Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14.03.2018
Executado por Fabinho (administrador) em NOTE-FABINHO (07-04-2018 00:44:29)
Executando a partir de C:\Users\Fabinho\Desktop
Perfis Carregados: Fabinho (Perfis Disponíveis: Fabinho & Amor)
Platform: Windows 10 Home Single Language Versão 1709 16299.248 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Edge)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{2F0814BD-8A95-734F-BDB0-EEC45B9D9257}\YSearchUtilSVC.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\MsMpEng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18022-0\NisSrv.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(the sz development) C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.251_none_16dd4c82321e5ccc\TiWorker.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [DoroServer] => C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [208896 2016-01-16] (the sz development)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1935936 2016-12-12] (APN)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587800 2017-12-19] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-609379010-4171710554-3403489224-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-01-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 181.213.132.3 181.213.132.2
Tcpip\..\Interfaces\{69fedcea-1b6f-4e50-b2d8-9689a2fde596}: [DhcpNameServer] 181.213.132.3 181.213.132.2
Tcpip\..\Interfaces\{c56fe13c-b98d-44b7-b5db-ca8917bf4885}: [DhcpNameServer] 201.17.1.114 201.17.1.118

Internet Explorer:
==================
HKU\S-1-5-21-609379010-4171710554-3403489224-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKU\S-1-5-21-609379010-4171710554-3403489224-1001 -> {452274DA-5277-43A7-AA2C-F7ACB8C2D297} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&intl=br&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-609379010-4171710554-3403489224-1001 -> {8E668F46-317E-4C6B-9A01-7FECB575A90D} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-609379010-4171710554-3403489224-1001 -> {B9EE14E4-E95D-42A6-A5FA-7EFF9B2D588F} URL = hxxp://www.teoma.com/web?tpid=ATU3-TMG&o=APN11203&pf=V7&p2=%5ECHX%5EYYYYYY%5EYY%5EBR&gct=&itbv=12.40.6.630&apn_uid=E5356264-8CD6-4959-872F-7307E7FCCBBA&apn_ptnrs=^CHX&apn_dtid=%5EYYYYYY%5EYY%5EBR&apn_dbr=microsoftedge.exe_6_25.10586.0.0&doi=2016-07-31&trgb=CR&q={searchTerms}&psv=&pt=tb
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation)
BHO: Teoma Media Search App -> {41545533-2D54-4D47-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU3-TMG\Passport_x64.dll [2016-12-12] (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-04-06] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-06] (Oracle Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO-x32: Teoma Media Search App -> {41545533-2D54-4D47-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU3-TMG\Passport.dll [2016-12-12] (APN LLC.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
Toolbar: HKLM - Teoma Media Search App - {41545533-2D54-4D47-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU3-TMG\Passport_x64.dll [2016-12-12] (APN LLC.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-11] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Teoma Media Search App - {41545533-2D54-4D47-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU3-TMG\Passport.dll [2016-12-12] (APN LLC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-02-24]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-06] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-22] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2018-04-06] <==== ATENÇÃO

Chrome: 
=======
CHR HomePage: Default -> teoma.com
CHR DefaultSearchURL: Default -> hxxps://www.teoma.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://teoma.com
CHR DefaultSuggestURL: Default -> hxxp://www.teoma.com/ss?type=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default [2018-04-07]
CHR Extension: (Apresentações) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Documentos) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (GF Tools) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkllpfckifjkamdapepikogheegjpmnj [2016-06-04]
CHR Extension: (YouTube) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Teoma) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\cohecngphbppjpaokeilaichhgggcmjb [2016-10-04]
CHR Extension: (Google Search) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Yahoo Partner) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdbpcigaolookbahgdofnimidinicfid [2017-02-04]
CHR Extension: (Planilhas) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Teoma) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhnobihfdnklhoilcilfogdcegekpgfn [2016-10-04]
CHR Extension: (Documentos Google off-line) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-02]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Fabinho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-06]
CHR HKLM\...\Chrome\Extension: [cglobijmmnefeacmdjkgkimhjcidaedm] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\cglobijmmnefeacmdjkgkimhjcidaedm.crx [2016-09-07]
CHR HKLM\...\Chrome\Extension: [cohecngphbppjpaokeilaichhgggcmjb] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\cohecngphbppjpaokeilaichhgggcmjb.crx [2016-09-07]
CHR HKLM\...\Chrome\Extension: [fhnobihfdnklhoilcilfogdcegekpgfn] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\fhnobihfdnklhoilcilfogdcegekpgfn.crx [2016-12-14]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-609379010-4171710554-3403489224-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cglobijmmnefeacmdjkgkimhjcidaedm] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\cglobijmmnefeacmdjkgkimhjcidaedm.crx [2016-09-07]
CHR HKLM-x32\...\Chrome\Extension: [cohecngphbppjpaokeilaichhgggcmjb] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\cohecngphbppjpaokeilaichhgggcmjb.crx [2016-09-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhnobihfdnklhoilcilfogdcegekpgfn] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\fhnobihfdnklhoilcilfogdcegekpgfn.crx [2016-12-14]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [202304 2016-11-15] (APN LLC.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [5249008 2018-01-24] (IBM Corp.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-10-26] (GAS Tecnologia LTDA)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-18] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-18] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe [493792 2017-11-07] (Wondershare)
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120096 2017-11-08] (Wondershare)
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{2F0814BD-8A95-734F-BDB0-EEC45B9D9257}\YSearchUtilSvc.exe [182736 2017-03-21] (Yahoo Inc.)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S4 cm_km_w; C:\WINDOWS\System32\drivers\cm_km_w.sys [247016 2015-07-02] (Kaspersky Lab UK Ltd)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2014-06-16] (Intel Mobile Communications)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-30] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197344 2017-10-21] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [592088 2017-10-21] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [180984 2018-04-02] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1022656 2018-02-24] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-02-24] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-18] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-03-18] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-03-18] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [252600 2018-03-18] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107656 2018-03-18] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [174664 2018-03-18] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-03-18] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199640 2017-07-24] (AO Kaspersky Lab)
R1 MpKsl4b5b2ee5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9899840-0952-460C-8A90-D8B90DE335C6}\MpKsl4b5b2ee5.sys [58120 2018-04-05] (Microsoft Corporation)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [489616 2018-01-24] (IBM Corp.)
R1 RapportCerberus_1908103; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1908103.sys [1635344 2018-03-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [703056 2018-01-24] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [338384 2018-01-24] (IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [597976 2018-01-24] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [743568 2018-01-24] (IBM Corp.)
S1 refnpibd; C:\WINDOWS\system32\drivers\refnpibd.sys [72816 2018-04-07] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek )
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2014-06-16] (MobileTop)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2014-06-16] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2014-06-16] (MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2014-06-16] (MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2014-06-16] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2014-06-16] (MCCI Corporation)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-06-16] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-06-16] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2014-06-16] (MCCI Corporation)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-06-16] (DEVGURU Co., LTD.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288296 2018-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-18] (Microsoft Corporation)
R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2018-04-06] (GAS Tecnologia)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [47176 2017-03-22] (GAS Tecnologia)
S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [44624 2017-12-14] (GAS Tecnologia)
R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [43608 2017-12-14] (GAS Tecnologia)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-04-07 00:44 - 2018-04-07 00:47 - 000024891 _____ C:\Users\Fabinho\Desktop\FRST.txt
2018-04-07 00:44 - 2018-04-07 00:44 - 000000000 ____D C:\FRST
2018-04-07 00:42 - 2018-04-07 00:42 - 002403328 _____ (Farbar) C:\Users\Fabinho\Desktop\FRST64.exe
2018-04-07 00:42 - 2018-04-07 00:42 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refnpibd.sys
2018-04-06 00:35 - 2018-04-06 00:39 - 000000000 ____D C:\Users\Fabinho\.rfb
2018-04-06 00:33 - 2018-04-06 00:39 - 000000000 ____D C:\Users\Fabinho\Desktop\IRPF2018
2018-04-06 00:31 - 2018-04-06 00:31 - 027826147 _____ C:\Users\Fabinho\Downloads\IRPF2018-1.4.zip
2018-04-06 00:14 - 2018-04-06 00:11 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2018-04-06 00:11 - 2018-04-06 00:11 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-04-06 00:10 - 2018-04-06 00:10 - 000000000 ____D C:\Program Files\Java
2018-04-06 00:06 - 2018-04-06 00:07 - 071328320 _____ (Oracle Corporation) C:\Users\Fabinho\Downloads\jre-8u161-windows-x64.exe
2018-04-02 22:46 - 2018-04-02 22:46 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-24 00:01 - 2018-03-24 00:01 - 000000000 ____D C:\WINDOWS\PCHEALTH
2018-03-23 23:41 - 2018-04-06 23:41 - 000003266 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFabinho
2018-03-23 23:41 - 2018-04-06 23:41 - 000000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFabinho.job
2018-03-23 23:36 - 2018-03-23 23:45 - 000000000 ____D C:\Users\Fabinho\Desktop\Backup Pendrive 8GB
2018-03-23 23:24 - 2018-03-23 23:34 - 000000000 ____D C:\Users\Fabinho\Desktop\Hollywood Hits 2 e 3
2018-03-18 18:30 - 2018-03-18 18:30 - 000252600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-03-18 18:29 - 2018-03-18 18:29 - 000231312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-03-18 18:29 - 2018-03-18 18:29 - 000174664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-03-18 18:29 - 2018-03-18 18:29 - 000107656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-03-18 18:28 - 2018-03-18 18:28 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2018-03-16 21:42 - 2018-03-16 21:42 - 000154740 _____ C:\Users\Fabinho\Desktop\Boleto CEF março 18.pdf

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-04-07 00:39 - 2017-09-29 10:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-07 00:37 - 2016-01-18 23:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-07 00:32 - 2016-01-12 22:00 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2018-04-07 00:32 - 2016-01-12 22:00 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-04-07 00:15 - 2017-10-28 13:53 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-07 00:15 - 2016-01-18 23:24 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-07 00:14 - 2016-02-06 12:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-04-07 00:12 - 2016-02-06 12:26 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2018-04-07 00:08 - 2017-09-29 10:44 - 000000000 ____D C:\WINDOWS\INF
2018-04-06 23:42 - 2016-01-12 20:04 - 000000202 _____ C:\WINDOWS\win.ini
2018-04-06 23:28 - 2017-09-29 10:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-06 23:28 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-06 23:28 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-06 23:28 - 2017-09-29 10:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-06 23:20 - 2017-07-24 22:40 - 000000000 ____D C:\Users\Todos os Usuários\ASUS Smart Gesture
2018-04-06 23:20 - 2017-07-24 22:40 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-04-06 23:16 - 2016-04-23 14:05 - 000028376 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2018-04-06 00:35 - 2017-12-05 18:02 - 000000000 ____D C:\Users\Fabinho
2018-04-06 00:14 - 2016-02-06 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-03 22:05 - 2016-02-09 11:36 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-03 22:05 - 2016-02-09 11:36 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-02 23:51 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-02 23:02 - 2017-12-05 18:26 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-609379010-4171710554-3403489224-1001
2018-04-02 23:02 - 2016-01-12 20:25 - 000002421 _____ C:\Users\Fabinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-02 23:02 - 2015-11-22 18:52 - 000000000 ___RD C:\Users\Fabinho\OneDrive
2018-04-02 22:53 - 2017-12-05 18:20 - 001795494 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-02 22:53 - 2017-09-30 11:35 - 000766632 _____ C:\WINDOWS\system32\prfh0416.dat
2018-04-02 22:53 - 2017-09-30 11:35 - 000160344 _____ C:\WINDOWS\system32\prfc0416.dat
2018-04-02 22:44 - 2017-12-05 18:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-02 22:43 - 2017-09-29 05:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-03-24 03:05 - 2017-12-05 17:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-18 18:40 - 2017-09-29 10:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-03-18 18:32 - 2017-09-29 05:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-18 18:26 - 2016-05-23 13:01 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-18 18:22 - 2017-12-05 18:26 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-03-18 18:19 - 2017-12-05 10:47 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-16 21:37 - 2016-12-06 06:30 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-03-16 21:37 - 2016-05-08 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer
2018-03-16 21:31 - 2017-12-05 18:37 - 000000000 ___RD C:\Users\Fabinho\3D Objects
2018-03-16 21:31 - 2014-11-09 17:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-16 21:25 - 2017-12-05 17:58 - 000399432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-16 21:21 - 2017-09-29 10:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-03-16 21:21 - 2017-09-29 10:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-03-16 21:21 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-03-16 21:21 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-03-16 21:21 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-03-16 21:21 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-03-16 21:21 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-03-16 21:21 - 2017-09-29 05:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-03-16 21:20 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-03-16 21:20 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-03-16 21:20 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\bcastdvr

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2018-02-15 22:29

==================== Fim de FRST.txt ============================