Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 10-02-2017 Executado por uae (administrador) em UAE-VAIO (11-02-2017 00:43:59) Executando a partir de C:\Users\uae\Downloads Perfis Carregados: uae & (Perfis Disponíveis: uae & Convidado) Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fb_inet_server.exe (HP) C:\Windows\System32\HPSIsvc.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe () C:\Program Files (x86)\systips\tipssvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Spotify Ltd) C:\Users\uae\AppData\Roaming\Spotify\SpotifyWebHelper.exe () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2012-03-13] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-03-13] (Synaptics Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-22] (Intel Corporation) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60120 2016-11-25] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-06] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2016-03-19] (alch) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [Facebook Update] => C:\Users\uae\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-29] (Facebook Inc.) HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [HW_OPENEYE_OUC_Claro] => "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe" HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [Spotify Web Helper] => C:\Users\uae\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-10-14] (Spotify Ltd) HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe [4535192 2016-03-15] () HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe [7763384 2016-07-15] (AO Kaspersky Lab) HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {0ad82c4e-43f1-11e4-83e5-642737bcc2f8} - E:\AutoRun.exe HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {a62b03c4-e954-11e3-925b-642737bcc2f8} - E:\AutoRun.exe HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {fdd78037-e8c9-11e3-9e84-642737bcc2f8} - F:\AutoRun.exe HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {fdd78044-e8c9-11e3-9e84-642737bcc2f8} - E:\AutoRun.exe HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\...\MountPoints2: {fdd78099-e8c9-11e3-9e84-642737bcc2f8} - E:\AutoRun.exe HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation) HKU\S-1-5-21-4222321392-2254865489-2065712015-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [HW_OPENEYE_OUC_Claro] => "C:\Program Files (x86)\Claro\UpdateDog\ouc.exe" HKU\S-1-5-18\...\Run: [WiFi Protector] => C:\Program Files (x86)\WiFi Protector\WiFiProtLauncher.exe ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-12-06] ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab) Startup: C:\Users\uae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-06] ShortcutTarget: Start.lnk -> C:\Users\uae\AppData\Roaming\evgrei\lnardpfbj64.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 Tcpip\..\Interfaces\{D3BDFB55-ECA9-4382-ADE2-64559BD9BFDA}: [DhcpNameServer] 192.168.2.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/ HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.latinamweb.com/ HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net HKU\S-1-5-21-4222321392-2254865489-2065712015-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKU\S-1-5-21-4222321392-2254865489-2065712015-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = BHO: Sem Nome -> {22ad50a5-4d58-47d0-b850-f35b616e9b5d} -> Nenhum Arquivo BHO: Sem Nome -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Nenhum Arquivo BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Sem Nome -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Nenhum Arquivo BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-23] (Atheros Commnucations) BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo Toolbar: HKLM - Sem Nome - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Nenhum Arquivo StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: 35tllo9r.default-1416778096862 FF ProfilePath: C:\Users\uae\AppData\Roaming\Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 [2017-02-10] FF user.js: detected! => C:\Users\uae\AppData\Roaming\Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862\user.js [2016-12-06] FF NewTab: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> about:newtab FF DefaultSearchUrl: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> hxxps://www.google.com/search?trackid=sp-006 FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> Google (avast) FF Homepage: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> www.qqovd.com?oem=sv1&uid=J211008BJ59EBA_HTS547550A9E&tm=1454510724 FF Keyword.URL: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> hxxps://www.google.com/search?trackid=sp-006 FF SelectedSearchEngine: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> Google (avast) FF DefaultSearchEngine: Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862 -> Google (avast) FF SearchPlugin: C:\Users\uae\AppData\Roaming\Mozilla\Firefox\Profiles\35tllo9r.default-1416778096862\searchplugins\google-avast.xml [2016-01-14] FF HKU\S-1-5-21-4222321392-2254865489-2065712015-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => não encontrado (a) FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-03-13] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-03-13] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG) FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.) FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2011-08-02] (Sony Network Entertainment International LLC) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-08-05] (pdfforge GmbH) FF Plugin HKU\S-1-5-21-4222321392-2254865489-2065712015-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\uae\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> www.123rede.com?oem=sv1&uid=J211008BJ59EBA_HTS547550A9E&tm=1451351344 CHR StartupUrls: Default -> "hxxps://www.google.com.br/" CHR Profile: C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default [2017-02-11] CHR Extension: (Google Drive) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Gmail) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Chrome Media Router) - C:\Users\uae\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-06] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-06] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-06] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [Arquivo não assinado] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG) S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.) [Arquivo não assinado] R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fb_inet_server.exe [2723840 2009-07-22] (Firebird Project) [Arquivo não assinado] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation) R2 NetExpress Updater; C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe [20568 2015-08-21] () S2 NetLogHandler; C:\Users\uae\AppData\Roaming\Netlog\Netlog.exe [167704 2015-06-08] (QNT) S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH) S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH) R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation) R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation) R2 TipsService; C:\Program Files (x86)\systips\tipssvc.exe [317440 2015-07-06] () [Arquivo não assinado] R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2365792 2012-10-10] (TuneUp Software) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1634304 2015-03-16] (Sony Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [Arquivo não assinado] ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-06] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-06] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-12-06] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-12-06] (Avira Operations GmbH & Co. KG) R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35864 2016-12-06] (Avira Operations GmbH & Co. KG) R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros) R3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-13] (Microsoft Corporation) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [223744 2011-12-02] (Huawei Technologies Co., Ltd.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-10] (Malwarebytes) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-19] (TuneUp Software) U0 aswVmm; não ImagePath S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X] S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X] S1 Bnbase; System32\drivers\bnbasex64.sys [X] S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X] S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-11 00:40 - 2017-02-11 00:43 - 00062597 _____ C:\Users\uae\Downloads\Addition.txt 2017-02-11 00:37 - 2017-02-11 00:44 - 00025762 _____ C:\Users\uae\Downloads\FRST.txt 2017-02-11 00:37 - 2017-02-11 00:43 - 00000000 ____D C:\FRST 2017-02-11 00:35 - 2017-02-11 00:35 - 00001078 _____ C:\Users\uae\Desktop\FRST64 - Atalho.lnk 2017-02-11 00:32 - 2017-02-11 00:33 - 02421248 _____ (Farbar) C:\Users\uae\Downloads\FRST64.exe 2017-02-03 13:56 - 2017-02-03 13:58 - 46148705 _____ C:\Users\uae\Downloads\O Demonio Da Teoria (COMPAGNON)- COMPLETO.pdf 2017-02-02 22:41 - 2017-02-02 22:43 - 00000000 ____D C:\Users\uae\AppData\Roaming\.clamwin 2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\Users\Todos os Usuários\.clamwin 2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus 2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\ProgramData\.clamwin 2017-02-02 22:41 - 2017-02-02 22:41 - 00000000 ____D C:\Program Files (x86)\ClamWin 2017-02-02 22:13 - 2017-02-02 22:20 - 120690586 _____ (alch ) C:\Users\uae\Downloads\clamwin-0.99.1-setup.exe 2017-02-02 20:25 - 2017-02-02 20:25 - 00001136 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2017-02-02 18:33 - 2017-02-02 18:33 - 00014730 _____ C:\Windows\IntegraOS Setup Log.txt 2017-02-02 18:33 - 2017-02-02 18:33 - 00001905 _____ C:\Users\uae\Desktop\IntegraOS.lnk 2017-02-02 18:33 - 2017-02-02 18:33 - 00000000 ____D C:\Windows\IntegraOS 2017-02-02 18:33 - 2017-02-02 18:33 - 00000000 ____D C:\Users\uae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IntegraOS 2017-02-02 18:33 - 2017-02-02 18:33 - 00000000 ____D C:\Program Files (x86)\IntegraOS 2017-02-02 18:29 - 2017-02-02 18:31 - 18903004 _____ C:\Users\uae\Downloads\IntegraOS.exe 2017-01-22 23:52 - 2017-01-22 23:52 - 00060620 _____ C:\Users\uae\Downloads\Texto 3.pdf 2017-01-19 23:40 - 2017-01-19 23:45 - 58853023 _____ C:\Users\uae\Downloads\B7$ 4gu$7 D - 4gu$7 D [kpopdownloadscmm.blogspot.com].7z 2017-01-18 23:08 - 2017-01-18 23:08 - 00088749 _____ C:\Users\uae\Downloads\6410-19677-1-PB.pdf 2017-01-17 01:24 - 2017-01-17 01:24 - 00259831 _____ C:\Users\uae\Downloads\Poe CARTA ROUBADA.pdf 2017-01-17 01:16 - 2017-01-17 01:16 - 00001771 _____ C:\Users\uae\Downloads\Meanie..txt 2017-01-17 01:16 - 2017-01-17 01:16 - 00001771 _____ C:\Users\uae\Downloads\Meanie. (1).txt 2017-01-13 14:04 - 2017-01-13 14:04 - 00149484 _____ C:\Windows\system32\s000007.dat ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-11 00:44 - 2013-01-29 00:39 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4222321392-2254865489-2065712015-1000UA.job 2017-02-11 00:44 - 2013-01-29 00:39 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4222321392-2254865489-2065712015-1000Core.job 2017-02-11 00:07 - 2012-10-19 21:19 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-10 21:30 - 2009-07-14 02:45 - 00022816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-10 21:30 - 2009-07-14 02:45 - 00022816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-10 21:28 - 2016-12-08 10:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-10 21:19 - 2016-04-20 18:38 - 00000000 ____D C:\Program Files (x86)\Nero 2017-02-10 21:19 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-10 21:16 - 2016-04-20 18:38 - 00000000 ____D C:\Users\Todos os Usuários\Nero 2017-02-10 21:16 - 2016-04-20 18:38 - 00000000 ____D C:\ProgramData\Nero 2017-02-09 22:20 - 2016-04-14 16:08 - 00000000 ____D C:\Users\uae\AppData\Roaming\Audacity 2017-02-09 19:59 - 2013-06-03 12:49 - 00000000 ____D C:\Users\uae\AppData\Local\ElevatedDiagnostics 2017-02-09 17:04 - 2014-08-28 16:07 - 00000000 ____D C:\Users\uae\Documents\Raony 2017-02-07 15:56 - 2016-10-06 10:19 - 00000000 ____D C:\Users\uae\Desktop\Samea 2017-02-02 21:59 - 2012-10-20 09:07 - 00000000 ____D C:\Users\uae 2017-02-02 20:25 - 2016-12-31 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-02-02 20:25 - 2016-04-20 17:28 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-02-02 20:25 - 2016-04-20 17:28 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-31 23:16 - 2016-06-14 16:34 - 00000000 ____D C:\Users\uae\AppData\Local\osu! 2017-01-30 01:45 - 2016-04-20 20:02 - 00000000 ____D C:\Users\uae\AppData\Local\Nero 2017-01-30 01:41 - 2012-10-19 19:38 - 00714790 _____ C:\Windows\system32\prfh0416.dat 2017-01-30 01:41 - 2012-10-19 19:38 - 00154384 _____ C:\Windows\system32\prfc0416.dat 2017-01-30 01:41 - 2009-07-14 03:13 - 01667006 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-30 01:41 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf 2017-01-27 11:26 - 2015-06-08 02:13 - 00004608 _____ C:\Users\uae\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2017-01-25 10:37 - 2014-07-30 18:28 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol 2017-01-25 10:37 - 2014-07-30 18:28 - 00000286 __RSH C:\ProgramData\ntuser.pol 2017-01-21 02:43 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache 2017-01-20 19:12 - 2016-10-12 22:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-13 13:50 - 2013-01-17 15:57 - 00000612 _____ C:\Windows\system32\sstates.sdt 2017-01-13 13:50 - 2013-01-17 15:57 - 00000040 _____ C:\Windows\system32\sstate_prev.sdt ==================== Arquivos na raiz de alguns diretórios ======= 2016-06-07 11:15 - 2016-06-07 11:15 - 0000034 _____ () C:\Program Files\Common Files\9E3EC1B1.zq 2014-07-30 18:41 - 2014-11-04 22:20 - 0000548 _____ () C:\Users\uae\AppData\Roaming\FileShred.log 2014-07-30 17:05 - 2015-02-17 00:05 - 0000093 _____ () C:\Users\uae\AppData\Roaming\WB.CFG 2015-06-08 02:13 - 2017-01-27 11:26 - 0004608 _____ () C:\Users\uae\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-10-20 09:36 - 2012-10-20 09:36 - 0017408 _____ () C:\Users\uae\AppData\Local\WebpageIcons.db 2012-10-22 00:36 - 2012-10-22 00:37 - 0000000 _____ () C:\ProgramData\DwmRestart.txt Alguns arquivos em TEMP: ==================== 2016-10-22 18:02 - 2016-10-22 18:02 - 0000000 ____D () C:\Users\uae\AppData\Local\Temp\CatchVideo.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente ATENÇÃO: ==> Não foi possível acessar BCD. LastRegBack: 2017-02-03 00:53 ==================== Fim de FRST.txt ============================