Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) VersÃ£o: 11-09-2017 02
Executado por Bruno (administrador) em BRUNO (11-09-2017 21:45:03)
Executando a partir de C:\Users\Bruno\Downloads
Perfis Carregados: Bruno (Perfis DisponÃ­veis: Bruno)
Platform: Windows 10 Home Single Language VersÃ£o 1703 (X64) Idioma: PortuguÃªs (Brasil)
Internet Explorer VersÃ£o 11 (Navegador padrÃ£o: FF)
Modo da InicializaÃ§Ã£o: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluÃ­da na fixlist, o processo serÃ¡ fechado. O arquivo nÃ£o serÃ¡ movido.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluÃ­da na fixlist, o Ã­tem no Registro serÃ¡ restaurado para o padrÃ£o ou removido. O arquivo nÃ£o serÃ¡ movido.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8721656 2016-03-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-09] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-2021469387-1975247797-3232241984-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-2021469387-1975247797-3232241984-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062048 2017-07-13] (Valve Corporation)
HKU\S-1-5-21-2021469387-1975247797-3232241984-1001\...\Run: [Spotify Web Helper] => C:\Windows.old\Users\Bruno\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-05-24] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(Se um Ã­tem for incluÃ­do na fixlist, sendo um Ã­tem do Registro, serÃ¡ removido ou restaurado para o padrÃ£o.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9b3f870b-892d-4a62-9918-da002b7b8726}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: cit1bl47.default
FF ProfilePath: C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\cit1bl47.default [2017-09-11]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\cit1bl47.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-07-26]
FF Extension: (Click-to-Play staged rollout) - C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\cit1bl47.default\features\{b9e4686a-f003-42be-80b7-95cfdb381d8d}\clicktoplay-rollout@mozilla.org.xpi [2017-09-11]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2017-06-17] <==== ATENÃÃO (Aponta para arquivo *.cfg)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2017-06-17] <==== ATENÃÃO

==================== ServiÃ§os (Whitelisted) ====================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-10] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-10] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-09-06] (Dropbox, Inc.)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2017-08-28] (Macrovision Europe Ltd.) [Arquivo nÃ£o assinado]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382448 2017-02-24] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-03-09] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.)
R3 AMDKMDAP; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-03] (Advanced Micro Devices, Inc.)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
S1 jdisoeid; C:\WINDOWS\system32\drivers\jdisoeid.sys [55168 2017-09-11] (Microsoft Corporation)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R1 MpKsle42d916a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49FB5E16-7278-4CB2-BCB4-6471473E01F6}\MpKsle42d916a.sys [44928 2017-09-11] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7218176 2017-03-18] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896744 2015-12-06] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-02-16] (Synaptics Incorporated)
R3 t_mouse.sys; C:\WINDOWS\System32\drivers\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)


==================== Um MÃªs Criados arquivos e pastas ========

(Se uma entrada for incluÃ­da na fixlist, o arquivo/pasta serÃ¡ movido.)

2017-09-11 21:45 - 2017-09-11 21:45 - 000012393 _____ C:\Users\Bruno\Downloads\FRST.txt
2017-09-11 21:43 - 2017-09-11 21:45 - 000000000 ____D C:\FRST
2017-09-11 21:42 - 2017-09-11 21:43 - 002397184 _____ (Farbar) C:\Users\Bruno\Downloads\FRST64.exe
2017-09-11 21:42 - 2017-09-11 21:42 - 001793024 _____ (Farbar) C:\Users\Bruno\Downloads\FRST.exe
2017-09-11 21:36 - 2017-09-11 21:36 - 000055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\jdisoeid.sys
2017-09-11 18:31 - 2017-09-11 18:31 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-09-06 07:29 - 2017-09-06 07:29 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-06 07:29 - 2017-09-06 07:29 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-06 07:29 - 2017-09-06 07:29 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-06 07:29 - 2017-09-06 07:29 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-04 21:11 - 2017-09-04 21:11 - 000004261 _____ C:\Users\Bruno\Desktop\Prova pontes.pos
2017-09-04 20:47 - 2017-09-04 20:47 - 000002684 _____ C:\Users\Bruno\Desktop\Prova pontes.ftl
2017-09-04 19:09 - 2017-09-04 19:21 - 000012328 _____ C:\Users\Bruno\Desktop\Ã reas.xlsx
2017-09-03 22:54 - 2017-09-03 22:54 - 000003119 _____ C:\Users\Bruno\Desktop\teste.pos
2017-09-03 22:52 - 2017-09-03 22:54 - 000001635 _____ C:\Users\Bruno\Desktop\teste.ftl
2017-09-03 10:53 - 2017-09-03 11:14 - 000003146 _____ C:\Users\Bruno\Desktop\untitled.pos
2017-09-03 10:52 - 2017-09-03 11:14 - 000001631 _____ C:\Users\Bruno\Desktop\untitled.ftl
2017-08-31 20:03 - 2017-08-31 20:03 - 000002093 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2017-08-31 20:01 - 2017-08-31 20:01 - 001184191 _____ C:\Users\Bruno\Downloads\12_engenharia_civil.pdf
2017-08-28 23:21 - 2017-08-28 23:21 - 000000000 ____D C:\Users\Todos os UsuÃ¡rios\FLEXnet
2017-08-28 23:11 - 2017-09-04 19:56 - 000000000 ____D C:\Users\Todos os UsuÃ¡rios\Autodesk
2017-08-28 23:11 - 2017-09-04 19:56 - 000000000 ____D C:\Users\Bruno\AppData\Roaming\Autodesk
2017-08-28 23:11 - 2017-08-28 23:11 - 000001972 _____ C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
2017-08-28 23:11 - 2017-08-28 23:11 - 000000000 ____D C:\Users\Bruno\AppData\Local\Autodesk
2017-08-28 23:11 - 2017-08-28 23:11 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-08-28 23:11 - 2017-08-28 23:11 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-08-28 23:11 - 2017-08-28 23:11 - 000000000 ____D C:\Program Files\AutoCAD 2010
2017-08-28 23:03 - 2017-08-28 23:03 - 000001319 _____ C:\Users\Bruno\Desktop\Continue 4shared Desktop Ã© executado.lnk
2017-08-28 23:02 - 2017-08-28 23:02 - 001532104 _____ ( ) C:\Users\Bruno\Downloads\4shared Desktop_3930284882.exe
2017-08-28 19:23 - 2017-08-28 19:26 - 000000000 ____D C:\Users\Bruno\Desktop\Nova pasta
2017-08-17 19:26 - 2017-08-17 19:26 - 000000000 ____D C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maccaferri
2017-08-17 19:25 - 2017-08-17 19:25 - 000000000 ____D C:\Program Files (x86)\Maccaferri
2017-08-17 19:25 - 1998-06-23 22:00 - 000244024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFLXGRD.OCX
2017-08-17 19:25 - 1998-06-23 22:00 - 000166200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMASK32.OCX
2017-08-13 13:36 - 2017-08-13 13:36 - 009330349 _____ C:\Users\Bruno\Downloads\VersÃ£o TCC FINAL(1).pdf
2017-08-12 23:50 - 2017-08-12 23:51 - 009263837 _____ C:\Users\Bruno\Desktop\Menino fica com a cabeÃ§a presa na pilastra de ferro. A soluÃ§Ã£o Ã© a mais idiota possivel.mp4

==================== Um MÃªs Modificados arquivos e pastas ========

(Se uma entrada for incluÃ­da na fixlist, o arquivo/pasta serÃ¡ movido.)

2017-09-11 21:36 - 2012-12-16 19:21 - 000000000 ____D C:\WINDOWS\AutoKMS
2017-09-11 21:24 - 2017-06-04 20:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-11 18:32 - 2016-11-24 21:18 - 000000000 ____D C:\Users\Bruno\AppData\LocalLow\Mozilla
2017-09-11 18:31 - 2017-06-04 20:37 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-11 18:31 - 2017-06-04 20:10 - 000000000 ____D C:\WINDOWS\INF
2017-09-11 18:31 - 2015-08-11 12:28 - 000000000 __SHD C:\Users\Bruno\IntelGraphicsProfiles
2017-09-10 23:44 - 2017-06-04 20:46 - 000000000 ____D C:\Users\Bruno
2017-09-09 12:49 - 2017-07-27 21:37 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2021469387-1975247797-3232241984-1001
2017-09-09 12:49 - 2017-06-04 21:02 - 000002375 _____ C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-09 12:49 - 2015-08-11 20:49 - 000000000 ___RD C:\Users\Bruno\OneDrive
2017-09-08 14:21 - 2017-06-05 19:03 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-07 14:00 - 2017-06-04 20:54 - 002180060 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-07 14:00 - 2017-06-04 20:19 - 000877178 _____ C:\WINDOWS\system32\prfh0416.dat
2017-09-07 14:00 - 2017-06-04 20:19 - 000236580 _____ C:\WINDOWS\system32\prfc0416.dat
2017-09-07 13:54 - 2017-06-04 22:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-07 13:54 - 2017-06-04 20:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-07 13:54 - 2017-06-04 20:30 - 000492592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-07 13:53 - 2017-06-04 19:55 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-09-07 13:51 - 2017-06-04 20:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-04 22:35 - 2017-06-16 08:32 - 000000000 ____D C:\Users\Bruno\AppData\Roaming\Spotify
2017-09-04 22:35 - 2017-06-16 08:32 - 000000000 ____D C:\Users\Bruno\AppData\Local\Spotify
2017-09-04 21:10 - 2015-09-03 09:24 - 000000000 ____D C:\Users\Bruno\Desktop\Programas
2017-09-03 12:07 - 2017-06-04 22:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-31 20:03 - 2017-06-05 19:21 - 000000000 ____D C:\Users\Bruno\AppData\Local\Adobe
2017-08-28 23:11 - 2017-06-04 20:12 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-08-28 23:11 - 2017-06-04 20:12 - 000000000 ____D C:\WINDOWS\Help
2017-08-28 23:09 - 2017-06-04 20:12 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-17 23:34 - 2015-11-29 12:57 - 000000000 ___RD C:\Users\Bruno\Dropbox

==================== Arquivos na raiz de alguns diretÃ³rios =======

2017-07-10 19:42 - 2017-07-10 19:42 - 000007597 _____ () C:\Users\Bruno\AppData\Local\Resmon.ResmonCfg
2017-06-04 20:36 - 2017-06-04 20:36 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Alguns arquivos em TEMP:
====================
2017-08-28 23:12 - 2009-02-03 22:39 - 000161640 _____ (Autodesk, Inc.) C:\Users\Bruno\AppData\Local\Temp\AcDeltree.exe
2017-08-28 23:03 - 2017-08-28 23:03 - 001532104 _____ (                                                            ) C:\Users\Bruno\AppData\Local\Temp\ICReinstall_4shared Desktop_3930284882.exe

==================== Bamital & volsnap ======================

(NÃ£o hÃ¡ correÃ§Ã£o automÃ¡tica para arquivos que nÃ£o passaram na verificaÃ§Ã£o.)

C:\WINDOWS\system32\winlogon.exe => O arquivo Ã© assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo Ã© assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo Ã© assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo Ã© assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo Ã© assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo Ã© assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo Ã© assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo Ã© assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo Ã© assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo Ã© assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo Ã© assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo Ã© assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo Ã© assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo Ã© assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo Ã© assinado digitalmente

LastRegBack: 2017-09-10 13:24

==================== Fim de FRST.txt ============================