Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 17.02.2018 Executado por mathe (administrador) em DESKTOP-GIRSH35 (17-02-2018 21:27:37) Executando a partir de C:\Users\mathe\Desktop Perfis Carregados: mathe (Perfis Disponíveis: mathe & outro) Platform: Windows 10 Pro 10240.16384 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (BitTorrent Inc.) C:\Users\mathe\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) C:\Users\mathe\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (BitTorrent Inc.) C:\Users\mathe\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\WerFault.exe Falha ao acessar processo -> explorer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Remo Software) C:\Program Files (x86)\Remo File Eraser 2.0\rs-fileeraser.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.17020_none_1152834562020692\TiWorker.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-23] (AVAST Software) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3951280 2017-11-09] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM-x32\...\RunOnce: [SlimCleaner Plus] => cmd /c "start "" "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /delay=5 /mode=toaster " HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATENÇÃO Winlogon\Notify\ GbPluginCef: HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\Run: [uTorrent] => C:\Users\mathe\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-28] (BitTorrent Inc.) HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4105328 2017-12-28] (Tonec Inc.) HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\Run: [IDM trial reset] => D:\IDM_6.28_Build__Registered_(32bit_+_64bit_Patch)\02 Ativador IDM 2017 SIGAN TUTORIAIS E DICAS\idm_trial_reset 17.exe [1179136 2015-04-11] () HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd) HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [1332736 2018-01-10] (Adobe Systems Incorporated) ShellExecuteHooks-x32: GbIehCefObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\Diebold\Warsaw\wsaxbco.dll [971312 2017-08-11] (GAS Tecnologia LTDA) Startup: C:\Users\mathe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2017-11-10] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8a53388c-ca3f-4593-9056-59ae02238ee7}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{93753ff1-d8ea-4b0e-b716-9caf8f8ac3c0}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{9b643aaf-646b-42fe-99a3-2dc66d65a1a7}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-390941324-379733044-1376603182-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung15.msn.com/?pc=SMTE BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-12-14] (Internet Download Manager, Tonec Inc.) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-17] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-02-17] (Microsoft Corporation) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-12-14] (Internet Download Manager, Tonec Inc.) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-02-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-19] (Oracle Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> Nenhum Arquivo BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-02-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-19] (Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-17] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-17] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-17] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-17] (Microsoft Corporation) Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-390941324-379733044-1376603182-1001 -> hxxp://www.google.com.br/ FireFox: ======== FF HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\mathe\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\mathe\AppData\Roaming\IDM\idmmzcc5 [2017-11-12] [Legacy] [não assinado] FF HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy] FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-19] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-19] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-02-17] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-17] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com.br/ CHR StartupUrls: Default -> "hxxps://www.google.com.br/" CHR NewTab: Default -> Not-active:"chrome-extension://ihncdclhgglipafcfgicbgajlkdogdhg/redirect.html" CHR Profile: C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default [2018-02-17] CHR Extension: (Google Tradutor) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-11-09] CHR Extension: (Apresentações) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-09] CHR Extension: (Documentos) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-09] CHR Extension: (Google Drive) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-09] CHR Extension: (YouTube) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-09] CHR Extension: (Adblock Plus) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-02-06] CHR Extension: (Save Tabs) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjepfldodmdfmdidhhgamnklbdibndi [2017-11-10] CHR Extension: (Avast SafePrice) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-02-17] CHR Extension: (Planilhas) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-09] CHR Extension: (Documentos Google off-line) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-09] CHR Extension: (Avast Online Security) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-11-10] CHR Extension: (NewtabTV) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihncdclhgglipafcfgicbgajlkdogdhg [2017-12-10] CHR Extension: (Coca-Cola FM) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbkhcdbchpnghcidmbpgfdhglfofknac [2017-11-09] CHR Extension: (Happy Friday!) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagckjdgadpknikjoegcibbollkafpid [2017-11-09] CHR Extension: (Webcam Toy) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2017-11-09] CHR Extension: (Google Play Books) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-11-09] CHR Extension: (Microcosm - New Tab) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nagnmfhgkjkplbhplkbicmpkfopmnefp [2017-11-09] CHR Extension: (IDM Integration Module) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-01-23] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-09] CHR Extension: (Outlook.com) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-11-09] CHR Extension: (Gmail) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-09] CHR Extension: (Chrome Media Router) - C:\Users\mathe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-15] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-12-29] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nagnmfhgkjkplbhplkbicmpkfopmnefp] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-12-29] ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [Arquivo não assinado] R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7538536 2018-01-23] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-23] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968432 2018-01-30] (Microsoft Corporation) R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [252096 2016-10-25] (SlimWare Utilities, Inc.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246448 2017-11-09] (Synaptics Incorporated) S3 uSHAREitSvc; C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1056304 2017-08-30] (GAS Tecnologia LTDA) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X] ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [185096 2018-01-23] (AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-01-23] (AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-01-23] (AVAST Software) R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-01-23] (AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-01-23] (AVAST Software) R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [149344 2018-01-23] (AVAST Software) S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-01-23] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146664 2018-01-23] (AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110336 2018-01-23] (AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84384 2018-01-23] (AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1025176 2018-01-23] (AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [457400 2018-01-23] (AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204456 2018-01-23] (AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [358672 2018-01-23] (AVAST Software) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2017-11-09] (Advanced Micro Devices) S1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [28192 2018-01-31] (EldoS Corporation) R3 NETJME; C:\WINDOWS\System32\drivers\NETJME.sys [137728 2015-07-10] (JMicron Technology Corp.) R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3749888 2015-07-10] (Realtek Semiconductor Corporation ) S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [16056 2018-02-17] (SlimWare Utilities, Inc.) S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2018-02-17] (GAS Tecnologia) R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [47176 2016-06-21] (GAS Tecnologia) S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [25184 2016-06-08] (GAS Tecnologia) S3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [25184 2016-11-07] (GAS Tecnologia) S3 BstkDrv; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2018-02-17 21:27 - 2018-02-17 21:29 - 000020274 _____ C:\Users\mathe\Desktop\FRST.txt 2018-02-17 21:27 - 2018-02-17 21:27 - 000000000 ____D C:\FRST 2018-02-17 21:25 - 2018-02-17 21:22 - 002403840 ____N (Farbar) C:\Users\mathe\Desktop\FRST64.exe 2018-02-17 21:10 - 2018-02-17 21:10 - 000002922 _____ C:\WINDOWS\System32\Tasks\SlimDrivers Startup 2018-02-17 21:10 - 2018-02-17 21:10 - 000002481 _____ C:\Users\Public\Desktop\SlimCleaner Plus.lnk 2018-02-17 21:10 - 2018-02-17 21:10 - 000000442 _____ C:\WINDOWS\Tasks\SlimDrivers Startup.job 2018-02-17 21:10 - 2018-02-17 21:10 - 000000000 ____D C:\Users\Todos os Usuários\SlimWare Utilities Inc 2018-02-17 21:10 - 2018-02-17 21:10 - 000000000 ____D C:\ProgramData\SlimWare Utilities Inc 2018-02-17 21:10 - 2018-02-17 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus 2018-02-17 21:09 - 2018-02-17 21:10 - 000000000 ____D C:\Program Files\SlimService 2018-02-17 21:09 - 2018-02-17 21:10 - 000000000 ____D C:\Program Files\SlimCleaner Plus 2018-02-17 21:09 - 2018-02-17 21:09 - 000000000 ____D C:\Users\mathe\AppData\Local\Downloaded Installers 2018-02-17 21:08 - 2018-02-17 21:08 - 000016056 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys 2018-02-17 21:08 - 2018-02-17 21:08 - 000000000 ____D C:\Users\mathe\AppData\Local\SlimWare Utilities Inc 2018-02-17 21:07 - 2018-02-17 21:07 - 000002499 _____ C:\Users\Public\Desktop\SlimDrivers.lnk 2018-02-17 21:07 - 2018-02-17 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers 2018-02-17 21:07 - 2018-02-17 21:07 - 000000000 ____D C:\Program Files (x86)\SlimDrivers 2018-02-17 20:52 - 2018-02-17 20:52 - 000016148 _____ C:\WINDOWS\system32\DESKTOP-GIRSH35_mathe_HistoryPrediction.bin 2018-02-17 19:32 - 2018-02-17 19:42 - 000000000 ____D C:\Program Files\CCleaner 2018-02-17 19:32 - 2018-02-17 19:32 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-02-17 19:32 - 2018-02-17 19:32 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2018-02-17 19:32 - 2018-02-17 19:32 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-02-17 19:32 - 2018-02-17 19:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-02-17 19:07 - 2018-01-31 15:53 - 000028192 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrvx64.sys 2018-02-17 19:04 - 2018-02-17 20:45 - 000000000 ____D C:\Users\mathe\AppData\Roaming\Remo File Eraser 2018-02-17 19:04 - 2018-02-17 19:10 - 000000000 ____D C:\Users\mathe\AppData\Roaming\Remo 2018-02-17 19:03 - 2018-02-17 20:42 - 000000000 ____D C:\Program Files (x86)\Remo File Eraser 2.0 2018-02-17 19:03 - 2018-02-17 19:03 - 000001187 _____ C:\Users\Public\Desktop\Remo File Eraser.lnk 2018-02-17 19:03 - 2018-02-17 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo File Eraser 2.0 2018-02-17 18:29 - 2018-02-17 18:29 - 000000000 ___HD C:\OneDriveTemp 2018-02-06 14:44 - 2018-02-06 14:44 - 000016148 _____ C:\WINDOWS\system32\DESKTOP-GIRSH35_outro_HistoryPrediction.bin 2018-02-06 14:32 - 2018-02-06 14:32 - 000000000 ____D C:\Users\outro\AppData\Roaming\Sun 2018-02-06 14:32 - 2018-02-06 14:32 - 000000000 ____D C:\Users\outro\AppData\LocalLow\Sun 2018-01-30 16:33 - 2018-01-30 16:33 - 000000000 _____ C:\Users\mathe\AppData\Local\{AF888BED-6DED-43F9-BD78-90959D6C318E} 2018-01-23 17:38 - 2018-01-23 17:45 - 000000000 ____D C:\Program Files (x86)\Prodap 2018-01-23 14:29 - 2018-01-23 14:29 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2018-01-23 14:23 - 2018-01-23 14:23 - 000000000 ____D C:\Program Files\Reference Assemblies 2018-01-23 14:23 - 2018-01-23 14:23 - 000000000 ____D C:\Program Files\MSBuild 2018-01-23 14:23 - 2018-01-23 14:23 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2018-01-23 14:23 - 2018-01-23 14:23 - 000000000 ____D C:\Program Files (x86)\MSBuild 2018-01-23 14:01 - 2018-01-23 13:54 - 000149344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2018-01-23 14:01 - 2015-05-29 21:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2018-01-23 14:01 - 2015-05-29 21:07 - 000102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2018-01-23 14:01 - 2015-05-29 21:07 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2018-01-23 14:00 - 2015-06-17 18:10 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2018-01-23 14:00 - 2015-06-17 18:10 - 000124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2018-01-23 14:00 - 2015-06-17 18:10 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2018-01-23 13:59 - 2018-01-23 13:57 - 000365680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2018-01-12 20:01 - 2018-01-12 20:01 - 000000000 ____D C:\Users\outro\AppData\Local\PeerDistRepub 2018-01-10 11:06 - 2018-01-10 11:06 - 000001890 _____ C:\WINDOWS\diagwrn.xml 2018-01-10 11:06 - 2018-01-10 11:06 - 000001890 _____ C:\WINDOWS\diagerr.xml 2018-01-10 10:56 - 2018-01-10 10:56 - 004448768 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2018-01-08 20:41 - 2018-01-08 20:41 - 000471482 _____ C:\Users\outro\Downloads\ANEXO_IV_PROGRAMA_DAS_PROVAS_SANEAGO_2017_retificado_n1.pdf 2018-01-08 19:35 - 2018-01-08 19:35 - 000012305 _____ C:\Users\outro\Downloads\resultado_isencao (Bianca).pdf 2018-01-08 18:50 - 2018-01-08 18:50 - 000012305 _____ C:\Users\outro\Downloads\resultado_isencao (rildo).pdf 2018-01-08 18:13 - 2018-01-08 18:13 - 000012313 _____ C:\Users\outro\Downloads\resultado_isencao.pdf 2018-01-03 11:54 - 2018-02-17 19:54 - 000028376 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys 2018-01-03 11:54 - 2018-01-03 11:54 - 000003038 _____ C:\WINDOWS\System32\Tasks\Rerun Warsaw's CoreFixer 2018-01-03 11:54 - 2018-01-03 11:54 - 000000000 ___HD C:\Program Files (x86)\GAS Tecnologia 2018-01-03 11:54 - 2018-01-03 11:54 - 000000000 ___HD C:\Program Files (x86)\Diebold 2018-01-03 11:54 - 2016-11-07 14:54 - 000025184 ____N (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddprm.sys 2018-01-03 11:54 - 2016-06-21 16:24 - 000047176 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddntf.sys 2018-01-03 11:54 - 2016-06-21 16:24 - 000010345 _____ C:\WINDOWS\system32\Drivers\wsddntf.cat 2018-01-03 11:54 - 2016-06-08 18:43 - 000025184 ____N (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddpp.sys 2018-01-03 11:44 - 2018-01-03 11:44 - 000000000 ____D C:\Program Files\Diebold 2017-12-31 14:58 - 2017-12-31 14:58 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-390941324-379733044-1376603182-1003 2017-12-31 10:35 - 2017-12-31 10:35 - 000002136 _____ C:\Users\mathe\Desktop\Counter Strike 1.6 No Steam.lnk 2017-12-31 10:35 - 2017-12-31 10:35 - 000002132 _____ C:\Users\mathe\Desktop\Dedicated Server.lnk 2017-12-29 00:32 - 2017-12-28 23:47 - 000226024 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys 2017-12-28 20:35 - 2017-12-28 20:35 - 000000000 ____D C:\Users\outro\AppData\Roaming\Macromedia 2017-12-28 18:08 - 2017-12-28 18:05 - 188803755 ____N C:\Users\outro\Desktop\Counter Strike 1.6 Maps.exe 2017-12-28 17:40 - 2017-12-31 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 2017-12-28 17:33 - 2017-12-31 10:36 - 000000000 ____D C:\Program Files (x86)\Counter-Strike 1.6 2017-12-28 17:32 - 2017-12-28 17:31 - 000317022 ____N C:\Users\outro\Desktop\cs-1697-de_rats.rar 2017-12-28 17:18 - 2018-02-06 14:25 - 000000000 ____D C:\Users\outro\AppData\LocalLow\uTorrent 2017-12-28 17:18 - 2017-12-28 17:20 - 238617038 _____ (KingSOFT DVD ) C:\Users\outro\Desktop\Counter-Strike 1.6 No Steam.exe 2017-12-28 16:21 - 2018-02-17 17:57 - 000000000 ____D C:\Users\mathe\AppData\LocalLow\uTorrent 2017-12-23 20:44 - 2017-12-31 14:58 - 000000000 ___RD C:\Users\outro\OneDrive 2017-12-23 20:44 - 2017-12-31 14:57 - 000002369 _____ C:\Users\outro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-12-23 20:39 - 2018-02-06 14:43 - 000000000 ____D C:\Users\outro\AppData\Roaming\uTorrent 2017-12-23 20:39 - 2017-12-23 20:39 - 000000896 _____ C:\Users\outro\Desktop\µTorrent.lnk 2017-12-23 20:39 - 2017-12-23 20:39 - 000000876 _____ C:\Users\outro\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2017-12-22 08:33 - 2017-12-23 20:38 - 000000000 ____D C:\Users\outro\AppData\Local\Comms 2017-12-21 22:52 - 2017-12-23 20:35 - 000000000 ____D C:\Users\outro\AppData\Local\MicrosoftEdge 2017-12-21 22:45 - 2017-12-21 22:45 - 000000000 ____D C:\Users\outro\AppData\Local\NetworkTiles 2017-12-21 22:42 - 2017-12-21 22:42 - 000000000 ____D C:\Users\outro\AppData\Roaming\AVAST Software 2017-12-21 22:42 - 2017-12-21 22:42 - 000000000 ____D C:\Users\outro\AppData\Local\CEF 2017-12-21 22:30 - 2017-12-28 17:41 - 000000000 ____D C:\Users\outro\AppData\Local\AMD 2017-12-21 22:29 - 2017-12-21 22:29 - 000000000 ____D C:\Users\outro\AppData\Roaming\ATI 2017-12-21 22:29 - 2017-12-21 22:29 - 000000000 ____D C:\Users\outro\AppData\Local\ATI 2017-12-21 22:27 - 2017-12-21 22:27 - 000000000 ____D C:\Users\outro\AppData\Local\Publishers 2017-12-21 22:24 - 2018-01-12 20:32 - 000000000 ____D C:\Users\outro\AppData\Local\Google 2017-12-21 22:24 - 2017-12-28 20:03 - 000002330 _____ C:\Users\outro\Desktop\Google Chrome.lnk 2017-12-21 22:24 - 2017-12-28 18:22 - 000000000 ____D C:\Users\outro\AppData\Local\Packages 2017-12-21 22:24 - 2017-12-21 22:24 - 000000000 ____D C:\Users\outro\AppData\Roaming\Adobe 2017-12-21 22:24 - 2017-12-21 22:24 - 000000000 ____D C:\Users\outro\AppData\Local\TileDataLayer 2017-12-21 22:23 - 2017-12-28 17:43 - 000000000 ____D C:\Users\outro\AppData\Local\VirtualStore 2017-12-21 22:23 - 2017-12-21 22:23 - 000000020 ___SH C:\Users\outro\ntuser.ini 2017-12-21 22:23 - 2017-12-21 22:23 - 000000000 _SHDL C:\Users\outro\Configurações Locais 2017-12-21 22:23 - 2017-12-21 22:23 - 000000000 _SHDL C:\Users\outro\AppData\Local\Histórico 2017-12-21 22:23 - 2017-12-21 22:23 - 000000000 _SHDL C:\Users\outro\AppData\Local\Dados de Aplicativos 2017-12-21 22:22 - 2018-02-06 14:44 - 000000000 ____D C:\Users\outro 2017-12-21 22:22 - 2017-12-21 22:22 - 000000000 _SHDL C:\Users\outro\Modelos 2017-12-21 22:22 - 2017-12-21 22:22 - 000000000 _SHDL C:\Users\outro\Meus Documentos 2017-12-21 22:22 - 2017-12-21 22:22 - 000000000 _SHDL C:\Users\outro\Menu Iniciar 2017-12-21 22:22 - 2017-12-21 22:22 - 000000000 _SHDL C:\Users\outro\Dados de Aplicativos 2017-12-21 22:22 - 2017-12-21 22:22 - 000000000 _SHDL C:\Users\outro\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2017-12-21 22:22 - 2017-12-21 22:22 - 000000000 _SHDL C:\Users\outro\Ambiente de Rede 2017-12-21 22:22 - 2017-12-21 22:22 - 000000000 _SHDL C:\Users\outro\Ambiente de Impressão 2017-12-20 21:04 - 2017-12-20 21:04 - 000000000 ____D C:\Users\mathe\AppData\Roaming\java 2017-12-20 21:02 - 2017-12-20 21:17 - 000000000 ____D C:\Users\mathe\AppData\Roaming\.minecraft 2017-12-16 17:23 - 2017-12-16 17:23 - 000000000 ____D C:\Users\mathe\AppData\Roaming\Macromedia 2017-12-08 18:52 - 2017-12-18 20:56 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software 2017-12-08 18:51 - 2017-12-08 18:51 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2017-12-07 21:28 - 2017-12-07 21:28 - 000000000 ____D C:\Users\mathe\AppData\Local\RadeonInstaller 2017-12-03 23:44 - 2017-12-03 23:44 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll 2017-12-03 23:44 - 2017-12-03 23:44 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll 2017-12-03 23:44 - 2017-12-03 23:44 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll 2017-12-03 23:44 - 2017-12-03 23:44 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll 2017-12-03 23:38 - 2017-12-03 23:38 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll 2017-12-03 14:15 - 2017-12-03 14:15 - 000000000 ____D C:\Users\mathe\AppData\Roaming\Umeng 2017-12-03 14:14 - 2017-12-03 14:14 - 000001279 _____ C:\Users\Public\Desktop\SHAREit.lnk 2017-12-03 14:14 - 2017-12-03 14:14 - 000000000 ____D C:\Users\mathe\AppData\Local\SHAREit Technologies 2017-12-03 14:14 - 2017-12-03 14:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit 2017-12-03 14:14 - 2017-12-03 14:14 - 000000000 ____D C:\Program Files (x86)\SHAREit Technologies 2017-12-02 08:52 - 2017-12-02 08:52 - 000000655 _____ C:\Users\mathe\Desktop\gta_sa - Atalho.lnk 2017-12-02 08:51 - 2017-12-02 09:33 - 000000000 ____D C:\Program Files (x86)\GTA San Andreas 2017-12-01 22:02 - 2017-12-11 17:41 - 000000000 ____D C:\Users\mathe\OneDrive\Documentos\GTA San Andreas User Files 2017-12-01 21:16 - 2017-12-01 21:16 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2017-12-01 19:24 - 2017-12-01 19:24 - 000000000 ____D C:\Users\Todos os Usuários\SWCUTemp 2017-12-01 19:24 - 2017-12-01 19:24 - 000000000 ____D C:\ProgramData\SWCUTemp 2017-11-28 18:05 - 2017-11-28 18:05 - 000058201 _____ C:\Users\mathe\OneDrive\Documentos\Arrow.S06E08.720p.HDTV.x264-AVS_2.srt 2017-11-26 18:08 - 2017-11-26 18:08 - 000000000 _____ C:\Users\mathe\AppData\Local\{0C614E00-A8C4-4BD8-9EFE-3686A1ECEDE7} 2017-11-19 16:24 - 2017-11-19 16:24 - 000000000 ____D C:\Users\mathe\AppData\Roaming\Sun 2017-11-19 16:24 - 2017-11-19 16:24 - 000000000 ____D C:\Users\mathe\AppData\LocalLow\Sun 2017-11-19 16:23 - 2017-11-19 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-11-19 16:23 - 2017-11-19 16:22 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-11-19 16:21 - 2017-11-19 17:18 - 000000000 ____D C:\Users\Todos os Usuários\Oracle 2017-11-19 16:21 - 2017-11-19 17:18 - 000000000 ____D C:\ProgramData\Oracle 2017-11-19 16:21 - 2017-11-19 16:21 - 000000000 ____D C:\Program Files (x86)\Java ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2018-02-17 21:29 - 2017-11-09 18:40 - 000000000 ____D C:\Users\mathe\AppData\Roaming\uTorrent 2018-02-17 21:27 - 2015-07-10 09:04 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-02-17 21:20 - 2015-07-10 09:04 - 000000000 ___HD C:\Program Files\WindowsApps 2018-02-17 20:53 - 2015-07-10 09:04 - 000000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2018-02-17 20:53 - 2015-07-10 09:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-02-17 20:44 - 2017-11-10 15:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-02-17 20:38 - 2017-11-09 17:52 - 000000000 ____D C:\SDFGHJ.old 2018-02-17 20:20 - 2015-07-10 09:02 - 000000000 ____D C:\WINDOWS\INF 2018-02-17 20:04 - 2017-11-12 21:14 - 000000000 ____D C:\Users\mathe\AppData\Roaming\IDM 2018-02-17 19:59 - 2015-07-10 08:55 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-02-17 19:58 - 2017-11-09 18:02 - 000000000 ___DC C:\WINDOWS\Panther 2018-02-17 19:57 - 2017-11-10 17:09 - 000000000 ____D C:\WINDOWS\Minidump 2018-02-17 18:29 - 2017-11-09 17:44 - 000000000 ___RD C:\Users\mathe\OneDrive 2018-02-17 18:25 - 2017-11-09 17:52 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-390941324-379733044-1376603182-1001 2018-02-17 18:25 - 2017-11-09 17:44 - 000002414 _____ C:\Users\mathe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-02-17 18:25 - 2017-11-09 17:31 - 001810446 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-02-17 18:25 - 2015-07-10 14:36 - 000782022 _____ C:\WINDOWS\system32\prfh0416.dat 2018-02-17 18:25 - 2015-07-10 14:36 - 000153010 _____ C:\WINDOWS\system32\prfc0416.dat 2018-02-17 17:54 - 2017-11-09 17:32 - 000000000 ____D C:\Users\mathe 2018-02-17 17:53 - 2015-07-10 10:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-02-06 16:10 - 2017-11-12 21:13 - 000000000 ____D C:\Users\mathe\AppData\Roaming\DMCache 2018-01-23 17:16 - 2017-11-09 18:50 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2018-01-23 14:29 - 2015-07-10 09:04 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2018-01-23 14:29 - 2015-07-10 09:04 - 000000000 ____D C:\WINDOWS\system32\MUI 2018-01-23 14:28 - 2017-11-16 16:58 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-01-23 14:28 - 2017-11-16 16:26 - 000000000 ____D C:\Program Files\rempl 2018-01-23 14:12 - 2017-11-16 16:58 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-01-23 14:10 - 2017-11-16 16:57 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-01-23 13:58 - 2017-11-09 18:48 - 000457400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2018-01-23 13:58 - 2017-11-09 18:48 - 000358672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2018-01-23 13:58 - 2017-11-09 18:48 - 000204456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2018-01-23 13:57 - 2017-11-09 18:48 - 000185096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2018-01-23 13:57 - 2017-11-09 18:48 - 000146664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2018-01-23 13:57 - 2017-11-09 18:48 - 000110336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2018-01-23 13:57 - 2017-11-09 18:48 - 000084384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2018-01-23 13:57 - 2017-11-09 18:48 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2018-01-23 13:55 - 2017-11-09 18:48 - 001025176 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2018-01-23 13:54 - 2017-11-09 18:48 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys 2018-01-23 13:54 - 2017-11-09 18:48 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys 2018-01-23 13:54 - 2017-11-09 18:48 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys 2018-01-23 13:54 - 2017-11-09 18:48 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys 2018-01-23 13:49 - 2017-11-12 21:12 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager 2018-01-23 13:38 - 2015-07-10 09:04 - 000000000 __RHD C:\Users\Public\Libraries 2018-01-23 13:03 - 2017-11-10 15:17 - 000004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{36AAE019-EBCA-40F6-9406-766C507580D1} ==================== Arquivos na raiz de alguns diretórios ======= 2017-11-26 18:08 - 2017-11-26 18:08 - 000000000 _____ () C:\Users\mathe\AppData\Local\{0C614E00-A8C4-4BD8-9EFE-3686A1ECEDE7} 2018-01-30 16:33 - 2018-01-30 16:33 - 000000000 _____ () C:\Users\mathe\AppData\Local\{AF888BED-6DED-43F9-BD78-90959D6C318E} Alguns arquivos em TEMP: ==================== 2018-02-17 21:06 - 2018-02-17 21:06 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\mathe\AppData\Local\Temp\scpE236.tmp.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2018-01-12 19:58 ==================== Fim de FRST.txt ============================