Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 08-03-2017 Executado por feliz (administrador) em DESKTOP-O49HJR6 (09-03-2017 20:09:11) Executando a partir de C:\Users\feliz\Downloads Perfis Carregados: feliz (Perfis Disponíveis: feliz) Platform: Windows 10 Home Single Language Versão 1607 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlService.exe (Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe () C:\Program Files (x86)\WeatherTool\2.0.1.5000028\WeatherService.exe () C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe (Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.5000028\weather_free.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\ColorEngine\ColorEngine.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe (Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlClient.exe (Intel Corporation) C:\Windows\System32\igfxext.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-13] (Microsoft Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software) HKU\S-1-5-21-2225122007-2866054802-3030607489-1001\...\Run: [Chromium] => c:\users\feliz\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-16] (AVAST Software) ShellIconOverlayIdentifiers: [0SamsungLinkOverlayIconCreated] -> {D130049C-7512-4075-9145-7B8B18149060} => C:\Program Files\Samsung\SamsungLink\SLIconOverlay.dll [2015-07-15] (Samsung Electronics CO., LTD.) ShellIconOverlayIdentifiers: [0SamsungLinkOverlayIconRenamed] -> {D130049D-7512-4075-9145-7B8B18149060} => C:\Program Files\Samsung\SamsungLink\SLIconOverlay.dll [2015-07-15] (Samsung Electronics CO., LTD.) GroupPolicy: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [S-1-5-21-2225122007-2866054802-3030607489-1001] => Proxy está habilitado. ProxyServer: [S-1-5-21-2225122007-2866054802-3030607489-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080 Tcpip\Parameters: [DhcpNameServer] 191.187.224.18 191.187.224.15 191.187.224.16 Tcpip\..\Interfaces\{ab513f0d-667c-42bc-8a65-b3acf0fa6519}: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{f20f8464-a62f-452e-bc4d-e5e01af0c84b}: [DhcpNameServer] 191.187.224.18 191.187.224.15 191.187.224.16 ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=sv1&uid=Y5KIP1STT_TOSHIBAMQ01ABD100&tm=1489052660 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=sv1&uid=Y5KIP1STT_TOSHIBAMQ01ABD100&tm=1489052660 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=sv1&uid=Y5KIP1STT_TOSHIBAMQ01ABD100&tm=1489052660 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=sv1&uid=Y5KIP1STT_TOSHIBAMQ01ABD100&tm=1489052660 HKU\S-1-5-21-2225122007-2866054802-3030607489-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung15.msn.com/?pc=SMTE HKU\S-1-5-21-2225122007-2866054802-3030607489-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung15.msn.com/?pc=SMTE SearchScopes: HKLM -> DefaultScope {84E7D3BD-3967-4917-8270-C45381616144} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_46_ssg06¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzyyD0D0ByC0ByD0DtCyCtDtN0D0Tzu0StCyBzztCtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAyDyC0DtB0FtAtGyEyBtBzztG0Dzy0E0BtGyE0D0AtDtG0C0DtBtAyB0BtD0E0DtA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BzzyBzyzzyE0BtG0AyB0DyEtGyEtDyB0CtGzz0AyByDtG0AtC0FyD0EyEtC0B0FyDzyyE2QtN0A0LzuyE%26cr%3D719625484%26a%3Dwbf_popjar_16_46_ssg06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM -> {84E7D3BD-3967-4917-8270-C45381616144} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_46_ssg06¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzyyD0D0ByC0ByD0DtCyCtDtN0D0Tzu0StCyBzztCtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAyDyC0DtB0FtAtGyEyBtBzztG0Dzy0E0BtGyE0D0AtDtG0C0DtBtAyB0BtD0E0DtA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BzzyBzyzzyE0BtG0AyB0DyEtGyEtDyB0CtGzz0AyByDtG0AtC0FyD0EyEtC0B0FyDzyyE2QtN0A0LzuyE%26cr%3D719625484%26a%3Dwbf_popjar_16_46_ssg06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {84E7D3BD-3967-4917-8270-C45381616144} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_46_ssg06¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzyyD0D0ByC0ByD0DtCyCtDtN0D0Tzu0StCyBzztCtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAyDyC0DtB0FtAtGyEyBtBzztG0Dzy0E0BtGyE0D0AtDtG0C0DtBtAyB0BtD0E0DtA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BzzyBzyzzyE0BtG0AyB0DyEtGyEtDyB0CtGzz0AyByDtG0AtC0FyD0EyEtC0B0FyDzyyE2QtN0A0LzuyE%26cr%3D719625484%26a%3Dwbf_popjar_16_46_ssg06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM-x32 -> {84E7D3BD-3967-4917-8270-C45381616144} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_46_ssg06¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzyyD0D0ByC0ByD0DtCyCtDtN0D0Tzu0StCyBzztCtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAyDyC0DtB0FtAtGyEyBtBzztG0Dzy0E0BtGyE0D0AtDtG0C0DtBtAyB0BtD0E0DtA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BzzyBzyzzyE0BtG0AyB0DyEtGyEtDyB0CtGzz0AyByDtG0AtC0FyD0EyEtC0B0FyDzyyE2QtN0A0LzuyE%26cr%3D719625484%26a%3Dwbf_popjar_16_46_ssg06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKU\S-1-5-21-2225122007-2866054802-3030607489-1001 -> DefaultScope {84E7D3BD-3967-4917-8270-C45381616144} URL = SearchScopes: HKU\S-1-5-21-2225122007-2866054802-3030607489-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_46_ssg06¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzyyD0D0ByC0ByD0DtCyCtDtN0D0Tzu0StCyBzztCtN1L2XzutAtFtByDtFtCtFyDtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAyDyC0DtB0FtAtGyEyBtBzztG0Dzy0E0BtGyE0D0AtDtG0C0DtBtAyB0BtD0E0DtA0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BzzyBzyzzyE0BtG0AyB0DyEtGyEtDyB0CtGzz0AyByDtG0AtC0FyD0EyEtC0B0FyDzyyE2QtN0A0LzuyE%26cr%3D719625484%26a%3Dwbf_popjar_16_46_ssg06%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKU\S-1-5-21-2225122007-2866054802-3030607489-1001 -> {84E7D3BD-3967-4917-8270-C45381616144} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation) BHO: Sem Nome -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Nenhum Arquivo BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation) BHO-x32: Sem Nome -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Nenhum Arquivo Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll Nenhum Arquivo Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll Nenhum Arquivo Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-20] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-20] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) Chrome: ======= CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2225122007-2866054802-3030607489-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=sv1&uid=Y5KIP1STT_TOSHIBAMQ01ABD100&tm=1489052660 ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AllShare Framework DMS; C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [403264 2015-07-15] (Samsung) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows (R) Win 7 DDK provider) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-16] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2015-08-31] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-21] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation) R2 OtherSearch; C:\Program Files (x86)\8AKsp7qiJE\kl.dll [686080 2017-03-09] () [Arquivo não assinado] <==== ATENÇÃO R2 SamsungLinkService; C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [24914272 2015-07-15] (Samsung Electronics CO., LTD.) R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [1926616 2016-09-17] (Scopus Soluções em TI Ltda) R2 SecPowerCtrlService; C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlService.exe [1701240 2015-08-15] (Samsung Electronics CO., LTD.) R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1777984 2015-09-11] (Samsung Electronics CO., LTD.) S4 sService; C:\Program Files (x86)\Samsung\sService\sServiceSvc.exe [2827608 2015-05-12] () R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-30] (DEVGURU Co., LTD.) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3025248 2015-07-07] (Samsung Electronics CO., LTD.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256120 2016-07-02] (Synaptics Incorporated) R2 TheFreeWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.5000028\WeatherService.exe [156784 2016-08-11] () R2 ThevSnapshotService; C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe [152264 2016-12-24] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1265152 2017-03-01] (Microsoft Corporation) [Arquivo não assinado] <==== ATENÇÃO ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-11-16] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-11-16] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-11-16] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-16] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-11-16] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-11-16] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-11-16] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-16] (AVAST Software) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-14] (Intel Corporation) R1 Lace514; C:\WINDOWS\System32\drivers\Lace_wpf_x64.sys [69400 2017-03-01] (Lace514) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [888064 2015-07-28] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [434560 2016-10-04] (Realsil Semiconductor Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [48920 2014-12-30] (QUALCOMM Incorporated) S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26392 2014-12-30] (DEVGURU Co., LTD.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-03-09 20:09 - 2017-03-09 20:10 - 00020419 _____ C:\Users\feliz\Downloads\FRST.txt 2017-03-09 20:08 - 2017-03-09 20:09 - 00000000 ____D C:\FRST 2017-03-09 20:08 - 2017-03-09 20:08 - 02423808 _____ (Farbar) C:\Users\feliz\Downloads\FRST64.exe 2017-03-09 19:55 - 2017-03-09 19:55 - 00000000 ___HD C:\OneDriveTemp 2017-03-09 19:12 - 2017-03-09 19:12 - 00002052 _____ C:\WINDOWS\System32\Tasks\HKQZwoL6Lu 2017-03-09 19:08 - 2017-03-09 19:56 - 00000000 ____D C:\Program Files (x86)\8AKsp7qiJE 2017-03-09 06:44 - 2017-03-09 06:44 - 00000000 ____D C:\Users\feliz\AppData\Roaming\excdir 2017-03-09 06:39 - 2017-03-09 06:39 - 00001168 _____ C:\Users\feliz\Desktop\Jogotempo.lnk 2017-03-09 06:39 - 2017-03-09 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jogotempo 2017-03-09 06:39 - 2017-03-09 06:39 - 00000000 ____D C:\Program Files (x86)\Jogotempo 2017-03-09 06:38 - 2017-03-09 19:53 - 00000000 ____D C:\Users\feliz\AppData\Roaming\WMPNetworkAcSvc 2017-03-09 06:38 - 2017-03-09 19:53 - 00000000 ____D C:\Program Files\XBox 2017-03-09 06:38 - 2017-03-09 06:38 - 00000000 ____D C:\Users\Todos os Usuários\Windows Security 2017-03-09 06:38 - 2017-03-09 06:38 - 00000000 ____D C:\ProgramData\Windows Security 2017-03-09 06:37 - 2017-03-09 19:12 - 00000002 _____ C:\END 2017-03-09 06:37 - 2017-03-09 06:54 - 00000000 ____D C:\WINDOWS\system32\SSL 2017-03-09 06:33 - 2017-03-09 06:35 - 05775032 _____ (CompanyName) C:\Users\feliz\Downloads\Office_2016_Completo_em_Portugues_BR_32_e_64_Bits_PH_Downs.exe 2017-03-03 14:48 - 2017-03-03 14:50 - 00000000 ____D C:\Users\feliz\Desktop\MI 2016 2017-03-03 14:38 - 2017-03-03 15:14 - 00000000 ____D C:\Users\feliz\Desktop\FOTOS MI 2017-03-01 14:32 - 2017-03-01 14:32 - 00069400 _____ (Lace514) C:\WINDOWS\system32\Drivers\Lace_wpf_x64.sys 2017-02-28 18:02 - 2017-02-28 18:02 - 03284153 _____ C:\WINDOWS\bcd275d76bb3ad489a7689f00a31d9eb.exe 2017-02-27 06:32 - 2017-03-01 04:52 - 00002184 _____ C:\Users\feliz\Desktop\PXG Client.lnk 2017-02-27 02:21 - 2017-02-27 02:21 - 00000000 ____D C:\Users\feliz\AppData\Local\TeamSpeak 3 2017-02-27 02:21 - 2017-02-27 02:21 - 00000000 ____D C:\Users\feliz\.TeamSpeak 3 2017-02-27 02:21 - 2017-02-27 02:21 - 00000000 ____D C:\Users\feliz\.QtWebEngineProcess 2017-02-12 17:30 - 2017-02-12 17:32 - 00000000 ____D C:\Users\feliz\Desktop\trabalhos em eva 2017-02-08 04:14 - 2017-02-08 05:09 - 00000000 ____D C:\Users\feliz\AppData\Roaming\PokeBRO ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-03-09 19:55 - 2016-07-02 07:53 - 00000000 ___RD C:\Users\feliz\OneDrive 2017-03-09 19:54 - 2016-10-13 10:16 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-03-09 19:54 - 2016-07-02 07:48 - 00000000 __SHD C:\Users\feliz\IntelGraphicsProfiles 2017-03-09 19:53 - 2016-10-13 10:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-09 19:52 - 2016-07-16 03:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-03-09 19:48 - 2016-10-13 10:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-09 10:40 - 2017-01-31 13:22 - 00000000 ____D C:\Users\feliz\AppData\Roaming\vSnapshot 2017-03-09 10:03 - 2016-11-16 20:18 - 00000000 ____D C:\Users\feliz\AppData\Roaming\WeatherTool 2017-03-09 06:48 - 2016-10-31 14:48 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-09 06:48 - 2016-10-31 14:48 - 00002428 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-03-09 06:38 - 2015-09-19 04:30 - 00000000 ____D C:\Users\Todos os Usuários\Intel 2017-03-09 06:38 - 2015-09-19 04:30 - 00000000 ____D C:\ProgramData\Intel 2017-03-09 01:49 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-09 01:49 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-08 20:11 - 2016-07-16 08:47 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2017-03-08 20:11 - 2016-07-16 08:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-03-08 20:09 - 2015-09-19 04:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-03-08 19:29 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-03-08 08:22 - 2016-11-16 20:19 - 00000000 ____D C:\Users\Todos os Usuários\{E68823EB-6CCA-A92D-EA0C-376F704EBCA1} 2017-03-08 08:22 - 2016-11-16 20:19 - 00000000 ____D C:\ProgramData\{E68823EB-6CCA-A92D-EA0C-376F704EBCA1} 2017-03-08 01:41 - 2016-10-23 23:12 - 00000000 ____D C:\Users\feliz\AppData\Roaming\TS3Client 2017-03-05 16:47 - 2016-07-16 20:04 - 00462628 _____ C:\WINDOWS\system32\prfh0416.dat 2017-03-05 16:47 - 2016-07-16 20:04 - 00128834 _____ C:\WINDOWS\system32\prfc0416.dat 2017-03-05 16:47 - 2015-09-19 04:31 - 01618304 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-05 13:29 - 2016-10-13 10:19 - 00000000 ____D C:\Users\feliz 2017-03-02 13:28 - 2016-12-15 19:02 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-03-02 13:28 - 2016-07-02 07:54 - 00002373 _____ C:\Users\feliz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-03-01 04:52 - 2016-07-31 11:54 - 00002170 _____ C:\Users\feliz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PXG Client.lnk 2017-02-27 02:21 - 2016-10-23 23:12 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2017-02-27 02:19 - 2015-09-19 04:28 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-02-27 02:19 - 2015-09-19 04:28 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-23 12:29 - 2016-07-02 16:53 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-23 12:27 - 2016-07-02 16:53 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-22 19:51 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-22 19:45 - 2015-09-19 04:37 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2017-02-22 19:45 - 2015-09-19 04:37 - 00000000 ____D C:\ProgramData\Skype 2017-02-22 03:29 - 2017-01-11 05:11 - 00000000 ____D C:\Users\feliz\pokmaster 2017-02-21 12:08 - 2017-01-11 05:02 - 00000000 __SHD C:\Users\Todos os Usuários\GNHEYR 2017-02-21 12:08 - 2017-01-11 05:02 - 00000000 __SHD C:\ProgramData\GNHEYR 2017-02-21 05:57 - 2017-01-11 05:02 - 00000000 ____D C:\Users\Todos os Usuários\TUT 2017-02-21 05:57 - 2017-01-11 05:02 - 00000000 ____D C:\ProgramData\TUT 2017-02-20 20:27 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-02-15 21:59 - 2016-11-16 20:30 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2017-02-15 21:51 - 2017-01-31 14:23 - 00000544 _____ C:\WINDOWS\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873}.job 2017-02-15 21:51 - 2016-10-13 10:12 - 00413208 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-02-07 17:36 - 2016-07-02 07:48 - 00000000 ____D C:\Users\feliz\AppData\Local\Packages 2017-02-07 17:34 - 2016-10-24 13:45 - 00000000 ____D C:\Users\feliz\Desktop\Moa ==================== Arquivos na raiz de alguns diretórios ======= 2016-10-13 10:16 - 2016-10-13 10:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-09-19 04:33 - 2013-02-19 04:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2015-09-19 04:33 - 2013-01-12 11:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml Alguns arquivos em TEMP: ==================== 2016-11-16 20:17 - 2016-11-16 20:24 - 0918087 _____ (Rep ) C:\Users\feliz\AppData\Local\Temp\downloadmanager_ra2.exe 2016-12-24 00:29 - 2016-12-24 00:29 - 0767688 _____ () C:\Users\feliz\AppData\Local\Temp\InstallHelper.exe 2016-10-17 03:08 - 2016-10-31 17:17 - 43768960 _____ (Skype Technologies S.A.) C:\Users\feliz\AppData\Local\Temp\SkypeSetup.exe 2017-02-27 02:18 - 2017-02-27 02:18 - 14773216 _____ (Microsoft Corporation) C:\Users\feliz\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-03-03 23:03 ==================== Fim de FRST.txt ============================