Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 30-11-2017
Executado por ANTHONI R. GUILHERME (administrador) em DESKTOP-0M93CET (02-12-2017 11:52:31)
Executando a partir de C:\Users\ANTHONI R. GUILHERME\Desktop
Perfis Carregados: ANTHONI R. GUILHERME (Perfis Disponíveis: defaultuser0 & ANTHONI R. GUILHERME)
Platform: Windows 10 Pro Versão 1607 14393.447 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKU\S-1-5-21-1160762137-1578307099-4120072364-1001\...\RunOnce: [Uninstall 17.3.7076.1026\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ANTHONI R. GUILHERME\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64"
HKU\S-1-5-21-1160762137-1578307099-4120072364-1001\...\RunOnce: [Uninstall 17.3.7076.1026] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ANTHONI R. GUILHERME\AppData\Local\Microsoft\OneDrive\17.3.7076.1026"

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{8b5f6de8-75cf-49fa-819f-bfb1033d5cb8}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google\Chrome\User Data\Default [2017-12-02]
CHR Extension: (Apresentações) - C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-02]
CHR Extension: (Documentos) - C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-02]
CHR Extension: (Google Drive) - C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-02]
CHR Extension: (YouTube) - C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-02]
CHR Extension: (Planilhas) - C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-02]
CHR Extension: (Documentos Google off-line) - C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-02]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-02]
CHR Extension: (Gmail) - C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-02]
CHR Extension: (Chrome Media Router) - C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-02]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-21] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [734912 2015-08-16] (@ByELDI) [Arquivo não assinado]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 MpKsl4789f957; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2125E021-6BB9-4576-B7D4-EF399087770C}\MpKsl4789f957.sys [58120 2017-12-02] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-12-02 11:52 - 2017-12-02 11:53 - 000007338 _____ C:\Users\ANTHONI R. GUILHERME\Desktop\FRST.txt
2017-12-02 11:50 - 2017-12-02 11:52 - 000000000 ____D C:\FRST
2017-12-02 11:50 - 2017-12-02 11:50 - 002391552 _____ (Farbar) C:\Users\ANTHONI R. GUILHERME\Desktop\FRST64.exe
2017-12-02 11:38 - 2017-12-02 11:38 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\Desktop\FORUM - HACKTOOL
2017-12-02 11:24 - 2017-12-02 11:24 - 000002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-02 11:23 - 2017-12-02 11:24 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\Google
2017-12-02 11:23 - 2017-12-02 11:24 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-02 11:23 - 2017-12-02 11:23 - 000003586 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-02 11:23 - 2017-12-02 11:23 - 000003462 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-02 11:09 - 2017-12-02 11:09 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\PeerDistRepub
2017-12-02 10:57 - 2017-12-02 10:57 - 000004608 _____ C:\Windows\SECOH-QAD.exe
2017-12-02 10:57 - 2017-12-02 10:57 - 000003584 _____ C:\Windows\SECOH-QAD.dll
2017-12-02 10:57 - 2017-12-02 10:57 - 000003506 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2017-12-02 10:57 - 2017-12-02 10:57 - 000000000 ____D C:\Program Files\KMSpico
2017-12-02 10:57 - 2010-12-06 00:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2017-12-02 10:50 - 2017-12-02 10:50 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\ElevatedDiagnostics
2017-12-02 10:45 - 2017-12-02 10:45 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Roaming\WinRAR
2017-12-02 10:45 - 2017-12-02 10:45 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-02 10:45 - 2017-12-02 10:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-02 10:45 - 2017-12-02 10:45 - 000000000 ____D C:\Program Files\WinRAR
2017-12-02 10:44 - 2017-12-02 11:43 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\Documents\INSTALADORES
2017-12-02 10:37 - 2017-12-02 10:37 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\UNP
2017-12-02 10:33 - 2017-12-02 10:34 - 000000000 ____D C:\Windows\system32\MRT
2017-12-02 10:33 - 2017-12-02 10:33 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-02 10:32 - 2017-12-02 10:32 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-01 15:16 - 2017-04-21 19:53 - 000029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-12-01 15:16 - 2017-04-21 19:53 - 000018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-12-01 15:16 - 2017-04-21 19:50 - 000030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-12-01 15:16 - 2017-04-21 19:50 - 000018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-12-01 15:16 - 2017-04-11 16:27 - 000993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-12-01 15:16 - 2017-04-11 16:27 - 000690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-12-01 15:16 - 2017-03-15 16:15 - 000987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-12-01 15:16 - 2017-03-15 16:15 - 000485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-12-01 15:14 - 2017-12-01 15:15 - 000000000 ____D C:\Program Files\UNP
2017-12-01 15:14 - 2017-12-01 15:14 - 000000000 ____D C:\Windows\system32\UNP
2017-11-30 23:16 - 2017-11-30 23:16 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-30 23:13 - 2017-11-30 23:13 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Roaming\Macromedia
2017-11-30 23:12 - 2017-11-30 23:12 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\Comms
2017-11-30 22:00 - 2017-11-30 21:07 - 000000000 ____D C:\Windows\Panther
2017-11-30 21:35 - 2017-11-30 21:37 - 000412068 _____ C:\Windows\Minidump\113017-35937-01.dmp
2017-11-30 21:35 - 2017-11-30 21:35 - 618726437 _____ C:\Windows\MEMORY.DMP
2017-11-30 21:35 - 2017-11-30 21:35 - 000000000 ____D C:\Windows\Minidump
2017-11-30 21:34 - 2017-11-30 21:34 - 000000000 ____D C:\Program Files\ATI
2017-11-30 21:33 - 2017-11-30 21:33 - 000003464 _____ C:\Windows\System32\Tasks\{911AC008-CEE5-4685-8DDF-DA9006C4EC52}
2017-11-30 21:32 - 2017-11-30 21:32 - 000000000 _____ C:\Windows\ativpsrm.bin
2017-11-30 21:30 - 2017-11-30 23:12 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\MicrosoftEdge
2017-11-30 21:29 - 2017-11-30 21:29 - 000003460 _____ C:\Windows\System32\Tasks\{9E0027B7-DFCB-4981-BC6C-7D63A3B68319}
2017-11-30 21:29 - 2017-11-30 21:29 - 000000000 ____D C:\Program Files\ATI Technologies
2017-11-30 21:27 - 2017-11-30 21:27 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-11-30 21:27 - 2017-11-30 21:27 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-11-30 21:27 - 2017-11-30 21:27 - 000000000 ____D C:\Program Files\Realtek
2017-11-30 21:27 - 2012-10-30 07:59 - 004201104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-11-30 21:27 - 2012-10-30 06:43 - 000369117 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-11-30 21:27 - 2012-10-29 06:34 - 002703456 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2017-11-30 21:27 - 2012-10-25 04:45 - 000116880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-11-30 21:27 - 2012-10-23 01:30 - 003671696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2017-11-30 21:27 - 2012-10-22 09:48 - 001269904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-11-30 21:27 - 2012-09-24 06:32 - 002080120 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2017-11-30 21:27 - 2012-09-19 14:59 - 000869752 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2017-11-30 21:27 - 2012-09-11 23:51 - 002743440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-11-30 21:27 - 2012-09-09 04:34 - 002028920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2017-11-30 21:27 - 2012-08-21 04:51 - 000881808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-11-30 21:27 - 2012-08-13 08:06 - 001561744 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-11-30 21:27 - 2012-08-03 08:18 - 001706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-11-30 21:27 - 2012-06-20 07:26 - 000110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-11-30 21:27 - 2012-06-08 06:23 - 000083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2017-11-30 21:27 - 2012-06-08 06:21 - 000897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2017-11-30 21:27 - 2012-06-08 06:21 - 000753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2017-11-30 21:27 - 2012-03-08 01:47 - 000202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2017-11-30 21:27 - 2012-03-08 01:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2017-11-30 21:27 - 2011-12-20 05:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-11-30 21:27 - 2011-12-16 04:57 - 000065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2017-11-30 21:27 - 2011-11-22 06:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-11-30 21:27 - 2010-11-07 21:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-11-30 21:27 - 2010-11-07 21:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-11-30 21:27 - 2010-11-07 21:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-11-30 21:27 - 2010-11-07 21:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-11-30 21:27 - 2010-11-07 21:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-11-30 21:27 - 2010-11-07 21:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-11-30 21:27 - 2010-11-03 08:30 - 000149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-11-30 21:27 - 2010-09-26 23:34 - 000318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2017-11-30 21:27 - 2009-11-23 23:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-11-30 21:27 - 2009-11-23 23:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2017-11-30 21:27 - 2009-11-23 23:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2017-11-30 21:27 - 2009-11-23 23:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-11-30 21:27 - 2009-11-17 21:13 - 000060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2017-11-30 21:25 - 2017-11-30 21:27 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-30 21:25 - 2017-11-30 21:27 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-11-30 21:25 - 2012-06-12 11:41 - 000683664 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2017-11-30 21:25 - 2012-06-12 11:41 - 000074344 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-11-30 21:24 - 2017-12-02 10:52 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\Documents\DRIVES
2017-11-30 21:23 - 2017-11-30 21:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-11-30 21:20 - 2017-12-02 10:39 - 000000000 ___RD C:\Users\ANTHONI R. GUILHERME\OneDrive
2017-11-30 21:18 - 2017-12-02 11:01 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\Packages
2017-11-30 21:18 - 2017-11-30 23:21 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\Publishers
2017-11-30 21:18 - 2017-11-30 21:18 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Roaming\Adobe
2017-11-30 21:18 - 2017-11-30 21:18 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\VirtualStore
2017-11-30 21:17 - 2017-12-01 00:42 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME
2017-11-30 21:17 - 2017-11-30 23:10 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\ConnectedDevicesPlatform
2017-11-30 21:17 - 2017-11-30 21:17 - 000000020 ___SH C:\Users\ANTHONI R. GUILHERME\ntuser.ini
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\Modelos
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\Meus Documentos
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\Menu Iniciar
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\Documents\Minhas Músicas
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\Documents\Minhas Imagens
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\Documents\Meus Vídeos
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\Dados de Aplicativos
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\Configurações Locais
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\AppData\Local\Histórico
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\AppData\Local\Dados de Aplicativos
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\Ambiente de Rede
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 _SHDL C:\Users\ANTHONI R. GUILHERME\Ambiente de Impressão
2017-11-30 21:17 - 2017-11-30 21:17 - 000000000 ____D C:\Users\ANTHONI R. GUILHERME\AppData\Local\TileDataLayer
2017-11-30 21:14 - 2017-11-30 21:16 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-11-30 21:14 - 2017-11-30 21:14 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2017-11-30 21:14 - 2017-11-30 21:14 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2017-11-30 21:14 - 2017-11-30 21:14 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2017-11-30 21:11 - 2017-11-30 21:11 - 000000000 ____D C:\Windows\CSC
2017-11-30 21:09 - 2017-11-30 21:09 - 000000020 ___SH C:\Users\defaultuser0\ntuser.ini
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\Modelos
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\Meus Documentos
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\Menu Iniciar
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Minhas Músicas
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Minhas Imagens
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\Documents\Meus Vídeos
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\Dados de Aplicativos
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\Configurações Locais
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Local\Histórico
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\AppData\Local\Dados de Aplicativos
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\Ambiente de Rede
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 _SHDL C:\Users\defaultuser0\Ambiente de Impressão
2017-11-30 21:09 - 2017-11-30 21:09 - 000000000 ____D C:\Users\defaultuser0
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Músicas
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Imagens
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Usuário Padrão\Documents\Meus Vídeos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Histórico
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Dados de Aplicativos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Usuário Padrão
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Todos os Usuários\Modelos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Todos os Usuários\Menu Iniciar
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Todos os Usuários\Documentos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Todos os Usuários\Dados de Aplicativos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Todos os Usuários
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Public\Documents\Minhas Músicas
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Public\Documents\Minhas Imagens
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Public\Documents\Meus Vídeos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\Modelos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\Meus Documentos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\Menu Iniciar
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\Documents\Minhas Músicas
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\Documents\Minhas Imagens
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\Documents\Meus Vídeos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\Dados de Aplicativos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\Configurações Locais
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\AppData\Local\Histórico
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\Ambiente de Rede
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default\Ambiente de Impressão
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default User\Documents\Minhas Músicas
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default User\Documents\Minhas Imagens
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default User\Documents\Meus Vídeos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Histórico
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Dados de Aplicativos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\ProgramData\Modelos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\ProgramData\Menu Iniciar
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\ProgramData\Documentos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\ProgramData\Dados de Aplicativos
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Program Files\Common Files\Sistema
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Program Files\Arquivos Comuns
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Documents and Settings
2017-11-30 21:08 - 2017-11-30 21:08 - 000000000 _SHDL C:\Arquivos de Programas

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-12-02 11:45 - 2016-07-16 09:36 - 000000000 ____D C:\Windows\CbsTemp
2017-12-02 11:10 - 2016-07-16 09:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-02 11:01 - 2016-07-16 09:47 - 000000000 ____D C:\Windows\AppReadiness
2017-12-02 10:51 - 2016-07-16 09:45 - 000000000 ____D C:\Windows\INF
2017-12-02 00:07 - 2016-11-21 02:49 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-12-01 14:55 - 2016-07-16 09:47 - 000000000 ____D C:\Windows\appcompat
2017-11-30 21:59 - 2016-07-16 09:47 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2017-11-30 21:40 - 2016-11-21 08:59 - 001291626 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-30 21:40 - 2016-11-21 08:14 - 000367372 _____ C:\Windows\system32\prfh0416.dat
2017-11-30 21:40 - 2016-11-21 08:14 - 000065116 _____ C:\Windows\system32\prfc0416.dat
2017-11-30 21:35 - 2016-11-21 08:49 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-30 21:19 - 2016-07-16 09:47 - 000000000 ____D C:\Windows\LiveKernelReports
2017-11-30 21:18 - 2016-11-21 09:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-30 21:17 - 2016-07-16 09:47 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2017-11-30 21:11 - 2016-07-16 09:47 - 000000000 ____D C:\Windows\rescache
2017-11-30 21:10 - 2016-07-16 09:47 - 000000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2017-11-30 21:10 - 2016-07-16 09:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-30 21:08 - 2016-07-16 09:47 - 000000000 ____D C:\Program Files\Windows NT
2017-11-30 21:07 - 2016-07-16 04:04 - 000262144 _____ C:\Windows\system32\config\BBI
2017-11-30 21:06 - 2016-07-16 04:04 - 000000000 ____D C:\Windows\system32\Sysprep
2017-11-04 22:47 - 2016-07-16 09:49 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-04 22:47 - 2016-07-16 09:49 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2017-11-30 21:02

==================== Fim de FRST.txt ============================