Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-03-2017 Executado por Dali (administrador) em ATÉOFINAL (16-03-2017 12:56:17) Executando a partir de C:\Users\Dali\Desktop Perfis Carregados: Dali (Perfis Disponíveis: UpdatusUser & Dali) Platform: Windows 10 Home Single Language Versão 1607 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Filseclab Corporation Limited) C:\Program Files (x86)\ScreenShot\SSSvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [ETDCtrl] => %ProgramFiles%\Elantech\ETDCtrl.exe HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-09-17] (Realtek Semiconductor) AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{654e4a8a-5444-433e-8fff-f87d4c419c66}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== FireFox: ======== FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/" CHR Profile: C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default [2017-03-16] CHR Extension: (Google Apresentações) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-16] CHR Extension: (Google Docs) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-16] CHR Extension: (Google Drive) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-16] CHR Extension: (YouTube) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-16] CHR Extension: (Planilhas do Google) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-16] CHR Extension: (Documentos Google off-line) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-16] CHR Extension: (Avast Online Security) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-07] CHR Extension: (Роза (Sielena theme)) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnfdacakacimlilmmiffmnoholoppcp [2016-10-16] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Gmail) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-16] CHR Extension: (Chrome Media Router) - C:\Users\Dali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06] ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation) R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256120 2016-03-05] (Synaptics Incorporated) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2013-06-05] (Intel Mobile Communications) R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [434560 2016-10-03] (Realsil Semiconductor Corporation) S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2013-06-05] (MobileTop) S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2013-06-05] (MCCI Corporation) S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2013-06-05] (MCCI Corporation) S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2013-06-05] (MCCI) S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2013-06-05] (MCCI Corporation) S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2013-06-05] (MCCI Corporation) S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [67864 2013-06-05] (DEVGURU Co., LTD.) S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2013-06-05] (MCCI Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-03-16 12:56 - 2017-03-16 12:56 - 00010198 _____ C:\Users\Dali\Desktop\FRST.txt 2017-03-16 12:56 - 2017-03-16 12:56 - 00000000 ____D C:\FRST 2017-03-16 12:53 - 2017-03-16 12:55 - 02424832 _____ (Farbar) C:\Users\Dali\Desktop\FRST64.exe 2017-03-16 12:05 - 2017-03-16 12:05 - 00000000 ___HD C:\OneDriveTemp 2017-03-05 18:58 - 2017-03-06 19:47 - 00000000 ____D C:\Users\Dali\Desktop\fontes 2017-03-05 18:49 - 2017-03-05 18:49 - 00001232 _____ C:\Users\Dali\Desktop\Continue PhotoScape Installation.lnk 2017-03-05 18:46 - 2017-03-07 07:07 - 00000000 ____D C:\Users\Dali\AppData\Roaming\ScreenShot 2017-03-05 18:46 - 2017-03-05 18:46 - 00000000 ____D C:\Program Files (x86)\ScreenShot 2017-02-22 17:45 - 2017-02-22 17:45 - 00002239 _____ C:\Users\Dali\Desktop\Itaú.lnk 2017-02-22 17:45 - 2017-02-22 17:45 - 00000000 ____D C:\Users\Dali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú 2017-02-06 21:36 - 2017-02-06 21:36 - 00001263 _____ C:\Users\Public\Desktop\aTube Catcher.lnk 2017-01-29 18:37 - 2017-01-29 18:37 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk 2017-01-29 18:37 - 2017-01-29 18:37 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2017-01-29 18:37 - 2017-01-29 18:37 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk 2017-01-29 18:31 - 2017-03-06 14:56 - 00000000 ____D C:\Users\Dali\AppData\Roaming\PhotoScape 2017-01-29 18:30 - 2017-01-29 18:30 - 00001104 _____ C:\Users\Dali\Desktop\PhotoScape.lnk 2017-01-29 17:06 - 2017-03-15 21:53 - 00000000 ____D C:\Users\Dali\Desktop\gemeas 2017-01-11 17:35 - 2016-12-21 04:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-01-11 17:35 - 2016-12-14 02:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2017-01-11 17:35 - 2016-12-14 02:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2017-01-08 19:57 - 2017-01-08 19:57 - 00471005 _____ C:\Users\Dali\Desktop\boleto americanas.pdf 2016-12-26 22:34 - 2017-03-05 00:55 - 00000000 ____D C:\Users\Dali\Desktop\Camera 2016-12-26 22:31 - 2016-12-26 22:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-03-16 12:56 - 2016-10-16 18:34 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-16 12:40 - 2016-10-16 18:34 - 00000000 ___HD C:\Program Files\WindowsApps 2017-03-16 12:08 - 2016-10-16 18:29 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{61EDA06E-3763-4513-AF27-1B2F88C9E4CA} 2017-03-16 12:05 - 2016-10-16 18:19 - 00000000 ___RD C:\Users\Dali\Desktop\OneDrive 2017-03-16 12:05 - 2016-10-16 17:51 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-03-16 12:05 - 2015-08-20 11:07 - 00000000 __SHD C:\Users\Dali\IntelGraphicsProfiles 2017-03-15 21:47 - 2016-10-16 18:36 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-03-15 21:47 - 2016-10-16 18:36 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-03-15 21:47 - 2016-10-16 18:23 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-03-14 22:15 - 2016-10-16 17:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-08 21:58 - 2016-10-16 18:39 - 00912158 _____ C:\WINDOWS\system32\prfh0416.dat 2017-03-08 21:58 - 2016-10-16 18:39 - 00274636 _____ C:\WINDOWS\system32\prfc0416.dat 2017-03-08 21:58 - 2016-10-16 18:05 - 02332072 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-08 21:54 - 2016-10-16 17:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-07 07:28 - 2016-10-16 17:57 - 00000000 ____D C:\Users\Dali 2017-03-07 07:07 - 2016-10-16 17:46 - 00248712 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-03-06 14:03 - 2016-10-16 18:34 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-02-23 17:53 - 2016-10-16 20:33 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-02-23 17:52 - 2016-10-16 20:33 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-02-22 18:10 - 2016-10-16 18:07 - 00000000 ____D C:\Users\Dali\AppData\Local\Packages 2017-02-22 17:45 - 2016-11-01 19:52 - 00000000 ____D C:\Users\Dali\AppData\Local\Aplicativo Itau 2017-02-18 23:26 - 2016-12-06 19:05 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-18 23:26 - 2016-10-16 18:11 - 00002370 _____ C:\Users\Dali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk ==================== Arquivos na raiz de alguns diretórios ======= 2016-10-16 17:50 - 2016-10-16 17:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Alguns arquivos em TEMP: ==================== 2013-06-24 14:19 - 2013-06-24 14:19 - 2380752 _____ (Mooii) C:\Users\Dali\AppData\Local\Temp\GoogleSetup.exe 2016-10-16 22:23 - 2016-10-16 22:23 - 0035680 _____ () C:\Users\Dali\AppData\Local\Temp\i4jdel0.exe 2017-03-05 18:49 - 2017-03-05 18:49 - 1222040 _____ ( ) C:\Users\Dali\AppData\Local\Temp\ICReinstall_photoscape.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-03-12 16:05 ==================== Fim de FRST.txt ============================