Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 01-01-2017
Executado por Richilie Ronnier (administrador) em DESKTOP-U84LI2N (03-01-2017 09:18:22)
Executando a partir de C:\Users\Richilie Ronnier\Downloads
Perfis Carregados: Richilie Ronnier (Perfis Disponíveis: Richilie Ronnier)
Platform: Windows 10 Pro Versão 1511 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: "C:\Program Files (x86)\Jamlarry\Application\chrome.exe" "%1")
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Jamlarry\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Jamlarry\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Jamlarry\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Jamlarry\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Jamlarry\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Jamlarry\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Jamlarry\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Jamlarry\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Jamlarry\Application\chrome.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-01-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-07] (Banco do Brasil)
HKU\S-1-5-21-1772908142-2598305865-1026119930-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-1772908142-2598305865-1026119930-1001\...\RunOnce: [Uninstall C:\Users\Richilie Ronnier\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Richilie Ronnier\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1772908142-2598305865-1026119930-1001\...\RunOnce: [Uninstall C:\Users\Richilie Ronnier\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Richilie Ronnier\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-1772908142-2598305865-1026119930-1001\...\RunOnce: [Uninstall C:\Users\Richilie Ronnier\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Richilie Ronnier\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1772908142-2598305865-1026119930-1001\...\RunOnce: [Uninstall C:\Users\Richilie Ronnier\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Richilie Ronnier\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
ShellExecuteHooks: Sem Nome - {B5031350-C68F-11E6-89DF-64006A5CFC23} - C:\Users\Richilie Ronnier\AppData\Roaming\Phegitaincomgh\Mezaentdule.dll -> Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-06-07] (Banco do Brasil)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
GroupPolicyScripts: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyServer: [S-1-5-21-1772908142-2598305865-1026119930-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 192.168.100.1
Tcpip\..\Interfaces\{1cd15b73-9e08-416d-aafd-f48f552cf0ca}: [DhcpNameServer] 192.168.100.1 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\S-1-5-21-1772908142-2598305865-1026119930-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\D3lLA3B3.dll => Nenhum Arquivo
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-07] (Banco do Brasil)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1772908142-2598305865-1026119930-1001 -> hxxp://www.google.com

FireFox:
========
FF DefaultProfile: x5str8cq.default
FF ProfilePath: C:\Users\Richilie Ronnier\AppData\Roaming\Mozilla\Firefox\Profiles\x5str8cq.default [2017-01-01]
FF Homepage: Mozilla\Firefox\Profiles\x5str8cq.default -> hxxp://www.amisites.com/?type=hp&ts=1482922845&z=8bd88519fc69c0e946ac999gezbbeo3t8o7o2bdzdw&from=che0812&uid=SAMSUNGXHD080HJXP_1203J1FL516021
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.amisites.com/?type=hp&ts=1483103292&z=e5b246b537fd55405a5629cg2z3bec9gde0c4oct1o&from=archer1028&uid=SAMSUNGXHD080HJXP_1203J1FL516021
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.amisites.com/?type=hp&ts=1483103292&z=e5b246b537fd55405a5629cg2z3bec9gde0c4oct1o&from=archer1028&uid=SAMSUNGXHD080HJXP_1203J1FL516021" 
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.amisites.com/search/?type=ds&ts=1482922845&z=8bd88519fc69c0e946ac999gezbbeo3t8o7o2bdzdw&from=che0812&uid=SAMSUNGXHD080HJXP_1203J1FL516021&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> amisites
CHR Profile: C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-02] <==== ATENÇÃO
CHR Extension: (Google Apresentações) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-26]
CHR Extension: (Google Docs) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-26]
CHR Extension: (Google Drive) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-26]
CHR Extension: (YouTube) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-26]
CHR Extension: (Planilhas do Google) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-26]
CHR Extension: (Documentos Google off-line) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-26]
CHR Extension: (Brooklyn Bridge City Lights - Full HD - Axlg) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\khndmmdipimkmklaflojmmflbjmonhjg [2016-12-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-26]
CHR Extension: (Ultimos Torrents) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\onidcjfimideopiecibkenlependfjhf [2016-12-26]
CHR Extension: (Gmail) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-26]
CHR Extension: (Chrome Media Router) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-26]
CHR Profile: C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (Sem Nome) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-24]
CHR Extension: (Sem Nome) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-24]
CHR Extension: (Sem Nome) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-24]
CHR Extension: (Sem Nome) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-24]
CHR Extension: (Sem Nome) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-24]
CHR Extension: (Sem Nome) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-24]
CHR Extension: (Sem Nome) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-24]
CHR Extension: (Chrome Media Router) - C:\Users\Richilie Ronnier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-06-07] (GAS Tecnologia)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [120320 2017-01-03] () [Arquivo não assinado]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 MSLN; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\1042\NonSDKAddonLangVer.dll [475648 2016-12-28] () [Arquivo não assinado]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Plutitionvawuther; C:\Program Files (x86)\Drowiing\arerlophCmm.dll [176640 2016-12-26] () [Arquivo não assinado]
S2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [743616 2016-10-30] (@ByELDI) [Arquivo não assinado]
R2 Themes; C:\Windows\system32\themeservice.dll [59392 2015-10-30] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATENÇÃO
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-01-02] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2017-01-02] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-05-09] (GAS Tecnologia)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-06-03] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek                                            )
U0 spaaopw; C:\Windows\System32\drivers\kmgjxy.sys [79064 2017-01-02] (Malwarebytes)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-05-09] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-01-03 09:18 - 2017-01-03 09:18 - 02418176 _____ (Farbar) C:\Users\Richilie Ronnier\Downloads\FRST64.exe
2017-01-03 09:18 - 2017-01-03 09:18 - 00015942 _____ C:\Users\Richilie Ronnier\Downloads\FRST.txt
2017-01-03 09:13 - 2017-01-03 09:18 - 00000000 ____D C:\FRST
2017-01-02 20:02 - 2017-01-02 20:02 - 00000000 ____D C:\_OTL
2017-01-02 19:41 - 2017-01-02 19:41 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\kmgjxy.sys
2017-01-02 19:21 - 2017-01-03 09:09 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-02 19:21 - 2017-01-02 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-02 19:21 - 2017-01-02 19:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-02 19:21 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-01-02 19:21 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-01-02 19:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-02 19:20 - 2016-03-11 03:24 - 00000000 ____D C:\Users\Richilie Ronnier\Downloads\Malwarebytes 2.2.0.2014 [Paulinho Tutors]
2017-01-02 19:14 - 2017-01-02 19:14 - 00000000 ____D C:\Users\Todos os Usuários\VS Revo Group
2017-01-02 19:14 - 2017-01-02 19:14 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\VS Revo Group
2017-01-02 19:14 - 2017-01-02 19:14 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-01-02 19:14 - 2017-01-02 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-01-02 19:14 - 2017-01-02 19:14 - 00000000 ____D C:\Program Files\VS Revo Group
2017-01-02 19:14 - 2016-12-21 14:52 - 00040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2017-01-02 18:11 - 2017-01-02 19:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-02 18:11 - 2017-01-02 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-02 18:11 - 2017-01-02 18:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-02 18:11 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-30 11:50 - 2016-12-30 11:50 - 00000000 ____D C:\Program Files\f09er35s
2016-12-30 11:08 - 2017-01-02 19:14 - 00000040 _____ C:\Program Files (x86)\settings.dat
2016-12-30 11:08 - 2016-12-30 12:15 - 00000114 _____ C:\Program Files (x86)\metadata
2016-12-30 11:08 - 2016-12-30 12:15 - 00000000 ____D C:\Program Files (x86)\reports
2016-12-29 08:24 - 2017-01-03 09:08 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Elex-tech
2016-12-29 08:24 - 2016-12-29 08:24 - 00000000 ____D C:\Windows\system32\log
2016-12-29 08:24 - 2016-12-29 08:24 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2016-12-29 08:24 - 2016-05-19 04:42 - 00052392 ____N (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2016-12-29 08:23 - 2016-12-29 08:23 - 00000000 _____ C:\Users\Public\Documents\report.dat
2016-12-29 08:22 - 2016-12-29 08:22 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\Jamlarry
2016-12-29 08:21 - 2016-12-29 08:21 - 00000000 ____D C:\Program Files (x86)\Jamlarry
2016-12-29 08:20 - 2017-01-02 19:05 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-12-29 07:00 - 2016-12-30 12:20 - 00000000 ____D C:\Program Files\pks0btvn
2016-12-29 06:33 - 2017-01-02 19:20 - 00000000 __SHD C:\Config.Msi
2016-12-29 06:33 - 2016-12-29 06:33 - 00000000 ____D C:\Windows\system32\appmgmt
2016-12-28 09:00 - 2016-12-28 09:00 - 00000000 ____D C:\Program Files (x86)\UvConverter
2016-12-27 16:03 - 2017-01-02 19:41 - 00000000 ____D C:\Users\Todos os Usuários\WinSAPSvc
2016-12-27 16:03 - 2017-01-02 19:41 - 00000000 ____D C:\ProgramData\WinSAPSvc
2016-12-27 16:03 - 2016-12-30 11:08 - 00000000 ____D C:\Program Files (x86)\WinArcher
2016-12-27 16:03 - 2016-12-27 16:03 - 00000000 ____D C:\Program Files (x86)\Gubed
2016-12-27 15:57 - 2017-01-03 09:10 - 00000000 ____D C:\Program Files (x86)\d7ebr65x
2016-12-26 12:22 - 2016-12-26 12:22 - 00000000 ____D C:\Users\Richilie Ronnier\Desktop\projeto ana
2016-12-26 10:11 - 2016-12-26 10:11 - 00011776 _____ C:\Users\Richilie Ronnier\Desktop\teste.VSP
2016-12-26 10:00 - 2016-12-26 21:15 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Ulead Systems
2016-12-26 10:00 - 2016-12-26 10:00 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Corel
2016-12-26 10:00 - 2016-12-26 10:00 - 00000000 ____D C:\Program Files (x86)\Corel
2016-12-26 09:58 - 2016-12-26 09:58 - 00000000 ____D C:\Program Files\Common Files\Protexis
2016-12-26 09:57 - 2017-01-03 09:09 - 00001947 _____ C:\Users\Public\Desktop\VideoStudio X9 Training.lnk
2016-12-26 09:57 - 2017-01-03 09:09 - 00001055 _____ C:\Users\Public\Desktop\Corel VideoStudio X9.lnk
2016-12-26 09:57 - 2017-01-03 09:09 - 00001055 _____ C:\Users\Public\Desktop\Corel FastFlick X9.lnk
2016-12-26 09:57 - 2017-01-03 09:09 - 00001050 _____ C:\Users\Public\Desktop\Corel ScreenCap X9.lnk
2016-12-26 09:57 - 2016-12-26 09:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio X9
2016-12-26 09:56 - 2016-12-26 09:56 - 00000000 ____D C:\Program Files\Corel
2016-12-26 03:53 - 2016-12-26 03:53 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\ElevatedDiagnostics
2016-12-26 03:49 - 2016-12-26 03:49 - 00000286 __RSH C:\Users\Richilie Ronnier\ntuser.pol
2016-12-26 03:45 - 2017-01-02 20:24 - 00000000 ____D C:\AdwCleaner
2016-12-26 03:29 - 2017-01-03 09:09 - 00002165 _____ C:\Users\Richilie Ronnier\Desktop\Google Chrome.lnk
2016-12-26 03:28 - 2016-10-01 02:28 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-12-26 03:27 - 2016-12-26 03:27 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-12-26 03:27 - 2016-12-26 03:27 - 00000000 ____D C:\Program Files (x86)\Pluzether Server
2016-12-26 03:26 - 2016-12-26 03:26 - 00006092 _____ C:\Windows\System32\Tasks\Wociward Cloud
2016-12-26 03:25 - 2017-01-03 09:10 - 00000000 ____D C:\Program Files (x86)\Drowiing
2016-12-26 03:25 - 2016-12-26 03:48 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Phegitaincomgh
2016-12-26 03:25 - 2016-12-26 03:32 - 00000000 ____D C:\Windows\system32\SSL
2016-12-26 03:25 - 2016-12-26 03:27 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\Steqiwardeadom
2016-12-26 03:25 - 2016-12-26 03:26 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Profiles
2016-12-25 15:05 - 2016-12-25 15:05 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-25 15:05 - 2016-12-25 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-25 13:16 - 2017-01-03 09:07 - 3388448768 ___SH C:\hiberfil.sys
2016-12-25 10:21 - 2016-12-25 10:21 - 01301263 _____ C:\Users\Richilie Ronnier\Downloads\HBO The Night Of Intro Theme Song Opening by Jeff Russo.mp3
2016-12-25 10:12 - 2016-12-26 18:52 - 00000000 ____D C:\Users\Richilie Ronnier\Desktop\video da ana
2016-12-25 09:27 - 2016-12-25 15:20 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\Movavi
2016-12-25 09:27 - 2016-12-25 09:27 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\VideoEditor
2016-12-25 09:27 - 2016-12-25 09:27 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\Suite
2016-12-25 09:25 - 2016-12-26 03:22 - 00000000 ____D C:\Users\Todos os Usuários\Movavi
2016-12-25 09:25 - 2016-12-26 03:22 - 00000000 ____D C:\ProgramData\Movavi
2016-12-25 09:25 - 2016-12-25 09:25 - 00004181 _____ C:\Users\Todos os Usuários\kjiixkes.ghp
2016-12-25 09:25 - 2016-12-25 09:25 - 00004181 _____ C:\ProgramData\kjiixkes.ghp
2016-12-25 09:25 - 2016-12-25 09:25 - 00000016 _____ C:\Users\Todos os Usuários\mntemp
2016-12-25 09:25 - 2016-12-25 09:25 - 00000016 _____ C:\ProgramData\mntemp
2016-12-25 09:25 - 2016-12-25 09:25 - 00000000 ____D C:\Users\Todos os Usuários\Movavi Video Suite 16
2016-12-25 09:25 - 2016-12-25 09:25 - 00000000 ____D C:\ProgramData\Movavi Video Suite 16
2016-12-25 08:58 - 2016-12-26 10:01 - 00000000 ____D C:\Users\Richilie Ronnier\Documents\Corel VideoStudio Pro
2016-12-25 08:53 - 2016-12-25 08:58 - 00000000 ____D C:\Users\Todos os Usuários\Protexis64
2016-12-25 08:53 - 2016-12-25 08:58 - 00000000 ____D C:\ProgramData\Protexis64
2016-12-25 08:50 - 2016-12-26 10:01 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2016-12-25 08:50 - 2016-12-26 10:01 - 00000000 ____D C:\ProgramData\Corel
2016-12-25 08:48 - 2016-12-25 08:48 - 00000000 ____D C:\Program Files (x86)\VideoStudio19
2016-12-25 08:16 - 2016-12-25 08:16 - 00587784 _____ C:\Users\Richilie Ronnier\Desktop\Sem título.jpg
2016-12-25 08:13 - 2016-12-25 08:13 - 01252930 _____ C:\Users\Richilie Ronnier\Desktop\Sem título.png
2016-12-25 08:05 - 2016-12-25 08:05 - 00000000 ____D C:\Users\Todos os Usuários\UniqueId
2016-12-25 08:05 - 2016-12-25 08:05 - 00000000 ____D C:\ProgramData\UniqueId
2016-12-22 06:46 - 2016-12-22 06:46 - 00157021 _____ C:\Users\Richilie Ronnier\Desktop\15440360_1187858667930231_1168494270285928732_o.jpg
2016-12-15 11:32 - 2016-12-15 11:34 - 00000000 ___HD C:\Users\TEMP.DESKTOP-U84LI2N.000\AppData
2016-12-15 11:32 - 2016-12-15 11:34 - 00000000 ____D C:\Users\TEMP.DESKTOP-U84LI2N.000\AppData\Local
2016-12-15 11:32 - 2016-12-15 11:34 - 00000000 ____D C:\Users\TEMP.DESKTOP-U84LI2N.000
2016-12-15 11:32 - 2016-12-15 11:32 - 00000000 ____D C:\Users\TEMP.DESKTOP-U84LI2N.000\AppData\Local\TileDataLayer
2016-12-14 06:50 - 2016-12-14 06:50 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\Chromium
2016-12-12 18:51 - 2016-12-12 18:54 - 00000000 ___HD C:\Users\TEMP.DESKTOP-U84LI2N\AppData
2016-12-12 18:51 - 2016-12-12 18:54 - 00000000 ____D C:\Users\TEMP.DESKTOP-U84LI2N\AppData\Local
2016-12-12 18:51 - 2016-12-12 18:54 - 00000000 ____D C:\Users\TEMP.DESKTOP-U84LI2N
2016-12-12 18:51 - 2016-12-12 18:51 - 00000000 ____D C:\Users\TEMP.DESKTOP-U84LI2N\AppData\Local\TileDataLayer
2016-12-10 19:35 - 2016-12-10 19:35 - 00003312 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-07 06:39 - 2016-12-07 06:39 - 00198951 _____ C:\Users\Richilie Ronnier\Desktop\meurg.jpg
2016-12-05 22:25 - 2017-01-03 09:09 - 00001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SideSync.lnk
2016-12-05 22:25 - 2016-12-05 22:25 - 00000000 ____D C:\Users\Todos os Usuários\Samsung
2016-12-05 22:25 - 2016-12-05 22:25 - 00000000 ____D C:\Users\Richilie Ronnier\Documents\SideSync
2016-12-05 22:25 - 2016-12-05 22:25 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Samsung
2016-12-05 22:25 - 2016-12-05 22:25 - 00000000 ____D C:\ProgramData\Samsung
2016-11-30 21:10 - 2016-12-26 23:36 - 00006811 _____ C:\Windows\setupact.log
2016-11-23 17:49 - 2016-11-23 20:49 - 00000000 ____D C:\Users\Richilie Ronnier\Desktop\fotos huskra
2016-11-23 13:56 - 2017-01-03 09:09 - 00000977 _____ C:\Users\Public\Desktop\CPUID CPU-Z G1.lnk
2016-11-23 13:56 - 2016-11-23 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-11-23 13:56 - 2016-11-23 13:56 - 00000000 ____D C:\Program Files\CPUID
2016-11-23 13:32 - 2017-01-01 11:32 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\LocalLow\Mozilla
2016-11-23 12:56 - 2016-12-07 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-23 12:23 - 2016-11-23 12:23 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Adobe
2016-11-23 12:06 - 2016-11-23 12:06 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Opera Software
2016-11-23 12:06 - 2016-11-23 12:06 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\Opera Software
2016-11-23 12:04 - 2016-11-23 12:23 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-22 20:25 - 2016-11-22 20:25 - 00288574 _____ C:\Users\Richilie Ronnier\Desktop\72a08257-5f26-48f2-937f-cfc91f1f99b2.jpg
2016-11-22 19:52 - 2016-11-22 20:02 - 00447433 _____ C:\Users\Richilie Ronnier\Desktop\IMG_0864.JPG
2016-11-22 19:25 - 2016-11-22 19:25 - 00000040 ____H C:\AEC8A6478092
2016-11-22 19:01 - 2016-11-22 19:42 - 00410237 _____ C:\Users\Richilie Ronnier\Desktop\IMG_0997.JPG
2016-11-19 12:40 - 2016-11-19 12:40 - 00041529 _____ C:\Users\Richilie Ronnier\Documents\14962514_1363874587020322_2926325346763257548_n.jpg
2016-11-19 06:23 - 2016-11-19 06:29 - 00000000 ____D C:\Users\TEMP\AppData\Local\Packages
2016-11-19 06:23 - 2016-11-19 06:23 - 00000000 ____D C:\Users\TEMP\AppData\Local\TileDataLayer
2016-11-19 06:22 - 2016-11-19 06:29 - 00000000 ___HD C:\Users\TEMP\AppData
2016-11-19 06:22 - 2016-11-19 06:29 - 00000000 ____D C:\Users\TEMP\AppData\Local
2016-11-19 06:22 - 2016-11-19 06:29 - 00000000 ____D C:\Users\TEMP
2016-11-14 21:09 - 2016-11-14 21:09 - 00000000 ____D C:\Program Files\WinRAR
2016-11-14 21:05 - 2016-11-14 21:05 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\WinRAR
2016-11-14 07:30 - 2016-12-26 03:53 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\Diagnostics
2016-11-04 08:50 - 2016-11-04 08:50 - 00121856 _____ C:\Users\Richilie Ronnier\Desktop\29e6f17e-f8c9-4372-afde-cf6648cd5e5f.jpg
2016-11-04 06:54 - 2016-11-04 06:54 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\NVIDIA
2016-11-04 06:54 - 2016-11-04 06:54 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\LocalLow\Adobe
2016-10-30 09:23 - 2016-10-30 09:23 - 00000000 ____D C:\KVRT_Data
2016-10-30 09:16 - 2016-10-30 09:16 - 00000598 _____ C:\DelFix.txt
2016-10-29 13:10 - 2016-12-25 11:24 - 00000000 ____D C:\Users\Richilie Ronnier\Desktop\Nova pasta
2016-10-29 09:46 - 2016-10-29 17:32 - 00000000 ___RD C:\Users\Richilie Ronnier\Desktop\FILMES
2016-10-29 09:43 - 2016-10-29 09:43 - 00180419 _____ C:\Users\Richilie Ronnier\Desktop\14731197_1983144155255954_2407213530402111573_n.png
2016-10-28 12:17 - 2016-10-28 12:17 - 00001024 _____ C:\.rnd
2016-10-28 12:15 - 2017-01-03 09:07 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-10-28 12:15 - 2017-01-03 09:07 - 00000000 ____D C:\ProgramData\GbPlugin
2016-10-28 12:15 - 2017-01-02 19:08 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-10-28 12:15 - 2017-01-02 19:07 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2016-10-28 12:15 - 2017-01-02 19:07 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-10-28 12:15 - 2016-10-28 12:15 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2016-10-28 12:15 - 2016-10-28 12:15 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2016-10-27 19:32 - 2016-10-28 00:20 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\Mozilla
2016-10-27 19:32 - 2016-10-27 19:32 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Mozilla
2016-10-27 19:31 - 2017-01-03 09:09 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-27 19:31 - 2017-01-03 09:09 - 00001214 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-27 19:31 - 2016-12-07 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-27 03:34 - 2016-10-30 09:35 - 20477632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-10-21 05:29 - 2016-10-21 05:29 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-10-21 05:28 - 2016-10-23 21:05 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-10-21 05:28 - 2016-10-22 04:29 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-10-21 05:16 - 2017-01-02 19:34 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-21 05:16 - 2016-12-31 21:22 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-10-21 05:16 - 2016-10-23 14:34 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2016-10-21 05:16 - 2016-10-23 14:34 - 00000000 ____D C:\ProgramData\McAfee
2016-10-21 05:16 - 2016-10-21 05:16 - 00004066 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-10-21 05:16 - 2016-10-21 05:16 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-21 03:18 - 2016-11-22 20:51 - 00000000 ____D C:\Users\Richilie Ronnier\Desktop\MUSICAS
2016-10-09 13:51 - 2017-01-03 09:09 - 00002677 _____ C:\Users\Richilie Ronnier\Desktop\µTorrent.lnk
2016-10-09 13:51 - 2017-01-03 09:09 - 00002657 _____ C:\Users\Richilie Ronnier\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-10-09 13:51 - 2016-10-09 13:51 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2016-10-09 13:50 - 2016-12-26 09:17 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\uTorrent
2016-10-08 19:51 - 2016-10-27 17:58 - 00000000 ___RD C:\Users\Richilie Ronnier\Desktop\fotos

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-01-03 09:09 - 2016-07-06 04:17 - 00001030 _____ C:\Users\Public\Desktop\Steam.lnk
2017-01-03 09:09 - 2016-06-24 15:36 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-03 09:09 - 2016-06-24 15:36 - 00002139 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-03 09:09 - 2016-06-23 09:39 - 00001448 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-03 09:09 - 2015-10-30 09:14 - 00002406 _____ C:\Users\Richilie Ronnier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-02 20:30 - 2015-10-30 09:10 - 00000000 ____D C:\Users\Richilie Ronnier
2017-01-02 19:36 - 2015-10-30 05:11 - 00000000 ____D C:\Windows\CbsTemp
2017-01-02 19:18 - 2015-10-30 05:24 - 00000000 ____D C:\Windows\AppReadiness
2017-01-02 19:12 - 2015-10-30 05:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-02 19:06 - 2016-06-24 15:47 - 00000000 __SHD C:\Users\Richilie Ronnier\IntelGraphicsProfiles
2017-01-02 19:05 - 2015-10-30 09:26 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-01-02 19:05 - 2015-10-30 09:26 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-02 19:05 - 2015-10-30 09:03 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-02 18:11 - 2016-10-01 14:33 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2017-01-02 18:11 - 2016-10-01 14:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-30 12:18 - 2015-10-30 08:58 - 00227824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-30 11:08 - 2015-10-30 04:28 - 00000000 ____D C:\Windows\SysWOW64
2016-12-29 08:23 - 2015-10-30 05:24 - 00000000 ___RD C:\Users\Public\Documents
2016-12-29 08:21 - 2015-10-30 05:24 - 00000000 ___SD C:\Users\Todos os Usuários\Microsoft
2016-12-29 08:21 - 2015-10-30 05:24 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-28 09:40 - 2015-10-30 05:24 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-27 15:56 - 2015-10-30 17:11 - 00749478 _____ C:\Windows\system32\prfh0416.dat
2016-12-27 15:56 - 2015-10-30 17:11 - 00146804 _____ C:\Windows\system32\prfc0416.dat
2016-12-27 15:56 - 2015-10-30 09:09 - 01732758 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-27 15:56 - 2015-10-30 05:26 - 00700038 _____ C:\Windows\system32\perfh009.dat
2016-12-27 15:56 - 2015-10-30 05:26 - 00131592 _____ C:\Windows\system32\perfc009.dat
2016-12-27 15:56 - 2015-10-30 05:21 - 00000000 ____D C:\Windows\INF
2016-12-26 18:00 - 2015-10-30 05:24 - 00000000 __RSD C:\Windows\Fonts
2016-12-26 11:19 - 2015-10-30 09:10 - 00000000 ___SD C:\Users\Richilie Ronnier\AppData\Roaming\Microsoft
2016-12-26 09:58 - 2015-10-30 04:28 - 00000000 ____D C:\Program Files\Common Files
2016-12-26 09:17 - 2015-10-30 09:10 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\LocalLow
2016-12-26 03:53 - 2015-10-30 05:24 - 00000000 ____D C:\Windows\system32\NDF
2016-12-26 03:52 - 2015-10-30 09:10 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\Microsoft
2016-12-26 03:48 - 2015-10-30 04:28 - 63700992 _____ C:\Windows\system32\config\SOFTWARE
2016-12-26 03:48 - 2015-10-30 04:28 - 14155776 _____ C:\Windows\system32\config\SYSTEM
2016-12-26 03:48 - 2015-10-30 04:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-12-26 03:48 - 2015-10-30 04:28 - 00524288 _____ C:\Windows\system32\config\DEFAULT
2016-12-26 03:48 - 2015-10-30 04:28 - 00032768 _____ C:\Windows\system32\config\SECURITY
2016-12-26 03:47 - 2015-10-30 05:24 - 00000000 ____D C:\Windows\Tasks
2016-12-26 03:27 - 2016-09-30 23:45 - 00003734 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-12-26 03:27 - 2016-09-30 23:45 - 00003734 __RSH C:\ProgramData\ntuser.pol
2016-12-26 03:27 - 2016-07-06 02:19 - 00000000 ____D C:\Users\Todos os Usuários\Intel
2016-12-26 03:27 - 2016-07-06 02:19 - 00000000 ____D C:\ProgramData\Intel
2016-12-26 03:27 - 2015-10-30 05:24 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-12-26 03:27 - 2015-10-30 05:24 - 00000000 ____D C:\Windows\system32\LogFiles
2016-12-26 02:51 - 2016-07-06 04:17 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-25 13:21 - 2016-06-24 14:51 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\CrashDumps
2016-12-25 11:44 - 2015-10-30 04:28 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-25 08:59 - 2015-10-30 05:24 - 00000000 ___RD C:\Users\Public\Music
2016-12-25 08:58 - 2015-10-30 09:10 - 00000000 ___RD C:\Users\Richilie Ronnier\Documents
2016-12-25 08:48 - 2015-10-30 09:24 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-12-25 08:48 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-25 08:29 - 2016-07-06 04:30 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-23 19:36 - 2015-10-30 05:24 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-17 07:07 - 2016-06-24 15:32 - 00003586 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 07:07 - 2016-06-24 15:32 - 00003462 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 11:35 - 2015-10-30 05:24 - 00000000 ____D C:\Users\Todos os Usuários\SoftwareDistribution
2016-12-15 11:35 - 2015-10-30 05:24 - 00000000 ____D C:\ProgramData\SoftwareDistribution
2016-12-15 11:33 - 2015-10-30 09:11 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-15 11:32 - 2015-10-30 04:28 - 00000000 ___RD C:\Users
2016-12-14 07:40 - 2015-10-30 04:28 - 00065536 _____ C:\Windows\system32\config\SAM
2016-12-14 06:50 - 2016-06-23 09:42 - 00000000 ____D C:\Users\Richilie Ronnier\AppData\Local\Steam
2016-12-12 09:51 - 2015-10-30 05:24 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-10 19:35 - 2015-10-30 09:14 - 00000000 ___RD C:\Users\Richilie Ronnier\OneDrive
2016-12-06 21:59 - 2015-10-30 04:28 - 35127296 _____ C:\Windows\system32\config\COMPONENTS
2016-12-06 17:27 - 2015-10-30 09:02 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{105af9ed-7f3a-11e5-80c4-90b11c266de6}.TMContainer00000000000000000001.regtrans-ms
2016-12-06 17:27 - 2015-10-30 09:02 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{105af9ed-7f3a-11e5-80c4-90b11c266de6}.TM.blf
2016-12-05 22:25 - 2015-10-30 04:28 - 00000000 ____D C:\Windows\WinSxS
2016-12-05 18:42 - 2015-10-30 04:28 - 00000000 ____D C:\Windows\system32\DriverStore

==================== Arquivos na raiz de alguns diretórios =======

2016-12-30 11:08 - 2016-12-30 12:15 - 0000114 _____ () C:\Program Files (x86)\metadata
2016-12-30 11:08 - 2017-01-02 19:14 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-12-25 09:25 - 2016-12-25 09:25 - 0004181 _____ () C:\ProgramData\kjiixkes.ghp
2016-12-25 09:25 - 2016-12-25 09:25 - 0000016 _____ () C:\ProgramData\mntemp

Alguns arquivos em TEMP:
====================
C:\Users\Richilie Ronnier\AppData\Local\Temp\~ctB542.tmp.dll


==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2016-12-23 19:36

==================== Fim de FRST.txt ============================