Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 11-01-2017 Executado por Walter Franklim (administrador) em DEMOLAY (12-01-2017 04:19:06) Executando a partir de C:\Users\Particular\Desktop\HD EXTERNO\Walter Franklim\Arquivos do PC\PROGRAMAS Perfis Carregados: Walter Franklim (Perfis Disponíveis: Particular & Walter Franklim & Convidado) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão não detectado!) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (IObit) C:\Program Files\IObit\Advanced SystemCare\Monitor.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (IObit) C:\Program Files\IObit\Smart Defrag\Pub\PubMonitor.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe () C:\Windows\KMS-R@1nHook.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Users\Walter Franklim\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\Walter Franklim\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\Walter Franklim\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\Walter Franklim\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\Walter Franklim\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Google Inc.) C:\Users\Walter Franklim\AppData\Local\Google\Chrome SxS\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wusa.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2262320 2013-05-27] (ELAN Microelectronics Corp.) HKLM\...\RunOnce: [Gahetuma] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\WALTER~1\AppData\Roaming\Dapagahep" HKLM\...\RunOnce: [Bosefelibo] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\WALTER~1\AppData\Roaming\Fitap" Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2016-12-18] (Caixa Economica Federal) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-240237904-3152138187-639416452-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-240237904-3152138187-639416452-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-240237904-3152138187-639416452-1003\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-240237904-3152138187-639416452-1003\...\Policies\Explorer: [HideSCAHealth] 0 IFEO\OSPPSVC.EXE: [Debugger] KMS-R@1nHook.exe IFEO\SppSvc.exe: [Debugger] KMS-R@1nHook.exe ShellExecuteHooks: Sem Nome - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - -> Nenhum Arquivo ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1903328 2016-12-18] (Caixa Economica Federal) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2017-01-11] () ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2017-01-11] () ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2017-01-11] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => -> Nenhum Arquivo Startup: C:\Users\Particular\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-10-07] ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited) GroupPolicy: Restrição ? <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 200.189.88.61 200.189.88.66 Tcpip\..\Interfaces\{74062B66-3D61-4744-B95A-C1E614AEE0D3}: [DhcpNameServer] 200.189.88.61 200.189.88.66 Tcpip\..\Interfaces\{AAF5829D-B5C1-469D-9880-A3A5A2BA4163}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B1FD0B0B-4C40-4D8B-9E21-84AF39F4C5FC}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{CF6EE208-2653-4EBB-95AF-D8A4D8103F5D}: [DhcpNameServer] 200.189.88.52 200.189.88.12 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_40¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0BtC0FyC0CyEtBtDyEtDtN0D0Tzu0StCyByEtAtN1L2XzutAtFtByEtFtByDtFyDtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzztByByC0CzyyDtGtA0CtCtCtG0DyE0EyBtGtDyDtCyDtG0B0DtAyCyC0C0BtD0C0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0F0Fzy0AtC0AtG0Dzy0AyDtGyEtD0C0DtGzztA0A0EtGtB0FyDyCzz0F0Azz0AtCtA0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEyCtD%26cr%3D791190614%26a%3Dwbf_fs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=home HKU\S-1-5-21-240237904-3152138187-639416452-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_40¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0BtC0FyC0CyEtBtDyEtDtN0D0Tzu0StCyByEtAtN1L2XzutAtFtByEtFtByDtFyDtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzztByByC0CzyyDtGtA0CtCtCtG0DyE0EyBtGtDyDtCyDtG0B0DtAyCyC0C0BtD0C0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0F0Fzy0AtC0AtG0Dzy0AyDtGyEtD0C0DtGzztA0A0EtGtB0FyDyCzz0F0Azz0AtCtA0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEyCtD%26cr%3D791190614%26a%3Dwbf_fs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional SearchScopes: HKLM -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0BtC0FyC0CyEtBtDyEtDtN0D0Tzu0StCyByEtAtN1L2XzutAtFtByEtFtByDtFyDtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzztByByC0CzyyDtGtA0CtCtCtG0DyE0EyBtGtDyDtCyDtG0B0DtAyCyC0C0BtD0C0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0F0Fzy0AtC0AtG0Dzy0AyDtGyEtD0C0DtGzztA0A0EtGtB0FyDyCzz0F0Azz0AtCtA0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEyCtD%26cr%3D791190614%26a%3Dwbf_fs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_40¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzztCtCtAtB0BtC0FyC0CyEtBtDyEtDtN0D0Tzu0StCyByEtAtN1L2XzutAtFtByEtFtByDtFyDtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzztByByC0CzyyDtGtA0CtCtCtG0DyE0EyBtGtDyDtCyDtG0B0DtAyCyC0C0BtD0C0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyE0F0Fzy0AtC0AtG0Dzy0AyDtGyEtD0C0DtGzztA0A0EtGtB0FyDyCzz0F0Azz0AtCtA0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEyCtD%26cr%3D791190614%26a%3Dwbf_fs_16_40%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://search.speedbit.com/search.aspx?s=E6Re105&q={searchTerms} SearchScopes: HKU\S-1-5-21-240237904-3152138187-639416452-1003 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-240237904-3152138187-639416452-1003 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-240237904-3152138187-639416452-1003 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-240237904-3152138187-639416452-1003 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://search.speedbit.com/search.aspx?s=E6Re105&q={searchTerms} SearchScopes: HKU\S-1-5-21-240237904-3152138187-639416452-1003 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=22394&r=2015/06/22&hid=13171133701857723959&lg=EN&cc=BR&unqvl=90 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-12-29] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-29] (Microsoft Corporation) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2016-12-18] (Caixa Economica Federal) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-29] (Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-29] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-29] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-29] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-29] (Microsoft Corporation) Handler: skypec2c - Nenhum Valor CLSID - Handler: WSAllMyTubechrome - Nenhum Valor CLSID - Handler: WSIEChrome - Nenhum Valor CLSID - StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Walter Franklim\AppData\Roaming\Mozilla\Firefox\Profiles\174vu3ic.default-1472101785015 [2017-01-10] FF user.js: detected! => C:\Users\Walter Franklim\AppData\Roaming\Mozilla\Firefox\Profiles\174vu3ic.default-1472101785015\user.js [2016-12-23] FF NewTab: Mozilla\Firefox\Profiles\174vu3ic.default-1472101785015 -> about:newtab FF Homepage: Mozilla\Firefox\Profiles\174vu3ic.default-1472101785015 -> hxxp://www.google.com/ FF Keyword.URL: Mozilla\Firefox\Profiles\174vu3ic.default-1472101785015 -> user_pref("keyword.URL", true); FF Extension: (MEGA) - C:\Users\Walter Franklim\AppData\Roaming\Mozilla\Firefox\Profiles\174vu3ic.default-1472101785015\Extensions\firefox@mega.co.nz.xpi [2016-12-10] FF SearchPlugin: C:\Users\Walter Franklim\AppData\Roaming\Mozilla\Firefox\Profiles\174vu3ic.default-1472101785015\searchplugins\yahoo! powered.xml [2016-10-09] FF HKLM\...\Firefox\Extensions: [searchpredict@speedbit.com] - => não encontrado (a) FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-24] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Windows\system32\npovshelper.dll [2011-05-06] (DivX, LLC.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-02] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-29] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-14] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-14] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-240237904-3152138187-639416452-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Walter Franklim\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-29] (Google Inc.) FF Plugin HKU\S-1-5-21-240237904-3152138187-639416452-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Walter Franklim\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-29] (Google Inc.) Chrome: ======= StartMenuInternet: Google Chrome Canary.MF2EIVJPYDAD4XSUXFJOXOBAOU - C:\Users\Walter Franklim\AppData\Local\Google\Chrome SxS\Application\chrome.exe ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) "Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) S4 AdvancedSystemCareService10; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [462624 2016-10-14] (IObit) S4 BASSVC; C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.) S4 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) S4 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [1776216 2015-08-15] (Microsoft Corporation) S4 FastTrackUltraAudioDevMon; C:\Program Files\M-Audio\Fast Track Ultra\AudioDevMon.exe [1700584 2014-09-22] (M-Audio) R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [631520 2016-12-19] (GAS Tecnologia) S4 KMS-R@1n; C:\Windows\KMS-R@1n.exe [23040 2016-12-23] () [Arquivo não assinado] S4 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880 2012-05-18] (PACE Anti-Piracy, Inc.) [Arquivo não assinado] S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [966336 2014-12-04] (@ByELDI) [Arquivo não assinado] S4 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [Arquivo não assinado] S4 SparkSvc; C:\Program Files\baidu\Baidu Browser\sparkservice.exe [97080 2016-01-14] (Baidu Inc.) S4 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.) S2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [529632 2015-11-04] (GAS Tecnologia LTDA) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [75416 2016-12-24] (Alcor Micro, Corp.) R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3365624 2016-12-23] (Qualcomm Atheros Communications, Inc.) R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [113992 2015-03-31] (Baidu, Inc.) R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2016-07-16] (IVT Corporation.) R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [21600 2011-12-21] (IVT Corporation.) S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [51200 2009-07-13] (Microsoft Corporation) S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [27744 2011-12-21] (IVT Corporation.) S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-13] (Windows (R) Win 7 DDK provider) R2 DigiNet; C:\Windows\System32\DRIVERS\diginet.sys [18264 2012-09-11] (Avid Technology, Inc.) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [327472 2013-05-31] (ELAN Microelectronics Corp.) R0 GbpKm; C:\Windows\System32\drivers\GbpKm.sys [49496 2015-12-08] (GAS Tecnologia) R1 HMFAxCore56d706f6725c732df006697fd5ec3381; C:\Windows\HMFAxCore56d706f6725c732df006697fd5ec3381.sys [96328 2013-11-29] (Eltima Software) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-08-28] (REALiX(tm)) R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [489832 2013-11-21] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24424 2013-11-21] (Intel Corporation) R3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [132480 2010-02-27] (Intel Corporation) [Arquivo não assinado] R3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [270336 2011-08-23] (Intel(R) Corporation) [Arquivo não assinado] S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [23048 2010-04-06] (IVT Corporation.) S3 MAUSBFASTTRACKULTRA; C:\Windows\System32\DRIVERS\MAudioFastTrackUltra.sys [145384 2014-09-22] (M-Audio) S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-05-10] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [37408 2014-10-28] (NT Kernel Resources) S3 RDID1087; C:\Windows\System32\Drivers\rdwm1087.sys [61440 2009-09-18] (Roland Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [26792 2016-07-16] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-09-13] () S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [33608 2014-04-09] (The OpenVPN Project) R0 TPkd; C:\Windows\system32\Drivers\TPkd.sys [93336 2012-05-16] (PACE Anti-Piracy, Inc.) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation) S3 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert32.sys [31448 2015-07-07] (Basil) S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2016-02-17] (GAS Tecnologia) S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [79064 2015-03-18] (GAS Tecnologia) S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbw.sys [36064 2015-07-28] (Yamaha Corporation) S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X] S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X] S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X] S0 aswVmm; não ImagePath S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X] S3 BT; system32\DRIVERS\btnetdrv.sys [X] S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X] S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X] S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X] S3 BTCOM; system32\DRIVERS\btcomport.sys [X] S3 BTCOMBUS; System32\Drivers\btcombus.sys [X] S3 BtFilter; system32\DRIVERS\btfilter.sys [X] U2 clr_optimization_v2.0.50727_64; não ImagePath S3 cpuz138; não ImagePath S0 gbpddreg; system32\drivers\gbpddreg32.sys [X] S0 ngvss; não ImagePath S3 PCFApiUtil; não ImagePath S3 Spring; não ImagePath ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2029-09-07 12:31 - 2029-09-07 12:31 - 00028714 _____ (EMC Software GmbH) C:\Windows\system32\codec.dat 2017-01-12 04:18 - 2017-01-12 04:19 - 00000000 ____D C:\FRST 2017-01-12 04:07 - 2017-01-12 04:07 - 00639386 _____ C:\Users\Walter Franklim\Downloads\Windows6.1-KB3118401-x86.msu 2017-01-12 04:07 - 2017-01-12 04:07 - 00000000 ___HT C:\Windows\wusa.lock 2017-01-12 04:07 - 2017-01-12 04:07 - 00000000 ____D C:\83dfbb3839d58605c8582f3b 2017-01-12 04:02 - 2017-01-12 04:02 - 01179552 _____ (Microsoft Corporation) C:\Users\Walter Franklim\Downloads\SDKSETUP.EXE 2017-01-12 04:02 - 2017-01-12 04:02 - 00629006 _____ C:\Users\Walter Franklim\Downloads\Windows6.1-KB2999226-x86 (2).msu 2017-01-12 03:56 - 2017-01-12 03:56 - 00001014 _____ C:\Users\Public\Desktop\Kontakt 5.lnk 2017-01-12 03:56 - 2017-01-12 03:56 - 00000000 __HDC C:\Users\Todos os Usuários\{0CF1F946-2AAE-48A9-BD6C-DF71FE72E1D1} 2017-01-12 03:56 - 2017-01-12 03:56 - 00000000 __HDC C:\ProgramData\{0CF1F946-2AAE-48A9-BD6C-DF71FE72E1D1} 2017-01-12 03:53 - 2017-01-12 03:53 - 00000000 ____D C:\Users\Todos os Usuários\Native Instruments 2017-01-12 03:53 - 2017-01-12 03:53 - 00000000 ____D C:\ProgramData\Native Instruments 2017-01-12 03:53 - 2017-01-12 03:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2017-01-12 03:53 - 2017-01-12 03:53 - 00000000 ____D C:\Program Files\Native Instruments 2017-01-12 03:27 - 2017-01-12 03:27 - 00000000 ____D C:\e7d726e8d431924400269d203a51554d 2017-01-12 02:38 - 2016-09-30 18:31 - 00019648 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2017-01-12 02:38 - 2016-09-30 10:50 - 00023232 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2017-01-12 02:37 - 2017-01-12 02:37 - 00000000 ____D C:\4997ffaa13b7862aa6d6 2017-01-12 00:50 - 2017-01-12 00:50 - 00000000 ____D C:\0ae1ef2c387ef02bf70731 2017-01-12 00:41 - 2017-01-12 00:41 - 00000000 ____D C:\Windows\pss 2017-01-12 00:39 - 2017-01-12 00:39 - 00000000 ____D C:\83a4d7539e771bbaa31212dc 2017-01-12 00:38 - 2017-01-12 00:38 - 00629006 _____ C:\Users\Walter Franklim\Downloads\Windows6.1-KB2999226-x86 (1).msu 2017-01-12 00:21 - 2017-01-12 00:21 - 00000000 ____D C:\a7ca2d13f025397de0228d8ede54951f 2017-01-12 00:07 - 2017-01-12 00:07 - 00629006 _____ C:\Users\Walter Franklim\Downloads\Windows6.1-KB2999226-x86.msu 2017-01-11 23:56 - 2017-01-11 23:56 - 00000000 ____D C:\51884ecf9508f65d261f 2017-01-11 22:46 - 2017-01-11 23:07 - 773240626 _____ C:\Users\Walter Franklim\Downloads\Kontakt 5.6.0.rar 2017-01-11 22:06 - 2017-01-11 22:06 - 00000000 ____D C:\Users\Walter Franklim\Documents\Native Instruments 2017-01-11 19:41 - 2017-01-11 19:51 - 615138286 _____ C:\Users\Walter Franklim\Downloads\TIMBRES KONTAKT.NKI - PARTE 1.rar 2017-01-11 18:58 - 2017-01-11 18:59 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\Spotify 2017-01-11 18:58 - 2017-01-11 18:58 - 00001854 _____ C:\Users\Walter Franklim\Desktop\Spotify.lnk 2017-01-11 18:58 - 2017-01-11 18:58 - 00001840 _____ C:\Users\Walter Franklim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2017-01-11 18:57 - 2017-01-11 19:04 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\Spotify 2017-01-04 23:50 - 2017-01-04 23:50 - 00358635 _____ C:\Users\Walter Franklim\Downloads\sf-sistema-sedol2-id-documento-composto-51259.pdf 2017-01-04 18:31 - 2017-01-04 18:31 - 00000000 ____D C:\e210dcbf6ecf2f692cdeba 2017-01-04 17:58 - 2017-01-04 17:59 - 13767776 _____ (Microsoft Corporation) C:\Users\Walter Franklim\Downloads\vc_redist.x86.exe 2017-01-04 17:41 - 2017-01-04 17:41 - 00000000 ____D C:\95e369a565ee91381d828f9bee95 2017-01-04 15:30 - 2017-01-04 15:30 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\M-Audio 2017-01-04 15:30 - 2017-01-04 15:30 - 00000000 ____D C:\Users\Todos os Usuários\M-Audio 2017-01-04 15:30 - 2017-01-04 15:30 - 00000000 ____D C:\ProgramData\M-Audio 2017-01-04 15:27 - 2017-01-10 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio 2017-01-04 15:26 - 2017-01-04 15:26 - 00000000 ____D C:\Program Files\M-Audio 2016-12-31 23:57 - 2016-12-31 23:57 - 00163247 _____ C:\Users\Particular\Downloads\WhatsApp Image 2016-12-31 at 23.55.01 (7).jpeg 2016-12-31 23:57 - 2016-12-31 23:57 - 00144165 _____ C:\Users\Particular\Downloads\WhatsApp Image 2016-12-31 at 23.55.01 (9).jpeg 2016-12-31 23:57 - 2016-12-31 23:57 - 00141340 _____ C:\Users\Particular\Downloads\WhatsApp Image 2016-12-31 at 23.55.01 (4).jpeg 2016-12-31 23:57 - 2016-12-31 23:57 - 00132220 _____ C:\Users\Particular\Downloads\WhatsApp Image 2016-12-31 at 23.55.01 (6).jpeg 2016-12-31 23:57 - 2016-12-31 23:57 - 00108571 _____ C:\Users\Particular\Downloads\WhatsApp Image 2016-12-31 at 23.55.01 (8).jpeg 2016-12-31 23:57 - 2016-12-31 23:57 - 00099566 _____ C:\Users\Particular\Downloads\WhatsApp Image 2016-12-31 at 23.55.01 (5).jpeg 2016-12-31 23:56 - 2016-12-31 23:56 - 00132174 _____ C:\Users\Particular\Downloads\WhatsApp Image 2016-12-31 at 23.55.01.jpeg 2016-12-31 23:56 - 2016-12-31 23:56 - 00124519 _____ C:\Users\Particular\Downloads\WhatsApp Image 2016-12-31 at 23.55.01 (1).jpeg 2016-12-30 18:27 - 2016-12-30 18:27 - 00524288 ___SH C:\Windows\system32\config\components{d60a5e18-cede-11e6-a81c-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-30 18:27 - 2010-05-01 00:20 - 00524288 ___SH C:\Windows\system32\config\components{d60a5e18-cede-11e6-a81c-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-30 18:27 - 2010-05-01 00:20 - 00065536 ___SH C:\Windows\system32\config\components{d60a5e18-cede-11e6-a81c-e8039a4ac700}.TM.blf 2016-12-30 07:41 - 2016-12-30 07:41 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2016-12-30 07:41 - 2016-12-30 07:41 - 00000000 ____D C:\ProgramData\GbPlugin 2016-12-30 07:33 - 2016-12-30 07:33 - 01048576 ___SH C:\Windows\system32\config\components{e0ed610d-cdfd-11e6-908a-e8039a4ac700}.TxR.2.regtrans-ms 2016-12-30 07:33 - 2016-12-30 07:33 - 01048576 ___SH C:\Windows\system32\config\components{e0ed610d-cdfd-11e6-908a-e8039a4ac700}.TxR.1.regtrans-ms 2016-12-30 07:33 - 2016-12-30 07:33 - 01048576 ___SH C:\Windows\system32\config\components{e0ed610d-cdfd-11e6-908a-e8039a4ac700}.TxR.0.regtrans-ms 2016-12-30 07:33 - 2016-12-30 07:33 - 00065536 ___SH C:\Windows\system32\config\components{e0ed610d-cdfd-11e6-908a-e8039a4ac700}.TxR.blf 2016-12-29 17:14 - 2016-12-29 17:14 - 00001921 _____ C:\Users\Walter Franklim\Desktop\chrome.lnk 2016-12-29 17:07 - 2017-01-11 11:36 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\Google 2016-12-29 17:03 - 2016-12-27 17:20 - 01125970 ____N C:\Users\Walter Franklim\Downloads\Fast Track Ultra Manual de Usuario.pdf 2016-12-29 15:38 - 2016-12-29 15:54 - 00524288 ___SH C:\Windows\system32\config\components{e0ed610e-cdfd-11e6-908a-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-29 15:38 - 2016-12-29 15:54 - 00524288 ___SH C:\Windows\system32\config\components{e0ed610e-cdfd-11e6-908a-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-29 15:38 - 2016-12-29 15:54 - 00065536 ___SH C:\Windows\system32\config\components{e0ed610e-cdfd-11e6-908a-e8039a4ac700}.TM.blf 2016-12-29 15:38 - 2016-12-29 15:38 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{0cda0994-cdfb-11e6-8d29-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-29 15:38 - 2016-12-29 15:38 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{0cda0994-cdfb-11e6-8d29-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-29 15:38 - 2016-12-29 15:38 - 00065536 ___SH C:\Users\Walter Franklim\ntuser.dat{0cda0994-cdfb-11e6-8d29-e8039a4ac700}.TM.blf 2016-12-29 12:43 - 2016-12-29 12:43 - 00000000 ____D C:\dbf5b8a16f14276f801167d1 2016-12-28 14:20 - 2016-12-28 14:20 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\CrystalIdea Software 2016-12-28 11:12 - 2016-12-28 11:12 - 00030869 _____ C:\Users\Walter Franklim\Downloads\homer-simpson-.jpg 2016-12-27 18:22 - 2016-12-27 18:22 - 00000146 _____ C:\Users\Walter Franklim\Desktop\M-Audio Fast Track Ultra.lnk 2016-12-26 00:21 - 2016-12-26 02:21 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{3820d8c7-cb1f-11e6-bddb-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-26 00:21 - 2016-12-26 02:21 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{3820d8c7-cb1f-11e6-bddb-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-26 00:21 - 2016-12-26 02:21 - 00065536 ___SH C:\Users\Walter Franklim\ntuser.dat{3820d8c7-cb1f-11e6-bddb-e8039a4ac700}.TM.blf 2016-12-25 23:59 - 2016-12-26 00:19 - 00524288 ___SH C:\Windows\system32\config\components{3820d7ff-cb1f-11e6-bddb-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-25 23:59 - 2016-12-26 00:19 - 00524288 ___SH C:\Windows\system32\config\components{3820d7ff-cb1f-11e6-bddb-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-25 23:59 - 2016-12-26 00:19 - 00065536 ___SH C:\Windows\system32\config\components{3820d7ff-cb1f-11e6-bddb-e8039a4ac700}.TM.blf 2016-12-25 23:57 - 2016-12-26 00:14 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{cbf568af-cb1b-11e6-974e-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-25 23:57 - 2016-12-26 00:14 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{cbf568af-cb1b-11e6-974e-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-25 23:57 - 2016-12-26 00:14 - 00065536 ___SH C:\Users\Walter Franklim\ntuser.dat{cbf568af-cb1b-11e6-974e-e8039a4ac700}.TM.blf 2016-12-25 23:42 - 2016-12-25 23:50 - 00000000 ____D C:\4f2b5a4243e5dcd17b25bcfbb10c9f46 2016-12-25 23:33 - 2016-12-25 23:41 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{e788ecb8-cb16-11e6-a557-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-25 23:33 - 2016-12-25 23:41 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{e788ecb8-cb16-11e6-a557-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-25 23:33 - 2016-12-25 23:41 - 00065536 ___SH C:\Users\Walter Franklim\ntuser.dat{e788ecb8-cb16-11e6-a557-e8039a4ac700}.TM.blf 2016-12-24 02:33 - 2016-12-24 02:33 - 00075416 _____ (Alcor Micro, Corp.) C:\Windows\system32\Drivers\AmUStor.sys 2016-12-24 02:33 - 2016-12-24 02:33 - 00041952 _____ C:\Windows\system32\AmUStor.ini 2016-12-24 02:33 - 2016-12-24 02:33 - 00019096 _____ (Alcor Micro, Corp.) C:\Windows\system32\AmUStor2.dll 2016-12-24 02:33 - 2016-12-24 02:33 - 00000124 _____ C:\Windows\system32\VendorCmd6485_SetSSC.bin 2016-12-24 02:12 - 2016-12-24 02:13 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\Skype 2016-12-24 02:12 - 2016-12-24 02:12 - 00000000 ____D C:\Users\Walter Franklim\Tracing 2016-12-24 02:12 - 2016-12-24 02:12 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-12-24 02:10 - 2016-12-24 02:10 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-12-24 02:04 - 2016-12-24 02:04 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\VS Revo Group 2016-12-24 00:18 - 2016-12-24 00:18 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\OfficeBSCache-MyComputer 2016-12-24 00:15 - 2016-12-24 00:15 - 00000000 ____D C:\Users\Walter Franklim\Documents\Modelos Personalizados do Office 2016-12-23 23:03 - 2016-12-23 23:03 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\mpress 2016-12-23 23:01 - 2016-12-23 23:01 - 00023040 _____ C:\Windows\KMS-R@1n.exe 2016-12-23 23:01 - 2016-12-23 23:01 - 00004608 _____ C:\Windows\KMS-R@1nHook.exe 2016-12-23 23:01 - 2016-12-23 23:01 - 00003584 _____ C:\Windows\KMS-R@1nHook.dll 2016-12-23 22:28 - 2016-12-23 22:28 - 00002191 _____ C:\Users\Walter Franklim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-12-23 22:28 - 2016-12-23 22:28 - 00002064 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-12-23 22:28 - 2016-12-23 22:28 - 00002064 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-12-23 22:28 - 2016-12-23 22:28 - 00002064 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-12-23 22:28 - 2016-12-23 22:28 - 00000000 ___RD C:\Users\Walter Franklim\OneDrive 2016-12-23 22:28 - 2016-12-23 22:28 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive 2016-12-23 22:28 - 2016-12-23 22:28 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-12-23 22:28 - 2016-12-23 22:28 - 00000000 ____D C:\Program Files\Microsoft OneDrive 2016-12-23 22:28 - 2016-12-23 22:28 - 00000000 ____D C:\ea90b1d26b3ac6592ec150 2016-12-23 22:27 - 2016-12-29 15:30 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2016-12-23 22:18 - 2016-12-23 22:18 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2016-12-23 22:18 - 2016-12-23 22:18 - 00002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk 2016-12-23 22:18 - 2016-12-23 22:18 - 00002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2016-12-23 22:18 - 2016-12-23 22:18 - 00002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2016-12-23 22:18 - 2016-12-23 22:18 - 00002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2016-12-23 22:18 - 2016-12-23 22:18 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2016-12-23 22:18 - 2016-12-23 22:18 - 00002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2016-12-23 22:18 - 2016-12-23 22:18 - 00002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2016-12-23 22:18 - 2016-12-23 22:18 - 00002322 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2016-12-23 22:18 - 2016-12-23 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016 2016-12-23 22:15 - 2016-12-29 12:42 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2016-12-23 22:15 - 2016-12-29 12:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-12-23 22:11 - 2016-12-23 22:11 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-12-23 20:46 - 2015-10-01 18:13 - 00014084 ____N C:\Users\Walter Franklim\Downloads\Strings.xml 2016-12-23 18:44 - 2016-12-23 18:44 - 00681026 _____ C:\Users\Walter Franklim\Downloads\choro de bebê 2.mp4 2016-12-23 17:49 - 2016-12-23 17:49 - 00000000 ____D C:\Users\Walter Franklim\AppData\OICE_15_974FA576_32C1D314_1F22 2016-12-23 17:02 - 2016-12-23 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2016-12-23 17:01 - 2016-12-23 17:02 - 00000000 ____D C:\Program Files\KMSpico 2016-12-23 17:01 - 2010-12-05 22:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll 2016-12-23 16:51 - 2017-01-12 06:28 - 00000000 ____D C:\Windows\AutoKMS 2016-12-23 16:19 - 2016-12-29 20:20 - 00000000 ____D C:\Program Files\Microsoft Office 2016-12-23 14:37 - 2016-12-23 14:37 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Toolkit 2016-12-23 14:37 - 2016-12-23 14:37 - 00000000 ____D C:\ProgramData\Microsoft Toolkit 2016-12-23 14:27 - 2016-12-23 16:57 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\Microsoft Toolkit 2016-12-23 12:22 - 2016-12-23 12:22 - 00144568 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT 2016-12-23 11:57 - 2016-12-23 11:57 - 00000162 ____H C:\Users\Particular\Desktop\~$Verbos.docx 2016-12-23 05:06 - 2016-12-23 05:06 - 00001114 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk 2016-12-23 04:16 - 2016-12-23 04:16 - 07704619 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT 2016-12-23 04:16 - 2016-12-23 04:16 - 07170864 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 07053688 _____ (Dolby Laboratories) C:\Windows\system32\DDPP32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat 2016-12-23 04:16 - 2016-12-23 04:16 - 04291072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys 2016-12-23 04:16 - 2016-12-23 04:16 - 02912800 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 02905088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 02828432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\SET32E4.tmp 2016-12-23 04:16 - 2016-12-23 04:16 - 02558352 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 02148864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 01948800 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 01791792 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 01531672 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 01512312 _____ (Dolby Laboratories) C:\Windows\system32\DDPD32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 01313120 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 01239800 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00936608 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00669584 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00645816 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00615872 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00532888 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00522704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00522696 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00471288 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00402064 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00387624 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00371808 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00369784 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00364016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00357152 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00307232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00307232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00285624 _____ (Dolby Laboratories) C:\Windows\system32\DDPO32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00243856 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00232416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA32.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00229584 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00229584 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00229032 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00225040 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00196008 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00183608 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00181224 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00150552 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00142320 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00116648 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00105648 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00101616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00101328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00088272 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00083632 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00078480 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00074376 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00071704 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll 2016-12-23 04:16 - 2016-12-23 04:16 - 00022152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\SETF53.tmp 2016-12-23 04:15 - 2016-12-23 04:16 - 72520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat 2016-12-23 04:15 - 2016-12-23 04:15 - 02946560 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl 2016-12-23 04:07 - 2016-12-23 04:07 - 00777736 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys 2016-12-23 04:06 - 2016-12-23 04:06 - 00085616 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll 2016-12-23 04:04 - 2017-01-04 19:54 - 00000000 ____D C:\Windows\LastGood 2016-12-23 04:04 - 2016-12-23 04:04 - 03365624 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athr.sys 2016-12-23 03:35 - 2017-01-02 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 2016-12-23 03:35 - 2016-12-23 03:35 - 00000000 ____D C:\Users\Todos os Usuários\{74E9F814-C737-42CC-B721-DBBC4059367A} 2016-12-23 03:35 - 2016-12-23 03:35 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A} 2016-12-23 01:32 - 2016-12-23 01:32 - 00001043 _____ C:\Users\Walter Franklim\Desktop\Cheat Engine.lnk 2016-12-23 01:32 - 2016-12-23 01:32 - 00000000 ____D C:\Users\Walter Franklim\Documents\My Cheat Tables 2016-12-23 01:32 - 2016-12-23 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6 2016-12-23 01:32 - 2016-12-23 01:32 - 00000000 ____D C:\Program Files\Cheat Engine 6.6 2016-12-23 01:24 - 2016-12-23 12:28 - 00000000 ____D C:\Users\Walter Franklim\AppData\LocalLow\uTorrent 2016-12-22 00:18 - 2016-12-22 10:15 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{ab4f208c-c7dd-11e6-a52e-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-22 00:18 - 2016-12-22 10:15 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{ab4f208c-c7dd-11e6-a52e-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-22 00:18 - 2016-12-22 10:15 - 00065536 ___SH C:\Users\Walter Franklim\ntuser.dat{ab4f208c-c7dd-11e6-a52e-e8039a4ac700}.TM.blf 2016-12-21 16:25 - 2016-12-21 16:40 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{ac4145cb-54d8-11df-93da-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-21 16:25 - 2016-12-21 16:40 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{ac4145cb-54d8-11df-93da-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-21 16:25 - 2016-12-21 16:40 - 00065536 ___SH C:\Users\Walter Franklim\ntuser.dat{ac4145cb-54d8-11df-93da-e8039a4ac700}.TM.blf 2016-12-21 11:57 - 2016-12-21 11:57 - 00152632 _____ C:\Users\Walter Franklim\Downloads\casa do Adalberto.jpeg 2016-12-20 12:49 - 2016-12-20 12:49 - 00043671 _____ C:\Users\Walter Franklim\Downloads\15439746_1570618116288568_4143034320209860300_n.jpg 2016-12-20 03:09 - 2016-12-20 03:09 - 00105529 _____ C:\Users\Walter Franklim\Downloads\Boleto- TRT 24.pdf 2016-12-20 01:10 - 2016-12-20 01:10 - 00606001 _____ C:\Users\Walter Franklim\Downloads\EDITAL-TRT 24 MS.pdf 2016-12-20 00:43 - 2016-12-22 00:15 - 00000000 ____D C:\Windows\LastGood.Tmp 2016-12-19 18:25 - 2016-12-22 00:15 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\Apps\2.0 2016-12-19 18:25 - 2016-12-22 00:14 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\Apps 2016-12-19 18:25 - 2016-12-19 18:26 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\Deployment 2016-12-19 17:37 - 2016-12-22 10:43 - 00000000 ____D C:\Users\Todos os Usuários\Atheros 2016-12-19 17:37 - 2016-12-22 10:43 - 00000000 ____D C:\ProgramData\Atheros 2016-12-19 16:53 - 2016-12-19 16:53 - 00000000 ____D C:\Windows\system32\x32 2016-12-19 16:53 - 2016-12-19 16:53 - 00000000 ____D C:\Windows\system32\custom matrices 2016-12-19 16:33 - 2017-01-03 12:50 - 00002436 _____ C:\Users\Particular\Desktop\Google Chrome Canary.lnk 2016-12-18 04:24 - 2016-12-29 01:30 - 00524288 ___SH C:\Windows\system32\config\components{ed6fa5d9-c4fa-11e6-b5bc-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-18 04:24 - 2016-12-29 01:30 - 00065536 ___SH C:\Windows\system32\config\components{ed6fa5d9-c4fa-11e6-b5bc-e8039a4ac700}.TM.blf 2016-12-18 04:24 - 2016-12-18 04:36 - 00524288 ___SH C:\Windows\system32\config\components{ed6fa5d9-c4fa-11e6-b5bc-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-18 04:22 - 2016-12-18 04:47 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{4dc80fb2-c4e8-11e6-a0a0-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-18 04:22 - 2016-12-18 04:47 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{4dc80fb2-c4e8-11e6-a0a0-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-18 04:22 - 2016-12-18 04:47 - 00065536 ___SH C:\Users\Walter Franklim\ntuser.dat{4dc80fb2-c4e8-11e6-a0a0-e8039a4ac700}.TM.blf 2016-12-18 03:11 - 2016-12-18 03:11 - 00000259 _____ C:\Users\Todos os Usuários\fontcacheev1.dat 2016-12-18 03:11 - 2016-12-18 03:11 - 00000259 _____ C:\ProgramData\fontcacheev1.dat 2016-12-18 03:10 - 2016-12-18 03:10 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\Performix LLC 2016-12-18 03:09 - 2016-12-18 04:19 - 00000000 ____D C:\Program Files\Adguard 2016-12-18 03:09 - 2016-12-18 04:14 - 00000000 ____D C:\Users\Todos os Usuários\Adguard 2016-12-18 03:09 - 2016-12-18 04:14 - 00000000 ____D C:\ProgramData\Adguard 2016-12-18 00:37 - 2016-12-18 00:37 - 00007572 _____ C:\Users\Walter Franklim\Downloads\Nando Reis-Pra Voce Guardei O Amor #RLM.MID 2016-12-18 00:33 - 2016-12-18 00:33 - 00784574 _____ C:\Users\Walter Franklim\Downloads\nando_reis_por_onde_andei_MM.mid 2016-12-18 00:27 - 2016-12-18 00:27 - 01413341 _____ C:\Users\Walter Franklim\Downloads\Nando Reis-Pra Voce Guardei O Amor-MM .mid 2016-12-16 18:43 - 2016-12-16 18:43 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\fontconfig 2016-12-16 03:08 - 2016-12-16 03:38 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{e0c4abec-554d-11df-b1a0-e8039a4ac700}.TMContainer00000000000000000002.regtrans-ms 2016-12-16 03:08 - 2016-12-16 03:38 - 00524288 ___SH C:\Users\Walter Franklim\ntuser.dat{e0c4abec-554d-11df-b1a0-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-16 03:08 - 2016-12-16 03:38 - 00065536 ___SH C:\Users\Walter Franklim\ntuser.dat{e0c4abec-554d-11df-b1a0-e8039a4ac700}.TM.blf 2016-12-15 19:34 - 2016-12-24 21:56 - 00000000 ____D C:\Users\Walter Franklim\Desktop\Missa de Natal 2016 ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-01-12 06:28 - 2014-09-17 00:34 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-01-12 06:28 - 2014-09-17 00:34 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-12 06:28 - 2013-11-18 18:33 - 00000000 ____D C:\Users\Convidado 2017-01-12 06:28 - 2010-04-30 23:41 - 00000000 ____D C:\Users\Particular 2017-01-12 06:28 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\registration 2017-01-12 04:18 - 2016-10-09 22:18 - 00000296 _____ C:\Windows\Tasks\{3EE96778-275A-7B08-C1F3-364E317EC1FF}.job 2017-01-12 04:02 - 2014-04-29 15:54 - 00000318 _____ C:\Windows\Tasks\MySearchDial.job 2017-01-12 04:00 - 2013-12-06 12:00 - 00000318 _____ C:\Windows\Tasks\UpdaterEX.job 2017-01-12 03:55 - 2009-07-14 00:34 - 00029280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-12 03:55 - 2009-07-14 00:34 - 00029280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-12 03:53 - 2010-04-30 23:06 - 01651982 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-12 03:53 - 2009-07-29 14:38 - 00684832 _____ C:\Windows\system32\prfh0416.dat 2017-01-12 03:53 - 2009-07-29 14:38 - 00142354 _____ C:\Windows\system32\prfc0416.dat 2017-01-12 03:53 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf 2017-01-12 03:46 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-12 03:36 - 2016-10-10 08:36 - 00000300 _____ C:\Windows\Tasks\{26DD22AC-832C-CA2B-0237-6BA87B71D30A}.job 2017-01-12 02:30 - 2013-11-14 02:39 - 00000000 ____D C:\Users\Walter Franklim 2017-01-12 00:46 - 2014-02-04 17:50 - 00000000 ____D C:\Users\Todos os Usuários\Baidu Security 2017-01-12 00:46 - 2014-02-04 17:50 - 00000000 ____D C:\ProgramData\Baidu Security 2017-01-11 23:55 - 2013-09-17 20:50 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-240237904-3152138187-639416452-1000UA.job 2017-01-11 23:11 - 2014-03-17 23:20 - 00000000 ____D C:\Users\Particular\Desktop\KONTAKT 2017-01-11 22:39 - 2016-09-01 02:03 - 00000000 ____D C:\Users\Walter Franklim\Documents\MEGAsync Downloads 2017-01-11 22:17 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF 2017-01-11 20:55 - 2013-09-17 20:50 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-240237904-3152138187-639416452-1000Core.job 2017-01-11 20:47 - 2016-10-08 15:16 - 00000000 ____D C:\Users\Walter Franklim\AvidLogFiles 2017-01-11 20:25 - 2016-09-01 02:00 - 00000000 ____D C:\Users\Todos os Usuários\MEGAsync 2017-01-11 20:25 - 2016-09-01 02:00 - 00000000 ____D C:\ProgramData\MEGAsync 2017-01-11 18:44 - 2014-07-09 18:00 - 00000000 ____D C:\Users\Todos os Usuários\ProductData 2017-01-11 18:44 - 2014-07-09 18:00 - 00000000 ____D C:\ProgramData\ProductData 2017-01-11 14:42 - 2013-09-02 22:50 - 00000000 ____D C:\Users\Todos os Usuários\TEMP 2017-01-11 14:42 - 2013-09-02 22:50 - 00000000 ____D C:\ProgramData\TEMP 2017-01-10 18:03 - 2016-11-23 10:51 - 37658624 _____ C:\Windows\system32\config\components.iobit 2017-01-10 18:03 - 2014-07-16 17:03 - 00962560 _____ C:\Windows\system32\config\default.iobit 2017-01-10 18:03 - 2014-07-16 17:03 - 00106496 _____ C:\Windows\system32\config\sam.iobit 2017-01-10 18:03 - 2014-07-16 17:03 - 00028672 _____ C:\Windows\system32\config\security.iobit 2017-01-10 18:03 - 2014-07-16 17:02 - 78823424 _____ C:\Windows\system32\config\software.iobit 2017-01-10 17:25 - 2014-03-24 13:47 - 00000000 ____D C:\Users\Todos os Usuários\IObit 2017-01-10 17:25 - 2014-03-24 13:47 - 00000000 ____D C:\ProgramData\IObit 2017-01-10 17:25 - 2009-07-14 03:49 - 00000000 ___RD C:\Users\Public\Recorded TV 2017-01-10 00:37 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\AppCompat 2017-01-09 21:08 - 2014-02-10 14:35 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\CrashDumps 2017-01-09 15:40 - 2010-04-30 23:55 - 00144496 _____ C:\Users\Particular\AppData\Local\GDIPFONTCACHEV1.DAT 2017-01-06 03:41 - 2013-08-29 14:22 - 00000000 ____D C:\Users\Particular\Desktop\HD EXTERNO 2017-01-06 02:48 - 2016-10-09 21:53 - 00000000 ____D C:\FFOutput 2017-01-05 21:27 - 2010-05-01 10:35 - 00000000 ____D C:\Cakewalk Projects 2017-01-05 15:52 - 2014-10-31 01:39 - 00000000 ____D C:\Users\Walter Franklim\Documents\Bandicam 2017-01-03 12:58 - 2010-05-01 09:39 - 00000000 ____D C:\Users\Particular\AppData\Local\Google 2017-01-03 12:50 - 2014-07-10 11:20 - 00002444 _____ C:\Users\Particular\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk 2017-01-03 12:50 - 2014-07-10 11:20 - 00000000 ____D C:\Users\Particular\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary 2017-01-02 23:48 - 2016-01-29 15:08 - 00000000 ____D C:\Program Files\GbPlugin 2017-01-02 23:47 - 2016-01-29 15:35 - 00000000 ___HD C:\Program Files\GAS Tecnologia 2017-01-02 23:47 - 2016-01-29 15:35 - 00000000 ____D C:\Program Files\Diebold 2017-01-02 23:47 - 2014-02-22 00:17 - 00000000 ____D C:\Windows\Minidump 2016-12-31 00:30 - 2010-05-01 01:06 - 00524288 ___SH C:\Windows\system32\config\components{6e980e90-54de-11df-9792-e8039a4ac700}.TMContainer00000000000000000001.regtrans-ms 2016-12-31 00:30 - 2010-05-01 01:06 - 00065536 ___SH C:\Windows\system32\config\components{6e980e90-54de-11df-9792-e8039a4ac700}.TM.blf 2016-12-30 18:22 - 2013-10-09 18:39 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia 2016-12-30 18:22 - 2013-10-09 18:39 - 00000000 ____D C:\ProgramData\GAS Tecnologia 2016-12-30 07:42 - 2013-11-18 18:33 - 00262144 ___SH C:\Users\Convidado\ntuser.dat.LOG1 2016-12-29 16:54 - 2014-09-13 14:27 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local 2016-12-29 16:54 - 2014-09-13 14:26 - 00000000 ____D C:\Users\Administrador\AppData\Local 2016-12-29 16:35 - 2010-05-01 12:02 - 00001912 _____ C:\Windows\epplauncher.mif 2016-12-29 16:31 - 2013-11-18 04:22 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\Diagnostics 2016-12-29 15:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET 2016-12-29 15:21 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-12-29 15:21 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files 2016-12-29 05:25 - 2009-07-14 00:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-29 01:54 - 2009-07-13 22:37 - 00000000 __RSD C:\Windows\assembly 2016-12-29 01:37 - 2014-03-24 13:46 - 00000000 ____D C:\Program Files\IObit 2016-12-28 12:25 - 2016-06-28 11:19 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\ElevatedDiagnostics 2016-12-26 00:27 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\winsxs 2016-12-26 00:21 - 2013-08-28 06:00 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-26 00:18 - 2014-02-16 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-12-26 00:18 - 2014-02-16 22:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-12-24 20:37 - 2016-12-12 20:43 - 00000000 ____D C:\Users\Walter Franklim\Desktop\Nova pasta 2016-12-24 03:26 - 2016-06-30 12:20 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\dvdcss 2016-12-24 03:02 - 2014-03-02 12:37 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\uTorrent 2016-12-24 02:12 - 2014-03-26 16:09 - 00000000 ___RD C:\Program Files\Skype 2016-12-24 02:12 - 2014-03-26 16:09 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-12-24 02:12 - 2014-03-26 16:09 - 00000000 ____D C:\ProgramData\Skype 2016-12-24 02:12 - 2013-08-28 06:00 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-12-24 02:12 - 2010-04-30 23:33 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-12-24 02:12 - 2010-04-30 23:33 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-24 02:10 - 2010-04-30 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-12-24 02:10 - 2010-04-30 23:11 - 00000000 ____D C:\Program Files\WinRAR 2016-12-24 00:20 - 2013-11-14 02:39 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\Microsoft Help 2016-12-24 00:00 - 2016-10-09 22:15 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-12-24 00:00 - 2016-10-09 22:15 - 00000372 __RSH C:\ProgramData\ntuser.pol 2016-12-23 23:57 - 2009-07-14 00:33 - 00534168 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-23 23:42 - 2013-12-30 22:26 - 00000000 ____D C:\Users\Todos os Usuários\baidu 2016-12-23 23:42 - 2013-12-30 22:26 - 00000000 ____D C:\ProgramData\baidu 2016-12-23 23:15 - 2013-11-14 02:40 - 00000000 ___RD C:\Users\Walter Franklim\Searches 2016-12-23 23:08 - 2013-11-14 02:39 - 00000000 ___SD C:\Users\Walter Franklim\AppData\Roaming\Microsoft 2016-12-23 22:28 - 2013-11-14 02:39 - 00000000 ___RD C:\Users\Walter Franklim\Links 2016-12-23 22:28 - 2009-07-13 22:37 - 00000000 ___RD C:\Users\Default\Links 2016-12-23 22:28 - 2009-07-13 22:37 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2016-12-23 22:28 - 2009-07-13 22:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2016-12-23 22:28 - 2009-07-13 22:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2016-12-23 22:27 - 2010-04-30 23:21 - 00000000 ____D C:\Program Files\Microsoft.NET 2016-12-23 17:58 - 2010-04-30 23:19 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2016-12-23 17:58 - 2010-04-30 23:19 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-12-23 17:56 - 2009-07-14 03:50 - 00000000 ____D C:\Windows\ShellNew 2016-12-23 17:53 - 2009-07-13 22:37 - 00000000 ____D C:\Program Files\Common Files\System 2016-12-23 17:53 - 2009-07-13 22:04 - 00000489 _____ C:\Windows\win.ini 2016-12-23 17:49 - 2013-11-14 02:39 - 00000000 ___HD C:\Users\Walter Franklim\AppData 2016-12-23 16:01 - 2014-03-24 13:46 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\IObit 2016-12-23 15:09 - 2015-07-30 18:41 - 00088851 _____ C:\Windows\system32\HWLook.log 2016-12-23 05:45 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\MSBuild 2016-12-23 05:06 - 2016-10-07 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2016-12-23 04:20 - 2014-02-12 19:23 - 00000000 ____D C:\Windows\system32\RTCOM 2016-12-23 04:11 - 2015-06-05 15:52 - 00000000 ____D C:\Program Files\VS Revo Group 2016-12-23 04:07 - 2010-05-01 00:06 - 00109648 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll 2016-12-23 03:36 - 2016-10-02 21:00 - 00000000 ____D C:\Program Files\Common Files\IObit 2016-12-23 01:24 - 2013-11-14 02:39 - 00000000 ____D C:\Users\Walter Franklim\AppData\LocalLow 2016-12-23 01:23 - 2014-03-02 12:39 - 00002674 _____ C:\Users\Walter Franklim\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-12-22 11:20 - 2014-02-12 16:14 - 00000000 ____D C:\Users\Walter Franklim\Documents\VirtualDJ 2016-12-22 11:19 - 2014-10-30 13:38 - 00000000 ____D C:\Users\Particular\AppData\Local\CUSTPDF Writer 2016-12-22 11:19 - 2014-09-01 14:15 - 00000000 ____D C:\Users\Particular\Documents\VirtualDJ 2016-12-22 11:19 - 2014-03-02 12:36 - 00000000 ____D C:\Users\Particular\AppData\Roaming\uTorrent 2016-12-22 11:19 - 2010-05-01 00:01 - 00000000 ____D C:\Users\Convidado\AppData\Local\CrashDumps 2016-12-22 11:19 - 2010-04-30 23:41 - 00000000 ___RD C:\Users\Particular\Videos 2016-12-22 11:19 - 2010-04-30 23:41 - 00000000 ___RD C:\Users\Particular\Pictures 2016-12-22 11:19 - 2010-04-30 23:41 - 00000000 ___RD C:\Users\Particular\Documents 2016-12-22 10:44 - 2010-04-30 23:41 - 00000000 ____D C:\Users\Particular\AppData\Roaming 2016-12-22 10:31 - 2013-11-10 17:15 - 00000000 ____D C:\Program Files\Samsung 2016-12-22 10:30 - 2013-11-10 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2016-12-22 00:15 - 2014-07-09 17:55 - 00000000 ____D C:\Users\Walter Franklim\AppData\LocalLow\IObit 2016-12-22 00:15 - 2014-02-12 17:20 - 00000000 ____D C:\Program Files\ma-config.com 2016-12-22 00:15 - 2009-07-13 22:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-12-21 19:33 - 2009-07-13 22:03 - 00262144 ____H C:\Windows\system32\config\SYSTEM.LOG2 2016-12-21 16:21 - 2016-01-27 00:00 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\Mozilla 2016-12-19 18:39 - 2015-07-24 15:13 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240237904-3152138187-639416452-1003UA.job 2016-12-19 18:39 - 2015-07-24 15:13 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-240237904-3152138187-639416452-1003Core.job 2016-12-19 18:06 - 2014-02-12 17:20 - 00000000 ____D C:\Users\Todos os Usuários\ma-config.com 2016-12-19 18:06 - 2014-02-12 17:20 - 00000000 ____D C:\ProgramData\ma-config.com 2016-12-19 17:18 - 2010-05-01 00:06 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-12-19 16:53 - 2013-11-21 21:50 - 00000000 ____D C:\Users\Walter Franklim\AppData\Local\CodecDecoder 2016-12-18 04:47 - 2010-05-01 11:55 - 00000000 ____D C:\Program Files\Google 2016-12-18 04:20 - 2016-12-07 19:35 - 00000000 ____D C:\Users\Walter Franklim\Desktop\JOSY PENDRIVE 2016-12-18 04:20 - 2016-03-24 15:15 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\vlc 2016-12-18 04:19 - 2016-03-24 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-12-18 04:19 - 2015-10-24 00:33 - 00000000 ____D C:\Program Files\Canon 2016-12-18 04:19 - 2013-11-18 18:33 - 00000000 ___RD C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2016-12-18 04:19 - 2010-05-01 15:42 - 00000000 ____D C:\Program Files\ASIO4ALL v2 2016-12-18 04:17 - 2016-11-06 21:49 - 00000000 ____D C:\Users\Particular\Desktop\Dados anteriores do Firefox 2016-12-18 02:45 - 2016-12-10 13:14 - 00000000 ____D C:\Users\Walter Franklim\AppData\LocalLow\Mozilla 2016-12-18 02:27 - 2016-02-07 21:34 - 00524288 ___SH C:\Windows\system32\config\components{a6653b44-ce03-11e5-86d8-e81132b1f6c5}.TMContainer00000000000000000002.regtrans-ms 2016-12-18 02:27 - 2016-02-07 21:34 - 00065536 ___SH C:\Windows\system32\config\components{a6653b44-ce03-11e5-86d8-e81132b1f6c5}.TM.blf 2016-12-16 03:06 - 2016-10-07 02:45 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\Audacity 2016-12-16 03:06 - 2014-08-10 04:16 - 00000000 ____D C:\Users\Walter Franklim\AppData\Roaming\ProductData 2016-12-16 03:05 - 2013-12-30 22:26 - 00000000 ____D C:\Program Files\Baidu Security ==================== Arquivos na raiz de alguns diretórios ======= 2016-10-10 08:36 - 2016-10-10 08:36 - 0018202 _____ () C:\Users\Walter Franklim\AppData\Roaming\Dapagahep 2014-04-01 13:34 - 2014-04-01 13:35 - 0000348 _____ () C:\Users\Walter Franklim\AppData\Roaming\FileShred.log 2016-10-09 22:18 - 2016-10-09 22:18 - 0020324 _____ () C:\Users\Walter Franklim\AppData\Roaming\Fitap 2013-12-30 20:00 - 2016-10-10 01:18 - 0000205 _____ () C:\Users\Walter Franklim\AppData\Roaming\WB.CFG 2015-07-27 06:55 - 2010-05-01 03:04 - 0007636 _____ () C:\Users\Walter Franklim\AppData\Local\Resmon.ResmonCfg 2015-06-22 14:39 - 2015-06-22 14:39 - 0000000 _____ () C:\Users\Walter Franklim\AppData\Local\Temp.dat 2015-03-15 17:27 - 2015-03-15 17:27 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-02-12 19:24 - 2014-02-12 19:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-10-28 15:57 - 2016-06-28 11:58 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js 2013-11-22 07:40 - 2013-11-22 07:40 - 0170344 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll 2016-12-18 03:11 - 2016-12-18 03:11 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat 2015-12-19 03:32 - 2015-12-19 03:32 - 0225053 _____ () C:\ProgramData\XVOMGHUQBJVOUWPAWOD.dat Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\Duplicaterecord.js C:\ProgramData\FileSplitUpLoad.dll C:\ProgramData\fontcacheev1.dat C:\ProgramData\XVOMGHUQBJVOUWPAWOD.dat C:\Users\Todos os Usuários\Duplicaterecord.js C:\Users\Todos os Usuários\FileSplitUpLoad.dll C:\Users\Todos os Usuários\fontcacheev1.dat C:\Users\Todos os Usuários\XVOMGHUQBJVOUWPAWOD.dat C:\Windows\Tasks\{26DD22AC-832C-CA2B-0237-6BA87B71D30A}.job C:\Windows\Tasks\{3EE96778-275A-7B08-C1F3-364E317EC1FF}.job ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-01-03 01:59 ==================== Fim de FRST.txt ============================