Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 05-03-2017
Executado por info (administrador) em NELSON-PC (08-03-2017 12:45:33)
Executando a partir de C:\Users\info\Desktop
Perfis Carregados: info & DefaultAppPool (Perfis Disponíveis: Nelson & info & DefaultAppPool)
Platform: Windows 10 Pro Versão 1607 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.TESTE\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TESTE\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.TESTE\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
(Microsoft Corporation) C:\Program Files\XBox\XBLive.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TESTE\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TESTE\MSSQL\Binn\fdhost.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-18] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-03-10] (Banco do Brasil)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1864576 2015-03-10] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> Nenhum Arquivo
Startup: C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 1510 series.lnk [2017-03-07]
ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy\User: Restrição <======= ATENÇÃO
GroupPolicyScripts: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [S-1-5-21-559978722-427993855-2306912442-1011] => Proxy está habilitado.
ProxyServer: [S-1-5-21-559978722-427993855-2306912442-1011] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 4.4.4.4
Tcpip\..\Interfaces\{626aa871-4da0-4bb3-a45c-aa9d505ca5d4}: [DhcpNameServer] 8.8.4.4 4.4.4.4
Tcpip\..\Interfaces\{86444789-E795-4450-8FC4-711CCECC9C31}: [DhcpNameServer] 172.16.0.5
Tcpip\..\Interfaces\{8bdc7387-4f72-4b04-b66f-bbdf7c3bf0d9}: [DhcpNameServer] 8.8.4.4 4.4.4.4
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=sv1&uid=5VGAP5BC_ST9250410AS&tm=1488910884
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=sv1&uid=5VGAP5BC_ST9250410AS&tm=1488910884
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1436792465&z=ab7d3c8fd328b2a6a871981g2z7ccqcm2t7o8o0t8o&from=cmi&uid=ST9250410AS_5VGAP5BCXXXX5VGAP5BC
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=sv1&uid=5VGAP5BC_ST9250410AS&tm=1488910884
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll [2008-05-15] (TechSmith Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15] (TechSmith Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-03-10] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-21] (Oracle Corporation)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15] (TechSmith Corporation)
DPF: HKLM-x32 {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} hxxps://vpn.itaubba.com.br/CACHE/sdesktop/install/binaries/instweb.cab
DPF: HKLM-x32 {C861B75F-EE32-4AA4-B610-281AF26A8D1C} hxxps://vpn.itaubba.com.br/+CSCOL+/cscopf.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=sv1&uid=5VGAP5BC_ST9250410AS&tm=1488910884
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Default [2017-03-08]
CHR Extension: (Docs) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-08]
CHR Extension: (Google Drive) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (YouTube) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Gmail) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Nelson\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S4 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [382976 2017-03-02] (Microsoft Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [565560 2015-01-20] (GAS Tecnologia)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [17408 2017-03-02] (Microsoft Corporation)
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [210784 2010-04-03] (Microsoft Corporation)
R2 MSOLAP$TESTE; C:\Program Files\Microsoft SQL Server\MSAS10_50.TESTE\OLAP\bin\msmdsrv.exe [54568288 2010-04-03] (Microsoft Corporation)
R2 MSSQL$TESTE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TESTE\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R3 MSSQLFDLauncher$TESTE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TESTE\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
R2 OtherSearch; C:\Program Files (x86)\oY7UjmKnwm\kl.dll [1063424 2017-03-05] () [Arquivo não assinado] <==== ATENÇÃO
R2 ReportServer$TESTE; C:\Program Files\Microsoft SQL Server\MSRS10_50.TESTE\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2175328 2010-04-03] (Microsoft Corporation)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-21] (Microsoft Corporation)
S3 SQLAgent$TESTE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TESTE\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1265152 2017-03-01] (Microsoft Corporation) [Arquivo não assinado] <==== ATENÇÃO
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-18] (Dell Inc.) [Arquivo não assinado]
S4 WMPNetworkAcSvc; C:\Users\Nelson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5091840 2016-11-10] () [Arquivo não assinado] <==== ATENÇÃO
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2017-03-02] (Microsoft Corporation)
R2 XBox; C:\Program Files\XBox\XBLive.exe [7068160 2017-02-14] (Microsoft Corporation) [Arquivo não assinado]
S4 KuaizipUpdateChecker; C:\Program Files\¿ìѹ\X86\kuaizipUpdateChecker.dll [X]
S4 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 Lace514; C:\Windows\System32\drivers\Lace_wpf_x64.sys [69400 2017-03-01] (Lace514)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; não ImagePath
S1 ucdrv; \??\C:\WINDOWS\System32\drivers:ucdrv-x64.sys [X] <==== ATENÇÃO
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-08 12:45 - 2017-03-08 12:46 - 00020632 _____ C:\Users\info\Desktop\FRST.txt
2017-03-08 12:44 - 2017-03-08 12:45 - 00000000 ____D C:\FRST
2017-03-08 12:43 - 2017-03-08 12:43 - 02423808 _____ (Farbar) C:\Users\info\Downloads\Não confirmado 587917.crdownload
2017-03-08 12:43 - 2017-03-08 12:43 - 02423808 _____ (Farbar) C:\Users\info\Desktop\FRST64.exe
2017-03-08 09:48 - 2017-03-08 09:48 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-08 09:48 - 2017-03-08 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-08 09:39 - 2017-03-08 09:39 - 00000000 ____D C:\Users\info\Tracing
2017-03-08 09:38 - 2017-03-08 10:52 - 00000000 ____D C:\Users\info\Desktop\DIA A DIA
2017-03-08 09:34 - 2017-03-08 10:52 - 00000000 ____D C:\Users\info\Documents\Arquivos do Outlook
2017-03-08 09:34 - 2017-03-08 09:34 - 00000000 ____D C:\Users\info\AppData\Roaming\TeamViewer
2017-03-08 09:29 - 2017-03-08 09:29 - 00001430 _____ C:\Users\info\Desktop\Webacappella Responsive.lnk
2017-03-08 09:29 - 2017-03-08 09:29 - 00000000 ____D C:\Users\info\AppData\Roaming\WinRAR
2017-03-08 09:23 - 2017-03-08 09:23 - 00000000 ____D C:\Users\info\AppData\Local\Comms
2017-03-08 09:20 - 2017-03-08 09:20 - 00000000 ____D C:\Users\info\AppData\Local\PeerDistRepub
2017-03-08 09:11 - 2017-03-08 11:05 - 00000000 ____D C:\Users\info\AppData\Roaming\Skype
2017-03-08 09:11 - 2017-03-08 09:12 - 00002366 _____ C:\Users\info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-08 09:11 - 2017-03-08 09:12 - 00000000 ___RD C:\Users\info\OneDrive
2017-03-08 09:11 - 2017-03-08 09:11 - 00000000 ____D C:\Users\info\AppData\LocalLow\Sun
2017-03-08 09:08 - 2017-03-08 09:09 - 00000000 ____D C:\Users\info\AppData\Local\MicrosoftEdge
2017-03-08 09:06 - 2017-03-08 09:06 - 00000000 ____D C:\Users\info\AppData\Local\NetworkTiles
2017-03-08 09:05 - 2017-03-08 09:05 - 00000000 ____D C:\Users\info\AppData\Local\Publishers
2017-03-08 09:03 - 2017-03-08 11:27 - 00000000 ____D C:\Users\info
2017-03-08 09:03 - 2017-03-08 11:19 - 00000000 ____D C:\Users\info\AppData\Local\ConnectedDevicesPlatform
2017-03-08 09:03 - 2017-03-08 10:55 - 00000000 ____D C:\Users\info\AppData\Local\Packages
2017-03-08 09:03 - 2017-03-08 09:06 - 00000000 ____D C:\Users\info\AppData\Roaming\Adobe
2017-03-08 09:03 - 2017-03-08 09:03 - 00000670 __RSH C:\Users\info\ntuser.pol
2017-03-08 09:03 - 2017-03-08 09:03 - 00000020 ___SH C:\Users\info\ntuser.ini
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\Modelos
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\Meus Documentos
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\Menu Iniciar
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\Documents\Minhas Músicas
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\Documents\Minhas Imagens
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\Documents\Meus Vídeos
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\Dados de Aplicativos
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\Configurações Locais
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\AppData\Local\Histórico
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\AppData\Local\Dados de Aplicativos
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\Ambiente de Rede
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 _SHDL C:\Users\info\Ambiente de Impressão
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 ____D C:\Users\info\AppData\Local\VirtualStore
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 ____D C:\Users\info\AppData\Local\TileDataLayer
2017-03-08 09:03 - 2017-03-08 09:03 - 00000000 ____D C:\Users\info\AppData\Local\Google
2017-03-08 09:03 - 2017-01-23 09:28 - 00000000 ____D C:\Users\info\AppData\Roaming\Media Center Programs
2017-03-08 09:03 - 2017-01-23 09:28 - 00000000 ____D C:\Users\info\AppData\Roaming\Macromedia
2017-03-07 19:58 - 2017-03-07 19:58 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2017-03-07 19:58 - 2017-03-07 19:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-07 19:58 - 2017-03-07 19:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-07 18:36 - 2017-03-07 18:36 - 00000548 _____ C:\Users\Nelson\Desktop\proxy.txt
2017-03-07 18:24 - 2017-03-08 09:05 - 00000000 ____D C:\Users\Nelson\AppData\Local\CrashDumps
2017-03-07 18:14 - 2017-03-07 18:54 - 00000670 __RSH C:\Users\Nelson\ntuser.pol
2017-03-07 15:55 - 2017-03-07 15:55 - 00000000 ____D C:\Users\Nelson\Documents\Incomedia
2017-03-07 15:52 - 2017-03-07 15:55 - 00000000 ____D C:\Program Files\WebSite X5 v13 - Professional
2017-03-07 15:52 - 2017-03-07 15:52 - 00001005 _____ C:\Users\Public\Desktop\WebSite X5 Professional 13.lnk
2017-03-07 15:52 - 2017-03-07 15:52 - 00000000 ____D C:\Users\Nelson\AppData\Local\Incomedia
2017-03-07 15:52 - 2017-03-07 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebSite X5 v13 - Professional
2017-03-07 15:23 - 2017-03-07 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-07 15:22 - 2017-03-07 15:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-07 15:21 - 2017-03-07 15:21 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\excdir
2017-03-07 15:16 - 2017-03-07 16:07 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\WMPNetworkAcSvc
2017-03-07 15:16 - 2017-03-07 15:16 - 00000000 ____D C:\Users\Todos os Usuários\Windows Security
2017-03-07 15:16 - 2017-03-07 15:16 - 00000000 ____D C:\ProgramData\Windows Security
2017-03-07 15:16 - 2017-03-07 15:16 - 00000000 ____D C:\Program Files\XBox
2017-03-07 15:16 - 2017-03-07 15:16 - 00000000 ____D C:\Program Files (x86)\oY7UjmKnwm
2017-03-02 15:30 - 2017-03-02 15:30 - 00000020 ___SH C:\Users\Classic .NET AppPool\ntuser.ini
2017-03-02 15:30 - 2017-03-02 15:30 - 00000020 ___SH C:\Users\.NET v4.5\ntuser.ini
2017-03-02 15:30 - 2017-03-02 15:30 - 00000020 ___SH C:\Users\.NET v4.5 Classic\ntuser.ini
2017-03-02 15:30 - 2017-03-02 15:30 - 00000020 ___SH C:\Users\.NET v2.0\ntuser.ini
2017-03-02 15:30 - 2017-03-02 15:30 - 00000020 ___SH C:\Users\.NET v2.0 Classic\ntuser.ini
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Modelos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Meus Documentos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Menu Iniciar
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Documents\Minhas Músicas
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Documents\Minhas Imagens
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Documents\Meus Vídeos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Dados de Aplicativos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Configurações Locais
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\AppData\Local\Histórico
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\AppData\Local\Dados de Aplicativos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Ambiente de Rede
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Ambiente de Impressão
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\Modelos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\Meus Documentos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\Menu Iniciar
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\Documents\Minhas Músicas
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\Documents\Minhas Imagens
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\Documents\Meus Vídeos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\Dados de Aplicativos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\Configurações Locais
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Local\Histórico
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Local\Dados de Aplicativos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\Ambiente de Rede
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5\Ambiente de Impressão
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Modelos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Meus Documentos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Menu Iniciar
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Documents\Minhas Músicas
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Documents\Minhas Imagens
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Documents\Meus Vídeos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Dados de Aplicativos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Configurações Locais
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Local\Histórico
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Local\Dados de Aplicativos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Ambiente de Rede
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Ambiente de Impressão
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\Modelos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\Meus Documentos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\Menu Iniciar
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\Documents\Minhas Músicas
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\Documents\Minhas Imagens
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\Documents\Meus Vídeos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\Dados de Aplicativos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\Configurações Locais
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\AppData\Local\Histórico
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\AppData\Local\Dados de Aplicativos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\Ambiente de Rede
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0\Ambiente de Impressão
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Modelos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Meus Documentos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Menu Iniciar
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Documents\Minhas Músicas
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Documents\Minhas Imagens
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Documents\Meus Vídeos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Dados de Aplicativos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Configurações Locais
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\AppData\Local\Histórico
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\AppData\Local\Dados de Aplicativos
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Ambiente de Rede
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Ambiente de Impressão
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 ____D C:\Users\Classic .NET AppPool
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 ____D C:\Users\.NET v4.5 Classic
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 ____D C:\Users\.NET v4.5
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 ____D C:\Users\.NET v2.0 Classic
2017-03-02 15:30 - 2017-03-02 15:30 - 00000000 ____D C:\Users\.NET v2.0
2017-03-02 15:30 - 2017-01-23 09:28 - 00000000 ____D C:\Users\Classic .NET AppPool\AppData\Roaming\Media Center Programs
2017-03-02 15:30 - 2017-01-23 09:28 - 00000000 ____D C:\Users\Classic .NET AppPool\AppData\Roaming\Macromedia
2017-03-02 15:30 - 2017-01-23 09:28 - 00000000 ____D C:\Users\.NET v4.5\AppData\Roaming\Media Center Programs
2017-03-02 15:30 - 2017-01-23 09:28 - 00000000 ____D C:\Users\.NET v4.5\AppData\Roaming\Macromedia
2017-03-02 15:30 - 2017-01-23 09:28 - 00000000 ____D C:\Users\.NET v4.5 Classic\AppData\Roaming\Media Center Programs
2017-03-02 15:30 - 2017-01-23 09:28 - 00000000 ____D C:\Users\.NET v4.5 Classic\AppData\Roaming\Macromedia
2017-03-02 15:30 - 2017-01-23 09:28 - 00000000 ____D C:\Users\.NET v2.0\AppData\Roaming\Media Center Programs
2017-03-02 15:30 - 2017-01-23 09:28 - 00000000 ____D C:\Users\.NET v2.0\AppData\Roaming\Macromedia
2017-03-02 15:30 - 2017-01-23 09:28 - 00000000 ____D C:\Users\.NET v2.0 Classic\AppData\Roaming\Media Center Programs
2017-03-02 15:30 - 2017-01-23 09:28 - 00000000 ____D C:\Users\.NET v2.0 Classic\AppData\Roaming\Macromedia
2017-03-02 15:29 - 2017-03-02 15:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2017-03-02 15:29 - 2017-03-02 15:29 - 00000000 ____D C:\Windows\system32\0416
2017-03-02 14:20 - 2017-03-02 14:20 - 00000000 ____D C:\Program Files\IIS Express
2017-03-02 14:20 - 2017-03-02 14:20 - 00000000 ____D C:\Program Files (x86)\IIS Express
2017-03-01 14:32 - 2017-03-01 14:32 - 00069400 _____ (Lace514) C:\Windows\system32\Drivers\Lace_wpf_x64.sys
2017-02-23 17:55 - 2017-02-23 17:55 - 00001362 _____ C:\Users\info\Desktop\Pinegrow Web Designer.lnk
2017-02-23 17:21 - 2017-03-07 08:58 - 00000000 ____D C:\Users\Nelson\AppData\Local\Pinegrow Web Designer
2017-02-23 17:21 - 2017-02-23 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinegrow Web Designer
2017-02-23 17:20 - 2017-02-23 17:21 - 00000000 ____D C:\Program Files (x86)\Pinegrow Web Designer
2017-02-23 16:26 - 2017-02-23 16:31 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\your-app
2017-02-23 15:18 - 2017-02-23 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2017-02-23 15:18 - 2017-02-23 15:18 - 00000000 ____D C:\Program Files (x86)\MySQL
2017-02-23 15:10 - 2017-03-07 09:56 - 00000000 ____D C:\Users\Nelson\AppData\Local\Power Query Telemetry
2017-02-23 15:08 - 2017-02-23 15:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Power Query for Excel
2017-02-20 13:08 - 2017-02-20 13:10 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Notepad++
2017-02-20 13:08 - 2017-02-20 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-02-20 13:08 - 2017-02-20 13:08 - 00000000 ____D C:\Program Files\Notepad++
2017-02-20 11:40 - 2017-02-20 13:06 - 00001126 _____ C:\Users\Nelson\Desktop\VertrigoServ.lnk
2017-02-20 11:40 - 2017-02-20 11:40 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VertrigoServ
2017-02-20 11:39 - 2017-02-20 21:04 - 00000000 ____D C:\Program Files (x86)\VertrigoServ
2017-02-16 16:14 - 2017-02-16 16:14 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\TechSmith
2017-02-16 16:12 - 2017-02-16 16:12 - 00000000 ____D C:\Users\Nelson\Documents\Camtasia Studio
2017-02-16 15:51 - 2017-02-16 15:51 - 00001150 _____ C:\Users\Public\Desktop\Camtasia 9.lnk
2017-02-16 15:51 - 2017-02-16 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2017-02-16 15:51 - 2017-02-16 15:51 - 00000000 ____D C:\Program Files\TechSmith
2017-02-15 19:21 - 2017-02-15 19:36 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-15 19:21 - 2017-02-15 19:36 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-15 19:21 - 2017-02-15 19:21 - 00004034 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-15 19:21 - 2017-02-15 19:21 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-13 16:03 - 2017-02-14 16:53 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Kodi
2017-02-13 15:59 - 2017-02-13 15:59 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2017-02-13 15:58 - 2017-02-13 15:59 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-02-13 09:53 - 2017-02-13 09:53 - 00000032 RSHOT C:\Users\Nelson\AppData\Local\t70rc.dat
2017-02-13 09:53 - 2017-02-13 09:53 - 00000000 ____D C:\Users\Todos os Usuários\Axure
2017-02-13 09:53 - 2017-02-13 09:53 - 00000000 ____D C:\Users\Nelson\Documents\Axure
2017-02-13 09:53 - 2017-02-13 09:53 - 00000000 ____D C:\ProgramData\Axure
2017-02-13 09:52 - 2017-03-07 09:22 - 00000000 ____D C:\Users\Nelson\AppData\Local\Axure
2017-02-13 09:52 - 2017-02-13 09:52 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Axure
2017-02-13 09:48 - 2017-02-13 09:48 - 00001165 _____ C:\Users\Public\Desktop\Axure RP Pro 7.0.lnk
2017-02-13 09:48 - 2017-02-13 09:48 - 00000000 __HDC C:\Users\Todos os Usuários\{C1FB8C90-F204-47BA-AB06-BECD8853C0AC}
2017-02-13 09:48 - 2017-02-13 09:48 - 00000000 __HDC C:\ProgramData\{C1FB8C90-F204-47BA-AB06-BECD8853C0AC}
2017-02-13 09:46 - 2017-02-13 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axure
2017-02-13 09:46 - 2017-02-13 09:46 - 00000000 ____D C:\Program Files (x86)\Axure
2017-02-13 09:33 - 2017-02-13 09:33 - 00000000 ____D C:\Users\Nelson\AppData\Local\PackageAware
2017-02-10 10:38 - 2017-02-10 10:38 - 00000000 ____D C:\Users\Nelson\Documents\Prezi
2017-02-10 10:38 - 2017-02-10 10:38 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Prezi
2017-02-10 10:38 - 2017-02-10 10:38 - 00000000 ____D C:\Users\Nelson\AppData\Local\Prezi
2017-02-10 08:38 - 2017-02-10 08:38 - 00001854 _____ C:\Users\Public\Desktop\Prezi Desktop.lnk
2017-02-10 08:38 - 2017-02-10 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi Desktop
2017-02-10 08:36 - 2017-02-10 08:38 - 00000000 ____D C:\Program Files (x86)\Prezi Desktop
2017-02-09 09:34 - 2017-02-09 09:34 - 00000000 ____D C:\Users\Nelson\Documents\Add-in Express
2017-02-09 08:56 - 2017-03-07 18:39 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-09 08:55 - 2017-02-09 08:57 - 00000252 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-02-09 08:50 - 2017-02-09 08:50 - 00000000 ____D C:\@RestoreQuarantine
2017-02-09 08:29 - 2017-02-09 08:29 - 00000000 ____D C:\Users\Todos os Usuários\RegRun
2017-02-09 08:29 - 2017-02-09 08:29 - 00000000 ____D C:\ProgramData\RegRun
2017-02-09 08:28 - 2017-02-09 09:00 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-02-09 08:28 - 2017-02-09 08:50 - 00000000 ____D C:\Users\Nelson\Documents\RegRun2
2017-02-09 08:28 - 2017-02-09 08:28 - 00003410 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2017-02-09 08:28 - 2017-02-09 08:28 - 00000002 RSHOT C:\Windows\winstart.bat
2017-02-09 08:28 - 2017-02-09 08:28 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-02-09 08:28 - 2017-02-09 08:28 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-02-08 08:45 - 2017-02-08 08:45 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-08 08:39 - 2017-03-07 15:21 - 00002468 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 21:30 - 2017-02-07 21:30 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 21:03 - 2017-02-07 21:03 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-07 21:03 - 2017-02-07 21:03 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-02-07 21:03 - 2017-02-07 21:03 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-02-07 21:03 - 2017-02-07 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-07 21:02 - 2017-03-07 19:01 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-07 21:02 - 2017-02-08 09:27 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2017-02-07 21:02 - 2017-02-08 09:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-07 21:02 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-02-07 18:22 - 2017-02-07 19:13 - 00000000 ____D C:\Program Files\Plumbytes Software
2017-02-07 18:22 - 2017-02-07 19:10 - 00000000 ____D C:\Users\Nelson\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
2017-02-07 12:55 - 2017-02-07 12:55 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-02-07 12:53 - 2017-02-07 12:53 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Softlink
2017-02-07 12:50 - 2017-02-07 12:50 - 00000000 ____D C:\Users\Public\Thunder Network
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-08 12:24 - 2016-11-21 01:49 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-08 12:02 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\system32\inetsrv
2017-03-08 12:00 - 2016-11-21 07:49 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-08 12:00 - 2014-09-10 19:54 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-03-08 11:59 - 2016-07-16 03:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-03-08 11:46 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\registration
2017-03-08 11:20 - 2016-03-03 16:26 - 00000000 ___RD C:\Nelson Pessoal
2017-03-08 11:19 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-08 10:37 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-08 10:30 - 2016-02-17 17:12 - 00000000 ____D C:\Users\Nelson\Desktop\DIA A DIA
2017-03-08 10:26 - 2015-07-13 09:57 - 00000000 ____D C:\Users\Nelson\Documents\Arquivos do Outlook
2017-03-08 09:48 - 2016-02-14 17:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-08 09:48 - 2015-08-21 10:33 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-03-08 09:48 - 2015-08-21 10:33 - 00000000 ____D C:\ProgramData\Skype
2017-03-08 09:47 - 2016-05-10 18:51 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-03-08 09:47 - 2016-05-10 18:51 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-08 09:03 - 2016-11-21 08:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-08 08:58 - 2016-07-16 08:36 - 00000000 ____D C:\Windows\CbsTemp
2017-03-08 07:56 - 2015-07-18 13:05 - 00000000 ____D C:\Windows\pss
2017-03-08 07:41 - 2015-10-06 11:29 - 00000000 ____D C:\Users\Nelson\AppData\Local\Adobe
2017-03-08 07:39 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-03-07 18:54 - 2017-01-23 09:06 - 00000000 ____D C:\Users\Nelson
2017-03-07 18:21 - 2016-04-14 09:32 - 00000000 ____D C:\Users\Nelson\AppData\Local\ElevatedDiagnostics
2017-03-07 17:53 - 2015-08-21 10:33 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Skype
2017-03-07 16:01 - 2016-11-27 17:09 - 00000000 ____D C:\Users\Todos os Usuários\VMware
2017-03-07 16:01 - 2016-11-27 17:09 - 00000000 ____D C:\ProgramData\VMware
2017-03-07 15:34 - 2016-07-16 08:45 - 00000000 ____D C:\Windows\INF
2017-03-07 15:13 - 2014-03-04 19:13 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\uTorrent
2017-03-07 08:26 - 2016-11-21 07:59 - 02351862 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-07 08:26 - 2016-11-21 07:14 - 00712530 _____ C:\Windows\system32\prfh0416.dat
2017-03-07 08:26 - 2016-11-21 07:14 - 00244040 _____ C:\Windows\system32\prfc0416.dat
2017-03-06 15:33 - 2015-08-23 11:34 - 00000000 ____D C:\Users\Nelson\AppData\Local\Packages
2017-03-06 12:52 - 2017-01-20 14:21 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\FileZilla
2017-03-06 12:13 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\rescache
2017-03-02 16:15 - 2016-07-18 09:21 - 00000000 ____D C:\Users\Nelson\Documents\Visual Studio 2010
2017-03-02 15:29 - 2017-01-23 09:21 - 00000000 ____D C:\inetpub
2017-03-02 15:29 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-03-02 15:28 - 2016-07-16 08:44 - 00047974 _____ C:\Windows\SysWOW64\IIsScHlp.wsc
2017-03-02 15:28 - 2016-07-16 08:44 - 00041401 _____ C:\Windows\SysWOW64\IIsExt.vbs
2017-03-02 15:28 - 2016-07-16 08:43 - 00047974 _____ C:\Windows\system32\IIsScHlp.wsc
2017-03-02 15:28 - 2016-07-16 08:43 - 00041401 _____ C:\Windows\system32\IIsExt.vbs
2017-03-02 15:28 - 2016-07-16 08:43 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\aspperf.dll
2017-03-02 15:28 - 2016-07-16 08:43 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspperf.dll
2017-03-02 15:28 - 2016-07-16 08:43 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\infoadmn.dll
2017-03-02 15:28 - 2016-07-16 08:43 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infoadmn.dll
2017-03-02 15:28 - 2016-07-16 08:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\infoctrs.dll
2017-03-02 15:28 - 2016-07-16 08:43 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infoctrs.dll
2017-02-24 17:17 - 2017-01-11 20:31 - 00000000 ____D C:\Users\Nelson\Documents\WebAcappella_RC Projects
2017-02-24 16:20 - 2016-07-20 17:23 - 00000000 ____D C:\Users\Nelson\Documents\WebAcappella_4
2017-02-23 15:18 - 2017-01-23 09:04 - 02284052 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-23 15:18 - 2016-03-07 13:55 - 00000000 ____D C:\extensions
2017-02-23 09:06 - 2015-10-06 11:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-21 09:55 - 2016-07-18 14:27 - 00000000 ____D C:\Users\Nelson\Documents\SQL Server Management Studio
2017-02-21 08:42 - 2017-01-11 20:29 - 00001412 _____ C:\Users\Nelson\Desktop\Webacappella Responsive.lnk
2017-02-21 08:42 - 2017-01-11 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webacappella Responsive
2017-02-21 08:42 - 2016-07-20 17:22 - 00000000 ____D C:\Program Files (x86)\Intuisphere
2017-02-20 17:41 - 2017-01-11 20:48 - 00000000 ____D C:\Users\Nelson\Documents\WebAcappella_RC Synchro
2017-02-20 12:59 - 2016-11-21 01:49 - 04979760 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-16 16:12 - 2017-01-20 07:52 - 00000000 ____D C:\Users\Nelson\AppData\Local\TechSmith
2017-02-16 15:51 - 2017-01-20 07:52 - 00000000 ____D C:\Users\Todos os Usuários\TechSmith
2017-02-16 15:51 - 2017-01-20 07:52 - 00000000 ____D C:\ProgramData\TechSmith
2017-02-15 19:21 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-15 19:21 - 2016-07-16 08:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-09 17:07 - 2016-06-02 17:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-09 10:00 - 2015-07-13 10:01 - 00000000 ____D C:\Users\Todos os Usuários\MailUpdate
2017-02-09 10:00 - 2015-07-13 10:01 - 00000000 ____D C:\ProgramData\MailUpdate
2017-02-09 09:44 - 2016-07-14 10:12 - 00000000 ____D C:\Program Files\Google
2017-02-09 09:44 - 2014-03-04 20:06 - 00000000 ____D C:\Users\Nelson\AppData\Local\Google
2017-02-09 09:34 - 2017-01-20 18:49 - 00000000 ____D C:\Users\Todos os Usuários\WinZip
2017-02-09 09:34 - 2017-01-20 18:49 - 00000000 ____D C:\ProgramData\WinZip
2017-02-09 08:54 - 2016-04-08 10:26 - 00000000 ____D C:\Program Files\KMSpico
2017-02-08 08:38 - 2014-03-04 20:06 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-07 21:30 - 2014-03-04 19:26 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Dropbox
2017-02-07 17:39 - 2015-06-23 14:01 - 00002598 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-02-07 17:39 - 2015-06-23 14:01 - 00002598 __RSH C:\ProgramData\ntuser.pol
2017-02-07 12:55 - 2017-01-23 09:06 - 00000000 ____D C:\Users\DefaultAppPool
2017-02-07 09:27 - 2014-03-06 08:18 - 00000000 ____D C:\Users\Nelson\AppData\Roaming\Adobe
2017-02-07 08:50 - 2015-10-06 11:30 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2017-02-07 08:50 - 2015-10-06 11:30 - 00000000 ____D C:\ProgramData\Adobe
==================== Arquivos na raiz de alguns diretórios =======
2015-07-19 21:19 - 2015-07-19 21:19 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-09-13 11:11 - 2014-09-13 11:11 - 0000152 _____ () C:\ProgramData\bc.ini
Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
Alguns arquivos em TEMP:
====================
2017-03-08 09:40 - 2017-03-08 09:41 - 56756184 _____ (Skype Technologies S.A.) C:\Users\info\AppData\Local\Temp\SkypeSetup.exe
2017-03-08 09:42 - 2017-03-08 09:42 - 14456872 _____ (Microsoft Corporation) C:\Users\info\AppData\Local\Temp\vc_redist.x86.exe
2017-02-07 12:49 - 2017-02-07 12:50 - 2315388 _____ ( ) C:\Users\Nelson\AppData\Local\Temp\AutoTime51495.exe
2017-02-07 12:49 - 2017-02-07 12:49 - 0386200 _____ ( ) C:\Users\Nelson\AppData\Local\Temp\global_installer.exe
2017-01-23 17:52 - 2016-07-16 08:42 - 0616048 _____ (Microsoft Corporation) C:\Users\Nelson\AppData\Local\Temp\kernel32.dll
2017-02-07 12:52 - 2017-02-07 12:52 - 0425659 _____ (WeMonetize ) C:\Users\Nelson\AppData\Local\Temp\M0ZV3O5XP9.exe
2017-02-07 13:08 - 2017-02-07 13:08 - 0210840 _____ () C:\Users\Nelson\AppData\Local\Temp\mininewsrepair.exe
2017-01-18 11:25 - 2017-01-18 11:25 - 30001004 _____ () C:\Users\Nelson\AppData\Local\Temp\setup.dll
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-03-01 14:34
==================== Fim de FRST.txt ============================