Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 12-02-2017 Executado por gustavo.ukita (administrador) em SMSP-020445 (13-02-2017 12:33:41) Executando a partir de C:\Users\gustavo.ukita.SYSMAP\Downloads Perfis Carregados: gustavo.ukita (Perfis Disponíveis: gustavo.ukita & gustavo.socorro) Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: FF) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (hxxp://tortoisesvn.net) C:\Home\Programas\TortoiseSVN\bin\TSVNCache.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\vapm.exe (hxxp://www.ocsinventory-ng.org) C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE () C:\Home\Programas\Atlassian\HipChat4\HipChat.exe () C:\Home\Programas\Atlassian\HipChat4\QtWebEngineProcess.exe () C:\Home\Programas\Atlassian\HipChat4\QtWebEngineProcess.exe (Don HO don.h@free.fr) C:\Home\Programas\Notepad++\notepad++.exe () C:\Home\Programas\HostSwitcher\HostSwitcher.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe () C:\Program Files\Microsoft Office\Office15\lynchtmlconv.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [927280 2016-11-11] (GAS Tecnologia LTDA) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe [1194320 2015-11-10] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6004512 2017-01-11] (IObit) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATENÇÃO HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATENÇÃO HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATENÇÃO HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATENÇÃO Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-08-11] (Banco do Brasil) Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-09-16] (Caixa Economica Federal) HKLM-x32\...\Command Processor: <======= ATENÇÃO HKU\S-1-5-21-1570781029-660524082-555581952-15129\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2913568 2016-12-16] (IObit) HKU\S-1-5-18\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2913568 2016-12-16] (IObit) HKU\S-1-5-18\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 HKLM\...\Providers\jhttxc8z: C:\Program Files (x86)\Nopury Engine\local64spl.dll [308224 2017-02-06] () ShellExecuteHooks: Sem Nome - {2792BDF0-EABB-11E6-A851-64006A5CFC23} - -> Nenhum Arquivo ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1903328 2016-09-16] (Caixa Economica Federal) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-08-11] (Banco do Brasil) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ocspackage.exe [2015-03-23] (Ocs Inventory Team) BootExecute: autocheck autochk * sh4native Sh4Removal GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [S-1-5-21-1570781029-660524082-555581952-15129] => Proxy está habilitado. ProxyServer: [S-1-5-21-1570781029-660524082-555581952-15129] => http=127.0.0.1:8080;https=127.0.0.1:8080 Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.100.12.65 10.100.14.21 Tcpip\..\Interfaces\{808DCFD5-CC4A-46CC-A404-456D8673FA3E}: [DhcpNameServer] 10.100.12.65 10.100.14.21 ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKU\S-1-5-21-1570781029-660524082-555581952-15129\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-02-10] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-19] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-10-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-08-03] (IObit) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-08-11] (Banco do Brasil) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2016-09-16] (Caixa Economica Federal) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-19] (Microsoft Corporation) BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit) DPF: HKLM-x32 {80533188-4435-4040-AC3E-91B489C02F21} hxxp://qualitycenterprd.vivo.com.br:8080/qcbin/ALM-Platform-Loader.12.2x.cab Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-10-19] (Microsoft Corporation) Handler-x32: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Home\Programas\Quest Software\Toad for Oracle\RNetPin.dll [2006-10-16] () FireFox: ======== FF DefaultProfile: 3hzwqlfa.default FF ProfilePath: C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\3hzwqlfa.default\Profiles\3hzwqlfa.default [não encontrado (a)] FF ProfilePath: C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497 [2017-02-13] FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-10-18] FF Extension: (AdBlock for Firefox) - C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-02-13] FF Extension: (Proxy Tool) - C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla\Firefox\Profiles\j29edusx.default-1486667964497\Extensions\proxytool@proxylist.co.xpi [2017-02-13] FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-19] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-10-19] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation) Chrome: ======= CHR HKU\S-1-5-21-1570781029-660524082-555581952-15129\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit) S2 Archer; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe [1194320 2015-11-10] (Kaspersky Lab ZAO) S2 avpsus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avpsus.exe [2481072 2015-11-10] (Kaspersky Lab ZAO) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3293376 2016-10-08] (Microsoft Corporation) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-08-11] (GAS Tecnologia) S2 GubZL; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1740576 2017-01-20] (IObit) S3 Informatica9.6.1; C:\Informatica\9.6.1\tomcat\bin\infasvcs.exe [101376 2016-09-19] () [Arquivo não assinado] S4 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit) S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [459264 2017-02-13] () [Arquivo não assinado] <==== ATENÇÃO R2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [139504 2016-03-22] (AO Kaspersky Lab) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit) R2 OCS INVENTORY; C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe [69632 2009-10-27] (hxxp://www.ocsinventory-ng.org) [Arquivo não assinado] R2 OtherSearch; C:\Program Files (x86)\zTJM6VlzI0\kl.dll [503808 2017-02-04] () [Arquivo não assinado] <==== ATENÇÃO R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-01-30] (IBM Corp.) S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH) S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATENÇÃO R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49040 2014-07-24] (Synaptics Incorporated) S3 VSStandardCollectorService140; C:\Home\Programas\VisualStudio\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-17] (Microsoft Corporation) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [927280 2016-11-11] (GAS Tecnologia LTDA) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1264640 2017-01-16] (Microsoft Corporation) [Arquivo não assinado] <==== ATENÇÃO R2 WinSAPSvc; C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSAPSvc\WinSAP.dll [185344 2017-02-13] (TODO: ) [Arquivo não assinado] S2 WinSnare; C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSnare\WinSnare.dll [779776 2017-02-08] (InterSect Alliance Pty Ltd) [Arquivo não assinado] R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2014-05-13] (Atheros) [Arquivo não assinado] S2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [X] ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10679808 1999-12-31] (Advanced Micro Devices, Inc.) [Arquivo não assinado] S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [459264 1999-12-31] (Advanced Micro Devices, Inc.) [Arquivo não assinado] R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35496 1999-12-31] (Advanced Micro Devices, Inc.) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET) R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [70960 2017-01-17] (ESET) S3 esgiguard; não ImagePath S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-10-11] () R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-10] (GAS Tecnologia) R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2017-02-10] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia) R1 HWiNFO32; C:\Users\GUSTAV~1.SYS\AppData\Local\Temp\HWiNFO64A.SYS [27552 2017-02-07] (REALiX(tm)) <==== ATENÇÃO R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO) S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [111472 2016-07-07] (Kaspersky Lab ZAO) R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [44880 2016-06-29] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [702800 2016-07-07] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50768 2016-06-29] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75168 2016-07-07] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [197512 2016-06-29] (Kaspersky Lab ZAO) R1 Lace514; C:\Windows\System32\drivers\Lace_wpf_x64.sys [75032 2016-12-28] (Lace514) R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [380872 2017-01-30] (IBM Corp.) R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2016-12-26] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [580648 2017-01-30] (IBM Corp.) R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [252296 2017-01-13] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [506024 2017-01-13] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [603464 2017-01-30] (IBM Corp.) R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [418784 2017-02-07] (Realsil Semiconductor Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2016-11-01] (SlimWare Utilities, Inc.) R3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [452040 2016-03-31] (BitDefender S.R.L.) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-02-10] (GAS Tecnologia) R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-11-11] (GAS Tecnologia) R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-11] (GAS Tecnologia) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-13 12:33 - 2017-02-13 12:34 - 00027843 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\FRST.txt 2017-02-13 12:33 - 2017-02-13 12:33 - 00000000 ____D C:\FRST 2017-02-13 12:31 - 2017-02-13 12:31 - 02421248 _____ (Farbar) C:\Users\gustavo.ukita.SYSMAP\Downloads\FRST64.exe 2017-02-13 12:08 - 2017-02-13 12:08 - 00001173 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk 2017-02-13 12:08 - 2017-02-13 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter 2017-02-13 12:00 - 2017-02-13 12:03 - 46510120 _____ (IObit ) C:\Users\gustavo.ukita.SYSMAP\Downloads\iobit-malware-fighter-4-5-0-3457.exe 2017-02-13 10:51 - 2017-02-13 10:51 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSAPSvc 2017-02-13 10:51 - 2017-02-13 10:51 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0) 2017-02-10 18:13 - 2017-02-10 18:27 - 00010193 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\AtividadesGustavoUkita-Janeiro2017.xlsx 2017-02-10 17:03 - 2017-02-10 17:03 - 00035321 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\HorasApontadasGustavoUkita.xls 2017-02-10 14:51 - 2017-02-10 14:51 - 00001389 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-02-10 12:06 - 2017-02-10 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Sun 2017-02-10 12:06 - 2017-02-10 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Sun 2017-02-10 10:37 - 2017-02-10 10:37 - 00113928 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-09 17:19 - 2017-02-09 17:19 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\Dados antigos do Firefox 2017-02-09 17:17 - 2017-02-09 17:17 - 00000000 ____D C:\Users\Todos os Usuários\BDLogging 2017-02-09 17:17 - 2017-02-09 17:17 - 00000000 ____D C:\ProgramData\BDLogging 2017-02-09 17:17 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys 2017-02-09 17:15 - 2017-02-09 17:15 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-09 17:15 - 2017-02-09 17:15 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-09 17:13 - 2017-02-09 17:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-09 16:03 - 2017-02-09 16:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\ESET 2017-02-09 15:36 - 2015-04-17 18:11 - 47077139 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\Google Chrome 41 Stable OIx64.rar 2017-02-08 14:20 - 2017-02-08 14:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\ESET 2017-02-08 14:09 - 2017-02-10 15:06 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Ocs_contact.lnk 2017-02-08 13:53 - 2017-02-08 13:53 - 00002848 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_gustavo.ukita 2017-02-08 12:21 - 2017-02-08 12:21 - 00000000 ____D C:\Users\Todos os Usuários\ESET 2017-02-08 12:21 - 2017-02-08 12:21 - 00000000 ____D C:\ProgramData\ESET 2017-02-08 12:15 - 2017-02-08 12:15 - 03139200 _____ (ESET) C:\Users\gustavo.ukita.SYSMAP\Downloads\eset_nod32_antivirus_live_installer.exe 2017-02-08 12:05 - 2017-02-08 12:05 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\PackageAware 2017-02-08 11:51 - 2017-02-08 11:51 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2017-02-08 06:32 - 2017-02-08 13:44 - 00000000 ____D C:\Program Files (x86)\WinArcher 2017-02-08 06:31 - 2017-02-08 13:45 - 00000000 ____D C:\Users\Todos os Usuários\WinSAPSvc 2017-02-08 06:31 - 2017-02-08 13:45 - 00000000 ____D C:\ProgramData\WinSAPSvc 2017-02-08 06:29 - 2017-02-13 10:51 - 00003598 _____ C:\Windows\System32\Tasks\Milimili 2017-02-08 06:29 - 2017-02-13 10:51 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinSnare 2017-02-08 06:29 - 2017-02-08 13:45 - 00000000 ____D C:\Program Files (x86)\Gub 2017-02-08 06:29 - 2017-02-08 12:01 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.0.9) 2017-02-08 06:29 - 2017-02-08 06:30 - 00000000 ____D C:\Program Files (x86)\MIO 2017-02-08 06:28 - 2017-02-13 10:51 - 00000000 ____D C:\Program Files\jhttxc8z 2017-02-07 16:39 - 2017-02-07 16:39 - 00265987 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\ItauEmpresasRnegociacao-10022017.pdf 2017-02-07 12:30 - 2017-02-07 16:53 - 00002916 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_gustavo.ukita 2017-02-07 12:30 - 2017-02-07 16:53 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk 2017-02-07 12:05 - 2017-02-08 11:31 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-07 12:05 - 2017-02-07 12:09 - 00003842 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-02-07 12:05 - 2017-02-07 12:05 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-02-07 12:04 - 2017-02-07 12:04 - 09891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll 2017-02-07 12:04 - 2017-02-07 12:04 - 04332032 _____ (Realtek Semiconductor Corp.) C:\Windows\RtCRU64.exe 2017-02-07 12:04 - 2017-02-07 12:04 - 00418784 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys 2017-02-07 12:04 - 2017-02-07 12:04 - 00084480 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll 2017-02-07 12:04 - 2017-02-07 12:04 - 00000000 ____D C:\Windows\SysWOW64\sda 2017-02-07 11:53 - 2017-02-07 11:53 - 01604736 _____ (Conexant Systems Inc.) C:\Windows\system32\Drivers\CHDRT64.sys 2017-02-07 11:53 - 2017-02-07 11:53 - 01577600 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64AP63.dll 2017-02-07 11:53 - 2017-02-07 11:53 - 00879616 _____ (Creative Technology Ltd.) C:\Windows\system32\MCAPO64.dll 2017-02-07 11:53 - 2017-02-07 11:53 - 00619520 _____ (Creative Technology Ltd.) C:\Windows\system32\MCTHX64.dll 2017-02-07 11:53 - 2017-02-07 11:53 - 00576344 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll 2017-02-07 11:53 - 2017-02-07 11:53 - 00572760 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO64.dll 2017-02-07 11:53 - 2017-02-07 11:53 - 00568960 _____ (Conexant Systems, Inc.) C:\Windows\system32\UCI64A89.dll 2017-02-07 11:53 - 2017-02-07 11:53 - 00074240 _____ (Creative Technology Ltd.) C:\Windows\system32\MCWrp64.dll 2017-02-07 11:53 - 2017-02-07 11:53 - 00030893 _____ C:\Windows\system32\Drivers\Mixer.ini 2017-02-07 11:53 - 2017-02-07 11:53 - 00001816 _____ C:\Windows\system32\Drivers\Altmixer.ini 2017-02-07 11:53 - 2017-02-07 11:53 - 00000000 ____D C:\Program Files\CONEXANT 2017-02-07 11:25 - 2017-02-07 11:25 - 00003182 _____ C:\Windows\System32\Tasks\SmartDefrag_AutoAnalyze 2017-02-07 11:25 - 2017-02-07 11:25 - 00002834 _____ C:\Windows\System32\Tasks\ASC10_SkipUac_SISTEMA 2017-02-07 11:25 - 2017-02-07 11:25 - 00000000 ____D C:\Users\Todos os Usuários\{74E9F814-C737-42CC-B721-DBBC4059367A} 2017-02-07 11:25 - 2017-02-07 11:25 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A} 2017-02-07 11:25 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll 2017-02-07 11:24 - 2017-02-07 11:24 - 00003030 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup 2017-02-07 11:24 - 2017-02-07 11:24 - 00003030 _____ C:\Windows\System32\Tasks\ASC10_PerformanceMonitor 2017-02-07 11:24 - 2017-02-07 11:24 - 00003028 _____ C:\Windows\System32\Tasks\SmartDefrag_Update 2017-02-07 11:24 - 2017-02-07 11:24 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2017-02-07 11:24 - 2016-03-22 11:02 - 00036288 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe 2017-02-07 11:24 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys 2017-02-07 11:21 - 2017-02-07 11:22 - 00003264 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler 2017-02-07 11:21 - 2017-02-07 11:22 - 00002896 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SISTEMA) 2017-02-07 11:21 - 2017-02-07 11:21 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS 2017-02-07 11:21 - 2017-02-07 11:21 - 00000000 ____D C:\Windows\IObit 2017-02-06 17:56 - 2017-02-10 14:35 - 00000000 ____D C:\Program Files (x86)\Dashlane 2017-02-06 17:56 - 2017-02-06 17:56 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\ProductData 2017-02-06 17:56 - 2017-02-06 17:56 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Packages 2017-02-06 17:54 - 2017-02-10 11:51 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\IObit 2017-02-06 17:54 - 2017-02-07 12:30 - 00000000 ____D C:\Users\Todos os Usuários\ProductData 2017-02-06 17:54 - 2017-02-07 12:30 - 00000000 ____D C:\ProgramData\ProductData 2017-02-06 17:54 - 2017-02-07 11:25 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\IObit 2017-02-06 17:53 - 2017-02-13 12:08 - 00000000 ____D C:\Program Files (x86)\IObit 2017-02-06 17:53 - 2017-02-07 18:07 - 00000000 ____D C:\Users\Todos os Usuários\IObit 2017-02-06 17:53 - 2017-02-07 18:07 - 00000000 ____D C:\ProgramData\IObit 2017-02-06 17:53 - 2017-02-06 17:53 - 00000000 ____D C:\Users\Todos os Usuários\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} 2017-02-06 17:53 - 2017-02-06 17:53 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} 2017-02-06 17:51 - 2017-02-06 17:52 - 46510120 _____ (IObit ) C:\Users\gustavo.ukita.SYSMAP\Downloads\IObit-Malware-Fighter-Setup.exe 2017-02-06 15:49 - 2010-05-13 19:34 - 00014232 _____ C:\Windows\SysWOW64\sh4native.exe 2017-02-06 15:48 - 2017-02-06 15:48 - 00111817 _____ C:\spyhunter.fix 2017-02-06 12:10 - 2017-02-06 12:10 - 00001996 _____ C:\Windows\System32\Tasks\WIXDtJkRAY 2017-02-06 12:01 - 2017-02-10 14:54 - 00000000 ____D C:\Program Files (x86)\zTJM6VlzI0 2017-02-06 12:01 - 2017-02-08 16:58 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlock 2017-02-06 12:01 - 2017-02-08 16:48 - 00000000 ____D C:\Program Files (x86)\OneSystemCare 2017-02-06 12:01 - 2017-02-07 12:06 - 00003274 _____ C:\Windows\System32\Tasks\One System Care Monitor 2017-02-06 12:01 - 2017-02-06 12:11 - 00000002 _____ C:\END 2017-02-06 12:01 - 2017-02-06 12:01 - 00001067 _____ C:\Users\Public\Desktop\Launch One System Care.lnk 2017-02-06 12:01 - 2017-02-06 12:01 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\One System Care 2017-02-06 12:00 - 2017-02-06 12:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WMPNetworkAcSvc 2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\Users\Todos os Usuários\Avira 2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\Users\Todos os Usuários\Avg 2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\ProgramData\Avira 2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\ProgramData\Avg 2017-02-06 11:59 - 2017-02-06 11:59 - 00000000 ____D C:\ProgramData\AVAST Software 2017-02-06 11:57 - 2017-02-08 12:24 - 00000000 ____D C:\Program Files\XBox 2017-02-06 11:57 - 2017-02-06 11:57 - 00003716 _____ C:\Windows\System32\Tasks\Phervackprivch 2017-02-06 11:56 - 2017-02-10 14:51 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} 2017-02-06 11:56 - 2017-02-06 11:57 - 00000000 ____D C:\Users\Todos os Usuários\Windows Security 2017-02-06 11:56 - 2017-02-06 11:57 - 00000000 ____D C:\ProgramData\Windows Security 2017-02-06 11:55 - 2017-02-13 10:51 - 00000000 ____D C:\Program Files (x86)\Jegoing 2017-02-06 11:55 - 2017-02-08 11:30 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Arijuryarouied 2017-02-06 11:55 - 2017-02-06 12:01 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Arofiyprerpation 2017-02-06 11:55 - 2017-02-06 11:55 - 00000000 ____D C:\Program Files (x86)\Nopury Engine 2017-02-03 15:31 - 2017-02-03 15:31 - 00000782 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\jd-gui.cfg 2017-02-03 12:06 - 2017-02-03 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Downloads\decompilerjava 2017-02-03 12:06 - 2017-02-03 12:06 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\.oracle_jre_usage 2017-02-03 11:27 - 2017-02-03 11:27 - 00000000 ___HD C:\Windows\AxInstSV 2017-02-03 11:17 - 2017-02-03 11:17 - 00050149 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Contrato2_08022017.pdf 2017-02-03 11:17 - 2017-02-03 11:17 - 00049889 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Contrato1_08022017.pdf 2017-02-03 11:16 - 2017-02-03 11:16 - 00049889 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\Contrato.pdf 2017-01-30 10:07 - 2017-01-30 10:07 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2017-01-26 15:48 - 2017-01-26 15:49 - 00276878 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\comprovantePagamento_EloIT-25122016.PDF 2017-01-24 17:06 - 2017-01-24 17:06 - 00000309 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\MobaXterm Stored Passwords.txt 2017-01-24 16:35 - 2017-01-24 16:35 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Quest Software 2017-01-24 16:28 - 2017-01-24 16:28 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Oracle 2017-01-24 11:49 - 2017-01-24 11:49 - 00400384 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Formulário de Inclusão Bradesco Saúde.pdf 2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 _____ C:\Users\gustavo.ukita.SYSMAP\tracert 2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 _____ C:\Users\gustavo.ukita.SYSMAP\tnsping 2017-01-23 15:15 - 2017-01-23 15:15 - 00000000 _____ C:\Users\gustavo.ukita.SYSMAP\ping 2017-01-23 10:50 - 2017-01-23 10:50 - 07945240 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Catalogo Donna Coruja Varejo.pdf 2017-01-17 09:15 - 2017-01-17 09:15 - 00180544 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys 2017-01-17 09:15 - 2017-01-17 09:15 - 00132272 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys 2017-01-17 09:15 - 2017-01-17 09:15 - 00070960 _____ (ESET) C:\Windows\system32\Drivers\epfwwfpr.sys 2017-01-13 10:43 - 2017-02-13 12:26 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Mozilla 2017-01-13 10:40 - 2017-01-13 10:49 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Mozilla 2017-01-13 10:40 - 2017-01-13 10:43 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Mozilla 2017-01-12 16:02 - 2017-01-12 16:02 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\TortoiseSVN 2017-01-12 11:19 - 2017-01-12 11:19 - 00052403 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\1481905297___USSD.XLSX 2016-12-30 17:39 - 2017-02-01 11:54 - 00019230 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\ajudadecustodezembro.xlsx 2016-12-30 12:20 - 2016-12-30 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge 2016-12-30 12:19 - 2016-12-30 12:20 - 00000000 ____D C:\Program Files (x86)\WinMerge 2016-12-30 12:18 - 2016-12-30 12:18 - 06433055 _____ (hxxp://winmerge.org ) C:\Users\gustavo.ukita.SYSMAP\Downloads\WinMerge-2.14.0-Setup.exe 2016-12-29 12:42 - 2016-12-29 12:42 - 00000708 _____ C:\Users\gustavo.ukita.SYSMAP\.viminfo 2016-12-28 16:47 - 2016-12-28 16:47 - 00000130 _____ C:\Users\gustavo.ukita.SYSMAP\.gitconfig 2016-12-28 16:41 - 2016-12-28 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git 2016-12-28 16:40 - 2016-12-28 16:41 - 00000000 ____D C:\Program Files\Git 2016-12-28 16:20 - 2016-12-28 16:47 - 00000094 _____ C:\Users\gustavo.ukita.SYSMAP\mercurial.ini 2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.dat{d1102f42-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms 2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.dat{d1102f42-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms 2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\gustavo.socorro\NTUSER.DAT{d1102f5a-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms 2016-12-28 16:17 - 2016-12-28 16:17 - 00524288 ___SH C:\Users\gustavo.socorro\NTUSER.DAT{d1102f5a-ccff-11e6-b33a-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms 2016-12-28 16:17 - 2016-12-28 16:17 - 00065536 ___SH C:\Users\MSSQL$SQLEXPRESS\ntuser.dat{d1102f42-ccff-11e6-b33a-f4b7e2d5aaa6}.TM.blf 2016-12-28 16:17 - 2016-12-28 16:17 - 00065536 ___SH C:\Users\gustavo.socorro\NTUSER.DAT{d1102f5a-ccff-11e6-b33a-f4b7e2d5aaa6}.TM.blf 2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\Users\Todos os Usuários\Caphyon 2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian 2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\ProgramData\Caphyon 2016-12-28 16:08 - 2016-12-28 16:08 - 00000000 ____D C:\Program Files (x86)\Atlassian 2016-12-28 16:07 - 2016-12-28 16:25 - 00000000 ____D C:\Users\Todos os Usuários\Atlassian 2016-12-28 16:07 - 2016-12-28 16:25 - 00000000 ____D C:\ProgramData\Atlassian 2016-12-28 16:06 - 2016-12-28 16:07 - 17847544 _____ (Atlassian) C:\Users\gustavo.ukita.SYSMAP\Downloads\SourceTreeSetup_1.9.10.0.exe 2016-12-28 15:10 - 2017-01-12 16:47 - 00000936 _____ C:\Users\gustavo.ukita.SYSMAP\.bash_history 2016-12-28 11:24 - 2016-12-28 11:24 - 00075032 _____ (Lace514) C:\Windows\system32\Drivers\Lace_wpf_x64.sys 2016-12-27 12:01 - 2017-01-19 10:42 - 00524288 ___SH C:\Windows\system32\config\components{93969c99-cc3c-11e6-b3e5-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms 2016-12-27 12:01 - 2017-01-19 10:42 - 00065536 ___SH C:\Windows\system32\config\components{93969c99-cc3c-11e6-b3e5-f4b7e2d5aaa6}.TM.blf 2016-12-27 12:01 - 2016-12-27 12:11 - 00524288 ___SH C:\Windows\system32\config\components{93969c99-cc3c-11e6-b3e5-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms 2016-12-27 11:49 - 2017-02-10 14:51 - 00028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2016-12-27 11:49 - 2016-11-11 15:41 - 00025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddprm.sys 2016-12-27 11:49 - 2016-11-11 15:41 - 00025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys 2016-12-26 10:23 - 2016-12-26 10:23 - 01048576 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.2.regtrans-ms 2016-12-26 10:23 - 2016-12-26 10:23 - 01048576 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.1.regtrans-ms 2016-12-26 10:23 - 2016-12-26 10:23 - 01048576 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.0.regtrans-ms 2016-12-26 10:23 - 2016-12-26 10:23 - 00065536 ___SH C:\Windows\system32\config\components{843f8ea2-c12f-11e6-8288-f4b7e2d5aaa6}.TxR.blf 2016-12-26 10:20 - 2017-02-08 13:45 - 00436584 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-16 12:03 - 2017-02-06 17:57 - 00002198 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Atom.lnk 2016-12-16 12:03 - 2017-02-06 17:57 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2016-12-16 12:03 - 2016-12-16 12:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Atom 2016-12-16 12:03 - 2016-12-16 12:03 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\.atom 2016-12-16 12:02 - 2017-02-06 17:54 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\atom 2016-12-16 12:02 - 2017-02-06 17:49 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\SquirrelTemp 2016-12-14 17:29 - 2016-12-14 17:34 - 98462760 _____ (GitHub Inc.) C:\Users\gustavo.ukita.SYSMAP\Downloads\AtomSetup.exe 2016-12-14 12:32 - 2016-12-14 12:32 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\HHD Software 2016-12-14 11:28 - 2017-01-24 10:36 - 00002076 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Claro-Abarracamento.RDP 2016-12-13 16:05 - 2017-01-12 16:02 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\TortoiseSVN 2016-12-13 15:31 - 2016-12-13 15:31 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Documents\Arquivos do Outlook 2016-12-13 14:06 - 2017-02-02 17:29 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\PLSQL Developer 2016-12-13 10:41 - 2016-12-19 10:10 - 00524288 ___SH C:\Windows\system32\config\components{843f8ea3-c12f-11e6-8288-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms 2016-12-13 10:41 - 2016-12-19 10:10 - 00065536 ___SH C:\Windows\system32\config\components{843f8ea3-c12f-11e6-8288-f4b7e2d5aaa6}.TM.blf 2016-12-13 10:41 - 2016-12-14 18:00 - 00524288 ___SH C:\Windows\system32\config\components{843f8ea3-c12f-11e6-8288-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms 2016-12-12 15:54 - 2016-12-12 15:54 - 01048576 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.2.regtrans-ms 2016-12-12 15:54 - 2016-12-12 15:54 - 01048576 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.1.regtrans-ms 2016-12-12 15:54 - 2016-12-12 15:54 - 01048576 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.0.regtrans-ms 2016-12-12 15:54 - 2016-12-12 15:54 - 00065536 ___SH C:\Windows\system32\config\components{0aa5929f-c092-11e6-8341-f4b7e2d5aaa6}.TxR.blf 2016-12-12 15:42 - 2016-12-12 15:53 - 00524288 ___SH C:\Windows\system32\config\components{0aa592a0-c092-11e6-8341-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms 2016-12-12 15:42 - 2016-12-12 15:53 - 00524288 ___SH C:\Windows\system32\config\components{0aa592a0-c092-11e6-8341-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms 2016-12-12 15:42 - 2016-12-12 15:53 - 00065536 ___SH C:\Windows\system32\config\components{0aa592a0-c092-11e6-8341-f4b7e2d5aaa6}.TM.blf 2016-12-09 15:25 - 2016-12-09 15:25 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Temp 2016-12-09 11:11 - 2016-12-19 10:10 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Zoom 2016-12-09 11:11 - 2016-12-09 11:11 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\gustavo.ukita.SYSMAP\Downloads\Zoom_launcher.exe 2016-12-09 10:48 - 2016-12-09 10:48 - 01048576 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.2.regtrans-ms 2016-12-09 10:48 - 2016-12-09 10:48 - 01048576 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.1.regtrans-ms 2016-12-09 10:48 - 2016-12-09 10:48 - 01048576 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.0.regtrans-ms 2016-12-09 10:48 - 2016-12-09 10:48 - 00065536 ___SH C:\Windows\system32\config\components{0b0a188d-bc05-11e6-b16b-f4b7e2d5aaa6}.TxR.blf 2016-12-08 15:56 - 2016-12-08 15:56 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\vlc 2016-12-06 20:43 - 2016-12-09 10:47 - 00524288 ___SH C:\Windows\system32\config\components{0b0a188e-bc05-11e6-b16b-f4b7e2d5aaa6}.TMContainer00000000000000000001.regtrans-ms 2016-12-06 20:43 - 2016-12-09 10:47 - 00065536 ___SH C:\Windows\system32\config\components{0b0a188e-bc05-11e6-b16b-f4b7e2d5aaa6}.TM.blf 2016-12-06 20:43 - 2016-12-06 20:50 - 00524288 ___SH C:\Windows\system32\config\components{0b0a188e-bc05-11e6-b16b-f4b7e2d5aaa6}.TMContainer00000000000000000002.regtrans-ms 2016-12-06 16:39 - 2016-06-16 19:43 - 00036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys 2016-12-06 16:39 - 2016-06-16 19:43 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat 2016-12-06 16:39 - 2016-06-16 15:06 - 00002708 _____ C:\Windows\system32\Drivers\wsddntf.inf 2016-12-06 11:10 - 2016-12-06 11:10 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Programs 2016-12-05 14:41 - 2016-12-05 14:41 - 00628224 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\hora_extra.xls 2016-12-02 11:16 - 2016-12-02 11:16 - 01048576 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.2.regtrans-ms 2016-12-02 11:16 - 2016-12-02 11:16 - 01048576 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.1.regtrans-ms 2016-12-02 11:16 - 2016-12-02 11:16 - 01048576 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.0.regtrans-ms 2016-12-02 11:16 - 2016-12-02 11:16 - 00065536 ___SH C:\Windows\system32\config\components{8910d995-a833-11e6-8220-f4b7e2d5aaa6}.TxR.blf 2016-11-30 14:31 - 2016-11-30 14:31 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\WinRAR 2016-11-30 12:06 - 2016-11-30 12:06 - 00000851 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\sqldeveloper - Atalho.lnk 2016-11-30 11:51 - 2016-12-15 15:18 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\SQL Developer 2016-11-30 11:50 - 2016-11-30 11:50 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\sqldeveloper 2016-11-29 15:56 - 2016-12-13 15:57 - 00002010 ____H C:\Users\gustavo.ukita.SYSMAP\Documents\Default.rdp 2016-11-23 16:20 - 2016-11-23 16:20 - 00002795 _____ C:\Users\Public\Desktop\Bizagi Process Modeler.lnk 2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\IsolatedStorage 2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Bizagi Ltd 2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\IsolatedStorage 2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Bizagi Ltd 2016-11-23 16:20 - 2016-11-23 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bizagi 2016-11-23 16:17 - 2016-11-23 16:17 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Downloaded Installations 2016-11-23 16:08 - 2016-11-23 16:14 - 103746192 _____ (Bizagi Limited) C:\Users\gustavo.ukita.SYSMAP\Downloads\bizagi-process-modeler-2-7-es-en-win.exe 2016-11-23 06:19 - 2016-11-23 06:19 - 00000000 ____D C:\Users\Todos os Usuários\Snow Software 2016-11-23 06:19 - 2016-11-23 06:19 - 00000000 ____D C:\ProgramData\Snow Software 2016-11-21 15:09 - 2016-11-21 15:09 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Wisdom-soft 2016-11-21 15:08 - 2016-11-21 15:08 - 00001904 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\ScreenHunter 6.0 Free.lnk 2016-11-21 15:08 - 2016-11-21 15:08 - 00001880 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\ScreenHunter 6.0 Free.lnk 2016-11-21 15:08 - 2016-11-21 15:08 - 00001880 _____ C:\Users\gustavo.socorro\Desktop\ScreenHunter 6.0 Free.lnk 2016-11-21 15:08 - 2016-11-21 15:08 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 6 Free 2016-11-21 15:07 - 2016-11-21 15:07 - 12798032 _____ C:\Users\gustavo.ukita.SYSMAP\Downloads\Baixaki_screenhunter-free [1].exe 2016-11-21 15:03 - 2016-11-21 15:03 - 01782272 _____ ( ) C:\Users\gustavo.ukita.SYSMAP\Downloads\Baixaki_screenhunter-free.exe 2016-11-16 15:22 - 2016-11-16 15:23 - 00001945 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Request-Response[3793]-Beatrix.xml 2016-11-16 14:15 - 2016-11-16 14:15 - 00021299 _____ C:\Users\gustavo.ukita.SYSMAP\Desktop\Extrato_Santander_16112016.xls ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-13 12:21 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF 2017-02-13 12:11 - 2016-11-01 14:01 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Atlassian 2017-02-13 11:59 - 2016-06-15 15:17 - 00000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab 2017-02-13 11:59 - 2016-06-15 15:17 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2017-02-13 10:53 - 2016-10-20 12:36 - 00000128 _____ C:\Windows\system32\config\netlogon.ftl 2017-02-13 04:50 - 2016-11-01 10:33 - 00000000 ____D C:\Program Files (x86)\OCS Inventory Agent 2017-02-13 03:05 - 2009-07-14 02:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-13 03:05 - 2009-07-14 02:45 - 00021504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-10 14:59 - 2016-10-31 13:02 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Google 2017-02-10 14:58 - 2016-08-11 12:16 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2017-02-10 14:57 - 2016-10-31 12:52 - 00000000 ____D C:\sys 2017-02-10 14:54 - 2016-08-11 12:16 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys 2017-02-10 14:53 - 2016-08-11 12:16 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2017-02-10 14:53 - 2016-08-11 12:16 - 00000000 ____D C:\ProgramData\GbPlugin 2017-02-10 14:52 - 2016-08-11 12:16 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-02-10 14:51 - 2016-08-10 12:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2017-02-10 14:51 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\tracing 2017-02-10 14:51 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf 2017-02-10 14:50 - 2016-07-20 13:11 - 00000000 ____D C:\Users\Todos os Usuários\Validity 2017-02-10 14:50 - 2016-07-20 13:11 - 00000000 ____D C:\ProgramData\Validity 2017-02-10 14:50 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-10 14:38 - 2016-11-01 10:55 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\Outros Documentos 2017-02-10 14:24 - 2016-11-01 15:33 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\Notepad++ 2017-02-10 12:05 - 2016-06-20 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2017-02-10 12:05 - 2016-06-20 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-02-10 12:04 - 2016-06-20 18:23 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2017-02-10 12:03 - 2016-06-16 17:12 - 00000000 ____D C:\Program Files\Java 2017-02-10 10:37 - 2016-11-01 13:43 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\TeamViewer 2017-02-10 09:30 - 2016-11-01 09:42 - 00000000 ____D C:\Users\gustavo.socorro 2017-02-10 09:30 - 2016-09-05 18:21 - 00000000 ____D C:\Users\MSSQL$SQLEXPRESS 2017-02-09 17:41 - 2016-06-15 10:30 - 00000000 ____D C:\Windows\Panther 2017-02-09 17:13 - 2016-08-01 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2017-02-09 16:56 - 2016-07-20 13:00 - 00000000 ____D C:\Users\Todos os Usuários\Samsung 2017-02-09 16:56 - 2016-07-20 13:00 - 00000000 ____D C:\ProgramData\Samsung 2017-02-09 16:56 - 2016-06-15 15:07 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-02-09 16:45 - 2016-10-31 13:04 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\Local\TSVNCache 2017-02-08 23:27 - 2016-07-19 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLSQL Developer9.0 2017-02-08 16:08 - 2016-09-01 18:23 - 00000000 ____D C:\Program Files\FileViewPro 2017-02-08 13:45 - 2016-08-30 13:07 - 00000000 ___HD C:\Users\Todos os Usuários\~0 2017-02-08 13:45 - 2016-08-30 13:07 - 00000000 ___HD C:\ProgramData\~0 2017-02-08 13:41 - 2016-06-21 13:31 - 00000000 ____D C:\Program Files (x86)\Booking.com 2017-02-08 12:03 - 2016-06-15 15:31 - 00000000 ____D C:\Program Files (x86)\Google 2017-02-08 11:34 - 2016-06-21 13:28 - 00020566 __RSH C:\Users\Todos os Usuários\ntuser.pol 2017-02-08 11:34 - 2016-06-21 13:28 - 00020566 __RSH C:\ProgramData\ntuser.pol 2017-02-08 11:30 - 2016-07-28 12:52 - 00000000 ____D C:\Program Files (x86)\AppInsights 2017-02-08 11:30 - 2016-06-15 15:38 - 00000000 ____D C:\Program Files\WinRAR 2017-02-07 12:09 - 2016-06-17 16:47 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-02-07 12:09 - 2016-06-17 16:47 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-02-07 12:09 - 2016-06-17 16:47 - 00000000 ____D C:\Windows\system32\Macromed 2017-02-07 12:09 - 2016-06-16 13:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-02-07 12:05 - 2016-06-15 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-02-06 15:58 - 2016-10-31 12:52 - 00004658 __RSH C:\Users\gustavo.ukita.SYSMAP\ntuser.pol 2017-02-06 15:58 - 2016-10-31 12:52 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP 2017-02-06 15:45 - 2009-07-14 00:34 - 00000403 _____ C:\Windows\win.ini 2017-02-06 15:45 - 2009-07-14 00:34 - 00000219 _____ C:\Windows\system.ini 2017-02-06 15:43 - 2016-07-21 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer 2017-02-06 11:59 - 2016-09-19 13:37 - 00000000 ____D C:\Informatica 2017-02-06 11:59 - 2016-07-27 18:16 - 00000000 ____D C:\Program Files (x86)\NuGet 2017-02-06 11:59 - 2016-06-16 17:37 - 00000000 ____D C:\app 2017-02-06 11:59 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-02-06 11:56 - 2016-11-01 10:20 - 00000000 ____D C:\Users\Todos os Usuários\AMD 2017-02-06 11:56 - 2016-11-01 10:20 - 00000000 ____D C:\ProgramData\AMD 2017-02-03 16:54 - 2016-11-01 17:44 - 00000600 _____ C:\Users\gustavo.ukita.SYSMAP\AppData\Local\PUTTY.RND 2017-02-02 16:27 - 2016-07-19 16:37 - 00000926 _____ C:\Users\Public\Desktop\PLSQL Developer.lnk 2017-02-02 16:27 - 2016-07-19 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLSQL Developer 2017-01-30 12:40 - 2016-11-01 10:55 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\claro 2017-01-30 10:08 - 2016-08-01 18:12 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2017-01-30 10:07 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-01-26 12:09 - 2016-11-04 11:21 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\AppData\LocalLow\Adobe 2017-01-24 16:28 - 2016-06-15 10:28 - 00708172 _____ C:\Windows\system32\prfh0416.dat 2017-01-24 16:28 - 2016-06-15 10:28 - 00147952 _____ C:\Windows\system32\prfc0416.dat 2017-01-24 16:28 - 2009-07-14 03:13 - 01658828 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-20 15:29 - 2016-06-15 15:48 - 00000000 ____D C:\Intel 2017-01-19 11:30 - 2016-11-01 10:55 - 00000000 ____D C:\Users\gustavo.ukita.SYSMAP\Desktop\vivo 2017-01-18 12:06 - 2009-07-14 00:34 - 00014433 _____ C:\Windows\system32\Drivers\etc\Hosts.BAK 2017-01-16 15:40 - 2016-11-04 11:45 - 00002825 _____ C:\Users\gustavo.ukita.SYSMAP\soapui-settings.xml 2017-01-16 15:40 - 2016-11-03 17:47 - 00000938 _____ C:\Users\gustavo.ukita.SYSMAP\default-soapui-workspace.xml ==================== Arquivos na raiz de alguns diretórios ======= 2017-02-03 15:31 - 2017-02-03 15:31 - 0000782 _____ () C:\Users\gustavo.ukita.SYSMAP\AppData\Roaming\jd-gui.cfg 2016-11-01 17:44 - 2017-02-03 16:54 - 0000600 _____ () C:\Users\gustavo.ukita.SYSMAP\AppData\Local\PUTTY.RND Alguns arquivos em TEMP: ==================== 2017-02-06 17:55 - 2017-02-06 17:55 - 0513528 _____ (Dashlane inc.) C:\Users\gustavo.ukita.SYSMAP\AppData\Local\Temp\Dashlane_Launcher_1437420342.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-02-12 00:37 ==================== Fim de FRST.txt ============================