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: IHProtect Service - XTab system - C:\Program Files\XTab\ProtectService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

--

End of file - 6332 bytes

[caedurodrigues 19]

Boa noite Alisson,

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

• Baixe: <> (...par Xplode)

• Ou aqui >>AdwCleaner<<

• Salve-a na sua Desktop (área de trabalho).

• Feche todos os programas e navegadores de internet abertos.

• Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:

• Clique em Examinar, para iniciar o escaneamento!

• Ao término, clique em limpar

• Copie o log ou clique "Relatório".

• Poste: >>C:\AdwCleaner\AdwCleaner [s0].txt<<

• Baixe:<> <(...by Oleg N. Scherbakov)>

• Salve-o no desktop!

• Desabilite seu antivírus!

• Para Windows 7, clique direito em JRT.exe e execute-o como

• Aguarde a conclusão e poste o relatório. ( JRT.txt )

Um grande abraço.

 

[Alisson C. Lisboa 0]

# AdwCleaner v4.208 - Relatório criado 21/07/2015 às 08:28:15

# Atualizado 09/07/2015 por Xplode

# Base de dados : 2015-07-15.1 [servidor]

# Sistema operacional : Windows 7 Ultimate (x86)

# Usuário : Agricultura - LISBOA

# Executando de : C:\Users\Agricultura\Desktop\adwcleaner_4.208.exe

# Opção : Limpar

***** [ Serviços ] *****

Serviço Excluído : IHProtect Service

***** [ Arquivos / Pastas ] *****

Pasta Excluído : C:\ProgramData\IePluginServices

Pasta Excluído : C:\ProgramData\IHProtectUpDate

Pasta Excluído : C:\Program Files\Mobogenie

Pasta Excluído : C:\Program Files\SupTab

Pasta Excluído : C:\Program Files\XTab

Pasta Excluído : C:\Users\Agricultura\AppData\Roaming\qone8

Pasta Excluído : C:\Users\Agricultura\AppData\Roaming\Mozilla\Firefox\Profiles\3jnviv07.default\Extensions\quick_searchff@gmail.com

Arquivo Excluído : C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage

Arquivo Excluído : C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal

Arquivo Excluído : C:\Program Files\Mozilla Firefox\browser\searchplugins\delta-homes.xml

Arquivo Excluído : C:\Users\Agricultura\AppData\Roaming\Mozilla\Firefox\Profiles\3jnviv07.default\user.js

***** [ Tarefas agendadas ] *****

***** [ Atalhos ] *****

Atalho Desinfectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Atalho Desinfectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Atalho Desinfectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Atalho Desinfectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Atalho Desinfectado : C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Atalho Desinfectado : C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Atalho Desinfectado : C:\Users\Agricultura\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Atalho Desinfectado : C:\Users\Agricultura\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registro ] *****

Valor Apagado : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]

Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe

Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices

Chave Apagado : HKCU\Software\Mozilla\Extends

Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}

Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Dados Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Dados Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command

Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}

Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}

Chave Apagado : HKLM\SOFTWARE\delta-homesSoftware

Chave Apagado : HKLM\SOFTWARE\qone8Software

Chave Apagado : HKLM\SOFTWARE\SupDp

Chave Apagado : HKLM\SOFTWARE\SupTab

Chave Apagado : HKLM\SOFTWARE\Wpm

Chave Apagado : HKLM\SOFTWARE\IHProtect

Dados Apagado : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SupTab\SEARCH~1.DLL

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7600.16385

Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [search Page]

Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configuração Restaurado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Mozilla Firefox v25.0.1 (pt-BR)

[3jnviv07.default\prefs.js] - Linha Apagado : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?type=nt&ts=1430145934&from=ient04230&uid=ST3160813AS_9SY1760NXXXX9SY1760N");

[3jnviv07.default\prefs.js] - Linha Apagado : user_pref("browser.startup.homepage", "hxxp://www.delta-homes.com/?type=hp&ts=1430145934&from=ient04230&uid=ST3160813AS_9SY1760NXXXX9SY1760N");

-\\ Google Chrome v43.0.2357.134

*************************

AdwCleaner[R0].txt - [7222 bytes] - [21/07/2015 08:26:54]

AdwCleaner[s0].txt - [5875 bytes] - [21/07/2015 08:28:15]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5934 bytes] ##########

[Alisson C. Lisboa 0]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.5.1 (07.16.2015:1)

OS: Windows 7 Ultimate x86

Ran by Agricultura on 21/07/2015 at 8:34:28,87

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Program Files\GUT9188.tmp

Successfully deleted: [File] C:\Users\Public\Desktop\drivereasy.lnk

~~~ Folders

Failed to delete: [Folder] C:\Program Files\gbplugin

Successfully deleted: [Folder] C:\ProgramData\gbplugin

Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\drivereasy

~~~ FireFox

Successfully deleted the following from C:\Users\Agricultura\AppData\Roaming\mozilla\firefox\profiles\3jnviv07.default\prefs.js

user_pref(browser.search.defaultenginename, delta-homes);

user_pref(browser.search.selectedEngine, delta-homes);

Emptied folder: C:\Users\Agricultura\AppData\Roaming\mozilla\firefox\profiles\3jnviv07.default\minidumps [4 files]

~~~ Chrome

[C:\Users\Agricultura\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Agricultura\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Agricultura\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Agricultura\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21/07/2015 at 8:39:59,71

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Alisson C. Lisboa 0]

Acima os logs. Muito obrigado!

[caedurodrigues 19]

Boa noite Alisson,

• Baixe: <ZHPDiag3 ><> ( ...Nicolas Coolman)

• Na página, clique

• Salve-a no Desktop (Área de trabalho)

• Dê um duplo clique para executar .

• Para Windows 7, 8 clique direito e depois em

• Clique "Eu"

• Clique em Scanner

• Após a Conclusão

• Clique em Relatório

• Obs: O relatório por ser extenso deve ser postado em um desses sites:

• Acesse: <>

• Ou acesse:<>

• Ou anexe-o ao fórum.

• Maiores informações:<Link> << Hospedagem !

[Alisson C. Lisboa 0]

~ ZHPDiag v2015.7.23.100 Por Nicolas Coolman (2015/07/22)

~ iniciado por Agricultura (Administrator) (2015/07/23 15:40:58)

~ Site: http://www.nicolascoolman.fr

~ Facebook: https://www.facebook.com/nicolascoolman1

~ Status da versão: Version OK

~ Modo: Scanner

~ Relatório: C:\Users\Agricultura\Desktop\ZHPDiag.txt

~ Relatório: C:\Users\Agricultura\AppData\Roaming\ZHP\ZHPDiag.txt

~ UAC: Activate

~ Inicialização do sistema: Normal (Normal boot)

~ Windows 7, 32-bit (Build 7600)

---\\ Navegadores Internet (3) - 0s

GCIE: Google Chrome v44.0.2403.89

MFIE: Mozilla Firefox 25.0.1 (x86 pt-BR) v25.0.1

MSIE: Internet Explorer v8.0.7600.16385

---\\ Informações sobre os produtos Windows (4) - 24s

~ Windows Server License Manager Script : OK

~ Licence Script File Génération : OK

Windows Automatic Updates : OK (Auto)

Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema (1) - 0s

Avast Free Antivirus v10.2.2218

---\\ Monitoramento dos softwares (1) - 0s

Adobe Flash Player 18 NPAPI

---\\ Informações sobre o sistema (6) - 0s

~ Operating System: x86 Family 6 Model 23 Stepping 6, GenuineIntel

~ Operating System: 32-bit

~ Boot mode: Normal (Normal boot)

Total RAM: 1037.816 MB (18% free)

~ System Restore: Activé (Enable)

~ System drive C: has 44 GB free of 79 GB

---\\ Modo de conexão ao sistema (3) - 0s

~ Computer Name: LISBOA

~ User Name: Agricultura

~ Logged in as Administrator

---\\ Enumeração das unidades dos discos (2) - 0s

~ Drive C: has 44 GB free of 79 GB (System)

~ Drive D: has 23 GB free of 72 GB

---\\ Estado do Centro de Segurança do Windows (12) - 0s

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK

[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

---\\ Pesquisa particular de ficheiros genéricos (23) - 1s

[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Windows Explorer.) () -- C:\Windows\Explorer.exe [2613248]

[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) () -- C:\Windows\System32\rundll32.exe [44544]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) () -- C:\Windows\System32\Wininit.exe [96256]

[MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Internet Extensions para Win32.) () -- C:\Windows\System32\wininet.dll [977920]

[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) () -- C:\Windows\System32\Winlogon.exe [285696]

[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) () -- C:\Windows\System32\sppcomapi.dll [193024]

[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) () -- C:\Windows\System32\drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) () -- C:\Windows\System32\drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) () -- C:\Windows\System32\drivers\Cdfs.sys [70656]

[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) () -- C:\Windows\System32\drivers\Cdrom.sys [108544]

[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) () -- C:\Windows\System32\drivers\DfsC.sys [78336]

[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) () -- C:\Windows\System32\drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) () -- C:\Windows\System32\drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) () -- C:\Windows\System32\drivers\IpNat.sys [101888]

[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) () -- C:\Windows\System32\drivers\MRxSmb.sys [123392]

[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) () -- C:\Windows\System32\drivers\netBT.sys [187904]

[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) () -- C:\Windows\System32\drivers\ntfs.sys [1210432]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) () -- C:\Windows\System32\drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) () -- C:\Windows\System32\drivers\Rasl2tp.sys [78848]

[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) () -- C:\Windows\System32\drivers\rdpdr.sys [133120]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) () -- C:\Windows\System32\drivers\smb.sys [71168]

[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) () -- C:\Windows\System32\drivers\tdx.sys [74240]

[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) () -- C:\Windows\System32\drivers\volsnap.sys [245328]

---\\ Processos lançados (5) - 1s

[MD5.1841BE26ACDFEFF72BC5E7FB938D3612] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [546104] [PID.772]

[MD5.54236E79A44F909612391C8A2D70D512] - (.Avast Software s.r.o. - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336] [PID.1424]

[MD5.65C6AA484AD2287D20541C7735989437] - (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [5515496] [PID.1968]

[MD5.C32E6295D7D024B2302EFF1A7FEFD720] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [4915040] [PID.1980]

[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.1996]

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2 (10) - 1s

G0 - GCSP: Secure Preferences [user Data\Default][HomePage] http://www.google.com.br/

G2 - GCE: Preference [user Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc.

G2 - GCE: Preference [user Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc.

G2 - GCE: Preference [user Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.

G2 - GCE: Preference [user Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Google Chrome manifest =>.Google Inc.

G2 - GCE: Preference [user Data\Default] [gomekmidlodglbbmalcneegieacbdmki] Avast Online Security

G2 - GCE: Preference [user Data\Default] [lccekmodgklaepjeofjdjpbminllajkg] Chrome Hotword Shared Module

G2 - GCE: Preference [user Data\Default] [mkeabchhfifpaaoefpockjhaphjmoapp] GBBD Banco do Brasil

G2 - GCE: Preference [user Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.

G2 - GCE: Preference [user Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3) (12) - 2s

P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\buscape.xml

P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\google.xml

P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\mercadolivre.xml

P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\twitter.xml

P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\wikipedia-br.xml

P2 - EXT: (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo-br.xml

P2 - EXT: (.Mozilla - Default.) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia.) -- C:\Users\Agricultura\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\NPSWF32_18_0_0_209.dll

P2 - FPN: [HKLM] [@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] - (.Foxit Corporation.) -- C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.51.2] - (.Oracle Corporation.) -- C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.51.2] - (.Oracle Corporation.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4) (12) - 0s

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer

---\\ Internet Explorer, Gestão do Proxy (R5) (3) - 1s

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas (3) - 0s

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.)

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.)

F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe (.Microsoft Corporation.)

---\\ Redireção do ficheiro Hosts (O1) (1) - 0s

~ Le fichier hôte est sain (The hosts file is clean) (21)

---\\ Browser Helper Objects do navegador (O2) (4) - 0s

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.Avast Software s.r.o. - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll

---\\ Barras do Internet Explorer (O3) (1) - 0s

O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (...) -- (.not file.)

---\\ Aplicações iniciadas por registo & pastas (O4) (9) - 1s

O4 - HKLM\..\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe

O4 - HKLM\..\Run: [AvastUI.exe] . (.Avast Software s.r.o. - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

O4 - HKLM\..\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

---\\ Alteração Dominio/Clientes DNS (017) (3) - 0s

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.1 8.8.8.8 0.0.0.0

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.1 8.8.8.8 0.0.0.0

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.1 8.8.8.8 0.0.0.0

---\\ Lista dos serviços NT não Microsoft e não desativados (023) (4) - 1s

O23 - Service: Avast Antivirus (avast! Antivirus) . (.Avast Software s.r.o. - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: TeamViewer 9 (TeamViewer9) . (.TeamViewer GmbH - TeamViewer 9.) - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

---\\ Tarefas planificadas automaticamente (039) (17) - 3s

[MD5.9B3355B29942AF67F014EA90CE1EA960] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [268976]

[MD5.FAAE091936E04BDE3B6041AB5C16BC7B] [APT] [avast! Emergency Update] (.Avast Software s.r.o..) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [1298776]

[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000Core] (.Facebook Inc..) -- C:\Users\Agricultura\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]

[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000UA] (.Facebook Inc..) -- C:\Users\Agricultura\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]

[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648]

[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [116648]

O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\Tasks\Adobe Flash Player Updater.job [902]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000Core.job [930]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000UA.job [952]

O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1054]

O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1058]

O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [3840]

O39 - APT: avast! Emergency Update - (.Avast Software s.r.o..) -- C:\Windows\System32\Tasks\avast! Emergency Update [4182]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000Core [3572]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000UA [3940]

O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [3802]

O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [4054]

---\\ Software instalados (042) (24) - 6s

O42 - Logiciel: Adobe Creative Cloud - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Creative Cloud

O42 - Logiciel: Adobe Flash Player 18 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 18 NPAPI - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player NPAPI

O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM] -- avast

O42 - Logiciel: DriverEasy 4.0.3 - (.Easeware.) [HKLM] -- DriverEasy_is1

O42 - Logiciel: Foxit Reader - (.Foxit Corporation.) [HKLM] -- Foxit Reader_is1

O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome

O42 - Logiciel: Mozilla Firefox 25.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 25.0.1 (x86 pt-BR)

O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService

O42 - Logiciel: TeamViewer 9 - (.TeamViewer.) [HKLM] -- TeamViewer 9

O42 - Logiciel: The KMPlayer (remove only) - (.PandoraTV.) [HKLM] -- The KMPlayer

O42 - Logiciel: WinRAR 4.01 (32-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver

O42 - Logiciel: XP Codec Pack - (...) [HKLM] -- XP Codec Pack

O42 - Logiciel: HP Deskjet 3050 J610 series Software básico do dispositivo - (.Hewlett-Packard Co..) [HKLM] -- {15242A89-4D9E-4CD1-B3BC-3B402485B5D6}

O42 - Logiciel: Facebook Video Calling 3.1.0.521 - (.Skype Limited.) [HKLM] -- {2091F234-EB58-4B80-8C96-8EB78C808CF7}

O42 - Logiciel: Java 7 Update 51 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217051FF}

O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1

O42 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}

O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}

O42 - Logiciel: Nero 7 Essentials - (.Nero AG.) [HKLM] -- {66EBD70F-A42C-475F-AEDF-277378151046}

O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {817750FA-EC6A-485D-9901-0683AE6FFDF1}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU] -- uTorrent

---\\ HKCU & HKLM Software Keys (63) - 6s

HKLM\SOFTWARE\AdwCleaner

HKLM\SOFTWARE\Ahead

HKLM\SOFTWARE\ATI Technologies

HKLM\SOFTWARE\Audible

HKLM\SOFTWARE\AVAST Software

HKLM\SOFTWARE\Foxit Software

HKLM\SOFTWARE\GNU

HKLM\SOFTWARE\Google

HKLM\SOFTWARE\Hewlett-Packard

HKLM\SOFTWARE\HP

HKLM\SOFTWARE\Intel

HKLM\SOFTWARE\JavaSoft

HKLM\SOFTWARE\JreMetrics

HKLM\SOFTWARE\KMPlayer

HKLM\SOFTWARE\Macromedia

HKLM\SOFTWARE\Mozilla

HKLM\SOFTWARE\mozilla.org

HKLM\SOFTWARE\MozillaPlugins

HKLM\SOFTWARE\Nero

HKLM\SOFTWARE\ODBC

HKLM\SOFTWARE\RealNetworks

HKLM\SOFTWARE\RegisteredApplications

HKLM\SOFTWARE\Samsung

HKLM\SOFTWARE\Sonic

HKLM\SOFTWARE\SSPrint

HKLM\SOFTWARE\TeamViewer

HKLM\SOFTWARE\WinRAR

HKCU\SOFTWARE\AC3Filter

HKCU\SOFTWARE\Adobe

HKCU\SOFTWARE\Ahead

HKCU\SOFTWARE\AppDataLow

HKCU\SOFTWARE\AutoHelpDesk

HKCU\SOFTWARE\Avast Software

HKCU\SOFTWARE\BitTorrent

HKCU\SOFTWARE\CoreAAC

HKCU\SOFTWARE\Facebook

HKCU\SOFTWARE\Foxit Software

HKCU\SOFTWARE\Gabest

HKCU\SOFTWARE\GbAs

HKCU\SOFTWARE\GbPlugin

HKCU\SOFTWARE\GNU

HKCU\SOFTWARE\Google

HKCU\SOFTWARE\HP

HKCU\SOFTWARE\JavaSoft

HKCU\SOFTWARE\KMPlayer

HKCU\SOFTWARE\Macromedia

HKCU\SOFTWARE\Mozilla

HKCU\SOFTWARE\MozillaPlugins

HKCU\SOFTWARE\Netscape

HKCU\SOFTWARE\ODBC

HKCU\SOFTWARE\RealNetworks

HKCU\SOFTWARE\skype

HKCU\SOFTWARE\SkypeRS

HKCU\SOFTWARE\SSPrint

HKCU\SOFTWARE\TeamViewer

HKCU\SOFTWARE\Trend Micro

HKCU\SOFTWARE\Trolltech

HKCU\SOFTWARE\WinRAR

HKCU\SOFTWARE\WinRAR SFX

HKCU\SOFTWARE\XP Codec Pack

HKCU\SOFTWARE\ZebHelpProcess Helper

HKCU\SOFTWARE\AppDataLow\Software

HKCU\SOFTWARE\AppDataLow\Software\JavaSoft

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43) (137) - 14s

O43 - CFD: 2014/03/10 09:51:56 - [] D -- C:\Program Files\Adobe

O43 - CFD: 2013/05/09 09:54:25 - [0] SHD -- C:\Program Files\Arquivos Comuns

O43 - CFD: 2013/05/09 11:11:18 - [] D -- C:\Program Files\AVAST Software

O43 - CFD: 2014/03/10 09:51:56 - [] D -- C:\Program Files\Common Files

O43 - CFD: 2009/07/17 15:48:01 - [] D -- C:\Program Files\DVD Maker

O43 - CFD: 2013/05/09 10:13:46 - [] D -- C:\Program Files\Easeware

O43 - CFD: 2013/05/09 10:15:50 - [] D -- C:\Program Files\Foxit Software

O43 - CFD: 2015/07/21 08:36:15 - [] D -- C:\Program Files\GbPlugin

O43 - CFD: 2015/06/12 08:46:33 - [] D -- C:\Program Files\Google

O43 - CFD: 2013/10/29 10:56:52 - [] D -- C:\Program Files\GUM9187.tmp

O43 - CFD: 2013/05/09 11:14:15 - [] D -- C:\Program Files\HP

O43 - CFD: 2009/07/17 15:48:01 - [] D -- C:\Program Files\Internet Explorer

O43 - CFD: 2014/02/11 11:59:19 - [] D -- C:\Program Files\Java

O43 - CFD: 2013/05/09 10:29:42 - [] D -- C:\Program Files\Microsoft Analysis Services

O43 - CFD: 2009/07/14 04:50:24 - [] D -- C:\Program Files\Microsoft Games

O43 - CFD: 2013/05/09 10:30:54 - [] D -- C:\Program Files\Microsoft Office

O43 - CFD: 2013/05/09 10:30:53 - [] D -- C:\Program Files\Microsoft SQL Server Compact Edition

O43 - CFD: 2013/05/09 10:30:53 - [] D -- C:\Program Files\Microsoft Sync Framework

O43 - CFD: 2013/05/09 10:31:10 - [] D -- C:\Program Files\Microsoft Synchronization Services

O43 - CFD: 2013/05/09 10:30:17 - [] D -- C:\Program Files\Microsoft Visual Studio 8

O43 - CFD: 2013/05/09 10:30:53 - [] D -- C:\Program Files\Microsoft.NET

O43 - CFD: 2013/12/10 09:17:20 - [] D -- C:\Program Files\Mozilla Firefox

O43 - CFD: 2013/12/12 13:18:04 - [] D -- C:\Program Files\Mozilla Maintenance Service

O43 - CFD: 2013/05/09 10:31:30 - [] D -- C:\Program Files\MSBuild

O43 - CFD: 2013/05/09 10:50:31 - [] D -- C:\Program Files\Nero

O43 - CFD: 2009/07/14 01:52:30 - [] D -- C:\Program Files\Reference Assemblies

O43 - CFD: 2014/02/13 08:07:56 - [] D -- C:\Program Files\TeamViewer

O43 - CFD: 2009/07/14 01:53:23 - [0] HD -- C:\Program Files\Uninstall Information

O43 - CFD: 2013/12/05 11:01:39 - [] D -- C:\Program Files\Vade Mecum 2012

O43 - CFD: 2009/07/17 15:48:01 - [] D -- C:\Program Files\Windows Defender

O43 - CFD: 2009/07/17 15:48:01 - [] D -- C:\Program Files\Windows Journal

O43 - CFD: 2009/07/17 15:48:02 - [] D -- C:\Program Files\Windows Mail

O43 - CFD: 2009/07/17 15:48:01 - [] D -- C:\Program Files\Windows Media Player

O43 - CFD: 2013/05/09 09:54:25 - [] D -- C:\Program Files\Windows NT

O43 - CFD: 2009/07/17 15:48:01 - [] D -- C:\Program Files\Windows Photo Viewer

O43 - CFD: 2009/07/14 01:52:32 - [] D -- C:\Program Files\Windows Portable Devices

O43 - CFD: 2009/07/17 15:48:02 - [] D -- C:\Program Files\Windows Sidebar

O43 - CFD: 2013/05/09 09:57:37 - [] D -- C:\Program Files\WinRAR

O43 - CFD: 2013/05/09 10:16:37 - [] D -- C:\Program Files\XP Codec Pack

O43 - CFD: 2013/05/09 09:43:30 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 2013/05/09 09:43:44 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 2015/07/03 14:44:47 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

O43 - CFD: 2013/05/09 10:15:53 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

O43 - CFD: 2013/05/09 09:43:32 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

O43 - CFD: 2015/07/21 08:28:54 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

O43 - CFD: 2013/05/09 11:14:38 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

O43 - CFD: 2014/02/11 11:59:33 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

O43 - CFD: 2009/07/14 01:42:30 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 2013/05/09 10:32:01 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

O43 - CFD: 2013/05/09 10:51:27 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials

O43 - CFD: 2013/05/09 10:32:00 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

O43 - CFD: 2009/07/14 01:41:57 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 2009/07/14 04:48:45 - [0] RHD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC

O43 - CFD: 2013/05/09 09:57:37 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

O43 - CFD: 2013/05/09 10:16:37 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.1

O43 - CFD: 2009/07/14 01:53:55 - [0] SHD -- C:\ProgramData\Application Data

O43 - CFD: 2013/12/03 08:50:11 - [] D -- C:\ProgramData\AVAST Software

O43 - CFD: 2014/12/16 16:05:01 - [] D -- C:\ProgramData\boost_interprocess

O43 - CFD: 2013/05/09 09:54:25 - [0] SHD -- C:\ProgramData\Dados de aplicativos

O43 - CFD: 2009/07/14 01:53:55 - [0] SHD -- C:\ProgramData\Desktop

O43 - CFD: 2013/05/09 09:54:25 - [0] SHD -- C:\ProgramData\Documentos

O43 - CFD: 2009/07/14 01:53:55 - [0] SHD -- C:\ProgramData\Documents

O43 - CFD: 2009/07/14 01:53:55 - [0] SHD -- C:\ProgramData\Favorites

O43 - CFD: 2013/05/09 09:54:25 - [0] SHD -- C:\ProgramData\Favoritos

O43 - CFD: 2015/04/16 08:52:05 - [] D -- C:\ProgramData\GAS Tecnologia

O43 - CFD: 2015/07/21 08:40:40 - [] D -- C:\ProgramData\GbPlugin

O43 - CFD: 2013/05/09 11:14:16 - [] D -- C:\ProgramData\HP

O43 - CFD: 2013/05/09 09:54:25 - [0] SHD -- C:\ProgramData\Menu Iniciar

O43 - CFD: 2013/05/09 10:50:04 - [] SD -- C:\ProgramData\Microsoft

O43 - CFD: 2013/05/09 10:38:04 - [] D -- C:\ProgramData\Microsoft Help

O43 - CFD: 2013/05/09 09:54:25 - [0] SHD -- C:\ProgramData\Modelos

O43 - CFD: 2013/05/09 10:15:13 - [] D -- C:\ProgramData\Mozilla

O43 - CFD: 2013/05/09 10:50:31 - [] D -- C:\ProgramData\Nero

O43 - CFD: 2013/11/21 08:36:18 - [] D -- C:\ProgramData\Okidata

O43 - CFD: 2014/02/11 12:00:36 - [0] D -- C:\ProgramData\Oracle

O43 - CFD: 2015/04/06 12:58:24 - [] D -- C:\ProgramData\Package Cache

O43 - CFD: 2015/01/22 11:16:08 - [] D -- C:\ProgramData\Samsung

O43 - CFD: 2009/07/14 01:53:55 - [0] SHD -- C:\ProgramData\Start Menu

O43 - CFD: 2014/02/11 11:59:46 - [] D -- C:\ProgramData\Sun

O43 - CFD: 2014/07/14 16:06:55 - [] D -- C:\ProgramData\Temp

O43 - CFD: 2009/07/14 01:53:55 - [0] SHD -- C:\ProgramData\Templates

O43 - CFD: 2014/03/10 09:52:46 - [] D -- C:\Program Files\Common Files\Adobe

O43 - CFD: 2013/05/09 10:50:40 - [] D -- C:\Program Files\Common Files\Ahead

O43 - CFD: 2013/05/09 10:31:10 - [] D -- C:\Program Files\Common Files\DESIGNER

O43 - CFD: 2014/02/11 11:59:45 - [] D -- C:\Program Files\Common Files\Java

O43 - CFD: 2013/05/09 11:11:51 - [] D -- C:\Program Files\Common Files\microsoft shared

O43 - CFD: 2009/07/13 23:37:05 - [] D -- C:\Program Files\Common Files\Services

O43 - CFD: 2013/05/09 09:54:25 - [0] SHD -- C:\Program Files\Common Files\Sistema

O43 - CFD: 2009/07/13 23:37:05 - [] D -- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 2013/05/09 10:37:35 - [] D -- C:\Program Files\Common Files\System

O43 - CFD: 2014/03/10 09:53:16 - [] D -- C:\Users\Agricultura\AppData\Roaming\Adobe

O43 - CFD: 2014/11/24 11:10:39 - [] D -- C:\Users\Agricultura\AppData\Roaming\Ahead

O43 - CFD: 2013/12/03 09:05:04 - [] D -- C:\Users\Agricultura\AppData\Roaming\AVAST Software

O43 - CFD: 2015/05/06 14:26:52 - [0] D -- C:\Users\Agricultura\AppData\Roaming\Cuponkit

O43 - CFD: 2015/05/06 14:26:42 - [0] D -- C:\Users\Agricultura\AppData\Roaming\CuponsHot

O43 - CFD: 2013/05/09 10:13:52 - [] D -- C:\Users\Agricultura\AppData\Roaming\Easeware

O43 - CFD: 2014/12/10 11:05:15 - [0] D -- C:\Users\Agricultura\AppData\Roaming\EncryptStick

O43 - CFD: 2013/05/09 10:15:57 - [] D -- C:\Users\Agricultura\AppData\Roaming\Foxit Reader

O43 - CFD: 2015/06/25 11:18:33 - [] D -- C:\Users\Agricultura\AppData\Roaming\Foxit Software

O43 - CFD: 2013/05/09 09:55:04 - [] D -- C:\Users\Agricultura\AppData\Roaming\Identities

O43 - CFD: 2013/05/10 08:15:05 - [] D -- C:\Users\Agricultura\AppData\Roaming\Macromedia

O43 - CFD: 2009/07/14 04:48:45 - [0] D -- C:\Users\Agricultura\AppData\Roaming\Media Center Programs

O43 - CFD: 2014/11/25 09:30:05 - [] D -- C:\Users\Agricultura\AppData\Roaming\Media Player Classic

O43 - CFD: 2015/07/14 15:17:25 - [] SD -- C:\Users\Agricultura\AppData\Roaming\Microsoft

O43 - CFD: 2013/05/09 10:15:37 - [] D -- C:\Users\Agricultura\AppData\Roaming\Mozilla

O43 - CFD: 2014/02/13 08:11:14 - [] D -- C:\Users\Agricultura\AppData\Roaming\TeamViewer

O43 - CFD: 2015/06/02 15:40:49 - [] D -- C:\Users\Agricultura\AppData\Roaming\uTorrent

O43 - CFD: 2013/05/09 09:57:47 - [] D -- C:\Users\Agricultura\AppData\Roaming\WinRAR

O43 - CFD: 2015/07/23 15:41:36 - [] D -- C:\Users\Agricultura\AppData\Roaming\ZHP

O43 - CFD: 2014/03/11 12:11:09 - [] D -- C:\Users\Agricultura\AppData\Local\Adobe

O43 - CFD: 2014/11/24 11:10:24 - [] D -- C:\Users\Agricultura\AppData\Local\Ahead

O43 - CFD: 2013/05/27 14:01:25 - [] D -- C:\Users\Agricultura\AppData\Local\Apps

O43 - CFD: 2013/05/09 09:54:36 - [0] SHD -- C:\Users\Agricultura\AppData\Local\Dados de aplicativos

O43 - CFD: 2013/05/27 14:01:51 - [0] D -- C:\Users\Agricultura\AppData\Local\Deployment

O43 - CFD: 2014/12/22 09:51:27 - [0] D -- C:\Users\Agricultura\AppData\Local\Diagnostics

O43 - CFD: 2015/07/01 10:50:03 - [] D -- C:\Users\Agricultura\AppData\Local\ElevatedDiagnostics

O43 - CFD: 2014/02/05 12:40:32 - [] D -- C:\Users\Agricultura\AppData\Local\Facebook

O43 - CFD: 2014/07/14 16:06:45 - [] D -- C:\Users\Agricultura\AppData\Local\GAS Tecnologia

O43 - CFD: 2013/10/29 10:57:40 - [] D -- C:\Users\Agricultura\AppData\Local\Google

O43 - CFD: 2013/05/09 09:54:36 - [0] SHD -- C:\Users\Agricultura\AppData\Local\Histórico

O43 - CFD: 2013/05/09 11:15:01 - [] D -- C:\Users\Agricultura\AppData\Local\HP

O43 - CFD: 2013/08/01 08:23:47 - [] D -- C:\Users\Agricultura\AppData\Local\Macromedia

O43 - CFD: 2014/03/13 09:28:28 - [] D -- C:\Users\Agricultura\AppData\Local\Microsoft

O43 - CFD: 2014/09/08 09:48:09 - [] D -- C:\Users\Agricultura\AppData\Local\Microsoft Help

O43 - CFD: 2013/11/07 14:15:25 - [] D -- C:\Users\Agricultura\AppData\Local\Mozilla

O43 - CFD: 2014/07/14 16:02:11 - [] D -- C:\Users\Agricultura\AppData\Local\Programs

O43 - CFD: 2015/07/23 15:41:42 - [] D -- C:\Users\Agricultura\AppData\Local\Temp

O43 - CFD: 2013/05/09 09:54:36 - [0] SHD -- C:\Users\Agricultura\AppData\Local\Temporary Internet Files

O43 - CFD: 2015/07/14 15:21:53 - [] D -- C:\Users\Agricultura\AppData\Local\VirtualStore

O43 - CFD: 2009/07/14 01:42:04 - [] RD -- C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 2013/05/09 09:55:23 - [] RD -- C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 2015/07/14 15:17:25 - [] D -- C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

O43 - CFD: 2009/07/14 01:37:42 - [] RD -- C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 2014/07/14 16:19:39 - [] RD -- C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 2014/06/06 16:07:19 - [] D -- C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer

O43 - CFD: 2013/05/09 09:57:37 - [] D -- C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

O43 - CFD: 2013/05/09 10:16:35 - [] D -- C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.1

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53) (4) - 0s

O53 - SMSR:HKLM\...\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [Key] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

O53 - SMSR:HKLM\...\startupreg\Facebook Update [Key] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Agricultura\AppData\Local\Facebook\Update\FacebookUpdate.exe

O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Agricultura\AppData\Roaming\uTorrent\uTorrent.exe

---\\ Lista dos drivers do sistema (SDL) (O58) (71) - 12s

O58 - SDL:2009/07/13 22:26:15 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\drivers\adp94xx.sys [422976]

O58 - SDL:2009/07/13 22:26:17 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\drivers\adpahci.sys [297552]

O58 - SDL:2009/07/13 22:26:15 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\drivers\adpu320.sys [146512]

O58 - SDL:2009/07/13 22:26:15 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\drivers\aliide.sys [14400]

O58 - SDL:2009/07/13 22:26:15 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\System32\drivers\amdsata.sys [79952]

O58 - SDL:2009/07/13 22:26:15 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\Windows\System32\drivers\amdsbs.sys [159312]

O58 - SDL:2009/07/13 22:26:15 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\System32\drivers\amdxata.sys [23616]

O58 - SDL:2009/07/13 22:26:15 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\drivers\arc.sys [76368]

O58 - SDL:2009/07/13 22:26:15 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\drivers\arcsas.sys [86608]

O58 - SDL:2013/10/31 03:46:14 A . (.AVAST Software - avast! Filtering TDI driver.) -- C:\Windows\System32\drivers\aswFW.sys [104752]

O58 - SDL:2015/07/03 14:44:09 A . (...) -- C:\Windows\System32\drivers\aswHwid.sys [24144]

O58 - SDL:2015/07/03 14:44:09 A . (.Avast Software s.r.o. - avast! File System Minifilter for Windows 2.) -- C:\Windows\System32\drivers\aswMonFlt.sys [74976]

O58 - SDL:2013/12/03 09:02:06 A . (.AVAST Software - avast! Filtering NDIS driver.) -- C:\Windows\System32\drivers\aswNdisFlt.sys [259928]

O58 - SDL:2015/07/03 14:44:08 A . (.Avast Software s.r.o. - avast! WFP Redirect Driver.) -- C:\Windows\System32\drivers\aswRdr2.sys [81728]

O58 - SDL:2015/07/03 14:44:09 A . (...) -- C:\Windows\System32\drivers\aswRvrt.sys [49904]

O58 - SDL:2015/07/03 14:43:42 A . (.Avast Software s.r.o. - avast! Virtualization Driver.) -- C:\Windows\System32\drivers\aswSnx.sys [787760]

O58 - SDL:2015/07/06 07:52:34 A . (.Avast Software s.r.o. - avast! self protection module.) -- C:\Windows\System32\drivers\aswsp.sys [428120]

O58 - SDL:2015/07/03 14:44:09 A . (.Avast Software s.r.o. - Stream Filter.) -- C:\Windows\System32\drivers\aswStm.sys [106912]

O58 - SDL:2015/07/03 14:44:09 A . (...) -- C:\Windows\System32\drivers\aswVmm.sys [209048]

O58 - SDL:2009/07/13 19:02:49 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) -- C:\Windows\System32\drivers\b57nd60x.sys [229888]

O58 - SDL:2009/07/13 19:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) -- C:\Windows\System32\drivers\BrFiltLo.sys [13568]

O58 - SDL:2009/07/13 19:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) -- C:\Windows\System32\drivers\BrFiltUp.sys [5248]

O58 - SDL:2009/07/13 21:57:25 A . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\System32\drivers\BrSerId.sys [272128]

O58 - SDL:2009/07/13 19:53:32 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\drivers\BrSerWdm.sys [62336]

O58 - SDL:2009/07/13 19:53:33 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\drivers\BrUsbMdm.sys [12160]

O58 - SDL:2009/07/13 19:53:33 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\drivers\BrUsbSer.sys [11904]

O58 - SDL:2009/07/13 19:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\System32\drivers\bxvbdx.sys [430080]

O58 - SDL:2009/07/13 22:26:21 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\cmdide.sys [15952]

O58 - SDL:2009/07/13 22:20:28 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\drivers\djsvs.sys [70720]

O58 - SDL:2009/07/13 22:20:28 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) -- C:\Windows\System32\drivers\elxstor.sys [453712]

O58 - SDL:2009/07/13 19:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\System32\drivers\evbdx.sys [3100160]

O58 - SDL:2014/03/14 20:27:24 A . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\drivers\gbpkm.sys [47192]

O58 - SDL:2014/07/14 16:11:16 A . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\drivers\gbpndisrdn.sys [29400]

O58 - SDL:2009/07/13 19:54:14 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) -- C:\Windows\System32\drivers\hcw85cir.sys [26624]

O58 - SDL:2009/07/13 22:20:28 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\Windows\System32\drivers\HpSAMD.sys [67152]

O58 - SDL:2009/07/13 22:20:36 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\System32\drivers\iaStorV.sys [332352]

O58 - SDL:2009/06/10 18:19:30 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\System32\drivers\igdkmd32.sys [4756480]

O58 - SDL:2009/07/13 22:20:36 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\drivers\iirsp.sys [41040]

O58 - SDL:2009/07/13 22:20:36 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_fc.sys [95824]

O58 - SDL:2009/07/13 22:20:37 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas.sys [89168]

O58 - SDL:2009/07/13 22:20:36 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_sas2.sys [54864]

O58 - SDL:2009/07/13 22:20:36 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\drivers\lsi_scsi.sys [96848]

O58 - SDL:2009/07/13 22:20:36 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) -- C:\Windows\System32\drivers\megasas.sys [30800]

O58 - SDL:2009/07/13 22:20:36 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\System32\drivers\MegaSR.sys [235584]

O58 - SDL:2009/07/13 22:20:44 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\drivers\nfrd960.sys [44624]

O58 - SDL:2009/07/13 22:20:44 A . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\System32\drivers\nvraid.sys [117312]

O58 - SDL:2009/07/13 22:20:44 A . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\System32\drivers\nvstor.sys [142416]

O58 - SDL:2009/07/13 22:19:04 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\drivers\ql2300.sys [1383488]

O58 - SDL:2009/07/13 22:19:04 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\drivers\ql40xx.sys [106064]

O58 - SDL:2009/07/13 19:02:52 A . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Dr.) -- C:\Windows\System32\drivers\Rt86win7.sys [139776]

O58 - SDL:2009/07/13 17:50:20 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) -- C:\Windows\System32\drivers\secdrv.sys [20480]

O58 - SDL:2009/07/13 22:19:04 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\drivers\sisraid2.sys [40016]

O58 - SDL:2009/07/13 22:19:04 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\drivers\sisraid4.sys [77888]

O58 - SDL:2009/07/13 22:19:04 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) -- C:\Windows\System32\drivers\stexstor.sys [21072]

O58 - SDL:2009/07/13 22:19:10 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\drivers\viaide.sys [16976]

O58 - SDL:2009/07/13 22:19:11 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\System32\drivers\vsmraid.sys [141904]

O58 - SDL:2009/07/13 18:40:41 A . (...) -- C:\Windows\System32\ANSI.SYS [9029]

O58 - SDL:2009/07/13 18:40:44 A . (...) -- C:\Windows\System32\country.sys [27097]

O58 - SDL:2009/07/13 18:40:40 A . (...) -- C:\Windows\System32\HIMEM.SYS [4768]

O58 - SDL:2009/07/13 18:40:43 A . (...) -- C:\Windows\System32\KEY01.SYS [42809]

O58 - SDL:2009/07/13 18:40:43 A . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]

O58 - SDL:2009/07/13 18:40:23 A . (...) -- C:\Windows\System32\NTDOS.SYS [27866]

O58 - SDL:2009/07/13 18:40:31 A . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]

O58 - SDL:2009/07/13 18:40:35 A . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]

O58 - SDL:2009/07/13 18:40:39 A . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]

O58 - SDL:2009/07/13 18:40:27 A . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]

O58 - SDL:2009/07/13 18:40:11 A . (...) -- C:\Windows\System32\NTIO.SYS [33952]

O58 - SDL:2009/07/13 18:40:15 A . (...) -- C:\Windows\System32\NTIO404.SYS [34672]

O58 - SDL:2009/07/13 18:40:17 A . (...) -- C:\Windows\System32\NTIO411.SYS [35776]

O58 - SDL:2009/07/13 18:40:19 A . (...) -- C:\Windows\System32\NTIO412.SYS [35536]

O58 - SDL:2009/07/13 18:40:13 A . (...) -- C:\Windows\System32\NTIO804.SYS [34672]

---\\ Últimos ficheiros alterados ou criados (Utilizador) (061) (5) - 21s

O61 - LFC: 2015/07/16 11:55:05 A . (..) -- C:\Users\Agricultura\AppData\Local\Temp\jrt\get.bat [17571]

O61 - LFC: 2015/07/16 12:00:55 A . (..) -- C:\Users\Agricultura\AppData\Local\Temp\jrt\misc.bat [149490]

O61 - LFC: 2015/07/16 11:05:30 A . (..) -- C:\Users\Agricultura\AppData\Local\Temp\jrt\runvalues.bat [7901]

O61 - LFC: 2015/07/20 11:23:36 A . (.GAS Tecnologia.) -- C:\Users\Agricultura\AppData\Local\Temp\GAS Tecnologia\GBBD\warsaw_setup.exe [821656]

O61 - LFC: 2015/07/23 15:30:13 A . (..) -- C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\ev_hashes_whitelist.bin [1113849]

---\\ Associações Shell Spawning (O67) (1) - 0s

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos.) -- C:\Windows\System32\eventvwr.exe

---\\ Menu de inicialização Internet (068) (12) - 1s

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitário de Inicialização por Usuário do.) -- C:\Windows\System32\ie4uinit.exe

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069) (1) - 8s

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/

---\\ Listagem dos serviços iniciados pelo Svchost (SSS) (O83) (33) - 1s

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [62464]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [67584]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Car.) -- C:\Windows\System32\certprop.dll [67584]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [168448]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Cliente da Diretiva de Grupo.) -- C:\Windows\System32\gpsvc.dll [591360]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\IKEEXT.DLL [667136]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\audiosrv.dll [473088]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acess.) -- C:\Windows\System32\rasauto.dll [90624]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [285184]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [75264]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistem.) -- C:\Windows\System32\Sens.dll [49664]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [300544]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windo.) -- C:\Windows\System32\tapisrv.dll [241664]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor.) -- C:\Windows\System32\termsrv.dll [543232]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1912832]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de pla.) -- C:\Windows\System32\qmgr.dll [589312]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [328192]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em u.) -- C:\Windows\System32\iphlpsvc.dll [497152]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\System32\seclogon.dll [21504]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [46592]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [49664]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [61440]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Serviço Microsoft EAPHost.) -- C:\Windows\System32\eapsvc.dll [98304]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [162816]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [743424]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço de Gerenciamento de Chaves.) -- C:\Windows\System32\KMSVC.DLL [71168]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho.) -- C:\Windows\System32\SessEnv.dll [99328]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [102400]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [37376]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Serviço BDE.) -- C:\Windows\System32\bdesvc.dll [76800]

O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [149504]

---\\ Lista das exceções do FireWall (FirewallRules) (O87) (6) - 2s

O87 - FAEL: "{FAB00AB0-5E08-45A6-9887-9A85A5D876BC}" [in-None-P6-TRUE] .(.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe

O87 - FAEL: "{9B234AA6-1735-4536-95F7-7051BEFC934D}" [in-None-P17-TRUE] .(.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe

O87 - FAEL: "{A55D14C0-1934-479B-A5E6-6A9EFF942C1F}" [in-None-P6-TRUE] .(.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

O87 - FAEL: "{4A661932-1BE7-4782-AD77-1FD420433FED}" [in-None-P17-TRUE] .(.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

O87 - FAEL: "{043D2605-5A63-4282-A0C1-B88A3E3B7FD6}" [in-None-P6-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Agricultura\AppData\Roaming\uTorrent\uTorrent.exe

O87 - FAEL: "{1AFF319A-5043-4F55-A7DC-56779E728D3E}" [in-None-P17-TRUE] .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Agricultura\AppData\Roaming\uTorrent\uTorrent.exe

---\\ Scâner Aditional (088) (1) - 0s

~ Nenhum ítem malicioso o desnecessários foi encontrado.

---\\ Resumo dos elementos encontrados na sua estação de trabalho (1) - 0s

~ Nenhum ítem malicioso o desnecessários foi encontrado.

~ End of the scan, 12503 items in 154 seconds (533)(0)()

[caedurodrigues 19]

Boa noite Alisson,

• Baixe:<> <(...by Farbar)>

• Ou aqui:<Farbar Recovery Scan Tool 64-bits>

• Salve-a na Área de trabalho !

• Execute a ferramenta ! Clique "Yes" >> "Scan".

• Verifique se as caixinhas em "Whitelist" estão assinaladas.

• Em "Optional Scan",deixe marcada a checkbox "Addition.txt".

• Marque também a checkbox 90 Days Files

• Será gerado o relatório! (FRST.txt)

• Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

• Acesse: <>

• Ou acesse:<>

• Maiores informações:<Link> << Hospedagem !

ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.

[Alisson C. Lisboa 0]

Deu problema de compatibilidade, dizendo que eu precisava de uma versão para x86.

[caedurodrigues 19]

Boa tarde Alisson, é só você clicar onde se encontra o ícone do programa >> aí terá início o download da versão para 32 bit. Um grande abraço.

[Alisson C. Lisboa 0]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2015

Ran by Agricultura (administrator) on LISBOA (30-07-2015 13:08:44)

Running from C:\Users\Agricultura\Desktop

Loaded Profiles: Agricultura (Available Profiles: Agricultura)

Platform: Microsoft Windows 7 Ultimate (X86) Language: Português (Brasil)

Internet Explorer Version 8 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

(Yahoo Inc.) C:\Program Files\Yahoo!\yset\{6D689EA0-E461-C64F-BB63-3D6DDC792C88}\YSearchUtilSvc.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\Setup\instup.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-06] (Avast Software s.r.o.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)

Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-02-11] ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-02-11] ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-02-11] ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-03] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKU\S-1-5-21-2321370074-2786946993-2889377673-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset

HKU\S-1-5-21-2321370074-2786946993-2889377673-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000 -> {C047580E-5F23-4623-91AD-F74D7330B99F} URL = https://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-29] (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-03] (Avast Software s.r.o.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-29] (Oracle Corporation)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)

Tcpip\Parameters: [DhcpNameServer] 172.16.2.1 8.8.8.8 0.0.0.0

Tcpip\..\Interfaces\{1725E86C-0F7D-4614-8091-529F0B22183D}: [DhcpNameServer] 172.16.2.1 8.8.8.8 0.0.0.0

FireFox:

========

FF ProfilePath: C:\Users\Agricultura\AppData\Roaming\Mozilla\Firefox\Profiles\3jnviv07.default

FF Homepage: https://br.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-07-31] (Foxit Corporation)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-29] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-29] (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-11] (Adobe Systems)

FF Plugin HKU\S-1-5-21-2321370074-2786946993-2889377673-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Agricultura\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-2321370074-2786946993-2889377673-1000: gastecnologia.com.br/sf/bb -> C:\Users\Agricultura\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-04-06] (GAS Tecnologia)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2013-07-05]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2013-07-05]

FF Extension: New Tab by Yahoo - C:\Users\Agricultura\AppData\Roaming\Mozilla\Firefox\Profiles\3jnviv07.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-06-22]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-09]

FF HKU\S-1-5-21-2321370074-2786946993-2889377673-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Agricultura\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

FF Extension: GBBD Banco do Brasil - C:\Users\Agricultura\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-03-26]

Chrome:

=======

CHR Profile: C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-16]

CHR Extension: (Google Drive) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]

CHR Extension: (YouTube) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]

CHR Extension: (Google Search) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-16]

CHR Extension: (Avast Online Security) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-06]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]

CHR Extension: (GBBD Banco do Brasil) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2014-07-14]

CHR Extension: (Google Wallet) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]

CHR Extension: (Gmail) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-03]

CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-03] (Avast Software s.r.o.)

R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [546104 2014-07-21] (GAS Tecnologia)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

R2 YSearchUtilSvc; C:\Program Files\Yahoo!\yset\{6D689EA0-E461-C64F-BB63-3D6DDC792C88}\YSearchUtilSvc.exe [152344 2015-06-29] (Yahoo Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-07-03] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-07-03] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-03] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-07-03] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-07-03] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-06] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-07-03] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-07-03] ()

R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-03-14] (GAS Tecnologia)

R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 13:08 - 2015-07-30 13:09 - 00013007 _____ C:\Users\Agricultura\Desktop\FRST.txt

2015-07-30 13:07 - 2015-07-30 13:08 - 00024099 _____ C:\Users\Agricultura\Downloads\FRST.txt

2015-07-30 13:06 - 2015-07-30 13:08 - 00000000 ____D C:\FRST

2015-07-30 13:05 - 2015-07-30 13:06 - 01673728 _____ (Farbar) C:\Users\Agricultura\Desktop\FRST.exe

2015-07-30 13:01 - 2015-07-30 13:05 - 01673728 _____ (Farbar) C:\Users\Agricultura\Desktop\Não confirmado 665812.crdownload

2015-07-29 13:47 - 2015-07-29 13:47 - 00000000 ____D C:\Users\Agricultura\AppData\Local\YSearchUtil

2015-07-29 13:47 - 2015-07-29 13:47 - 00000000 ____D C:\Program Files\Yahoo!

2015-07-29 13:44 - 2015-07-29 13:44 - 00000000 ____D C:\Program Files\Common Files\Java

2015-07-27 14:57 - 2015-07-27 15:01 - 00777371 _____ C:\Users\Agricultura\Downloads\Não confirmado 585036.crdownload

2015-07-23 15:43 - 2015-07-23 15:43 - 00053921 _____ C:\Users\Agricultura\Desktop\ZHPDiag.txt

2015-07-23 15:40 - 2015-07-23 15:41 - 00000000 ____D C:\Users\Agricultura\AppData\Roaming\ZHP

2015-07-23 15:40 - 2015-07-23 15:40 - 00000788 _____ C:\Users\Agricultura\Desktop\ZHPDiag.lnk

2015-07-23 15:33 - 2015-07-23 15:35 - 01844736 _____ C:\Users\Agricultura\Desktop\ZHPDiag3.exe

2015-07-23 12:14 - 2015-07-23 12:21 - 00000000 ____D C:\Users\Agricultura\Desktop\CONVÊNIO SEBRAE

2015-07-23 12:14 - 2015-07-23 12:14 - 01380470 _____ C:\Users\Agricultura\Downloads\Apresentação SEI 2015.pptx

2015-07-23 12:14 - 2015-07-23 12:14 - 00502084 _____ C:\Users\Agricultura\Downloads\Apresentação Parceiro 2015.pptx

2015-07-23 12:13 - 2015-07-23 12:14 - 00555494 _____ C:\Users\Agricultura\Downloads\Apresentação NO CAMPO 2015.pptx

2015-07-23 08:25 - 2015-07-23 08:26 - 00053079 _____ C:\Users\Agricultura\Downloads\CapacitaçãoLaudos.Inverno (1).xlsx

2015-07-22 08:23 - 2015-07-22 08:23 - 01603584 _____ C:\Users\Agricultura\Downloads\Apresentação Conferência de SAN - 2015.ppt

2015-07-22 08:23 - 2015-07-22 08:23 - 00077824 _____ C:\Users\Agricultura\Downloads\Distribuição das vagas municipais por territórios 2015.xls

2015-07-21 08:40 - 2015-07-29 16:34 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin

2015-07-21 08:40 - 2015-07-29 16:34 - 00000000 ____D C:\ProgramData\GbPlugin

2015-07-21 08:39 - 2015-07-21 08:39 - 00001810 _____ C:\Users\Agricultura\Desktop\JRT.txt

2015-07-21 08:26 - 2015-07-21 08:29 - 00000000 ____D C:\AdwCleaner

2015-07-21 08:25 - 2015-07-21 08:26 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Agricultura\Desktop\JRT.exe

2015-07-21 08:24 - 2015-07-21 08:25 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Agricultura\Downloads\Não confirmado 929304.crdownload

2015-07-21 08:24 - 2015-07-21 08:24 - 02248704 _____ C:\Users\Agricultura\Desktop\adwcleaner_4.208.exe

2015-07-17 08:50 - 2015-07-24 11:24 - 00000000 ____D C:\Users\Agricultura\Desktop\GARANTIA SAFRA 2016

2015-07-17 08:49 - 2015-07-17 08:49 - 00611569 _____ C:\Users\Agricultura\Downloads\Aportes Municipais - Safra 2014.2015.xlsx

2015-07-16 08:56 - 2015-07-16 08:59 - 00057200 _____ C:\Users\Agricultura\Desktop\Folha JUN-15_GS_BA.3.xlsx

2015-07-16 08:52 - 2015-07-16 08:52 - 00088115 _____ C:\Users\Agricultura\Desktop\Folha JUN-15_GS_BA.xlsx

2015-07-16 08:37 - 2015-07-16 08:38 - 06617870 _____ C:\Users\Agricultura\Downloads\Folha JUN-15_GS_BA.xlsx

2015-07-14 15:17 - 2015-07-14 15:17 - 00002985 _____ C:\Users\Agricultura\Desktop\HiJackThis.lnk

2015-07-14 15:17 - 2015-07-14 15:17 - 00000000 ____D C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2015-07-14 15:17 - 2015-07-14 15:17 - 00000000 ____D C:\HiJackThis

2015-07-14 15:08 - 2015-07-14 15:09 - 01402880 _____ C:\Users\Agricultura\Downloads\HijackThis.msi

2015-07-14 10:02 - 2015-07-14 10:02 - 00011568 _____ C:\Users\Agricultura\Desktop\CONTATOS_PISCICULTORES.xlsx

2015-07-14 08:13 - 2015-07-14 08:13 - 00053079 _____ C:\Users\Agricultura\Downloads\CapacitaçãoLaudos.Inverno.xlsx

2015-07-09 11:23 - 2015-07-09 11:24 - 69990556 _____ C:\Users\Agricultura\Documents\TempImage.nrg

2015-07-03 14:44 - 2015-07-03 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-07-03 14:44 - 2015-07-03 14:43 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe

2015-07-03 14:43 - 2015-07-03 14:43 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr

2015-06-17 07:31 - 2015-07-24 09:07 - 00000000 ____D C:\Users\Agricultura\Desktop\PLUVIOMETRIA 2015

2015-06-12 08:46 - 2015-06-12 08:46 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk

2015-05-27 14:38 - 2015-05-27 14:39 - 00003849 _____ C:\Users\Agricultura\Downloads\Pasta 01 posicao 25-05-2015.zip

2015-05-27 14:37 - 2015-05-27 14:38 - 01079205 _____ C:\Users\Agricultura\Downloads\Analítico-GS Nao Pagos Posição 25-05-2015.zip

2015-05-21 07:49 - 2015-05-21 07:49 - 06276709 _____ C:\Users\Agricultura\Downloads\Relat._Folha GS_Mai-15_BA (1).xlsx

2015-05-20 12:56 - 2015-05-20 12:58 - 00000000 ____D C:\Users\Agricultura\Desktop\DIAGNÓSTICO PISCICULTURA DE GLÓRIA

2015-05-20 12:53 - 2015-05-20 12:53 - 00546067 _____ C:\Users\Agricultura\Downloads\sut.planilha_cf_aquicultura_LagoItaparica.Gloria.xlsx

2015-05-15 12:26 - 2015-05-15 12:52 - 05233904 _____ C:\Users\Agricultura\Downloads\Relat._Folha GS_Mai-15_BA.xlsx

2015-05-11 09:52 - 2015-05-11 10:00 - 00003758 _____ C:\Users\Agricultura\Downloads\Pasta 01 posicao 27-04-2015.zip

2015-05-11 09:49 - 2015-05-11 09:51 - 00951752 _____ C:\Users\Agricultura\Downloads\Analítico-GS Nao Pagos Posição 27-04-2015.zip

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 13:03 - 2009-07-14 01:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-07-30 13:03 - 2009-07-14 01:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-07-30 12:59 - 2013-05-09 09:43 - 01693721 _____ C:\Windows\WindowsUpdate.log

2015-07-30 12:56 - 2013-09-16 11:33 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-30 12:56 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-30 12:56 - 2009-07-14 01:39 - 00102759 _____ C:\Windows\setupact.log

2015-07-30 12:36 - 2014-05-28 07:23 - 00000000 ____D C:\Users\Agricultura\AppData\Roaming\uTorrent

2015-07-30 12:36 - 2013-09-16 11:33 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-30 12:36 - 2013-05-09 10:16 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-07-30 10:44 - 2014-02-05 12:39 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000UA.job

2015-07-29 13:46 - 2014-02-11 12:00 - 00000000 ____D C:\Users\Todos os Usuários\Oracle

2015-07-29 13:46 - 2014-02-11 12:00 - 00000000 ____D C:\ProgramData\Oracle

2015-07-29 13:45 - 2014-02-11 11:59 - 00000000 ____D C:\Program Files\Java

2015-07-29 13:44 - 2014-02-11 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-07-29 13:44 - 2014-02-05 12:39 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000Core.job

2015-07-29 13:43 - 2014-02-11 11:59 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2015-07-27 15:08 - 2013-09-12 11:28 - 00000000 ____D C:\Users\Agricultura\Desktop\LIGA DE GLÓRIA

2015-07-27 09:16 - 2015-04-16 08:53 - 00000000 ____D C:\Users\Agricultura\Desktop\FOLHA GARANTIA SAFRA 2015

2015-07-23 12:38 - 2014-01-21 10:09 - 00000000 ____D C:\Users\Agricultura\Desktop\AÇÕES DA AGRICULTURA

2015-07-23 10:51 - 2013-05-09 10:02 - 01626900 _____ C:\Windows\system32\PerfStringBackup.INI

2015-07-23 10:51 - 2009-07-17 15:48 - 00702882 _____ C:\Windows\system32\prfh0416.dat

2015-07-23 10:51 - 2009-07-17 15:48 - 00145668 _____ C:\Windows\system32\prfc0416.dat

2015-07-23 09:33 - 2013-05-24 13:13 - 00000000 ____D C:\Users\Agricultura\Desktop\CONFERENCIA AGRICULTURA

2015-07-23 08:46 - 2013-07-11 09:09 - 00000000 ____D C:\Users\Agricultura\Desktop\CMDRS

2015-07-21 08:36 - 2014-07-14 16:10 - 00000000 ____D C:\Program Files\GbPlugin

2015-07-21 08:28 - 2014-06-06 16:08 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-07-21 08:28 - 2013-09-16 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-07-21 08:28 - 2013-05-09 10:15 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-07-21 08:28 - 2013-05-09 09:55 - 00001134 _____ C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-07-17 09:32 - 2013-11-18 08:00 - 00000000 ____D C:\Users\Agricultura\Desktop\MATERIAIS DA SECRET

2015-07-15 13:02 - 2013-05-09 10:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-07-15 13:02 - 2013-05-09 10:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-07-15 08:46 - 2014-01-27 07:26 - 00000000 ____D C:\Users\Agricultura\Desktop\OFICIOS 2014

2015-07-14 15:21 - 2013-05-09 09:54 - 00000000 ____D C:\Users\Agricultura\AppData\Local\VirtualStore

2015-07-10 12:47 - 2013-11-29 12:42 - 00000000 ____D C:\Users\Agricultura\Desktop\DOCUMENTOS CDA-CAR

2015-07-08 09:23 - 2013-07-12 09:55 - 00000000 ____D C:\Users\Agricultura\Desktop\TRABALHO DA FACULDADE

2015-07-08 09:20 - 2014-04-25 12:53 - 00000000 ____D C:\Users\Agricultura\Desktop\TERMOS

2015-07-08 08:38 - 2013-05-09 11:00 - 00141382 _____ C:\Windows\PFRO.log

2015-07-06 07:52 - 2013-05-09 11:12 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys

2015-07-03 14:44 - 2014-08-04 14:18 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys

2015-07-03 14:44 - 2013-12-23 10:18 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys

2015-07-03 14:44 - 2013-05-09 11:12 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys

2015-07-03 14:44 - 2013-05-09 11:12 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys

2015-07-03 14:44 - 2013-05-09 11:12 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-07-03 14:44 - 2013-05-09 11:12 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2015-07-03 14:43 - 2013-05-09 11:12 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys

==================== Files in the root of some directories =======

2014-07-14 16:06 - 2014-07-14 16:06 - 0017186 _____ () C:\Users\Agricultura\AppData\Roaming\unins000.dat

2014-07-14 16:06 - 2014-07-14 16:02 - 0815314 _____ () C:\Users\Agricultura\AppData\Roaming\unins000.exe

2013-05-09 11:14 - 2013-05-09 11:14 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:

====================

C:\Users\Agricultura\AppData\Local\Temp\Creative Cloud Helper.exe

C:\Users\Agricultura\AppData\Local\Temp\Foxit Updater.exe

C:\Users\Agricultura\AppData\Local\Temp\fp_pl_pfs_installer-1.exe

C:\Users\Agricultura\AppData\Local\Temp\fp_pl_pfs_installer-2.exe

C:\Users\Agricultura\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Agricultura\AppData\Local\Temp\jre-8u51-windows-au.exe

C:\Users\Agricultura\AppData\Local\Temp\Quarantine.exe

C:\Users\Agricultura\AppData\Local\Temp\sqlite3.dll

C:\Users\Agricultura\AppData\Local\Temp\ytb.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-23 09:29

==================== End of log ============================

[Alisson C. Lisboa 0]

Obrigado!

Grande abraço!

[caedurodrigues 19]

Boa noite Alisson, são os dois relatórios resultantes do escaneamento com a FRST, o outro relatório é o Addition.txt. Poste-o por favor, se você esqueceu de marcar a caixinha correspondente execute a ferramenta novamente conforme post #8. Um grande abraço.

[Alisson C. Lisboa 0]

Boa tarde! Esqueci, realmente, de postar. Segue abaixo um novo scan:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-08-2015

Ran by Agricultura (2015-08-10 15:07:28)

Running from C:\Users\Agricultura\Desktop

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-2321370074-2786946993-2889377673-500 - Administrator - Disabled)

Agricultura (S-1-5-21-2321370074-2786946993-2889377673-1000 - Administrator - Enabled) => C:\Users\Agricultura

Convidado (S-1-5-21-2321370074-2786946993-2889377673-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2321370074-2786946993-2889377673-1000\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)

Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)

Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)

Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2218 - AVAST Software)

DriverEasy 4.0.3 (HKLM\...\DriverEasy_is1) (Version: 4.0.3.0 - Easeware)

Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.4.3.920 - Foxit Corporation)

Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)

Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden

HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

HP Deskjet 3050 J610 series Software básico do dispositivo (HKLM\...\{15242A89-4D9E-4CD1-B3BC-3B402485B5D6}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Intel® TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)

Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)

Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Módulo de Segurança - Banco do Brasil (HKLM\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: 3.9.0.1 - )

Mozilla Firefox 25.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 25.0.1 (x86 pt-BR)) (Version: 25.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)

Nero 7 Essentials (HKLM\...\{66EBD70F-A42C-475F-AEDF-277378151046}) (Version: 7.02.9491 - Nero AG)

Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)

TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)

The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.0.124 - PandoraTV)

WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

XP Codec Pack (HKLM\...\XP Codec Pack) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0000}\InprocServer32 -> C:\Users\Agricultura\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0000}\InprocServer32 -> C:\Users\Agricultura\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Agricultura\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Agricultura\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Agricultura\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)

CustomCLSID: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Agricultura\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

==================== Restore Points =========================

21-07-2015 08:34:35 JRT Pre-Junkware Removal

22-07-2015 03:41:07 Windows Update

29-07-2015 14:24:07 Ponto de Verificação Agendado

04-08-2015 09:32:29 Driver Booster : Intel® 82801G (ICH7 Family) PCI Express Root Port - 27D0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:04 - 2009-06-10 18:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {053D8B50-4716-4CEE-853D-9B54A087932E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)

Task: {149073FF-6127-4BF0-96AB-62F5A808D869} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000UA => C:\Users\Agricultura\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-05] (Facebook Inc.)

Task: {3FBE30B9-B607-4604-B99F-0F8D6D64BA31} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-06] (Avast Software s.r.o.)

Task: {9FA1B2ED-4EC5-4204-AF6F-13011BB6E0B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)

Task: {B6CD231C-5452-412B-A9C6-21F7B28255EF} - System32\Tasks\Driver Booster SkipUAC (Agricultura) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe

Task: {C4B694D7-A4E8-481D-AD6D-ADEDD3368452} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)

Task: {CD3ABE19-7880-4DE4-9669-E32F249655CE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000Core => C:\Users\Agricultura\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-05] (Facebook Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000Core.job => C:\Users\Agricultura\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000UA.job => C:\Users\Agricultura\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-03 14:43 - 2015-07-03 14:43 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-07-03 14:43 - 2015-07-03 14:43 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-08-07 07:41 - 2015-08-07 07:41 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080700\algo.dll

2015-08-10 12:00 - 2015-08-10 12:00 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15081002\algo.dll

2012-04-26 10:10 - 2011-11-23 13:06 - 00684032 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\spd__du.dll

2014-02-11 03:20 - 2014-02-11 03:20 - 00597360 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll

2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2015-08-04 09:15 - 2015-08-04 09:15 - 03304736 _____ () C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe

2015-07-03 14:44 - 2015-07-03 14:44 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-02-11 15:09 - 2014-02-11 15:09 - 32733080 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\HEX\libcef.dll

2014-07-21 09:17 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-07-21 09:17 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\System32:BAB36F9D_Bb.gbp

AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br

IE trusted site: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000\...\bb.com.br -> hxxps://seg.bb.com.br

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2321370074-2786946993-2889377673-1000\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 172.16.2.1 - 8.8.8.8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Agricultura^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

MSCONFIG\startupreg: Facebook Update => "C:\Users\Agricultura\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

MSCONFIG\startupreg: uTorrent => "C:\Users\Agricultura\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C47D9242-C109-4F72-8A8B-BAE17D05F3A0}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [TCP Query User{224732CE-EBBC-47C2-9CE1-6805D18BD1A8}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe

FirewallRules: [uDP Query User{DD233601-A0E7-48EE-AF1C-49679974A166}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe

FirewallRules: [{DD63D2F3-AEBA-4ECC-A8E2-FA179B837419}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe

FirewallRules: [{C46A9FDD-1D60-47BC-B13A-993A3E5BC418}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe

FirewallRules: [{8ACCBB2A-2550-48E5-BDB2-A332BC51788D}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{FAB00AB0-5E08-45A6-9887-9A85A5D876BC}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe

FirewallRules: [{9B234AA6-1735-4536-95F7-7051BEFC934D}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer.exe

FirewallRules: [{A55D14C0-1934-479B-A5E6-6A9EFF942C1F}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

FirewallRules: [{4A661932-1BE7-4782-AD77-1FD420433FED}] => (Allow) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

FirewallRules: [{043D2605-5A63-4282-A0C1-B88A3E3B7FD6}] => (Allow) C:\Users\Agricultura\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{1AFF319A-5043-4F55-A7DC-56779E728D3E}] => (Allow) C:\Users\Agricultura\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{4FA634BB-318A-41CC-8E94-645E7F72CD56}] => (Allow) C:\Users\Agricultura\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

FirewallRules: [{DCCD9686-E41F-473F-8165-07DA237C1A16}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (08/07/2015 09:12:49 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.

Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (08/04/2015 02:16:03 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.

Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (08/04/2015 10:03:59 AM) (Source: AdvancedSystemCareService9) (EventID: 0) (User: )

Description: Identificador inválido

Error: (08/04/2015 10:03:59 AM) (Source: AdvancedSystemCareService9) (EventID: 0) (User: )

Description: Identificador inválido

Error: (08/04/2015 09:44:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )

Description: Falha dos Serviços de Criptografia ao inicializar o Catálogo do Banco de Dados. Erro do ESENT:-550.

Error: (08/04/2015 09:32:25 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.

.

Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.

Operação:

Obtendo Dados do Gravador

Contexto:

Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}

Nome do Gravador: System Writer

ID de Instância de Gravador: {d227b72c-698d-467b-b262-252a230aab69}

Error: (07/31/2015 10:38:48 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.

Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (07/31/2015 09:58:07 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.

Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (07/30/2015 01:08:29 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: O programa FRST.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 72c

Hora de Início: 01d0cae1a819487d

Hora de Término: 0

Caminho do Aplicativo: C:\Users\Agricultura\Downloads\FRST.exe

Id do Relatório:

Error: (07/30/2015 09:43:16 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Falha na geração de contexto de ativação para "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.

Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

System errors:

=============

Error: (08/04/2015 10:08:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: O serviço Advanced SystemCare Service 9 foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (08/04/2015 09:43:04 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: O desligamento anterior do sistema em 09:41:33 às ‎04/‎08/‎2015 não era esperado.

Error: (08/04/2015 09:36:51 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/04/2015 09:11:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: O serviço Advanced SystemCare Service 9 foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (08/04/2015 09:09:24 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: O serviço Advanced SystemCare Service 9 está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (08/04/2015 08:50:36 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: O desligamento anterior do sistema em 08:46:10 às ‎04/‎08/‎2015 não era esperado.

Error: (07/31/2015 08:52:51 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )

Description: O firmware da plataforma corrompeu a memória na transição de energia anterior. Use um firmware atualizado em seu sistema.

Error: (07/31/2015 08:24:43 AM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)

Description: O seguinte alerta fatal foi recebido: 20.

Error: (07/31/2015 08:24:29 AM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)

Description: O seguinte alerta fatal foi recebido: 20.

Error: (07/30/2015 12:56:27 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: O desligamento anterior do sistema em 12:36:23 às ‎30/‎07/‎2015 não era esperado.

Microsoft Office:

=========================

Error: (08/07/2015 09:12:49 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe

Error: (08/04/2015 02:16:03 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe

Error: (08/04/2015 10:03:59 AM) (Source: AdvancedSystemCareService9) (EventID: 0) (User: )

Description: Identificador inválido

Error: (08/04/2015 10:03:59 AM) (Source: AdvancedSystemCareService9) (EventID: 0) (User: )

Description: Identificador inválido

Error: (08/04/2015 09:44:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )

Description: -550

Error: (08/04/2015 09:32:25 AM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Acesso negado.

Operação:

Obtendo Dados do Gravador

Contexto:

Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}

Nome do Gravador: System Writer

ID de Instância de Gravador: {d227b72c-698d-467b-b262-252a230aab69}

Error: (07/31/2015 10:38:48 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe

Error: (07/31/2015 09:58:07 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe

Error: (07/30/2015 01:08:29 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: FRST.exe0.0.0.072c01d0cae1a819487d0C:\Users\Agricultura\Downloads\FRST.exe

Error: (07/30/2015 09:43:16 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\HP\HP Deskjet 3050 J610 series\DriverStore\Pipeline\amd64\hpinkins9311.exe

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz

Percentage of memory in use: 46%

Total physical RAM: 2037.49 MB

Available physical RAM: 1098.13 MB

Total Virtual: 4074.98 MB

Available Virtual: 2832.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:78.03 GB) (Free:42.27 GB) NTFS

Drive d: () (Fixed) (Total:70.91 GB) (Free:23.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 8E5D8E5D)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=70.9 GB) - (Type=OF Extended)

==================== End of log ============================

[Alisson C. Lisboa 0]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-08-2015

Ran by Agricultura (administrator) on LISBOA (10-08-2015 15:06:33)

Running from C:\Users\Agricultura\Desktop

Loaded Profiles: Agricultura (Available Profiles: Agricultura)

Platform: Microsoft Windows 7 Ultimate (X86) Language: Português (Brasil)

Internet Explorer Version 8 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

() C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Foxit Corporation) C:\Users\Agricultura\AppData\Local\Temp\Foxit Updater.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-06] (Avast Software s.r.o.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)

Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-02-11] ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-02-11] ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll [2014-02-11] ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-03] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKU\S-1-5-21-2321370074-2786946993-2889377673-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset

HKU\S-1-5-21-2321370074-2786946993-2889377673-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2321370074-2786946993-2889377673-1000 -> {C047580E-5F23-4623-91AD-F74D7330B99F} URL = https://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-29] (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-03] (Avast Software s.r.o.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-07-09] (IObit)

BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files\GbPlugin\gbieh.dll [2014-07-31] (Banco do Brasil)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-29] (Oracle Corporation)

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)

Tcpip\Parameters: [DhcpNameServer] 172.16.2.1 8.8.8.8 0.0.0.0

Tcpip\..\Interfaces\{1725E86C-0F7D-4614-8091-529F0B22183D}: [DhcpNameServer] 172.16.2.1 8.8.8.8 0.0.0.0

FireFox:

========

FF ProfilePath: C:\Users\Agricultura\AppData\Roaming\Mozilla\Firefox\Profiles\3jnviv07.default

FF Homepage: https://br.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset

FF DefaultSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-07-31] (Foxit Corporation)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-29] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-29] (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-02-11] (Adobe Systems)

FF Plugin HKU\S-1-5-21-2321370074-2786946993-2889377673-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Agricultura\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-2321370074-2786946993-2889377673-1000: gastecnologia.com.br/sf/bb -> C:\Users\Agricultura\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-04-06] (GAS Tecnologia)

FF user.js: detected! => C:\Users\Agricultura\AppData\Roaming\Mozilla\Firefox\Profiles\3jnviv07.default\user.js [2015-08-04]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2013-07-05]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2013-07-05]

FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Agricultura\AppData\Roaming\Mozilla\Firefox\Profiles\3jnviv07.default\Extensions\iobitascsurfingprotection@iobit.com [2015-08-04]

FF Extension: New Tab by Yahoo - C:\Users\Agricultura\AppData\Roaming\Mozilla\Firefox\Profiles\3jnviv07.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-06-22]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-09]

FF HKU\S-1-5-21-2321370074-2786946993-2889377673-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Agricultura\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

FF Extension: GBBD Banco do Brasil - C:\Users\Agricultura\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2015-03-26]

Chrome:

=======

CHR Profile: C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-16]

CHR Extension: (Google Drive) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]

CHR Extension: (YouTube) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]

CHR Extension: (Google Search) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-16]

CHR Extension: (Avast Online Security) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-06]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]

CHR Extension: (GBBD Banco do Brasil) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2014-07-14]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]

CHR Extension: (Gmail) - C:\Users\Agricultura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-03]

CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-03] (Avast Software s.r.o.)

R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [546104 2014-07-21] (GAS Tecnologia)

S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-04] (IObit)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-07-03] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-07-03] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-03] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-07-03] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-07-03] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-06] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-07-03] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-07-03] ()

R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [47192 2014-03-14] (GAS Tecnologia)

R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-08-04] (REALiX)

R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-07-14] (GAS Tecnologia)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 15:06 - 2015-08-10 15:06 - 00013956 _____ C:\Users\Agricultura\Desktop\FRST.txt

2015-08-10 15:06 - 2015-08-10 15:06 - 00000000 ____D C:\Users\Agricultura\Desktop\FRST-OlderVersion

2015-08-04 10:05 - 2015-08-04 10:05 - 00000000 ____D C:\Program Files\Intel

2015-08-04 10:05 - 2009-09-23 11:50 - 00398336 _____ (Intel® Corporation) C:\Windows\system32\TVWizudlg.exe

2015-08-04 10:05 - 2009-09-23 11:49 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll

2015-08-04 10:05 - 2009-09-23 11:47 - 00121232 _____ C:\Windows\system32\IScrNB.bmp

2015-08-04 10:00 - 2015-08-04 10:05 - 00000000 ____D C:\Windows\system32\Lang

2015-08-04 10:00 - 2015-08-04 10:00 - 00000000 ____D C:\Windows\system32\x64

2015-08-04 10:00 - 2015-08-04 09:59 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe

2015-08-04 09:59 - 2015-08-04 09:59 - 08198680 _____ (Intel® Corporation) C:\Windows\system32\TVWSetup.exe

2015-08-04 09:59 - 2015-08-04 09:59 - 05702656 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 04808192 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys

2015-08-04 09:59 - 2015-08-04 09:59 - 04104192 _____ (Intel Corporation) C:\Windows\system32\ig4icd32.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 03829760 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 02686976 _____ (Intel Corporation) C:\Windows\system32\ig4dev32.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 01921265 _____ C:\Windows\system32\iglhxa32.cpa

2015-08-04 09:59 - 2015-08-04 09:59 - 00672792 _____ (Intel Corporation) C:\Windows\system32\igfxcfg.exe

2015-08-04 09:59 - 2015-08-04 09:59 - 00536576 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 00310784 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00304640 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00303616 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00303616 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00303104 _____ (Intel Corporation) C:\Windows\system32\igfxresp.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00299520 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00294912 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00291328 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00289280 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00288256 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00287744 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00281088 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00280576 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00280064 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00279040 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00277504 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00275968 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00262656 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00257536 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 00252952 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe

2015-08-04 09:59 - 2015-08-04 09:59 - 00252416 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00249856 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00218112 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 00206848 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00205312 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00199680 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 00179712 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00178176 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc

2015-08-04 09:59 - 2015-08-04 09:59 - 00173592 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe

2015-08-04 09:59 - 2015-08-04 09:59 - 00173080 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe

2015-08-04 09:59 - 2015-08-04 09:59 - 00155648 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v1930.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 00150552 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe

2015-08-04 09:59 - 2015-08-04 09:59 - 00141848 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe

2015-08-04 09:59 - 2015-08-04 09:59 - 00130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 00119296 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl

2015-08-04 09:59 - 2015-08-04 09:59 - 00094208 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 00060254 _____ C:\Windows\system32\iglhxg32.vp

2015-08-04 09:59 - 2015-08-04 09:59 - 00060226 _____ C:\Windows\system32\iglhxc32.vp

2015-08-04 09:59 - 2015-08-04 09:59 - 00060015 _____ C:\Windows\system32\iglhxo32.vp

2015-08-04 09:59 - 2015-08-04 09:59 - 00059392 _____ (Intel Corporation) C:\Windows\system32\oemdspif.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 00051712 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 00039440 _____ C:\Windows\system32\iglhxs32.vp

2015-08-04 09:59 - 2015-08-04 09:59 - 00023552 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll

2015-08-04 09:59 - 2015-08-04 09:59 - 00001090 _____ C:\Windows\system32\iglhxa32.vp

2015-08-04 09:50 - 2015-08-04 09:50 - 00731904 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys

2015-08-04 09:50 - 2015-08-04 09:50 - 00109648 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll

2015-08-04 09:50 - 2015-08-04 09:50 - 00085616 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll

2015-08-04 09:43 - 2015-08-10 07:56 - 00000448 _____ C:\Windows\setupact.log

2015-08-04 09:43 - 2015-08-04 09:43 - 00000000 _____ C:\Windows\setuperr.log

2015-08-04 09:42 - 2015-08-04 10:18 - 00000716 _____ C:\Windows\PFRO.log

2015-08-04 09:28 - 2015-08-04 09:28 - 00023840 _____ (REALiX) C:\Windows\system32\Drivers\HWiNFO32.SYS

2015-08-04 09:27 - 2015-08-04 09:28 - 10604648 _____ (IObit ) C:\Users\Agricultura\Downloads\driver_booster_setup.exe

2015-08-04 09:13 - 2015-08-04 09:29 - 00000000 ____D C:\Users\Todos os Usuários\ProductData

2015-08-04 09:13 - 2015-08-04 09:29 - 00000000 ____D C:\ProgramData\ProductData

2015-08-04 09:13 - 2015-08-04 09:13 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled

2015-08-04 09:10 - 2015-08-04 09:10 - 00000000 ____D C:\Users\Agricultura\AppData\Roaming\ProductData

2015-08-04 09:10 - 2015-08-04 09:10 - 00000000 ____D C:\Users\Agricultura\AppData\Roaming\Apple Computer

2015-08-04 09:09 - 2015-08-04 09:09 - 00000000 ____D C:\Users\Todos os Usuários\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}

2015-08-04 09:09 - 2015-08-04 09:09 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}

2015-08-04 09:09 - 2015-08-04 09:09 - 00000000 ____D C:\Program Files\Common Files\IObit

2015-08-04 09:08 - 2015-08-04 10:08 - 00000000 ____D C:\Program Files\IObit

2015-08-04 09:08 - 2015-08-04 09:28 - 00000000 ____D C:\Users\Todos os Usuários\IObit

2015-08-04 09:08 - 2015-08-04 09:28 - 00000000 ____D C:\Users\Agricultura\AppData\Roaming\IObit

2015-08-04 09:08 - 2015-08-04 09:28 - 00000000 ____D C:\ProgramData\IObit

2015-08-04 09:06 - 2015-08-04 09:08 - 31365136 _____ (IObit ) C:\Users\Agricultura\Downloads\advanced-systemcare-setup-beta.exe

2015-07-30 13:07 - 2015-07-30 13:08 - 00024099 _____ C:\Users\Agricultura\Downloads\FRST.txt

2015-07-30 13:06 - 2015-08-10 15:06 - 00000000 ____D C:\FRST

2015-07-30 13:05 - 2015-08-10 15:06 - 01674752 _____ (Farbar) C:\Users\Agricultura\Desktop\FRST.exe

2015-07-29 13:47 - 2015-07-29 13:47 - 00000000 ____D C:\Users\Agricultura\AppData\Local\YSearchUtil

2015-07-29 13:44 - 2015-07-29 13:44 - 00000000 ____D C:\Program Files\Common Files\Java

2015-07-27 14:57 - 2015-07-27 15:01 - 00777371 _____ C:\Users\Agricultura\Downloads\Não confirmado 585036.crdownload

2015-07-23 15:43 - 2015-07-23 15:43 - 00053921 _____ C:\Users\Agricultura\Desktop\ZHPDiag.txt

2015-07-23 15:40 - 2015-07-23 15:41 - 00000000 ____D C:\Users\Agricultura\AppData\Roaming\ZHP

2015-07-23 15:40 - 2015-07-23 15:40 - 00000788 _____ C:\Users\Agricultura\Desktop\ZHPDiag.lnk

2015-07-23 15:33 - 2015-07-23 15:35 - 01844736 _____ C:\Users\Agricultura\Desktop\ZHPDiag3.exe

2015-07-23 12:14 - 2015-07-23 12:21 - 00000000 ____D C:\Users\Agricultura\Desktop\CONVÊNIO SEBRAE

2015-07-23 12:14 - 2015-07-23 12:14 - 01380470 _____ C:\Users\Agricultura\Downloads\Apresentação SEI 2015.pptx

2015-07-23 12:14 - 2015-07-23 12:14 - 00502084 _____ C:\Users\Agricultura\Downloads\Apresentação Parceiro 2015.pptx

2015-07-23 12:13 - 2015-07-23 12:14 - 00555494 _____ C:\Users\Agricultura\Downloads\Apresentação NO CAMPO 2015.pptx

2015-07-23 08:25 - 2015-07-23 08:26 - 00053079 _____ C:\Users\Agricultura\Downloads\CapacitaçãoLaudos.Inverno (1).xlsx

2015-07-22 08:23 - 2015-07-22 08:23 - 01603584 _____ C:\Users\Agricultura\Downloads\Apresentação Conferência de SAN - 2015.ppt

2015-07-22 08:23 - 2015-07-22 08:23 - 00077824 _____ C:\Users\Agricultura\Downloads\Distribuição das vagas municipais por territórios 2015.xls

2015-07-21 08:40 - 2015-07-29 16:34 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin

2015-07-21 08:40 - 2015-07-29 16:34 - 00000000 ____D C:\ProgramData\GbPlugin

2015-07-21 08:26 - 2015-07-21 08:29 - 00000000 ____D C:\AdwCleaner

2015-07-21 08:25 - 2015-07-21 08:26 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Agricultura\Desktop\JRT.exe

2015-07-21 08:24 - 2015-07-21 08:25 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Agricultura\Downloads\Não confirmado 929304.crdownload

2015-07-21 08:24 - 2015-07-21 08:24 - 02248704 _____ C:\Users\Agricultura\Desktop\adwcleaner_4.208.exe

2015-07-17 08:50 - 2015-07-24 11:24 - 00000000 ____D C:\Users\Agricultura\Desktop\GARANTIA SAFRA 2016

2015-07-17 08:49 - 2015-07-17 08:49 - 00611569 _____ C:\Users\Agricultura\Downloads\Aportes Municipais - Safra 2014.2015.xlsx

2015-07-16 08:56 - 2015-07-16 08:59 - 00057200 _____ C:\Users\Agricultura\Desktop\Folha JUN-15_GS_BA.3.xlsx

2015-07-16 08:52 - 2015-07-16 08:52 - 00088115 _____ C:\Users\Agricultura\Desktop\Folha JUN-15_GS_BA.xlsx

2015-07-16 08:37 - 2015-07-16 08:38 - 06617870 _____ C:\Users\Agricultura\Downloads\Folha JUN-15_GS_BA.xlsx

2015-07-14 15:17 - 2015-07-14 15:17 - 00002985 _____ C:\Users\Agricultura\Desktop\HiJackThis.lnk

2015-07-14 15:17 - 2015-07-14 15:17 - 00000000 ____D C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2015-07-14 15:17 - 2015-07-14 15:17 - 00000000 ____D C:\HiJackThis

2015-07-14 15:08 - 2015-07-14 15:09 - 01402880 _____ C:\Users\Agricultura\Downloads\HijackThis.msi

2015-07-14 10:02 - 2015-07-14 10:02 - 00011568 _____ C:\Users\Agricultura\Desktop\CONTATOS_PISCICULTORES.xlsx

2015-07-14 08:13 - 2015-07-14 08:13 - 00053079 _____ C:\Users\Agricultura\Downloads\CapacitaçãoLaudos.Inverno.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 14:52 - 2013-05-09 10:16 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-08-10 14:47 - 2013-09-16 11:33 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-08-10 13:44 - 2014-02-05 12:39 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000UA.job

2015-08-10 13:44 - 2014-02-05 12:39 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2321370074-2786946993-2889377673-1000Core.job

2015-08-10 09:05 - 2014-01-21 10:09 - 00000000 ____D C:\Users\Agricultura\Desktop\AÇÕES DA AGRICULTURA

2015-08-10 08:03 - 2009-07-14 01:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-08-10 08:03 - 2009-07-14 01:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-08-10 07:59 - 2013-05-09 09:43 - 01780895 _____ C:\Windows\WindowsUpdate.log

2015-08-10 07:56 - 2013-09-16 11:33 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-08-10 07:56 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-08-07 08:54 - 2015-04-16 08:53 - 00000000 ____D C:\Users\Agricultura\Desktop\FOLHA GARANTIA SAFRA 2015

2015-08-05 16:18 - 2014-07-14 15:05 - 00000000 ____D C:\Users\Agricultura\Desktop\ARQUIVOS PAA

2015-08-05 14:07 - 2014-03-21 07:41 - 00000000 ____D C:\Users\Agricultura\Desktop\SENHA GRANTIA SAFRA

2015-08-05 14:04 - 2013-08-02 13:33 - 00000000 ____D C:\Users\Agricultura\Desktop\GANTIA SAFRA 2013 l 2014

2015-08-05 08:00 - 2009-07-14 01:53 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-08-04 14:26 - 2013-05-21 09:25 - 00000000 ____D C:\Users\Agricultura\Desktop\LEIS DOS CONSELHOS

2015-08-04 13:43 - 2015-06-17 07:31 - 00000000 ____D C:\Users\Agricultura\Desktop\PLUVIOMETRIA 2015

2015-08-04 09:24 - 2015-02-05 10:44 - 00000000 ____D C:\Users\Agricultura\Desktop\PLUVIOMETRIA 2014

2015-08-04 09:24 - 2013-05-09 14:39 - 00000000 ____D C:\Windows\Panther

2015-08-04 09:18 - 2014-11-25 09:29 - 00000000 ____D C:\Users\Agricultura\AppData\Roaming\Media Player Classic

2015-07-30 12:36 - 2014-05-28 07:23 - 00000000 ____D C:\Users\Agricultura\AppData\Roaming\uTorrent

2015-07-29 13:46 - 2014-02-11 12:00 - 00000000 ____D C:\Users\Todos os Usuários\Oracle

2015-07-29 13:46 - 2014-02-11 12:00 - 00000000 ____D C:\ProgramData\Oracle

2015-07-29 13:45 - 2014-02-11 11:59 - 00000000 ____D C:\Program Files\Java

2015-07-29 13:44 - 2014-02-11 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-07-29 13:43 - 2014-02-11 11:59 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2015-07-27 15:08 - 2013-09-12 11:28 - 00000000 ____D C:\Users\Agricultura\Desktop\LIGA DE GLÓRIA

2015-07-23 10:51 - 2013-05-09 10:02 - 01626900 _____ C:\Windows\system32\PerfStringBackup.INI

2015-07-23 10:51 - 2009-07-17 15:48 - 00702882 _____ C:\Windows\system32\prfh0416.dat

2015-07-23 10:51 - 2009-07-17 15:48 - 00145668 _____ C:\Windows\system32\prfc0416.dat

2015-07-23 09:33 - 2013-05-24 13:13 - 00000000 ____D C:\Users\Agricultura\Desktop\CONFERENCIA AGRICULTURA

2015-07-23 08:46 - 2013-07-11 09:09 - 00000000 ____D C:\Users\Agricultura\Desktop\CMDRS

2015-07-21 08:36 - 2014-07-14 16:10 - 00000000 ____D C:\Program Files\GbPlugin

2015-07-21 08:28 - 2014-06-06 16:08 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-07-21 08:28 - 2013-09-16 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-07-21 08:28 - 2013-05-09 10:15 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-07-21 08:28 - 2013-05-09 09:55 - 00001134 _____ C:\Users\Agricultura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-07-17 09:32 - 2013-11-18 08:00 - 00000000 ____D C:\Users\Agricultura\Desktop\MATERIAIS DA SECRET

2015-07-15 13:02 - 2013-05-09 10:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-07-15 13:02 - 2013-05-09 10:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-07-15 08:46 - 2014-01-27 07:26 - 00000000 ____D C:\Users\Agricultura\Desktop\OFICIOS 2014

2015-07-14 15:21 - 2013-05-09 09:54 - 00000000 ____D C:\Users\Agricultura\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2014-07-14 16:06 - 2014-07-14 16:06 - 0017186 _____ () C:\Users\Agricultura\AppData\Roaming\unins000.dat

2014-07-14 16:06 - 2014-07-14 16:02 - 0815314 _____ () C:\Users\Agricultura\AppData\Roaming\unins000.exe

2013-05-09 11:14 - 2013-05-09 11:14 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:

====================

C:\Users\Agricultura\AppData\Local\Temp\Foxit Updater.exe

C:\Users\Agricultura\AppData\Local\Temp\ytb.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-04 14:16

==================== End of log ============================

[caedurodrigues 19]

Boa noite Alisson,

• Copie estas informações que estão em vermelho,para o Bloco de Notas.

• Salve-a com o nome fixlist.txt

• Salve-a no mesmo local em que se encontra a FRST

start

CreateRestorePoint:

CloseProcesses:

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2013-07-05]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2013-07-05]

C:\Users\Agricultura\AppData\Local\Temp\Foxit Updater.exe

C:\Users\Agricultura\AppData\Local\Temp\ytb.exe

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

emptytemp:

end

• Execute FRST/FRST64 >> Clique "Fix". << Aguarde!

• Poste o relatório! (Fixlog.txt)

Um grande abraço.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

[Alisson C. Lisboa 0]

Fix result of Farbar Recovery Scan Tool (x86) Version:13-08-2015

Ran by Agricultura (2015-08-14 10:12:58) Run:1

Running from C:\Users\Agricultura\Desktop\FRST-OlderVersion

Loaded Profiles: Agricultura (Available Profiles: Agricultura)

Boot Mode: Normal

==============================================

fixlist content:

*****************

start

CreateRestorePoint:

CloseProcesses:

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2013-07-05]

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2013-07-05]

C:\Users\Agricultura\AppData\Local\Temp\Foxit Updater.exe

C:\Users\Agricultura\AppData\Local\Temp\ytb.exe

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

emptytemp:

end

*****************

Restore point was successfully created.

Processes closed successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully.

HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.

C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml => moved successfully.

C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml => moved successfully.

C:\Users\Agricultura\AppData\Local\Temp\Foxit Updater.exe => moved successfully.

C:\Users\Agricultura\AppData\Local\Temp\ytb.exe => moved successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {D51E0437-51E3-4BF5-8EDA-E17121958501}.

Unable to cancel {D07FBF4E-8EB1-4923-BD89-7FEBAC212C55}.

Unable to cancel {F31EC33A-1DC7-4966-B6F1-371F846ACF62}.

Unable to cancel {209F77CD-11A6-44EA-835A-9AF28EEFF097}.

0 out of 4 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= End of CMD: =========

EmptyTemp: => 856.3 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 10:14:38 ====

[caedurodrigues 19]

Boa noite Alisson, vamos fazer um check em certos serviços, atualizações e programas de segurança.

 

• Baixe: <> (...by glax24)

• Salve-a na Desktop (Área de trabalho)

• Para Windows 7, 8 e 8.1clique direito em SecurityCheck e execute-o como

• Ao término clique em "OK".

• Copie e poste o relatório! ( C:\SecurityCheck\*.log )

[Alisson C. Lisboa 0]

SecurityCheck by glax24 v.1.4.0.26 [19.08.15]

WebSite: www.safezone.cc

DateLog: 20.08.2015 12:49:29

Path starting: C:\Users\Agricultura\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe

Log directory: C:\SecurityCheck\

IsAdmin: True

User: Agricultura

VersionXML: 1.64is

___________________________________________________________________________

Windows 7(6.1.7600) (x86) Ultimate Lang: Portuguese(0416)

Installation date OS: 09.05.2013 12:54:32

LicenseStatus: Windows® 7, Ultimate edition The machine is permanently activated.

Boot Mode: Normal

Default Browser: C:\Program Files\Internet Explorer\iexplore.exe

SystemDrive: C: FS: [NTFS] Capacity: [78 Gb] Used: [34.3 Gb] Free: [43.7 Gb]

------------------------------- [ Windows ] -------------------------------

Service Pack not Installed Warning! Download Update

Possible re-activation of Windows will be needed.

Internet Explorer 8.0.7600.16385 Warning! Download Update

Online installation. Last version available when Windows update is enabled throught the Internet.

User Account Control enabled

Automatic Updates disabled

Windows Update (wuauserv) - The service is running

Central de Segurança (wscsvc) - The service is running

---------------------------- [ Antivirus_WMI ] ----------------------------

avast! Antivirus (enabled and up to date)

---------------------------- [ Firewall_WMI ] -----------------------------

avast! Antivirus (disabled)

--------------------------- [ AntiSpyware_WMI ] ---------------------------

Windows Defender (enabled and up to date)

avast! Antivirus (enabled and up to date)

---------------------- [ AntiVirusFirewallInstall ] -----------------------

Avast Free Antivirus v.10.3.2225

--------------------------- [ OtherUtilities ] ----------------------------

Foxit Reader v.5.4.3.920 Warning! Download Update

TeamViewer 9 v.9.0.25942 Warning! Download Update

Optional update.

HiJackThis v.1.0.0

-------------------------------- [ Java ] ---------------------------------

Java 8 Update 51 v.8.0.510

--------------------------- [ AdobeProduction ] ---------------------------

Adobe Flash Player 18 ActiveX v.18.0.0.232

Adobe Flash Player 18 NPAPI v.18.0.0.232

------------------------------- [ Browser ] -------------------------------

Google Chrome v.44.0.2403.155

Mozilla Firefox 25.0.1 (x86 pt-BR) v.25.0.1 Warning! Download Update

--------------------------- [ RunningProcess ] ----------------------------

C:\Program Files\Google\Chrome\Application\chrome.exe v.44.0.2403.155

---------------------------- [ UnwantedApps ] -----------------------------

Surfing Protection v.1.3 Внимание! Приложение распространяется в рамках партнерских программ и сборников-бандлов. Рекомендуется деинсталляция. Возможно Вы стали жертвой обмана или социальной инженерии.

----------------------------- [ End of Log ] ------------------------------

[caedurodrigues 19]

Boa noite Alisson, realize as atualizações necessárias detectadas pelo SecurityCheck. Informe como está o PC.