Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-03-2017
Executado por Dali (administrador) em ATÉOFINAL (16-03-2017 12:56:17)
Executando a partir de C:\Users\Dali\Desktop
Perfis Carregados: Dali (Perfis Disponíveis: UpdatusUser & Dali)
Platform: Windows 10 Home Single Language Versão 1607 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Filseclab Corporation Limited) C:\Program Files (x86)\ScreenShot\SSSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [ETDCtrl] => %ProgramFiles%\Elantech\ETDCtrl.exe
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-09-17] (Realtek Semiconductor)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{654e4a8a-5444-433e-8fff-f87d4c419c66}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default [2017-03-16]
CHR Extension: (Google Apresentações) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-16]
CHR Extension: (Google Docs) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-16]
CHR Extension: (Google Drive) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-16]
CHR Extension: (YouTube) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-16]
CHR Extension: (Planilhas do Google) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-16]
CHR Extension: (Avast Online Security) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-07]
CHR Extension: (Роза (Sielena theme)) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnfdacakacimlilmmiffmnoholoppcp [2016-10-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256120 2016-03-05] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2013-06-05] (Intel Mobile Communications)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [434560 2016-10-03] (Realsil Semiconductor Corporation)
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2013-06-05] (MobileTop)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2013-06-05] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2013-06-05] (MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2013-06-05] (MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2013-06-05] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2013-06-05] (MCCI Corporation)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [67864 2013-06-05] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2013-06-05] (MCCI Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-16 12:56 - 2017-03-16 12:56 - 00010198 _____ C:\Users\Dali\Desktop\FRST.txt
2017-03-16 12:56 - 2017-03-16 12:56 - 00000000 ____D C:\FRST
2017-03-16 12:53 - 2017-03-16 12:55 - 02424832 _____ (Farbar) C:\Users\Dali\Desktop\FRST64.exe
2017-03-16 12:05 - 2017-03-16 12:05 - 00000000 ___HD C:\OneDriveTemp
2017-03-05 18:58 - 2017-03-06 19:47 - 00000000 ____D C:\Users\Dali\Desktop\fontes
2017-03-05 18:49 - 2017-03-05 18:49 - 00001232 _____ C:\Users\Dali\Desktop\Continue PhotoScape Installation.lnk
2017-03-05 18:46 - 2017-03-07 07:07 - 00000000 ____D C:\Users\Dali\AppData\Roaming\ScreenShot
2017-03-05 18:46 - 2017-03-05 18:46 - 00000000 ____D C:\Program Files (x86)\ScreenShot
2017-02-22 17:45 - 2017-02-22 17:45 - 00002239 _____ C:\Users\Dali\Desktop\Itaú.lnk
2017-02-22 17:45 - 2017-02-22 17:45 - 00000000 ____D C:\Users\Dali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2017-02-06 21:36 - 2017-02-06 21:36 - 00001263 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2017-01-29 18:37 - 2017-01-29 18:37 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-01-29 18:37 - 2017-01-29 18:37 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-01-29 18:37 - 2017-01-29 18:37 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-01-29 18:31 - 2017-03-06 14:56 - 00000000 ____D C:\Users\Dali\AppData\Roaming\PhotoScape
2017-01-29 18:30 - 2017-01-29 18:30 - 00001104 _____ C:\Users\Dali\Desktop\PhotoScape.lnk
2017-01-29 17:06 - 2017-03-15 21:53 - 00000000 ____D C:\Users\Dali\Desktop\gemeas
2017-01-11 17:35 - 2016-12-21 04:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 17:35 - 2016-12-14 02:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 17:35 - 2016-12-14 02:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-08 19:57 - 2017-01-08 19:57 - 00471005 _____ C:\Users\Dali\Desktop\boleto americanas.pdf
2016-12-26 22:34 - 2017-03-05 00:55 - 00000000 ____D C:\Users\Dali\Desktop\Camera
2016-12-26 22:31 - 2016-12-26 22:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-16 12:56 - 2016-10-16 18:34 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-16 12:40 - 2016-10-16 18:34 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-16 12:08 - 2016-10-16 18:29 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{61EDA06E-3763-4513-AF27-1B2F88C9E4CA}
2017-03-16 12:05 - 2016-10-16 18:19 - 00000000 ___RD C:\Users\Dali\Desktop\OneDrive
2017-03-16 12:05 - 2016-10-16 17:51 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-16 12:05 - 2015-08-20 11:07 - 00000000 __SHD C:\Users\Dali\IntelGraphicsProfiles
2017-03-15 21:47 - 2016-10-16 18:36 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-15 21:47 - 2016-10-16 18:36 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 21:47 - 2016-10-16 18:23 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-14 22:15 - 2016-10-16 17:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 21:58 - 2016-10-16 18:39 - 00912158 _____ C:\WINDOWS\system32\prfh0416.dat
2017-03-08 21:58 - 2016-10-16 18:39 - 00274636 _____ C:\WINDOWS\system32\prfc0416.dat
2017-03-08 21:58 - 2016-10-16 18:05 - 02332072 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 21:54 - 2016-10-16 17:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-07 07:28 - 2016-10-16 17:57 - 00000000 ____D C:\Users\Dali
2017-03-07 07:07 - 2016-10-16 17:46 - 00248712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-06 14:03 - 2016-10-16 18:34 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-23 17:53 - 2016-10-16 20:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 17:52 - 2016-10-16 20:33 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 18:10 - 2016-10-16 18:07 - 00000000 ____D C:\Users\Dali\AppData\Local\Packages
2017-02-22 17:45 - 2016-11-01 19:52 - 00000000 ____D C:\Users\Dali\AppData\Local\Aplicativo Itau
2017-02-18 23:26 - 2016-12-06 19:05 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-18 23:26 - 2016-10-16 18:11 - 00002370 _____ C:\Users\Dali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
==================== Arquivos na raiz de alguns diretórios =======
2016-10-16 17:50 - 2016-10-16 17:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Alguns arquivos em TEMP:
====================
2013-06-24 14:19 - 2013-06-24 14:19 - 2380752 _____ (Mooii) C:\Users\Dali\AppData\Local\Temp\GoogleSetup.exe
2016-10-16 22:23 - 2016-10-16 22:23 - 0035680 _____ () C:\Users\Dali\AppData\Local\Temp\i4jdel0.exe
2017-03-05 18:49 - 2017-03-05 18:49 - 1222040 _____ ( ) C:\Users\Dali\AppData\Local\Temp\ICReinstall_photoscape.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-03-12 16:05
==================== Fim de FRST.txt ============================
Executado por Dali (administrador) em ATÉOFINAL (16-03-2017 12:56:17)
Executando a partir de C:\Users\Dali\Desktop
Perfis Carregados: Dali (Perfis Disponíveis: UpdatusUser & Dali)
Platform: Windows 10 Home Single Language Versão 1607 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Filseclab Corporation Limited) C:\Program Files (x86)\ScreenShot\SSSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [ETDCtrl] => %ProgramFiles%\Elantech\ETDCtrl.exe
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-09-17] (Realtek Semiconductor)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{654e4a8a-5444-433e-8fff-f87d4c419c66}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default [2017-03-16]
CHR Extension: (Google Apresentações) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-16]
CHR Extension: (Google Docs) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-16]
CHR Extension: (Google Drive) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-16]
CHR Extension: (YouTube) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-16]
CHR Extension: (Planilhas do Google) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-16]
CHR Extension: (Avast Online Security) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-07]
CHR Extension: (Роза (Sielena theme)) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnfdacakacimlilmmiffmnoholoppcp [2016-10-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256120 2016-03-05] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2013-06-05] (Intel Mobile Communications)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [434560 2016-10-03] (Realsil Semiconductor Corporation)
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2013-06-05] (MobileTop)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2013-06-05] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2013-06-05] (MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2013-06-05] (MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2013-06-05] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2013-06-05] (MCCI Corporation)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [67864 2013-06-05] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2013-06-05] (MCCI Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-16 12:56 - 2017-03-16 12:56 - 00010198 _____ C:\Users\Dali\Desktop\FRST.txt
2017-03-16 12:56 - 2017-03-16 12:56 - 00000000 ____D C:\FRST
2017-03-16 12:53 - 2017-03-16 12:55 - 02424832 _____ (Farbar) C:\Users\Dali\Desktop\FRST64.exe
2017-03-16 12:05 - 2017-03-16 12:05 - 00000000 ___HD C:\OneDriveTemp
2017-03-05 18:58 - 2017-03-06 19:47 - 00000000 ____D C:\Users\Dali\Desktop\fontes
2017-03-05 18:49 - 2017-03-05 18:49 - 00001232 _____ C:\Users\Dali\Desktop\Continue PhotoScape Installation.lnk
2017-03-05 18:46 - 2017-03-07 07:07 - 00000000 ____D C:\Users\Dali\AppData\Roaming\ScreenShot
2017-03-05 18:46 - 2017-03-05 18:46 - 00000000 ____D C:\Program Files (x86)\ScreenShot
2017-02-22 17:45 - 2017-02-22 17:45 - 00002239 _____ C:\Users\Dali\Desktop\Itaú.lnk
2017-02-22 17:45 - 2017-02-22 17:45 - 00000000 ____D C:\Users\Dali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2017-02-06 21:36 - 2017-02-06 21:36 - 00001263 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2017-01-29 18:37 - 2017-01-29 18:37 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-01-29 18:37 - 2017-01-29 18:37 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-01-29 18:37 - 2017-01-29 18:37 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-01-29 18:31 - 2017-03-06 14:56 - 00000000 ____D C:\Users\Dali\AppData\Roaming\PhotoScape
2017-01-29 18:30 - 2017-01-29 18:30 - 00001104 _____ C:\Users\Dali\Desktop\PhotoScape.lnk
2017-01-29 17:06 - 2017-03-15 21:53 - 00000000 ____D C:\Users\Dali\Desktop\gemeas
2017-01-11 17:35 - 2016-12-21 04:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 17:35 - 2016-12-14 02:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 17:35 - 2016-12-14 02:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-08 19:57 - 2017-01-08 19:57 - 00471005 _____ C:\Users\Dali\Desktop\boleto americanas.pdf
2016-12-26 22:34 - 2017-03-05 00:55 - 00000000 ____D C:\Users\Dali\Desktop\Camera
2016-12-26 22:31 - 2016-12-26 22:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-16 12:56 - 2016-10-16 18:34 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-16 12:40 - 2016-10-16 18:34 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-16 12:08 - 2016-10-16 18:29 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{61EDA06E-3763-4513-AF27-1B2F88C9E4CA}
2017-03-16 12:05 - 2016-10-16 18:19 - 00000000 ___RD C:\Users\Dali\Desktop\OneDrive
2017-03-16 12:05 - 2016-10-16 17:51 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-16 12:05 - 2015-08-20 11:07 - 00000000 __SHD C:\Users\Dali\IntelGraphicsProfiles
2017-03-15 21:47 - 2016-10-16 18:36 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-15 21:47 - 2016-10-16 18:36 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 21:47 - 2016-10-16 18:23 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-14 22:15 - 2016-10-16 17:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-08 21:58 - 2016-10-16 18:39 - 00912158 _____ C:\WINDOWS\system32\prfh0416.dat
2017-03-08 21:58 - 2016-10-16 18:39 - 00274636 _____ C:\WINDOWS\system32\prfc0416.dat
2017-03-08 21:58 - 2016-10-16 18:05 - 02332072 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 21:54 - 2016-10-16 17:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-07 07:28 - 2016-10-16 17:57 - 00000000 ____D C:\Users\Dali
2017-03-07 07:07 - 2016-10-16 17:46 - 00248712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-06 14:03 - 2016-10-16 18:34 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-23 17:53 - 2016-10-16 20:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 17:52 - 2016-10-16 20:33 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 18:10 - 2016-10-16 18:07 - 00000000 ____D C:\Users\Dali\AppData\Local\Packages
2017-02-22 17:45 - 2016-11-01 19:52 - 00000000 ____D C:\Users\Dali\AppData\Local\Aplicativo Itau
2017-02-18 23:26 - 2016-12-06 19:05 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-18 23:26 - 2016-10-16 18:11 - 00002370 _____ C:\Users\Dali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
==================== Arquivos na raiz de alguns diretórios =======
2016-10-16 17:50 - 2016-10-16 17:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Alguns arquivos em TEMP:
====================
2013-06-24 14:19 - 2013-06-24 14:19 - 2380752 _____ (Mooii) C:\Users\Dali\AppData\Local\Temp\GoogleSetup.exe
2016-10-16 22:23 - 2016-10-16 22:23 - 0035680 _____ () C:\Users\Dali\AppData\Local\Temp\i4jdel0.exe
2017-03-05 18:49 - 2017-03-05 18:49 - 1222040 _____ ( ) C:\Users\Dali\AppData\Local\Temp\ICReinstall_photoscape.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-03-12 16:05
==================== Fim de FRST.txt ============================