Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14-01-2017 Executado por Paulo Neves (administrador) em PAULONEVES-PC (14-01-2017 21:47:12) Executando a partir de C:\Users\Paulo Neves\Downloads Perfis Carregados: Paulo Neves (Perfis Disponíveis: Paulo Neves) Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (BitTorrent Inc.) C:\Users\Paulo Neves\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) C:\Users\Paulo Neves\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe (BitTorrent Inc.) C:\Users\Paulo Neves\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-08-10] (Caixa Economica Federal) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-06-07] (Microsoft Corporation) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-12-14] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 189.7.32.33 189.7.32.38 Tcpip\..\Interfaces\{A0CC8FEE-A799-42AC-A1FC-EAF820F487C3}: [DhcpNameServer] 189.7.32.33 189.7.32.38 Tcpip\..\Interfaces\{B32A0D0E-C3E8-4156-B02C-FE471A0373A6}: [DhcpNameServer] 189.7.32.33 189.7.32.38 Internet Explorer: ================== HKU\S-1-5-21-3616502070-904053556-844069444-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-25] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-25] (Oracle Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-12-14] [não assinado] FF HKU\S-1-5-21-3616502070-904053556-844069444-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-25] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1410728440&from=pcm&uid=TOSHIBAXDT01ACA100_13678YVRSXX13678YVRSX CHR StartupUrls: Default -> "hxxps://blu182.mail.live.com/?fid=flinbox" CHR Profile: C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default [2017-01-14] CHR Extension: (Google Apresentações) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-03] CHR Extension: (Google Docs) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-03] CHR Extension: (Google Drive) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-03] CHR Extension: (YouTube) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-03] CHR Extension: (Adobe Acrobat) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-10] CHR Extension: (Planilhas do Google) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-03] CHR Extension: (Documentos Google off-line) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-03] CHR Extension: (AdBlock) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-28] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-03] CHR Extension: (Gmail) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-03] CHR Extension: (Chrome Media Router) - C:\Users\Paulo Neves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-08-10] (GAS Tecnologia) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Arquivo não assinado] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Arquivo não assinado] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Arquivo não assinado] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Arquivo não assinado] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2013-04-18] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-08-10] (GAS Tecnologia) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-08-10] (GAS Tecnologia LTDA) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2017-01-14] (GAS Tecnologia) R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia) S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia) S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-01-14 21:47 - 2017-01-14 21:48 - 00013520 _____ C:\Users\Paulo Neves\Downloads\FRST.txt 2017-01-14 21:45 - 2017-01-14 21:47 - 00000000 ____D C:\FRST 2017-01-14 21:43 - 2017-01-14 21:44 - 02419200 _____ (Farbar) C:\Users\Paulo Neves\Downloads\FRST64.exe 2017-01-14 20:21 - 2017-01-14 20:32 - 00000000 ____D C:\Users\Paulo Neves\Downloads\Creed - Nascido para Lutar 2016 [1080p] BLUDV 2017-01-08 00:07 - 2015-07-30 11:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2017-01-08 00:07 - 2015-07-30 11:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2017-01-07 14:51 - 2017-01-07 14:51 - 00003794 _____ C:\Users\Paulo Neves\Downloads\comprovante (2).html 2017-01-07 14:47 - 2017-01-07 14:47 - 00040174 _____ C:\Users\Paulo Neves\Downloads\DAMSemae.pdf 2017-01-06 07:22 - 2017-01-06 07:22 - 00003253 _____ C:\Users\Paulo Neves\Downloads\7C393qtD9gy8Q2G4WaJdnlgtEQ.nodelx474-nbcinter03c-lx474.txt 2017-01-06 07:22 - 2017-01-06 07:22 - 00003253 _____ C:\Users\Paulo Neves\Downloads\7C393qtD9gy8Q2G4WaJdnlgtEQ.nodelx474-nbcinter03c-lx474 (1).txt 2017-01-04 14:34 - 2017-01-04 14:34 - 00184090 _____ C:\Users\Paulo Neves\Downloads\Relatorios-Report_IPVA_Parcelas1e2e3Juntas_CCK4853.PDF 2016-12-30 21:09 - 2016-12-30 21:09 - 00074158 _____ C:\Users\Paulo Neves\Downloads\legendas_tv_20161203140843000000.rar 2016-12-30 20:50 - 2016-12-30 20:50 - 00000000 ____D C:\Users\Paulo Neves\Downloads\Cães de Guerra 720p (2016) Dual Áudio BluRay -- By - Lucas Firmo 2016-12-26 18:36 - 2016-12-26 18:36 - 00064228 _____ C:\Users\Paulo Neves\Downloads\PORTARIA16_04.rtf 2016-12-25 16:21 - 2016-12-25 16:21 - 00003296 ____N C:\bootsqm.dat 2016-12-25 13:41 - 2016-12-27 18:39 - 00000252 _____ C:\Users\Paulo Neves\AppData\LocalLow\rbxcsettings.rbx 2016-12-25 13:41 - 2016-12-25 13:58 - 00000000 ____D C:\Users\Paulo Neves\AppData\Local\Roblox 2016-12-24 21:07 - 2016-12-25 18:51 - 00000000 ____D C:\Users\Paulo Neves\AppData\Roaming\.minecraft 2016-12-18 10:41 - 2016-12-18 10:48 - 00000000 ____D C:\Users\Paulo Neves\Downloads\Sully O Herói do Rio Hudson 2016 [1080p] WWW.BLUDV.COM 2016-12-18 10:39 - 2016-12-18 10:39 - 00000000 ____D C:\Users\Paulo Neves\Downloads\O.Bom.Pastor.2006.BluRay.1080p.Dual - TORRENTDOSFILMES.COM 2016-12-17 20:16 - 2017-01-14 20:18 - 00000000 ____D C:\Users\Paulo Neves\AppData\LocalLow\uTorrent ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-01-14 21:46 - 2016-06-08 20:13 - 00000000 ____D C:\Users\Paulo Neves\AppData\Roaming\uTorrent 2017-01-14 21:42 - 2009-07-14 02:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-14 21:42 - 2009-07-14 02:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-14 13:28 - 2016-08-24 15:26 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2017-01-14 13:28 - 2016-08-24 15:24 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2017-01-14 13:28 - 2016-08-24 15:24 - 00000000 ____D C:\ProgramData\GbPlugin 2017-01-14 13:27 - 2016-08-24 15:24 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-01-14 13:27 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-10 18:26 - 2016-06-21 19:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-01-10 18:25 - 2016-06-21 19:58 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-01-08 00:07 - 2016-07-04 21:11 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2017-01-07 20:02 - 2016-06-08 21:14 - 00000000 ___SD C:\Users\Paulo Neves\AppData\LocalLow\Temp 2016-12-30 21:07 - 2009-07-14 03:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-27 18:40 - 2016-12-14 18:02 - 00003652 _____ C:\Users\Todos os Usuários\hpzinstall.log 2016-12-27 18:40 - 2016-12-14 18:02 - 00003652 _____ C:\ProgramData\hpzinstall.log 2016-12-27 18:40 - 2016-06-03 17:55 - 00000000 ___RD C:\Users\Paulo Neves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 2016-12-25 17:24 - 2016-06-03 17:55 - 00000000 ___RD C:\Users\Paulo Neves\Links 2016-12-25 16:23 - 2016-06-03 17:48 - 00000000 ____D C:\Windows\Prefetch 2016-12-25 16:22 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2016-12-25 16:22 - 2009-07-14 01:20 - 00000000 ___RD C:\Users 2016-12-25 15:27 - 2016-07-09 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-12-25 15:27 - 2016-07-09 20:09 - 00000000 ____D C:\Program Files\Java 2016-12-25 15:27 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files (x86)\Common Files 2016-12-25 15:26 - 2016-07-09 20:09 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-12-25 15:09 - 2016-06-03 17:55 - 00000000 ___RD C:\Users\Paulo Neves\Desktop 2016-12-25 13:41 - 2016-06-03 17:55 - 00000000 ____D C:\Users\Paulo Neves\AppData\LocalLow 2016-12-25 01:32 - 2016-06-03 17:55 - 00000000 ___RD C:\Users\Paulo Neves\Saved Games 2016-12-24 21:07 - 2016-06-03 17:55 - 00000000 ____D C:\Users\Paulo Neves\AppData\Roaming 2016-12-16 18:27 - 2016-06-03 18:08 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-16 18:27 - 2016-06-03 18:08 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-16 18:27 - 2009-07-14 01:20 - 00000000 ___RD C:\Program Files (x86) 2016-12-16 18:27 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\Tasks 2016-12-15 06:12 - 2009-07-14 02:45 - 00341816 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Arquivos na raiz de alguns diretórios ======= 2016-12-14 18:02 - 2016-12-27 18:40 - 0003652 _____ () C:\ProgramData\hpzinstall.log Alguns arquivos em TEMP: ==================== C:\Users\Paulo Neves\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Paulo Neves\AppData\Local\Temp\ICReinstall_CD Mafia Sertaneja Vol. 4.exe C:\Users\Paulo Neves\AppData\Local\Temp\jre-8u101-windows-au.exe C:\Users\Paulo Neves\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-08-08 10:29 ==================== Fim de FRST.txt ============================