Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 12-02-2017
Executado por gustavo.ukita (administrador) em SMSP-020445 (13-02-2017 12:33:41)
Executando a partir de C:\Users\gustavo.ukita.SYSMAP\Downloads
Perfis Carregados: gustavo.ukita (Perfis Disponíveis: gustavo.ukita & gustavo.socorro)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(hxxp://tortoisesvn.net) C:\Home\Programas\TortoiseSVN\bin\TSVNCache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\vapm.exe
(hxxp://www.ocsinventory-ng.org) C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
() C:\Home\Programas\Atlassian\HipChat4\HipChat.exe
() C:\Home\Programas\Atlassian\HipChat4\QtWebEngineProcess.exe
() C:\Home\Programas\Atlassian\HipChat4\QtWebEngineProcess.exe
(Don HO don.h@free.fr) C:\Home\Programas\Notepad++\notepad++.exe
() C:\Home\Programas\HostSwitcher\HostSwitcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
() C:\Program Files\Microsoft Office\Office15\lynchtmlconv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [927280 2016-11-11] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe [1194320 2015-11-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6004512 2017-01-11] (IObit)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATENÇÃO
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATENÇÃO
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATENÇÃO
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATENÇÃO
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-08-11] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-09-16] (Caixa Economica Federal)
HKLM-x32\...\Command Processor: <======= ATENÇÃO
HKU\S-1-5-21-1570781029-660524082-555581952-15129\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2913568 2016-12-16] (IObit)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2913568 2016-12-16] (IObit)
HKU\S-1-5-18\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Providers\jhttxc8z: C:\Program Files (x86)\Nopury Engine\local64spl.dll [308224 2017-02-06] ()
ShellExecuteHooks: Sem Nome - {2792BDF0-EABB-11E6-A851-64006A5CFC23} - -> Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1903328 2016-09-16] (Caixa Economica Federal)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-08-11] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ocspackage.exe [2015-03-23] (Ocs Inventory Team)
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [S-1-5-21-1570781029-660524082-555581952-15129] => Proxy está habilitado.
ProxyServer: [S-1-5-21-1570781029-660524082-555581952-15129] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.100.12.65 10.100.14.21
Tcpip\..\Interfaces\{808DCFD5-CC4A-46CC-A404-456D8673FA3E}: [DhcpNameServer] 10.100.12.65 10.100.14.21
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1570781029-660524082-555581952-15129\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-02-10] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-10-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-08-03] (IObit)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-08-11] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2016-09-16] (Caixa Economica Federal)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-19] (Microsoft Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
DPF: HKLM-x32 {80533188-4435-4040-AC3E-91B489C02F21} hxxp://qualitycenterprd.vivo.com.br:8080/qcbin/ALM-Platform-Loader.12.2x.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Home\Programas\Quest Software\Toad for Oracle\RNetPin.dll [2006-10-16] ()
FireFox:
========
FF DefaultProfile: 3hzwqlfa.default
FF ProfilePath: C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\3hzwqlfa.default\Profiles\3hzwqlfa.default [não encontrado (a)]
FF ProfilePath: C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497 [2017-02-13]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-10-18]
FF Extension: (AdBlock for Firefox) - C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-02-13]
FF Extension: (Proxy Tool) - C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497\Extensions\proxytool@proxylist.co.xpi [2017-02-13]
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-10-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
Chrome:
=======
CHR HKU\S-1-5-21-1570781029-660524082-555581952-15129\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit)
S2 Archer; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe [1194320 2015-11-10] (Kaspersky Lab ZAO)
S2 avpsus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avpsus.exe [2481072 2015-11-10] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3293376 2016-10-08] (Microsoft Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-08-11] (GAS Tecnologia)
S2 GubZL; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1740576 2017-01-20] (IObit)
S3 Informatica9.6.1; C:\Informatica\9.6.1\tomcat\bin\infasvcs.exe [101376 2016-09-19] () [Arquivo não assinado]
S4 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [459264 2017-02-13] () [Arquivo não assinado] <==== ATENÇÃO
R2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [139504 2016-03-22] (AO Kaspersky Lab)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit)
R2 OCS INVENTORY; C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe [69632 2009-10-27] (hxxp://www.ocsinventory-ng.org) [Arquivo não assinado]
R2 OtherSearch; C:\Program Files (x86)\zTJM6VlzI0\kl.dll [503808 2017-02-04] () [Arquivo não assinado] <==== ATENÇÃO
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-01-30] (IBM Corp.)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATENÇÃO
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49040 2014-07-24] (Synaptics Incorporated)
S3 VSStandardCollectorService140; C:\Home\Programas\VisualStudio\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-17] (Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [927280 2016-11-11] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1264640 2017-01-16] (Microsoft Corporation) [Arquivo não assinado] <==== ATENÇÃO
R2 WinSAPSvc; C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSAPSvc\WinSAP.dll [185344 2017-02-13] (TODO:) [Arquivo não assinado]
S2 WinSnare; C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSnare\WinSnare.dll [779776 2017-02-08] (InterSect Alliance Pty Ltd) [Arquivo não assinado]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [Arquivo não assinado]
S2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10679808 1999-12-31] (Advanced Micro Devices, Inc.) [Arquivo não assinado]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [459264 1999-12-31] (Advanced Micro Devices, Inc.) [Arquivo não assinado]
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35496 1999-12-31] (Advanced Micro Devices, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [70960 2017-01-17] (ESET)
S3 esgiguard; não ImagePath
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-10-11] ()
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-10] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2017-02-10] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia)
R1 HWiNFO32; C:\Users\GUSTAV~1.SYS\AppData\Local\Temp\HWiNFO64A.SYS [27552 2017-02-07] (REALiX(tm)) <==== ATENÇÃO
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [111472 2016-07-07] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [44880 2016-06-29] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [702800 2016-07-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50768 2016-06-29] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75168 2016-07-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [197512 2016-06-29] (Kaspersky Lab ZAO)
R1 Lace514; C:\Windows\System32\drivers\Lace_wpf_x64.sys [75032 2016-12-28] (Lace514)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [380872 2017-01-30] (IBM Corp.)
R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2016-12-26] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [580648 2017-01-30] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [252296 2017-01-13] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [506024 2017-01-13] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [603464 2017-01-30] (IBM Corp.)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [418784 2017-02-07] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2016-11-01] (SlimWare Utilities, Inc.)
R3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [452040 2016-03-31] (BitDefender S.R.L.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-02-10] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-11-11] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-11] (GAS Tecnologia)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-13 12:33 - 2017-02-13 12:34 - 00027843 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\FRST.txt
2017-02-13 12:33 - 2017-02-13 12:33 - 00000000 ____D C:\FRST
2017-02-13 12:31 - 2017-02-13 12:31 - 02421248 _____ (Farbar) C:\Users\gustavo.ukita.SYSMAP\Downloads\FRST64.exe
2017-02-13 12:08 - 2017-02-13 12:08 - 00001173 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-02-13 12:08 - 2017-02-13 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-02-13 12:00 - 2017-02-13 12:03 - 46510120 _____ (IObit ) C:\Users\gustavo.ukita.SYSMAP\Downloads\iobit-malware-fighter-4-5-0-3457.exe
2017-02-13 10:51 - 2017-02-13 10:51 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSAPSvc
2017-02-13 10:51 - 2017-02-13 10:51 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0)
2017-02-10 18:13 - 2017-02-10 18:27 - 00010193 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\AtividadesGustavoUkita-Janeiro2017.xlsx
2017-02-10 17:03 - 2017-02-10 17:03 - 00035321 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\HorasApontadasGustavoUkita.xls
2017-02-10 14:51 - 2017-02-10 14:51 - 00001389 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-10 12:06 - 2017-02-10 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Sun
2017-02-10 12:06 - 2017-02-10 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Sun
2017-02-10 10:37 - 2017-02-10 10:37 - 00113928 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 17:19 - 2017-02-09 17:19 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\Dados antigos do Firefox
2017-02-09 17:17 - 2017-02-09 17:17 - 00000000 ____D C:\Users\Todos os Usuários\BDLogging
2017-02-09 17:17 - 2017-02-09 17:17 - 00000000 ____D C:\ProgramData\BDLogging
2017-02-09 17:17 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-02-09 17:15 - 2017-02-09 17:15 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 17:15 - 2017-02-09 17:15 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-09 17:13 - 2017-02-09 17:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-09 16:03 - 2017-02-09 16:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\ESET
2017-02-09 15:36 - 2015-04-17 18:11 - 47077139 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\Google Chrome 41 Stable OIx64.rar
2017-02-08 14:20 - 2017-02-08 14:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\ESET
2017-02-08 14:09 - 2017-02-10 15:06 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Ocs_contact.lnk
2017-02-08 13:53 - 2017-02-08 13:53 - 00002848 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_gustavo.ukita
2017-02-08 12:21 - 2017-02-08 12:21 - 00000000 ____D C:\Users\Todos os Usuários\ESET
2017-02-08 12:21 - 2017-02-08 12:21 - 00000000 ____D C:\ProgramData\ESET
2017-02-08 12:15 - 2017-02-08 12:15 - 03139200 _____ (ESET) C:\Users\gustavo.ukita.SYSMAP\Downloads\eset_nod32_antivirus_live_installer.exe
2017-02-08 12:05 - 2017-02-08 12:05 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\PackageAware
2017-02-08 11:51 - 2017-02-08 11:51 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2017-02-08 06:32 - 2017-02-08 13:44 - 00000000 ____D C:\Program Files (x86)\WinArcher
2017-02-08 06:31 - 2017-02-08 13:45 - 00000000 ____D C:\Users\Todos os Usuários\WinSAPSvc
2017-02-08 06:31 - 2017-02-08 13:45 - 00000000 ____D C:\ProgramData\WinSAPSvc
2017-02-08 06:29 - 2017-02-13 10:51 - 00003598 _____ C:\Windows\System32\Tasks\Milimili
2017-02-08 06:29 - 2017-02-13 10:51 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSnare
2017-02-08 06:29 - 2017-02-08 13:45 - 00000000 ____D C:\Program Files (x86)\Gub
2017-02-08 06:29 - 2017-02-08 12:01 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.0.9)
2017-02-08 06:29 - 2017-02-08 06:30 - 00000000 ____D C:\Program Files (x86)\MIO
2017-02-08 06:28 - 2017-02-13 10:51 - 00000000 ____D C:\Program Files\jhttxc8z
2017-02-07 16:39 - 2017-02-07 16:39 - 00265987 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\ItauEmpresasRnegociacao-10022017.pdf
2017-02-07 12:30 - 2017-02-07 16:53 - 00002916 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_gustavo.ukita
2017-02-07 12:30 - 2017-02-07 16:53 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2017-02-07 12:05 - 2017-02-08 11:31 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-07 12:05 - 2017-02-07 12:09 - 00003842 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-07 12:05 - 2017-02-07 12:05 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-07 12:04 - 2017-02-07 12:04 - 09891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2017-02-07 12:04 - 2017-02-07 12:04 - 04332032 _____ (Realtek Semiconductor Corp.) C:\Windows\RtCRU64.exe
2017-02-07 12:04 - 2017-02-07 12:04 - 00418784 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2017-02-07 12:04 - 2017-02-07 12:04 - 00084480 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2017-02-07 12:04 - 2017-02-07 12:04 - 00000000 ____D C:\Windows\SysWOW64\sda
2017-02-07 11:53 - 2017-02-07 11:53 - 01604736 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT64.sys
2017-02-07 11:53 - 2017-02-07 11:53 - 01577600 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64AP63.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00879616 _____ (Creative Technology Ltd.) C:\Windows\system32\MCAPO64.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00619520 _____ (Creative Technology Ltd.) C:\Windows\system32\MCTHX64.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00576344 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00572760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO64.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00568960 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI64A89.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00074240 _____ (Creative Technology Ltd.) C:\Windows\system32\MCWrp64.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00030893 _____ C:\Windows\system32\Drivers\Mixer.ini
2017-02-07 11:53 - 2017-02-07 11:53 - 00001816 _____ C:\Windows\system32\Drivers\Altmixer.ini
2017-02-07 11:53 - 2017-02-07 11:53 - 00000000 ____D C:\Program Files\CONEXANT
2017-02-07 11:25 - 2017-02-07 11:25 - 00003182 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2017-02-07 11:25 - 2017-02-07 11:25 - 00002834 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_SISTEMA
2017-02-07 11:25 - 2017-02-07 11:25 - 00000000 ____D C:\Users\Todos os Usuários\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-02-07 11:25 - 2017-02-07 11:25 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-02-07 11:25 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2017-02-07 11:24 - 2017-02-07 11:24 - 00003030 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2017-02-07 11:24 - 2017-02-07 11:24 - 00003030 _____ C:\Windows\System32\Tasks\ASC10_PerformanceMonitor
2017-02-07 11:24 - 2017-02-07 11:24 - 00003028 _____ C:\Windows\System32\Tasks\SmartDefrag_Update
2017-02-07 11:24 - 2017-02-07 11:24 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2017-02-07 11:24 - 2016-03-22 11:02 - 00036288 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2017-02-07 11:24 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2017-02-07 11:21 - 2017-02-07 11:22 - 00003264 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2017-02-07 11:21 - 2017-02-07 11:22 - 00002896 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SISTEMA)
2017-02-07 11:21 - 2017-02-07 11:21 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-07 11:21 - 2017-02-07 11:21 - 00000000 ____D C:\Windows\IObit
2017-02-06 17:56 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\Dashlane
2017-02-06 17:56 - 2017-02-06 17:56 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\ProductData
2017-02-06 17:56 - 2017-02-06 17:56 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Packages
2017-02-06 17:54 - 2017-02-10 11:51 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\IObit
2017-02-06 17:54 - 2017-02-07 12:30 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2017-02-06 17:54 - 2017-02-07 12:30 - 00000000 ____D C:\ProgramData\ProductData
2017-02-06 17:54 - 2017-02-07 11:25 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\IObit
2017-02-06 17:53 - 2017-02-13 12:08 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-06 17:53 - 2017-02-07 18:07 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2017-02-06 17:53 - 2017-02-07 18:07 - 00000000 ____D C:\ProgramData\IObit
2017-02-06 17:53 - 2017-02-06 17:53 - 00000000 ____D C:\Users\Todos os Usuários\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-02-06 17:53 - 2017-02-06 17:53 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-02-06 17:51 - 2017-02-06 17:52 - 46510120 _____ (IObit ) C:\Users\gustavo.ukita.SYSMAP\Downloads\IObit-Malware-Fighter-Setup.exe
2017-02-06 15:49 - 2010-05-13 19:34 - 00014232 _____ C:\Windows\SysWOW64\sh4native.exe
2017-02-06 15:48 - 2017-02-06 15:48 - 00111817 _____ C:\spyhunter.fix
2017-02-06 12:10 - 2017-02-06 12:10 - 00001996 _____ C:\Windows\System32\Tasks\WIXDtJkRAY
2017-02-06 12:01 - 2017-02-10 14:54 - 00000000 ____D C:\Program Files (x86)\zTJM6VlzI0
2017-02-06 12:01 - 2017-02-08 16:58 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlock
2017-02-06 12:01 - 2017-02-08 16:48 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2017-02-06 12:01 - 2017-02-07 12:06 - 00003274 _____ C:\Windows\System32\Tasks\One System Care Monitor
2017-02-06 12:01 - 2017-02-06 12:11 - 00000002 _____ C:\END
2017-02-06 12:01 - 2017-02-06 12:01 - 00001067 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2017-02-06 12:01 - 2017-02-06 12:01 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\One System Care
2017-02-06 12:00 - 2017-02-06 12:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WMPNetworkAcSvc
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\Users\Todos os Usuários\Avira
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\Users\Todos os Usuários\Avg
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\ProgramData\Avira
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\ProgramData\Avg
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-06 11:57 - 2017-02-08 12:24 - 00000000 ____D C:\Program Files\XBox
2017-02-06 11:57 - 2017-02-06 11:57 - 00003716 _____ C:\Windows\System32\Tasks\Phervackprivch
2017-02-06 11:56 - 2017-02-10 14:51 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-02-06 11:56 - 2017-02-06 11:57 - 00000000 ____D C:\Users\Todos os Usuários\Windows Security
2017-02-06 11:56 - 2017-02-06 11:57 - 00000000 ____D C:\ProgramData\Windows Security
2017-02-06 11:55 - 2017-02-13 10:51 - 00000000 ____D C:\Program Files (x86)\Jegoing
2017-02-06 11:55 - 2017-02-08 11:30 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Arijuryarouied
2017-02-06 11:55 - 2017-02-06 12:01 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Arofiyprerpation
2017-02-06 11:55 - 2017-02-06 11:55 - 00000000 ____D C:\Program Files (x86)\Nopury Engine
2017-02-03 15:31 - 2017-02-03 15:31 - 00000782 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\jd-gui.cfg
2017-02-03 12:06 - 2017-02-03 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Downloads\decompilerjava
2017-02-03 12:06 - 2017-02-03 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\.oracle_jre_usage
2017-02-03 11:27 - 2017-02-03 11:27 - 00000000 ___HD C:\Windows\AxInstSV
2017-02-03 11:17 - 2017-02-03 11:17 - 00050149 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Contrato2_08022017.pdf
2017-02-03 11:17 - 2017-02-03 11:17 - 00049889 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Contrato1_08022017.pdf
2017-02-03 11:16 - 2017-02-03 11:16 - 00049889 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\Contrato.pdf
2017-01-30 10:07 - 2017-01-30 10:07 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-26 15:48 - 2017-01-26 15:49 - 00276878 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\comprovantePagamento_EloIT-25122016.PDF
2017-01-24 17:06 - 2017-01-24 17:06 - 00000309 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\MobaXterm Stored Passwords.txt
2017-01-24 16:35 - 2017-01-24 16:35 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Quest Software
2017-01-24 16:28 - 2017-01-24 16:28 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Oracle
2017-01-24 11:49 - 2017-01-24 11:49 - 00400384 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Formulário de Inclusão Bradesco Saúde.pdf
2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 _____ C:\Users\gustavo.ukita.SYSMAP\tracert
2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 _____ C:\Users\gustavo.ukita.SYSMAP\tnsping
2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 _____ C:\Users\gustavo.ukita.SYSMAP\ping
2017-01-23 10:50 - 2017-01-23 10:50 - 07945240 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Catalogo Donna Coruja Varejo.pdf
2017-01-17 09:15 - 2017-01-17 09:15 - 00180544 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2017-01-17 09:15 - 2017-01-17 09:15 - 00132272 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-01-17 09:15 - 2017-01-17 09:15 - 00070960 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2017-01-13 10:43 - 2017-02-13 12:26 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Mozilla
2017-01-13 10:40 - 2017-01-13 10:49 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Mozilla
2017-01-13 10:40 - 2017-01-13 10:43 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla
2017-01-12 16:02 - 2017-01-12 16:02 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\TortoiseSVN
2017-01-12 11:19 - 2017-01-12 11:19 - 00052403 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\1481905297___USSD.XLSX
2016-12-30 17:39 - 2017-02-01 11:54 - 00019230 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\ajudadecustodezembro.xlsx
2016-12-30 12:20 - 2016-12-30 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2016-12-30 12:19 - 2016-12-30 12:20 - 00000000 ____D C:\Program Files (x86)\WinMerge
2016-12-30 12:18 - 2016-12-30 12:18 - 06433055 _____ (hxxp://winmerge.org ) C:\Users\gustavo.ukita.SYSMAP\Downloads\WinMerge-2.14.0-Setup.exe
2016-12-29 12:42 - 2016-12-29 12:42 - 00000708 _____ C:\Users\gustavo.ukita.SYSMAP\.viminfo
2016-12-28 16:47 - 2016-12-28 16:47 - 00000130 _____ C:\Users\gustavo.ukita.SYSMAP\.gitconfig
2016-12-28 16:41 - 2016-12-28 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2016-12-28 16:40 - 2016-12-28 16:41 - 00000000 ____D C:\Program Files\Git
2016-12-28 16:20 - 2016-12-28 16:47 - 00000094 _____ C:\Users\gustavo.ukita.SYSMAP\mercurial.ini
2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.dat{d1102f42-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.dat{d1102f42-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\gustavo.socorro\NTUSER.DAT{d1102f5a-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\gustavo.socorro\NTUSER.DAT{d1102f5a-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 16:17 - 2016-12-28 16:17 - 00065536 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.dat{d1102f42-ccff-11e6-b33a-f4b7e2d5aaa6}.TM.blf
2016-12-28 16:17 - 2016-12-28 16:17 - 00065536 ___SH C:\Users\gustavo.socorro\NTUSER.DAT{d1102f5a-ccff-11e6-b33a-f4b7e2d5aaa6}.TM.blf
2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\Users\Todos os Usuários\Caphyon
2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\ProgramData\Caphyon
2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\Program Files (x86)\Atlassian
2016-12-28 16:07 - 2016-12-28 16:25 - 00000000 ____D C:\Users\Todos os Usuários\Atlassian
2016-12-28 16:07 - 2016-12-28 16:25 - 00000000 ____D C:\ProgramData\Atlassian
2016-12-28 16:06 - 2016-12-28 16:07 - 17847544 _____ (Atlassian) C:\Users\gustavo.ukita.SYSMAP\Downloads\SourceTreeSetup_1.9.10.0.exe
2016-12-28 15:10 - 2017-01-12 16:47 - 00000936 _____ C:\Users\gustavo.ukita.SYSMAP\.bash_history
2016-12-28 11:24 - 2016-12-28 11:24 - 00075032 _____ (Lace514) C:\Windows\system32\Drivers\Lace_wpf_x64.sys
2016-12-27 12:01 - 2017-01-19 10:42 - 00524288 ___SH C:\Windows\system32\config\components{93969c99-cc3c-11e6-b3e5-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-27 12:01 - 2017-01-19 10:42 - 00065536 ___SH C:\Windows\system32\config\components{93969c99-cc3c-11e6-b3e5-f4b7e2d5aaa6}.TM.blf
2016-12-27 12:01 - 2016-12-27 12:11 - 00524288 ___SH C:\Windows\system32\config\components{93969c99-cc3c-11e6-b3e5-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-27 11:49 - 2017-02-10 14:51 - 00028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-12-27 11:49 - 2016-11-11 15:41 - 00025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddprm.sys
2016-12-27 11:49 - 2016-11-11 15:41 - 00025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2016-12-26 10:23 - 2016-12-26 10:23 - 01048576 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.2.regtrans-ms
2016-12-26 10:23 - 2016-12-26 10:23 - 01048576 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.1.regtrans-ms
2016-12-26 10:23 - 2016-12-26 10:23 - 01048576 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.0.regtrans-ms
2016-12-26 10:23 - 2016-12-26 10:23 - 00065536 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.blf
2016-12-26 10:20 - 2017-02-08 13:45 - 00436584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-16 12:03 - 2017-02-06 17:57 - 00002198 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Atom.lnk
2016-12-16 12:03 - 2017-02-06 17:57 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2016-12-16 12:03 - 2016-12-16 12:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Atom
2016-12-16 12:03 - 2016-12-16 12:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\.atom
2016-12-16 12:02 - 2017-02-06 17:54 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\atom
2016-12-16 12:02 - 2017-02-06 17:49 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\SquirrelTemp
2016-12-14 17:29 - 2016-12-14 17:34 - 98462760 _____ (GitHub Inc.) C:\Users\gustavo.ukita.SYSMAP\Downloads\AtomSetup.exe
2016-12-14 12:32 - 2016-12-14 12:32 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\HHD Software
2016-12-14 11:28 - 2017-01-24 10:36 - 00002076 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Claro-Abarracamento.RDP
2016-12-13 16:05 - 2017-01-12 16:02 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\TortoiseSVN
2016-12-13 15:31 - 2016-12-13 15:31 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Documents\Arquivos do Outlook
2016-12-13 14:06 - 2017-02-02 17:29 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\PLSQL Developer
2016-12-13 10:41 - 2016-12-19 10:10 - 00524288 ___SH C:\Windows\system32\config\components{843f8ea3-c12f-11e6-8288-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-13 10:41 - 2016-12-19 10:10 - 00065536 ___SH C:\Windows\system32\config\components{843f8ea3-c12f-11e6-8288-f4b7e2d5aaa6}.TM.blf
2016-12-13 10:41 - 2016-12-14 18:00 - 00524288 ___SH C:\Windows\system32\config\components{843f8ea3-c12f-11e6-8288-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-12 15:54 - 2016-12-12 15:54 - 01048576 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.2.regtrans-ms
2016-12-12 15:54 - 2016-12-12 15:54 - 01048576 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.1.regtrans-ms
2016-12-12 15:54 - 2016-12-12 15:54 - 01048576 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.0.regtrans-ms
2016-12-12 15:54 - 2016-12-12 15:54 - 00065536 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.blf
2016-12-12 15:42 - 2016-12-12 15:53 - 00524288 ___SH C:\Windows\system32\config\components{0aa592a0-c092-11e6-8341-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-12 15:42 - 2016-12-12 15:53 - 00524288 ___SH C:\Windows\system32\config\components{0aa592a0-c092-11e6-8341-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-12 15:42 - 2016-12-12 15:53 - 00065536 ___SH C:\Windows\system32\config\components{0aa592a0-c092-11e6-8341-f4b7e2d5aaa6}.TM.blf
2016-12-09 15:25 - 2016-12-09 15:25 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Temp
2016-12-09 11:11 - 2016-12-19 10:10 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Zoom
2016-12-09 11:11 - 2016-12-09 11:11 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\gustavo.ukita.SYSMAP\Downloads\Zoom_launcher.exe
2016-12-09 10:48 - 2016-12-09 10:48 - 01048576 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.2.regtrans-ms
2016-12-09 10:48 - 2016-12-09 10:48 - 01048576 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.1.regtrans-ms
2016-12-09 10:48 - 2016-12-09 10:48 - 01048576 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.0.regtrans-ms
2016-12-09 10:48 - 2016-12-09 10:48 - 00065536 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.blf
2016-12-08 15:56 - 2016-12-08 15:56 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\vlc
2016-12-06 20:43 - 2016-12-09 10:47 - 00524288 ___SH C:\Windows\system32\config\components{0b0a188e-bc05-11e6-b16b-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-06 20:43 - 2016-12-09 10:47 - 00065536 ___SH C:\Windows\system32\config\components{0b0a188e-bc05-11e6-b16b-f4b7e2d5aaa6}.TM.blf
2016-12-06 20:43 - 2016-12-06 20:50 - 00524288 ___SH C:\Windows\system32\config\components{0b0a188e-bc05-11e6-b16b-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-06 16:39 - 2016-06-16 19:43 - 00036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2016-12-06 16:39 - 2016-06-16 19:43 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2016-12-06 16:39 - 2016-06-16 15:06 - 00002708 _____ C:\Windows\system32\Drivers\wsddntf.inf
2016-12-06 11:10 - 2016-12-06 11:10 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Programs
2016-12-05 14:41 - 2016-12-05 14:41 - 00628224 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\hora_extra.xls
2016-12-02 11:16 - 2016-12-02 11:16 - 01048576 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.2.regtrans-ms
2016-12-02 11:16 - 2016-12-02 11:16 - 01048576 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.1.regtrans-ms
2016-12-02 11:16 - 2016-12-02 11:16 - 01048576 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.0.regtrans-ms
2016-12-02 11:16 - 2016-12-02 11:16 - 00065536 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.blf
2016-11-30 14:31 - 2016-11-30 14:31 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinRAR
2016-11-30 12:06 - 2016-11-30 12:06 - 00000851 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\sqldeveloper - Atalho.lnk
2016-11-30 11:51 - 2016-12-15 15:18 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\SQL Developer
2016-11-30 11:50 - 2016-11-30 11:50 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\sqldeveloper
2016-11-29 15:56 - 2016-12-13 15:57 - 00002010 ____H C:\Users\gustavo.ukita.SYSMAP\Documents\Default.rdp
2016-11-23 16:20 - 2016-11-23 16:20 - 00002795 _____ C:\Users\Public\Desktop\Bizagi Process Modeler.lnk
2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\IsolatedStorage
2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Bizagi Ltd
2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\IsolatedStorage
2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Bizagi Ltd
2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bizagi
2016-11-23 16:17 - 2016-11-23 16:17 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Downloaded Installations
2016-11-23 16:08 - 2016-11-23 16:14 - 103746192 _____ (Bizagi Limited) C:\Users\gustavo.ukita.SYSMAP\Downloads\bizagi-process-modeler-2-7-es-en-win.exe
2016-11-23 06:19 - 2016-11-23 06:19 - 00000000 ____D C:\Users\Todos os Usuários\Snow Software
2016-11-23 06:19 - 2016-11-23 06:19 - 00000000 ____D C:\ProgramData\Snow Software
2016-11-21 15:09 - 2016-11-21 15:09 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Wisdom-soft
2016-11-21 15:08 - 2016-11-21 15:08 - 00001904 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\ScreenHunter 6.0 Free.lnk
2016-11-21 15:08 - 2016-11-21 15:08 - 00001880 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\ScreenHunter 6.0 Free.lnk
2016-11-21 15:08 - 2016-11-21 15:08 - 00001880 _____ C:\Users\gustavo.socorro\Desktop\ScreenHunter 6.0 Free.lnk
2016-11-21 15:08 - 2016-11-21 15:08 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
2016-11-21 15:07 - 2016-11-21 15:07 - 12798032 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\Baixaki_screenhunter-free [1].exe
2016-11-21 15:03 - 2016-11-21 15:03 - 01782272 _____ ( ) C:\Users\gustavo.ukita.SYSMAP\Downloads\Baixaki_screenhunter-free.exe
2016-11-16 15:22 - 2016-11-16 15:23 - 00001945 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Request-Response[3793]-Beatrix.xml
2016-11-16 14:15 - 2016-11-16 14:15 - 00021299 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Extrato_Santander_16112016.xls
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-13 12:21 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-13 12:11 - 2016-11-01 14:01 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Atlassian
2017-02-13 11:59 - 2016-06-15 15:17 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2017-02-13 11:59 - 2016-06-15 15:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-13 10:53 - 2016-10-20 12:36 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2017-02-13 04:50 - 2016-11-01 10:33 - 00000000 ____D C:\Program Files (x86)\OCS Inventory Agent
2017-02-13 03:05 - 2009-07-14 02:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-13 03:05 - 2009-07-14 02:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-10 14:59 - 2016-10-31 13:02 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Google
2017-02-10 14:58 - 2016-08-11 12:16 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2017-02-10 14:57 - 2016-10-31 12:52 - 00000000 ____D C:\sys
2017-02-10 14:54 - 2016-08-11 12:16 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2017-02-10 14:53 - 2016-08-11 12:16 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-02-10 14:53 - 2016-08-11 12:16 - 00000000 ____D C:\ProgramData\GbPlugin
2017-02-10 14:52 - 2016-08-11 12:16 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-02-10 14:51 - 2016-08-10 12:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-02-10 14:51 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\tracing
2017-02-10 14:51 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2017-02-10 14:50 - 2016-07-20 13:11 - 00000000 ____D C:\Users\Todos os Usuários\Validity
2017-02-10 14:50 - 2016-07-20 13:11 - 00000000 ____D C:\ProgramData\Validity
2017-02-10 14:50 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-10 14:38 - 2016-11-01 10:55 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\Outros Documentos
2017-02-10 14:24 - 2016-11-01 15:33 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Notepad++
2017-02-10 12:05 - 2016-06-20 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-02-10 12:05 - 2016-06-20 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-10 12:04 - 2016-06-20 18:23 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-02-10 12:03 - 2016-06-16 17:12 - 00000000 ____D C:\Program Files\Java
2017-02-10 10:37 - 2016-11-01 13:43 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\TeamViewer
2017-02-10 09:30 - 2016-11-01 09:42 - 00000000 ____D C:\Users\gustavo.socorro
2017-02-10 09:30 - 2016-09-05 18:21 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2017-02-09 17:41 - 2016-06-15 10:30 - 00000000 ____D C:\Windows\Panther
2017-02-09 17:13 - 2016-08-01 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-09 16:56 - 2016-07-20 13:00 - 00000000 ____D C:\Users\Todos os Usuários\Samsung
2017-02-09 16:56 - 2016-07-20 13:00 - 00000000 ____D C:\ProgramData\Samsung
2017-02-09 16:56 - 2016-06-15 15:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-09 16:45 - 2016-10-31 13:04 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\TSVNCache
2017-02-08 23:27 - 2016-07-19 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLSQL Developer9.0
2017-02-08 16:08 - 2016-09-01 18:23 - 00000000 ____D C:\Program Files\FileViewPro
2017-02-08 13:45 - 2016-08-30 13:07 - 00000000 ___HD C:\Users\Todos os Usuários\~0
2017-02-08 13:45 - 2016-08-30 13:07 - 00000000 ___HD C:\ProgramData\~0
2017-02-08 13:41 - 2016-06-21 13:31 - 00000000 ____D C:\Program Files (x86)\Booking.com
2017-02-08 12:03 - 2016-06-15 15:31 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-08 11:34 - 2016-06-21 13:28 - 00020566 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-02-08 11:34 - 2016-06-21 13:28 - 00020566 __RSH C:\ProgramData\ntuser.pol
2017-02-08 11:30 - 2016-07-28 12:52 - 00000000 ____D C:\Program Files (x86)\AppInsights
2017-02-08 11:30 - 2016-06-15 15:38 - 00000000 ____D C:\Program Files\WinRAR
2017-02-07 12:09 - 2016-06-17 16:47 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-07 12:09 - 2016-06-17 16:47 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-07 12:09 - 2016-06-17 16:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-07 12:09 - 2016-06-16 13:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-07 12:05 - 2016-06-15 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-06 15:58 - 2016-10-31 12:52 - 00004658 __RSH C:\Users\gustavo.ukita.SYSMAP\ntuser.pol
2017-02-06 15:58 - 2016-10-31 12:52 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP
2017-02-06 15:45 - 2009-07-14 00:34 - 00000403 _____ C:\Windows\win.ini
2017-02-06 15:45 - 2009-07-14 00:34 - 00000219 _____ C:\Windows\system.ini
2017-02-06 15:43 - 2016-07-21 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer
2017-02-06 11:59 - 2016-09-19 13:37 - 00000000 ____D C:\Informatica
2017-02-06 11:59 - 2016-07-27 18:16 - 00000000 ____D C:\Program Files (x86)\NuGet
2017-02-06 11:59 - 2016-06-16 17:37 - 00000000 ____D C:\app
2017-02-06 11:59 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-06 11:56 - 2016-11-01 10:20 - 00000000 ____D C:\Users\Todos os Usuários\AMD
2017-02-06 11:56 - 2016-11-01 10:20 - 00000000 ____D C:\ProgramData\AMD
2017-02-03 16:54 - 2016-11-01 17:44 - 00000600 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Local\PUTTY.RND
2017-02-02 16:27 - 2016-07-19 16:37 - 00000926 _____ C:\Users\Public\Desktop\PLSQL Developer.lnk
2017-02-02 16:27 - 2016-07-19 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLSQL Developer
2017-01-30 12:40 - 2016-11-01 10:55 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\claro
2017-01-30 10:08 - 2016-08-01 18:12 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-01-30 10:07 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-01-26 12:09 - 2016-11-04 11:21 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Adobe
2017-01-24 16:28 - 2016-06-15 10:28 - 00708172 _____ C:\Windows\system32\prfh0416.dat
2017-01-24 16:28 - 2016-06-15 10:28 - 00147952 _____ C:\Windows\system32\prfc0416.dat
2017-01-24 16:28 - 2009-07-14 03:13 - 01658828 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 15:29 - 2016-06-15 15:48 - 00000000 ____D C:\Intel
2017-01-19 11:30 - 2016-11-01 10:55 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\vivo
2017-01-18 12:06 - 2009-07-14 00:34 - 00014433 _____ C:\Windows\system32\Drivers\etc\Hosts.BAK
2017-01-16 15:40 - 2016-11-04 11:45 - 00002825 _____ C:\Users\gustavo.ukita.SYSMAP\soapui-settings.xml
2017-01-16 15:40 - 2016-11-03 17:47 - 00000938 _____ C:\Users\gustavo.ukita.SYSMAP\default-soapui-workspace.xml
==================== Arquivos na raiz de alguns diretórios =======
2017-02-03 15:31 - 2017-02-03 15:31 - 0000782 _____ () C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\jd-gui.cfg
2016-11-01 17:44 - 2017-02-03 16:54 - 0000600 _____ () C:\Users\gustavo.ukita.SYSMAP\AppData\Local\PUTTY.RND
Alguns arquivos em TEMP:
====================
2017-02-06 17:55 - 2017-02-06 17:55 - 0513528 _____ (Dashlane inc.) C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Temp\Dashlane_Launcher_1437420342.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-02-12 00:37
==================== Fim de FRST.txt ============================
Executado por gustavo.ukita (administrador) em SMSP-020445 (13-02-2017 12:33:41)
Executando a partir de C:\Users\gustavo.ukita.SYSMAP\Downloads
Perfis Carregados: gustavo.ukita (Perfis Disponíveis: gustavo.ukita & gustavo.socorro)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(hxxp://tortoisesvn.net) C:\Home\Programas\TortoiseSVN\bin\TSVNCache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\vapm.exe
(hxxp://www.ocsinventory-ng.org) C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
() C:\Home\Programas\Atlassian\HipChat4\HipChat.exe
() C:\Home\Programas\Atlassian\HipChat4\QtWebEngineProcess.exe
() C:\Home\Programas\Atlassian\HipChat4\QtWebEngineProcess.exe
(Don HO don.h@free.fr) C:\Home\Programas\Notepad++\notepad++.exe
() C:\Home\Programas\HostSwitcher\HostSwitcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
() C:\Program Files\Microsoft Office\Office15\lynchtmlconv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [927280 2016-11-11] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe [1194320 2015-11-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6004512 2017-01-11] (IObit)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATENÇÃO
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATENÇÃO
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATENÇÃO
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATENÇÃO
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-08-11] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-09-16] (Caixa Economica Federal)
HKLM-x32\...\Command Processor: <======= ATENÇÃO
HKU\S-1-5-21-1570781029-660524082-555581952-15129\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2913568 2016-12-16] (IObit)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2913568 2016-12-16] (IObit)
HKU\S-1-5-18\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Providers\jhttxc8z: C:\Program Files (x86)\Nopury Engine\local64spl.dll [308224 2017-02-06] ()
ShellExecuteHooks: Sem Nome - {2792BDF0-EABB-11E6-A851-64006A5CFC23} - -> Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1903328 2016-09-16] (Caixa Economica Federal)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-08-11] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ocspackage.exe [2015-03-23] (Ocs Inventory Team)
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [S-1-5-21-1570781029-660524082-555581952-15129] => Proxy está habilitado.
ProxyServer: [S-1-5-21-1570781029-660524082-555581952-15129] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.100.12.65 10.100.14.21
Tcpip\..\Interfaces\{808DCFD5-CC4A-46CC-A404-456D8673FA3E}: [DhcpNameServer] 10.100.12.65 10.100.14.21
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1570781029-660524082-555581952-15129\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-02-10] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-10-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-08-03] (IObit)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-08-11] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2016-09-16] (Caixa Economica Federal)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-19] (Microsoft Corporation)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
DPF: HKLM-x32 {80533188-4435-4040-AC3E-91B489C02F21} hxxp://qualitycenterprd.vivo.com.br:8080/qcbin/ALM-Platform-Loader.12.2x.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation)
Handler-x32: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Home\Programas\Quest Software\Toad for Oracle\RNetPin.dll [2006-10-16] ()
FireFox:
========
FF DefaultProfile: 3hzwqlfa.default
FF ProfilePath: C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\3hzwqlfa.default\Profiles\3hzwqlfa.default [não encontrado (a)]
FF ProfilePath: C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497 [2017-02-13]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-10-18]
FF Extension: (AdBlock for Firefox) - C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-02-13]
FF Extension: (Proxy Tool) - C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497\Extensions\proxytool@proxylist.co.xpi [2017-02-13]
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-10-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
Chrome:
=======
CHR HKU\S-1-5-21-1570781029-660524082-555581952-15129\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit)
S2 Archer; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe [1194320 2015-11-10] (Kaspersky Lab ZAO)
S2 avpsus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avpsus.exe [2481072 2015-11-10] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3293376 2016-10-08] (Microsoft Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-08-11] (GAS Tecnologia)
S2 GubZL; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1740576 2017-01-20] (IObit)
S3 Informatica9.6.1; C:\Informatica\9.6.1\tomcat\bin\infasvcs.exe [101376 2016-09-19] () [Arquivo não assinado]
S4 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [459264 2017-02-13] () [Arquivo não assinado] <==== ATENÇÃO
R2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [139504 2016-03-22] (AO Kaspersky Lab)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit)
R2 OCS INVENTORY; C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe [69632 2009-10-27] (hxxp://www.ocsinventory-ng.org) [Arquivo não assinado]
R2 OtherSearch; C:\Program Files (x86)\zTJM6VlzI0\kl.dll [503808 2017-02-04] () [Arquivo não assinado] <==== ATENÇÃO
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-01-30] (IBM Corp.)
S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATENÇÃO
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49040 2014-07-24] (Synaptics Incorporated)
S3 VSStandardCollectorService140; C:\Home\Programas\VisualStudio\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-17] (Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [927280 2016-11-11] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1264640 2017-01-16] (Microsoft Corporation) [Arquivo não assinado] <==== ATENÇÃO
R2 WinSAPSvc; C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSAPSvc\WinSAP.dll [185344 2017-02-13] (TODO:
S2 WinSnare; C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSnare\WinSnare.dll [779776 2017-02-08] (InterSect Alliance Pty Ltd) [Arquivo não assinado]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [Arquivo não assinado]
S2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10679808 1999-12-31] (Advanced Micro Devices, Inc.) [Arquivo não assinado]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [459264 1999-12-31] (Advanced Micro Devices, Inc.) [Arquivo não assinado]
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35496 1999-12-31] (Advanced Micro Devices, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [70960 2017-01-17] (ESET)
S3 esgiguard; não ImagePath
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-10-11] ()
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-10] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2017-02-10] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia)
R1 HWiNFO32; C:\Users\GUSTAV~1.SYS\AppData\Local\Temp\HWiNFO64A.SYS [27552 2017-02-07] (REALiX(tm)) <==== ATENÇÃO
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [111472 2016-07-07] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [44880 2016-06-29] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [702800 2016-07-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50768 2016-06-29] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75168 2016-07-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [197512 2016-06-29] (Kaspersky Lab ZAO)
R1 Lace514; C:\Windows\System32\drivers\Lace_wpf_x64.sys [75032 2016-12-28] (Lace514)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [380872 2017-01-30] (IBM Corp.)
R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2016-12-26] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [580648 2017-01-30] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [252296 2017-01-13] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [506024 2017-01-13] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [603464 2017-01-30] (IBM Corp.)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [418784 2017-02-07] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2016-11-01] (SlimWare Utilities, Inc.)
R3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [452040 2016-03-31] (BitDefender S.R.L.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-02-10] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-11-11] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-11] (GAS Tecnologia)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-13 12:33 - 2017-02-13 12:34 - 00027843 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\FRST.txt
2017-02-13 12:33 - 2017-02-13 12:33 - 00000000 ____D C:\FRST
2017-02-13 12:31 - 2017-02-13 12:31 - 02421248 _____ (Farbar) C:\Users\gustavo.ukita.SYSMAP\Downloads\FRST64.exe
2017-02-13 12:08 - 2017-02-13 12:08 - 00001173 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-02-13 12:08 - 2017-02-13 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-02-13 12:00 - 2017-02-13 12:03 - 46510120 _____ (IObit ) C:\Users\gustavo.ukita.SYSMAP\Downloads\iobit-malware-fighter-4-5-0-3457.exe
2017-02-13 10:51 - 2017-02-13 10:51 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSAPSvc
2017-02-13 10:51 - 2017-02-13 10:51 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0)
2017-02-10 18:13 - 2017-02-10 18:27 - 00010193 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\AtividadesGustavoUkita-Janeiro2017.xlsx
2017-02-10 17:03 - 2017-02-10 17:03 - 00035321 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\HorasApontadasGustavoUkita.xls
2017-02-10 14:51 - 2017-02-10 14:51 - 00001389 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-10 12:06 - 2017-02-10 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Sun
2017-02-10 12:06 - 2017-02-10 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Sun
2017-02-10 10:37 - 2017-02-10 10:37 - 00113928 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 17:19 - 2017-02-09 17:19 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\Dados antigos do Firefox
2017-02-09 17:17 - 2017-02-09 17:17 - 00000000 ____D C:\Users\Todos os Usuários\BDLogging
2017-02-09 17:17 - 2017-02-09 17:17 - 00000000 ____D C:\ProgramData\BDLogging
2017-02-09 17:17 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2017-02-09 17:15 - 2017-02-09 17:15 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 17:15 - 2017-02-09 17:15 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-09 17:13 - 2017-02-09 17:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-09 16:03 - 2017-02-09 16:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\ESET
2017-02-09 15:36 - 2015-04-17 18:11 - 47077139 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\Google Chrome 41 Stable OIx64.rar
2017-02-08 14:20 - 2017-02-08 14:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\ESET
2017-02-08 14:09 - 2017-02-10 15:06 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Ocs_contact.lnk
2017-02-08 13:53 - 2017-02-08 13:53 - 00002848 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_gustavo.ukita
2017-02-08 12:21 - 2017-02-08 12:21 - 00000000 ____D C:\Users\Todos os Usuários\ESET
2017-02-08 12:21 - 2017-02-08 12:21 - 00000000 ____D C:\ProgramData\ESET
2017-02-08 12:15 - 2017-02-08 12:15 - 03139200 _____ (ESET) C:\Users\gustavo.ukita.SYSMAP\Downloads\eset_nod32_antivirus_live_installer.exe
2017-02-08 12:05 - 2017-02-08 12:05 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\PackageAware
2017-02-08 11:51 - 2017-02-08 11:51 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2017-02-08 06:32 - 2017-02-08 13:44 - 00000000 ____D C:\Program Files (x86)\WinArcher
2017-02-08 06:31 - 2017-02-08 13:45 - 00000000 ____D C:\Users\Todos os Usuários\WinSAPSvc
2017-02-08 06:31 - 2017-02-08 13:45 - 00000000 ____D C:\ProgramData\WinSAPSvc
2017-02-08 06:29 - 2017-02-13 10:51 - 00003598 _____ C:\Windows\System32\Tasks\Milimili
2017-02-08 06:29 - 2017-02-13 10:51 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSnare
2017-02-08 06:29 - 2017-02-08 13:45 - 00000000 ____D C:\Program Files (x86)\Gub
2017-02-08 06:29 - 2017-02-08 12:01 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.0.9)
2017-02-08 06:29 - 2017-02-08 06:30 - 00000000 ____D C:\Program Files (x86)\MIO
2017-02-08 06:28 - 2017-02-13 10:51 - 00000000 ____D C:\Program Files\jhttxc8z
2017-02-07 16:39 - 2017-02-07 16:39 - 00265987 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\ItauEmpresasRnegociacao-10022017.pdf
2017-02-07 12:30 - 2017-02-07 16:53 - 00002916 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_gustavo.ukita
2017-02-07 12:30 - 2017-02-07 16:53 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2017-02-07 12:05 - 2017-02-08 11:31 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-07 12:05 - 2017-02-07 12:09 - 00003842 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-07 12:05 - 2017-02-07 12:05 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-07 12:04 - 2017-02-07 12:04 - 09891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2017-02-07 12:04 - 2017-02-07 12:04 - 04332032 _____ (Realtek Semiconductor Corp.) C:\Windows\RtCRU64.exe
2017-02-07 12:04 - 2017-02-07 12:04 - 00418784 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2017-02-07 12:04 - 2017-02-07 12:04 - 00084480 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2017-02-07 12:04 - 2017-02-07 12:04 - 00000000 ____D C:\Windows\SysWOW64\sda
2017-02-07 11:53 - 2017-02-07 11:53 - 01604736 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT64.sys
2017-02-07 11:53 - 2017-02-07 11:53 - 01577600 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64AP63.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00879616 _____ (Creative Technology Ltd.) C:\Windows\system32\MCAPO64.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00619520 _____ (Creative Technology Ltd.) C:\Windows\system32\MCTHX64.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00576344 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00572760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO64.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00568960 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI64A89.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00074240 _____ (Creative Technology Ltd.) C:\Windows\system32\MCWrp64.dll
2017-02-07 11:53 - 2017-02-07 11:53 - 00030893 _____ C:\Windows\system32\Drivers\Mixer.ini
2017-02-07 11:53 - 2017-02-07 11:53 - 00001816 _____ C:\Windows\system32\Drivers\Altmixer.ini
2017-02-07 11:53 - 2017-02-07 11:53 - 00000000 ____D C:\Program Files\CONEXANT
2017-02-07 11:25 - 2017-02-07 11:25 - 00003182 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze
2017-02-07 11:25 - 2017-02-07 11:25 - 00002834 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_SISTEMA
2017-02-07 11:25 - 2017-02-07 11:25 - 00000000 ____D C:\Users\Todos os Usuários\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-02-07 11:25 - 2017-02-07 11:25 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-02-07 11:25 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2017-02-07 11:24 - 2017-02-07 11:24 - 00003030 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2017-02-07 11:24 - 2017-02-07 11:24 - 00003030 _____ C:\Windows\System32\Tasks\ASC10_PerformanceMonitor
2017-02-07 11:24 - 2017-02-07 11:24 - 00003028 _____ C:\Windows\System32\Tasks\SmartDefrag_Update
2017-02-07 11:24 - 2017-02-07 11:24 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2017-02-07 11:24 - 2016-03-22 11:02 - 00036288 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2017-02-07 11:24 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2017-02-07 11:21 - 2017-02-07 11:22 - 00003264 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2017-02-07 11:21 - 2017-02-07 11:22 - 00002896 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SISTEMA)
2017-02-07 11:21 - 2017-02-07 11:21 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-07 11:21 - 2017-02-07 11:21 - 00000000 ____D C:\Windows\IObit
2017-02-06 17:56 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\Dashlane
2017-02-06 17:56 - 2017-02-06 17:56 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\ProductData
2017-02-06 17:56 - 2017-02-06 17:56 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Packages
2017-02-06 17:54 - 2017-02-10 11:51 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\IObit
2017-02-06 17:54 - 2017-02-07 12:30 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2017-02-06 17:54 - 2017-02-07 12:30 - 00000000 ____D C:\ProgramData\ProductData
2017-02-06 17:54 - 2017-02-07 11:25 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\IObit
2017-02-06 17:53 - 2017-02-13 12:08 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-06 17:53 - 2017-02-07 18:07 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2017-02-06 17:53 - 2017-02-07 18:07 - 00000000 ____D C:\ProgramData\IObit
2017-02-06 17:53 - 2017-02-06 17:53 - 00000000 ____D C:\Users\Todos os Usuários\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-02-06 17:53 - 2017-02-06 17:53 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-02-06 17:51 - 2017-02-06 17:52 - 46510120 _____ (IObit ) C:\Users\gustavo.ukita.SYSMAP\Downloads\IObit-Malware-Fighter-Setup.exe
2017-02-06 15:49 - 2010-05-13 19:34 - 00014232 _____ C:\Windows\SysWOW64\sh4native.exe
2017-02-06 15:48 - 2017-02-06 15:48 - 00111817 _____ C:\spyhunter.fix
2017-02-06 12:10 - 2017-02-06 12:10 - 00001996 _____ C:\Windows\System32\Tasks\WIXDtJkRAY
2017-02-06 12:01 - 2017-02-10 14:54 - 00000000 ____D C:\Program Files (x86)\zTJM6VlzI0
2017-02-06 12:01 - 2017-02-08 16:58 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlock
2017-02-06 12:01 - 2017-02-08 16:48 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2017-02-06 12:01 - 2017-02-07 12:06 - 00003274 _____ C:\Windows\System32\Tasks\One System Care Monitor
2017-02-06 12:01 - 2017-02-06 12:11 - 00000002 _____ C:\END
2017-02-06 12:01 - 2017-02-06 12:01 - 00001067 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2017-02-06 12:01 - 2017-02-06 12:01 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\One System Care
2017-02-06 12:00 - 2017-02-06 12:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WMPNetworkAcSvc
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\Users\Todos os Usuários\Avira
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\Users\Todos os Usuários\Avg
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\ProgramData\Avira
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\ProgramData\Avg
2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-06 11:57 - 2017-02-08 12:24 - 00000000 ____D C:\Program Files\XBox
2017-02-06 11:57 - 2017-02-06 11:57 - 00003716 _____ C:\Windows\System32\Tasks\Phervackprivch
2017-02-06 11:56 - 2017-02-10 14:51 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-02-06 11:56 - 2017-02-06 11:57 - 00000000 ____D C:\Users\Todos os Usuários\Windows Security
2017-02-06 11:56 - 2017-02-06 11:57 - 00000000 ____D C:\ProgramData\Windows Security
2017-02-06 11:55 - 2017-02-13 10:51 - 00000000 ____D C:\Program Files (x86)\Jegoing
2017-02-06 11:55 - 2017-02-08 11:30 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Arijuryarouied
2017-02-06 11:55 - 2017-02-06 12:01 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Arofiyprerpation
2017-02-06 11:55 - 2017-02-06 11:55 - 00000000 ____D C:\Program Files (x86)\Nopury Engine
2017-02-03 15:31 - 2017-02-03 15:31 - 00000782 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\jd-gui.cfg
2017-02-03 12:06 - 2017-02-03 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Downloads\decompilerjava
2017-02-03 12:06 - 2017-02-03 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\.oracle_jre_usage
2017-02-03 11:27 - 2017-02-03 11:27 - 00000000 ___HD C:\Windows\AxInstSV
2017-02-03 11:17 - 2017-02-03 11:17 - 00050149 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Contrato2_08022017.pdf
2017-02-03 11:17 - 2017-02-03 11:17 - 00049889 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Contrato1_08022017.pdf
2017-02-03 11:16 - 2017-02-03 11:16 - 00049889 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\Contrato.pdf
2017-01-30 10:07 - 2017-01-30 10:07 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-01-26 15:48 - 2017-01-26 15:49 - 00276878 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\comprovantePagamento_EloIT-25122016.PDF
2017-01-24 17:06 - 2017-01-24 17:06 - 00000309 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\MobaXterm Stored Passwords.txt
2017-01-24 16:35 - 2017-01-24 16:35 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Quest Software
2017-01-24 16:28 - 2017-01-24 16:28 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Oracle
2017-01-24 11:49 - 2017-01-24 11:49 - 00400384 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Formulário de Inclusão Bradesco Saúde.pdf
2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 _____ C:\Users\gustavo.ukita.SYSMAP\tracert
2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 _____ C:\Users\gustavo.ukita.SYSMAP\tnsping
2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 _____ C:\Users\gustavo.ukita.SYSMAP\ping
2017-01-23 10:50 - 2017-01-23 10:50 - 07945240 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Catalogo Donna Coruja Varejo.pdf
2017-01-17 09:15 - 2017-01-17 09:15 - 00180544 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2017-01-17 09:15 - 2017-01-17 09:15 - 00132272 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-01-17 09:15 - 2017-01-17 09:15 - 00070960 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys
2017-01-13 10:43 - 2017-02-13 12:26 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Mozilla
2017-01-13 10:40 - 2017-01-13 10:49 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Mozilla
2017-01-13 10:40 - 2017-01-13 10:43 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla
2017-01-12 16:02 - 2017-01-12 16:02 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\TortoiseSVN
2017-01-12 11:19 - 2017-01-12 11:19 - 00052403 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\1481905297___USSD.XLSX
2016-12-30 17:39 - 2017-02-01 11:54 - 00019230 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\ajudadecustodezembro.xlsx
2016-12-30 12:20 - 2016-12-30 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2016-12-30 12:19 - 2016-12-30 12:20 - 00000000 ____D C:\Program Files (x86)\WinMerge
2016-12-30 12:18 - 2016-12-30 12:18 - 06433055 _____ (hxxp://winmerge.org ) C:\Users\gustavo.ukita.SYSMAP\Downloads\WinMerge-2.14.0-Setup.exe
2016-12-29 12:42 - 2016-12-29 12:42 - 00000708 _____ C:\Users\gustavo.ukita.SYSMAP\.viminfo
2016-12-28 16:47 - 2016-12-28 16:47 - 00000130 _____ C:\Users\gustavo.ukita.SYSMAP\.gitconfig
2016-12-28 16:41 - 2016-12-28 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2016-12-28 16:40 - 2016-12-28 16:41 - 00000000 ____D C:\Program Files\Git
2016-12-28 16:20 - 2016-12-28 16:47 - 00000094 _____ C:\Users\gustavo.ukita.SYSMAP\mercurial.ini
2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.dat{d1102f42-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.dat{d1102f42-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\gustavo.socorro\NTUSER.DAT{d1102f5a-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\gustavo.socorro\NTUSER.DAT{d1102f5a-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 16:17 - 2016-12-28 16:17 - 00065536 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.dat{d1102f42-ccff-11e6-b33a-f4b7e2d5aaa6}.TM.blf
2016-12-28 16:17 - 2016-12-28 16:17 - 00065536 ___SH C:\Users\gustavo.socorro\NTUSER.DAT{d1102f5a-ccff-11e6-b33a-f4b7e2d5aaa6}.TM.blf
2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\Users\Todos os Usuários\Caphyon
2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\ProgramData\Caphyon
2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\Program Files (x86)\Atlassian
2016-12-28 16:07 - 2016-12-28 16:25 - 00000000 ____D C:\Users\Todos os Usuários\Atlassian
2016-12-28 16:07 - 2016-12-28 16:25 - 00000000 ____D C:\ProgramData\Atlassian
2016-12-28 16:06 - 2016-12-28 16:07 - 17847544 _____ (Atlassian) C:\Users\gustavo.ukita.SYSMAP\Downloads\SourceTreeSetup_1.9.10.0.exe
2016-12-28 15:10 - 2017-01-12 16:47 - 00000936 _____ C:\Users\gustavo.ukita.SYSMAP\.bash_history
2016-12-28 11:24 - 2016-12-28 11:24 - 00075032 _____ (Lace514) C:\Windows\system32\Drivers\Lace_wpf_x64.sys
2016-12-27 12:01 - 2017-01-19 10:42 - 00524288 ___SH C:\Windows\system32\config\components{93969c99-cc3c-11e6-b3e5-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-27 12:01 - 2017-01-19 10:42 - 00065536 ___SH C:\Windows\system32\config\components{93969c99-cc3c-11e6-b3e5-f4b7e2d5aaa6}.TM.blf
2016-12-27 12:01 - 2016-12-27 12:11 - 00524288 ___SH C:\Windows\system32\config\components{93969c99-cc3c-11e6-b3e5-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-27 11:49 - 2017-02-10 14:51 - 00028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-12-27 11:49 - 2016-11-11 15:41 - 00025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddprm.sys
2016-12-27 11:49 - 2016-11-11 15:41 - 00025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2016-12-26 10:23 - 2016-12-26 10:23 - 01048576 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.2.regtrans-ms
2016-12-26 10:23 - 2016-12-26 10:23 - 01048576 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.1.regtrans-ms
2016-12-26 10:23 - 2016-12-26 10:23 - 01048576 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.0.regtrans-ms
2016-12-26 10:23 - 2016-12-26 10:23 - 00065536 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.blf
2016-12-26 10:20 - 2017-02-08 13:45 - 00436584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-16 12:03 - 2017-02-06 17:57 - 00002198 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Atom.lnk
2016-12-16 12:03 - 2017-02-06 17:57 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2016-12-16 12:03 - 2016-12-16 12:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Atom
2016-12-16 12:03 - 2016-12-16 12:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\.atom
2016-12-16 12:02 - 2017-02-06 17:54 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\atom
2016-12-16 12:02 - 2017-02-06 17:49 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\SquirrelTemp
2016-12-14 17:29 - 2016-12-14 17:34 - 98462760 _____ (GitHub Inc.) C:\Users\gustavo.ukita.SYSMAP\Downloads\AtomSetup.exe
2016-12-14 12:32 - 2016-12-14 12:32 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\HHD Software
2016-12-14 11:28 - 2017-01-24 10:36 - 00002076 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Claro-Abarracamento.RDP
2016-12-13 16:05 - 2017-01-12 16:02 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\TortoiseSVN
2016-12-13 15:31 - 2016-12-13 15:31 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Documents\Arquivos do Outlook
2016-12-13 14:06 - 2017-02-02 17:29 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\PLSQL Developer
2016-12-13 10:41 - 2016-12-19 10:10 - 00524288 ___SH C:\Windows\system32\config\components{843f8ea3-c12f-11e6-8288-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-13 10:41 - 2016-12-19 10:10 - 00065536 ___SH C:\Windows\system32\config\components{843f8ea3-c12f-11e6-8288-f4b7e2d5aaa6}.TM.blf
2016-12-13 10:41 - 2016-12-14 18:00 - 00524288 ___SH C:\Windows\system32\config\components{843f8ea3-c12f-11e6-8288-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-12 15:54 - 2016-12-12 15:54 - 01048576 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.2.regtrans-ms
2016-12-12 15:54 - 2016-12-12 15:54 - 01048576 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.1.regtrans-ms
2016-12-12 15:54 - 2016-12-12 15:54 - 01048576 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.0.regtrans-ms
2016-12-12 15:54 - 2016-12-12 15:54 - 00065536 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.blf
2016-12-12 15:42 - 2016-12-12 15:53 - 00524288 ___SH C:\Windows\system32\config\components{0aa592a0-c092-11e6-8341-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-12 15:42 - 2016-12-12 15:53 - 00524288 ___SH C:\Windows\system32\config\components{0aa592a0-c092-11e6-8341-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-12 15:42 - 2016-12-12 15:53 - 00065536 ___SH C:\Windows\system32\config\components{0aa592a0-c092-11e6-8341-f4b7e2d5aaa6}.TM.blf
2016-12-09 15:25 - 2016-12-09 15:25 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Temp
2016-12-09 11:11 - 2016-12-19 10:10 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Zoom
2016-12-09 11:11 - 2016-12-09 11:11 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\gustavo.ukita.SYSMAP\Downloads\Zoom_launcher.exe
2016-12-09 10:48 - 2016-12-09 10:48 - 01048576 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.2.regtrans-ms
2016-12-09 10:48 - 2016-12-09 10:48 - 01048576 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.1.regtrans-ms
2016-12-09 10:48 - 2016-12-09 10:48 - 01048576 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.0.regtrans-ms
2016-12-09 10:48 - 2016-12-09 10:48 - 00065536 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.blf
2016-12-08 15:56 - 2016-12-08 15:56 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\vlc
2016-12-06 20:43 - 2016-12-09 10:47 - 00524288 ___SH C:\Windows\system32\config\components{0b0a188e-bc05-11e6-b16b-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms
2016-12-06 20:43 - 2016-12-09 10:47 - 00065536 ___SH C:\Windows\system32\config\components{0b0a188e-bc05-11e6-b16b-f4b7e2d5aaa6}.TM.blf
2016-12-06 20:43 - 2016-12-06 20:50 - 00524288 ___SH C:\Windows\system32\config\components{0b0a188e-bc05-11e6-b16b-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms
2016-12-06 16:39 - 2016-06-16 19:43 - 00036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2016-12-06 16:39 - 2016-06-16 19:43 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2016-12-06 16:39 - 2016-06-16 15:06 - 00002708 _____ C:\Windows\system32\Drivers\wsddntf.inf
2016-12-06 11:10 - 2016-12-06 11:10 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Programs
2016-12-05 14:41 - 2016-12-05 14:41 - 00628224 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\hora_extra.xls
2016-12-02 11:16 - 2016-12-02 11:16 - 01048576 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.2.regtrans-ms
2016-12-02 11:16 - 2016-12-02 11:16 - 01048576 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.1.regtrans-ms
2016-12-02 11:16 - 2016-12-02 11:16 - 01048576 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.0.regtrans-ms
2016-12-02 11:16 - 2016-12-02 11:16 - 00065536 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.blf
2016-11-30 14:31 - 2016-11-30 14:31 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinRAR
2016-11-30 12:06 - 2016-11-30 12:06 - 00000851 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\sqldeveloper - Atalho.lnk
2016-11-30 11:51 - 2016-12-15 15:18 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\SQL Developer
2016-11-30 11:50 - 2016-11-30 11:50 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\sqldeveloper
2016-11-29 15:56 - 2016-12-13 15:57 - 00002010 ____H C:\Users\gustavo.ukita.SYSMAP\Documents\Default.rdp
2016-11-23 16:20 - 2016-11-23 16:20 - 00002795 _____ C:\Users\Public\Desktop\Bizagi Process Modeler.lnk
2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\IsolatedStorage
2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Bizagi Ltd
2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\IsolatedStorage
2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Bizagi Ltd
2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bizagi
2016-11-23 16:17 - 2016-11-23 16:17 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Downloaded Installations
2016-11-23 16:08 - 2016-11-23 16:14 - 103746192 _____ (Bizagi Limited) C:\Users\gustavo.ukita.SYSMAP\Downloads\bizagi-process-modeler-2-7-es-en-win.exe
2016-11-23 06:19 - 2016-11-23 06:19 - 00000000 ____D C:\Users\Todos os Usuários\Snow Software
2016-11-23 06:19 - 2016-11-23 06:19 - 00000000 ____D C:\ProgramData\Snow Software
2016-11-21 15:09 - 2016-11-21 15:09 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Wisdom-soft
2016-11-21 15:08 - 2016-11-21 15:08 - 00001904 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\ScreenHunter 6.0 Free.lnk
2016-11-21 15:08 - 2016-11-21 15:08 - 00001880 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\ScreenHunter 6.0 Free.lnk
2016-11-21 15:08 - 2016-11-21 15:08 - 00001880 _____ C:\Users\gustavo.socorro\Desktop\ScreenHunter 6.0 Free.lnk
2016-11-21 15:08 - 2016-11-21 15:08 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free
2016-11-21 15:07 - 2016-11-21 15:07 - 12798032 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\Baixaki_screenhunter-free [1].exe
2016-11-21 15:03 - 2016-11-21 15:03 - 01782272 _____ ( ) C:\Users\gustavo.ukita.SYSMAP\Downloads\Baixaki_screenhunter-free.exe
2016-11-16 15:22 - 2016-11-16 15:23 - 00001945 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Request-Response[3793]-Beatrix.xml
2016-11-16 14:15 - 2016-11-16 14:15 - 00021299 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Extrato_Santander_16112016.xls
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-13 12:21 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-13 12:11 - 2016-11-01 14:01 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Atlassian
2017-02-13 11:59 - 2016-06-15 15:17 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2017-02-13 11:59 - 2016-06-15 15:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-13 10:53 - 2016-10-20 12:36 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl
2017-02-13 04:50 - 2016-11-01 10:33 - 00000000 ____D C:\Program Files (x86)\OCS Inventory Agent
2017-02-13 03:05 - 2009-07-14 02:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-13 03:05 - 2009-07-14 02:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-10 14:59 - 2016-10-31 13:02 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Google
2017-02-10 14:58 - 2016-08-11 12:16 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2017-02-10 14:57 - 2016-10-31 12:52 - 00000000 ____D C:\sys
2017-02-10 14:54 - 2016-08-11 12:16 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2017-02-10 14:53 - 2016-08-11 12:16 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-02-10 14:53 - 2016-08-11 12:16 - 00000000 ____D C:\ProgramData\GbPlugin
2017-02-10 14:52 - 2016-08-11 12:16 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-02-10 14:51 - 2016-08-10 12:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-02-10 14:51 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\tracing
2017-02-10 14:51 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2017-02-10 14:50 - 2016-07-20 13:11 - 00000000 ____D C:\Users\Todos os Usuários\Validity
2017-02-10 14:50 - 2016-07-20 13:11 - 00000000 ____D C:\ProgramData\Validity
2017-02-10 14:50 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-10 14:38 - 2016-11-01 10:55 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\Outros Documentos
2017-02-10 14:24 - 2016-11-01 15:33 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Notepad++
2017-02-10 12:05 - 2016-06-20 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-02-10 12:05 - 2016-06-20 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-10 12:04 - 2016-06-20 18:23 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-02-10 12:03 - 2016-06-16 17:12 - 00000000 ____D C:\Program Files\Java
2017-02-10 10:37 - 2016-11-01 13:43 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\TeamViewer
2017-02-10 09:30 - 2016-11-01 09:42 - 00000000 ____D C:\Users\gustavo.socorro
2017-02-10 09:30 - 2016-09-05 18:21 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS
2017-02-09 17:41 - 2016-06-15 10:30 - 00000000 ____D C:\Windows\Panther
2017-02-09 17:13 - 2016-08-01 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-09 16:56 - 2016-07-20 13:00 - 00000000 ____D C:\Users\Todos os Usuários\Samsung
2017-02-09 16:56 - 2016-07-20 13:00 - 00000000 ____D C:\ProgramData\Samsung
2017-02-09 16:56 - 2016-06-15 15:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-09 16:45 - 2016-10-31 13:04 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\TSVNCache
2017-02-08 23:27 - 2016-07-19 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLSQL Developer9.0
2017-02-08 16:08 - 2016-09-01 18:23 - 00000000 ____D C:\Program Files\FileViewPro
2017-02-08 13:45 - 2016-08-30 13:07 - 00000000 ___HD C:\Users\Todos os Usuários\~0
2017-02-08 13:45 - 2016-08-30 13:07 - 00000000 ___HD C:\ProgramData\~0
2017-02-08 13:41 - 2016-06-21 13:31 - 00000000 ____D C:\Program Files (x86)\Booking.com
2017-02-08 12:03 - 2016-06-15 15:31 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-08 11:34 - 2016-06-21 13:28 - 00020566 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-02-08 11:34 - 2016-06-21 13:28 - 00020566 __RSH C:\ProgramData\ntuser.pol
2017-02-08 11:30 - 2016-07-28 12:52 - 00000000 ____D C:\Program Files (x86)\AppInsights
2017-02-08 11:30 - 2016-06-15 15:38 - 00000000 ____D C:\Program Files\WinRAR
2017-02-07 12:09 - 2016-06-17 16:47 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-07 12:09 - 2016-06-17 16:47 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-07 12:09 - 2016-06-17 16:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-07 12:09 - 2016-06-16 13:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-07 12:05 - 2016-06-15 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-06 15:58 - 2016-10-31 12:52 - 00004658 __RSH C:\Users\gustavo.ukita.SYSMAP\ntuser.pol
2017-02-06 15:58 - 2016-10-31 12:52 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP
2017-02-06 15:45 - 2009-07-14 00:34 - 00000403 _____ C:\Windows\win.ini
2017-02-06 15:45 - 2009-07-14 00:34 - 00000219 _____ C:\Windows\system.ini
2017-02-06 15:43 - 2016-07-21 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer
2017-02-06 11:59 - 2016-09-19 13:37 - 00000000 ____D C:\Informatica
2017-02-06 11:59 - 2016-07-27 18:16 - 00000000 ____D C:\Program Files (x86)\NuGet
2017-02-06 11:59 - 2016-06-16 17:37 - 00000000 ____D C:\app
2017-02-06 11:59 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-06 11:56 - 2016-11-01 10:20 - 00000000 ____D C:\Users\Todos os Usuários\AMD
2017-02-06 11:56 - 2016-11-01 10:20 - 00000000 ____D C:\ProgramData\AMD
2017-02-03 16:54 - 2016-11-01 17:44 - 00000600 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Local\PUTTY.RND
2017-02-02 16:27 - 2016-07-19 16:37 - 00000926 _____ C:\Users\Public\Desktop\PLSQL Developer.lnk
2017-02-02 16:27 - 2016-07-19 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLSQL Developer
2017-01-30 12:40 - 2016-11-01 10:55 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\claro
2017-01-30 10:08 - 2016-08-01 18:12 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-01-30 10:07 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-01-26 12:09 - 2016-11-04 11:21 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Adobe
2017-01-24 16:28 - 2016-06-15 10:28 - 00708172 _____ C:\Windows\system32\prfh0416.dat
2017-01-24 16:28 - 2016-06-15 10:28 - 00147952 _____ C:\Windows\system32\prfc0416.dat
2017-01-24 16:28 - 2009-07-14 03:13 - 01658828 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 15:29 - 2016-06-15 15:48 - 00000000 ____D C:\Intel
2017-01-19 11:30 - 2016-11-01 10:55 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\vivo
2017-01-18 12:06 - 2009-07-14 00:34 - 00014433 _____ C:\Windows\system32\Drivers\etc\Hosts.BAK
2017-01-16 15:40 - 2016-11-04 11:45 - 00002825 _____ C:\Users\gustavo.ukita.SYSMAP\soapui-settings.xml
2017-01-16 15:40 - 2016-11-03 17:47 - 00000938 _____ C:\Users\gustavo.ukita.SYSMAP\default-soapui-workspace.xml
==================== Arquivos na raiz de alguns diretórios =======
2017-02-03 15:31 - 2017-02-03 15:31 - 0000782 _____ () C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\jd-gui.cfg
2016-11-01 17:44 - 2017-02-03 16:54 - 0000600 _____ () C:\Users\gustavo.ukita.SYSMAP\AppData\Local\PUTTY.RND
Alguns arquivos em TEMP:
====================
2017-02-06 17:55 - 2017-02-06 17:55 - 0513528 _____ (Dashlane inc.) C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Temp\Dashlane_Launcher_1437420342.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-02-12 00:37
==================== Fim de FRST.txt ============================