Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 17-12-2016
Executado por Henrique (administrador) em HENRIQUE-PC (20-12-2016 22:38:34)
Executando a partir de C:\Users\Henrique\Desktop
Perfis Carregados: Henrique (Perfis Disponíveis: Henrique)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{7753174E-7311-A44C-9E1C-935641C981B9}\YSearchUtilSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\Codecs\CodecUACManager.exe [68848 2016-08-31] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\Codecs\UpdateChecker.exe"
HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\...\MountPoints2: {7ba53258-b57c-11e5-91d2-0015833d0a57} - E:\AutoRun.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2016-09-12]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50466;https=127.0.0.1:50466
AutoConfigURL: [S-1-5-21-3160577149-2990376065-3891691935-1000] => hxxp://no-stops.com/wpad.dat?8055c94fd42e5024c55b068e301bf4a421578369
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D6438B27-1B6B-4DF1-B953-0ED31A0E4FD4}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://no-stops.com/wpad.dat?8055c94fd42e5024c55b068e301bf4a421578369
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.top8844.com?oem=mbtkv3&uid=TE85113Q239MTR_HitachiHTS545050A7E380&tm=1427646292
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=TE85113Q239MTR_HitachiHTS545050A7E380&tm=1427646292
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3160577149-2990376065-3891691935-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3160577149-2990376065-3891691935-1000 -> {112F6D7A-5A4C-4A71-AE89-D7EA1522F5CA} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3160577149-2990376065-3891691935-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-18] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-18] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-18] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com%2Cbr/"
CHR Profile: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default [2016-12-20]
CHR Extension: (YouTube) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-01]
CHR Extension: (Google Search) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-01]
CHR Extension: (Video DownloadHelper) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-01]
CHR Extension: (Chrome Media Router) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR Profile: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\System Profile [2016-01-29]
CHR HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-14] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-05] (Dropbox, Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S2 NetLogHandler; C:\Users\Henrique\AppData\Roaming\Netlog\Netlog.exe [167704 2015-06-08] (QNT)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{7753174E-7311-A44C-9E1C-935641C981B9}\YSearchUtilSvc.exe [182736 2016-10-07] (Yahoo Inc.)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-03] ()
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-12-20] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-12-20] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-08] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2016-09-07] ()
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33520 2014-12-04] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2016-12-20] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-22] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-12-20] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 cpuz134; \??\C:\Users\Henrique\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-12-20 22:38 - 2016-12-20 22:39 - 00018766 _____ C:\Users\Henrique\Desktop\FRST.txt
2016-12-20 22:37 - 2016-12-20 22:38 - 00000000 ____D C:\FRST
2016-12-20 22:35 - 2016-12-20 22:35 - 02420224 _____ (Farbar) C:\Users\Henrique\Desktop\FRST64.exe
2016-12-20 22:32 - 2016-12-20 22:32 - 00002750 _____ C:\Users\Henrique\Desktop\FSS.txt
2016-12-20 22:28 - 2016-12-20 22:28 - 00899584 _____ (Farbar) C:\Users\Henrique\Desktop\FSS.exe
2016-12-20 21:40 - 2016-12-20 21:40 - 00000000 ____D C:\8aecbe036cdae541e77065
2016-12-20 21:39 - 2016-12-20 21:40 - 00889416 _____ (Microsoft Corporation) C:\Users\Henrique\Downloads\dotNetFx40_Full_setup.exe
2016-12-20 21:19 - 2016-12-20 21:19 - 00000000 ____D C:\d8a18d526c400c0473
2016-12-20 20:26 - 2016-12-20 20:26 - 00000000 ____D C:\4d20d623f8920fcfa4b97ae7bfdb
2016-12-20 19:48 - 2016-12-20 19:48 - 00000000 ____D C:\5c1a89f67cc99502506ee3f295
2016-12-20 19:40 - 2016-12-20 19:41 - 00000000 ____D C:\Users\Henrique\Downloads\KLM v.3.0
2016-12-20 19:39 - 2016-12-20 19:39 - 02683579 _____ C:\Users\Henrique\Downloads\KLM v.3.0.rar
2016-12-18 12:43 - 2016-12-18 15:34 - 00003353 _____ C:\Users\Henrique\Downloads\ninguem-explica-deus (1).txt
2016-12-16 17:04 - 2016-12-16 17:04 - 00000000 __HDC C:\Users\Todos os Usuários\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}
2016-12-16 17:04 - 2016-12-16 17:04 - 00000000 __HDC C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}
2016-12-16 17:02 - 2016-12-16 17:02 - 00000000 ____D C:\Users\Public\Documents\Kontakt Factory Selection Library
2016-12-16 17:01 - 2016-12-16 17:01 - 652066816 _____ C:\Users\Henrique\Downloads\Kontakt_Factory_Selection.iso
2016-12-16 15:47 - 2016-12-16 15:47 - 00000000 __HDC C:\Users\Todos os Usuários\{72F2A743-44A4-4035-BE3B-80C2E67B0CEB}
2016-12-16 15:47 - 2016-12-16 15:47 - 00000000 __HDC C:\ProgramData\{72F2A743-44A4-4035-BE3B-80C2E67B0CEB}
2016-12-16 15:46 - 2016-12-16 15:47 - 00001014 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2016-12-16 15:45 - 2016-12-16 15:45 - 00000000 ____D C:\Users\Todos os Usuários\Native Instruments
2016-12-16 15:45 - 2016-12-16 15:45 - 00000000 ____D C:\ProgramData\Native Instruments
2016-12-16 15:45 - 2016-12-16 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2016-12-16 15:36 - 2016-12-16 15:36 - 00000000 ___DC C:\Users\Todos os Usuários\{C0A56C90-63A5-498A-9F30-3E1C9B7A3718}
2016-12-16 15:36 - 2016-12-16 15:36 - 00000000 ___DC C:\ProgramData\{C0A56C90-63A5-498A-9F30-3E1C9B7A3718}
2016-12-16 14:32 - 2016-12-16 15:28 - 00003272 _____ C:\Users\Henrique\Downloads\ninguem-explica-deus.txt
2016-12-16 12:55 - 2016-12-16 12:55 - 00000839 _____ C:\Users\Henrique\Desktop\sc3.tmp
2016-12-16 02:55 - 2016-12-16 03:00 - 89618337 _____ C:\Users\Henrique\Downloads\VSUpright_v1_64bit.zip
2016-12-16 01:53 - 2016-12-16 01:53 - 00082541 _____ C:\Users\Henrique\Uninstal FreeAlpha 64.exe
2016-12-16 01:53 - 2016-12-16 01:53 - 00000000 ____D C:\Users\Henrique\Alpha 3 Banks
2016-12-16 00:56 - 2016-12-16 00:56 - 00000000 ____D C:\Users\Henrique\Downloads\FreeAlpha-330
2016-12-16 00:55 - 2016-12-16 00:56 - 09492658 _____ C:\Users\Henrique\Downloads\FreeAlpha-330.zip
2016-12-16 00:26 - 2016-12-16 00:26 - 00730868 _____ C:\Users\Henrique\Downloads\azr3.zip
2016-12-16 00:00 - 2016-12-16 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-15 22:41 - 2016-12-15 23:36 - 873553671 _____ C:\Users\Henrique\Downloads\Salamander_Piano_-_64.zip
2016-12-15 22:26 - 2016-12-15 22:26 - 00001615 _____ C:\Users\Henrique\Desktop\fm7 - Atalho.lnk
2016-12-15 19:41 - 2016-12-15 19:41 - 00104096 _____ C:\Users\Henrique\Downloads\readelay-x64.zip
2016-12-15 01:28 - 2016-12-15 22:29 - 00000000 ____D C:\Users\Henrique\Downloads\Músicas Hillsong
2016-12-15 00:03 - 2016-12-15 00:03 - 00000000 ____D C:\Users\Public\Documents\NI Resources
2016-12-14 16:22 - 2016-09-07 11:26 - 00112408 _____ C:\Windows\system32\Drivers\NIWinCDEmu.sys
2016-12-14 16:21 - 2016-12-14 16:22 - 05621520 _____ (Native Instruments GmbH) C:\Users\Henrique\Downloads\Kontakt_Factory_Selection_Downloader.exe
2016-12-14 16:00 - 2016-12-14 16:00 - 00000000 ____D C:\Users\Henrique\AppData\Local\Native Instruments
2016-12-14 15:59 - 2016-12-14 16:22 - 00000000 ____D C:\Users\Henrique\Documents\Native Instruments
2016-12-14 15:45 - 2015-07-18 11:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-12-14 15:26 - 2016-12-14 15:26 - 00000000 ____D C:\2b150e9a815c3db4e7c3425a
2016-12-14 15:16 - 2016-12-14 15:17 - 14749120 _____ (Microsoft Corporation) C:\Users\Henrique\Downloads\vc_redist.x64.exe
2016-12-14 13:15 - 2016-12-14 13:15 - 00000000 ____D C:\60cc200aa39a933247
2016-12-14 12:20 - 2016-12-16 17:04 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2016-12-14 12:20 - 2016-12-16 15:45 - 00000000 ____D C:\Program Files\Native Instruments
2016-12-14 12:20 - 2016-12-14 12:20 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-12-14 00:10 - 2016-12-14 00:10 - 00000000 ____D C:\a20df821749628bb7cc46f
2016-12-13 20:46 - 2016-12-13 20:46 - 00000000 ____D C:\f126d6f6e17dcd0b0f05
2016-12-13 20:39 - 2016-12-13 20:39 - 00000000 ____D C:\Users\Henrique\Downloads\Kontakt_5_565_PC
2016-12-13 20:03 - 2016-12-13 20:38 - 524116068 _____ C:\Users\Henrique\Downloads\Kontakt_5_565_PC.zip
2016-12-13 19:56 - 2016-12-13 19:56 - 00001326 _____ C:\Users\Henrique\Desktop\vsthost - Atalho.lnk
2016-12-13 17:42 - 2016-12-13 17:42 - 00000000 ____D C:\Users\Henrique\Downloads\NativeInstrumentsFM7-PresetsCollection
2016-12-13 17:21 - 2016-12-14 16:22 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2016-12-13 17:21 - 2016-12-13 17:21 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
2016-12-13 17:21 - 2016-12-13 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
2016-12-13 17:21 - 2001-07-03 16:56 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2016-12-13 17:21 - 2001-07-03 16:56 - 00401462 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2016-12-13 17:21 - 2001-07-03 16:56 - 00295000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2016-12-13 17:21 - 2001-07-03 16:56 - 00077878 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2016-12-13 17:16 - 2016-12-13 17:17 - 05104459 _____ C:\Users\Henrique\Downloads\NI-FM7-Synth-Native-instruments.exe
2016-12-13 17:16 - 2016-12-13 17:17 - 02338612 _____ C:\Users\Henrique\Downloads\NativeInstrumentsFM7-PresetsCollection.exe
2016-12-13 16:33 - 2016-12-13 16:36 - 00000000 ____D C:\Users\Henrique\Downloads\vsthost_149
2016-12-12 20:55 - 2016-12-12 20:55 - 00011739 _____ C:\Users\Henrique\Downloads\Boleto (1).pdf
2016-12-07 01:58 - 2016-12-07 01:58 - 00000004 _____ C:\Users\Todos os Usuários\sysid100.dat
2016-12-07 01:58 - 2016-12-07 01:58 - 00000004 _____ C:\ProgramData\sysid100.dat
2016-12-07 01:56 - 2016-12-07 01:56 - 00000000 ____D C:\Users\Henrique\TruePianos Settings
2016-12-07 01:41 - 2016-12-07 01:41 - 00000848 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruePianos Standalone.lnk
2016-12-07 01:40 - 2016-12-07 01:41 - 00000000 ____D C:\Program Files\TruePianos
2016-12-07 01:37 - 2016-12-07 01:37 - 00000000 ____D C:\Users\Henrique\Downloads\TRUE-PIANOS
2016-12-07 01:20 - 2016-12-07 01:32 - 305994384 _____ C:\Users\Henrique\Downloads\TRUE-PIANOS.zip
2016-12-06 23:59 - 2016-12-16 03:01 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Maize Sampler Player
2016-12-06 22:00 - 2016-12-16 01:55 - 00000000 ____D C:\Users\Henrique\Downloads\MeusVSTs
2016-12-06 21:58 - 2016-12-06 21:58 - 03086950 _____ C:\Users\Henrique\Downloads\vsthost_149.zip
2016-12-06 21:21 - 2016-12-06 21:21 - 00001157 _____ C:\Users\Henrique\Downloads\ASIO4ALL v2 - Manual de Instruções.lnk
2016-12-06 21:21 - 2016-12-06 21:21 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-12-06 21:21 - 2016-12-06 21:21 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2016-12-06 20:35 - 2016-12-06 20:36 - 00507449 _____ C:\Users\Henrique\Downloads\ASIO4ALL_2_13_Portuguese.exe
2016-12-06 20:31 - 2016-12-06 20:31 - 00000000 ____D C:\Users\Todos os Usuários\FileFinder
2016-12-06 20:31 - 2016-12-06 20:31 - 00000000 ____D C:\ProgramData\FileFinder
2016-12-06 20:30 - 2016-12-06 20:31 - 00000000 ____D C:\Users\Todos os Usuários\FFinder LTD
2016-12-06 20:30 - 2016-12-06 20:31 - 00000000 ____D C:\ProgramData\FFinder LTD
2016-12-06 18:18 - 2016-12-06 18:18 - 01180815 _____ C:\Users\Henrique\Downloads\UMX490_UMX610_M_PT.pdf
2016-12-06 13:47 - 2016-12-19 21:18 - 00000000 ____D C:\Users\Henrique\Downloads\coral
2016-12-05 18:07 - 2016-12-05 18:07 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-05 18:07 - 2016-12-05 18:07 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-05 18:07 - 2016-12-05 18:07 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-05 18:07 - 2016-12-05 18:07 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-30 21:59 - 2016-11-30 22:30 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\obs-studio
2016-11-30 21:58 - 2016-11-30 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-11-30 11:27 - 2016-11-30 11:27 - 65475696 _____ (Native Instruments GmbH) C:\Users\Henrique\Kontakt 5.dll
2016-11-30 11:26 - 2016-11-30 11:26 - 00051824 _____ (Native Instruments GmbH) C:\Users\Henrique\Kontakt 5 8out.dll
2016-11-30 11:26 - 2016-11-30 11:26 - 00051824 _____ (Native Instruments GmbH) C:\Users\Henrique\Kontakt 5 16out.dll
2016-11-24 21:21 - 2016-11-24 21:21 - 00000000 ____D C:\Users\Henrique\Documents\Harmônicas
2016-11-24 21:20 - 2016-11-24 21:20 - 00000000 ____D C:\Users\Henrique\Documents\Espíritas
2016-11-21 18:03 - 2016-11-21 18:03 - 00356080 _____ C:\Windows\Minidump\112116-17440-01.dmp
2016-11-15 20:05 - 2016-11-15 20:05 - 319441201 _____ C:\Users\Henrique\Downloads\Harpa Crista Cifrada Completa.pdf
2016-11-15 01:01 - 2016-12-18 21:36 - 00000000 ____D C:\Users\Henrique\Downloads\Cifras igreja
2016-11-14 15:08 - 2016-11-14 15:08 - 00356080 _____ C:\Windows\Minidump\111416-19281-01.dmp
2016-11-13 15:37 - 2016-12-04 17:30 - 00000000 ____D C:\Users\Henrique\Downloads\IEQ
2016-11-13 15:32 - 2016-11-13 15:32 - 00000000 ____D C:\Users\Henrique\Downloads\Eu navegarei_data
2016-11-13 15:08 - 2016-11-13 15:32 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Audacity
2016-11-13 15:08 - 2016-11-13 15:08 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-13 15:08 - 2016-11-13 15:08 - 00001011 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-13 15:08 - 2016-11-13 15:08 - 00000000 ____D C:\Users\Henrique\AppData\Local\Audacity
2016-11-13 15:07 - 2016-11-13 15:08 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-11-09 12:42 - 2016-11-09 12:42 - 00011961 _____ C:\Users\Henrique\Downloads\Boleto.pdf
2016-10-18 21:27 - 2016-10-18 21:27 - 00000000 ____D C:\Users\Henrique\AppData\Local\YSearchUtil
2016-10-18 21:27 - 2016-10-18 21:27 - 00000000 ____D C:\Program Files (x86)\Yahoo!
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-12-20 22:34 - 2016-04-03 23:20 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-20 22:08 - 2016-02-21 23:13 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-12-20 22:07 - 2016-02-21 23:13 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2016-12-20 22:07 - 2015-02-13 16:06 - 00002848 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2016-12-20 22:07 - 2015-02-13 16:06 - 00000416 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2016-12-20 22:06 - 2016-08-03 13:41 - 00013920 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2016-12-20 22:06 - 2016-05-31 00:28 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-12-20 22:06 - 2016-02-21 23:13 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-12-20 22:06 - 2016-02-21 23:13 - 00000000 ____D C:\ProgramData\GbPlugin
2016-12-20 22:06 - 2016-02-21 23:13 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-12-20 22:06 - 2016-02-14 12:36 - 00001020 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-20 22:06 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-20 22:05 - 2009-07-14 02:45 - 00020976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-20 22:05 - 2009-07-14 02:45 - 00020976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-20 21:53 - 2016-02-14 12:36 - 00001024 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-19 00:55 - 2010-11-21 07:37 - 00004284 _____ C:\Windows\system32\prfh0416.dat
2016-12-19 00:55 - 2010-11-21 07:37 - 00004092 _____ C:\Windows\system32\prfc0416.dat
2016-12-19 00:55 - 2009-07-14 03:13 - 00715748 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-19 00:55 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-12-18 12:53 - 2015-02-15 04:16 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 12:53 - 2015-02-15 04:16 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 23:50 - 2016-04-21 22:27 - 00000000 ____D C:\Users\Henrique\AppData\Local\CrashDumps
2016-12-16 15:45 - 2015-02-13 10:37 - 00000000 ____D C:\Users\Henrique
2016-12-16 13:38 - 2016-09-12 16:55 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-12-16 13:38 - 2016-09-12 16:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-16 11:58 - 2016-06-25 23:59 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\uTorrent
2016-12-16 03:38 - 2015-07-07 00:01 - 00000000 ___SD C:\Users\Henrique\AppData\LocalLow\Temp
2016-12-16 00:01 - 2016-02-14 12:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-15 21:49 - 2015-03-29 14:30 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Skype
2016-12-14 22:55 - 2016-01-29 11:12 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 17:14 - 2009-07-14 03:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-06 18:11 - 2016-02-14 12:43 - 00000000 ___RD C:\Users\Henrique\Dropbox
2016-11-29 00:47 - 2016-02-14 12:36 - 00004020 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 00:47 - 2016-02-14 12:36 - 00003768 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-21 18:03 - 2015-02-23 08:55 - 495908730 _____ C:\Windows\MEMORY.DMP
2016-11-21 18:03 - 2015-02-23 08:55 - 00000000 ____D C:\Windows\Minidump
==================== Arquivos na raiz de alguns diretórios =======
2016-03-28 19:54 - 2016-03-28 19:54 - 0000036 _____ () C:\Users\Henrique\AppData\Local\housecall.guid.cache
2016-07-14 12:56 - 2016-07-14 12:56 - 0000000 _____ () C:\Users\Henrique\AppData\Local\{008FF7DB-6528-4B87-A9CA-7114528B6460}
2015-02-15 09:01 - 2015-02-15 09:01 - 0000227 _____ () C:\ProgramData\bc.ini
2016-12-07 01:58 - 2016-12-07 01:58 - 0000004 _____ () C:\ProgramData\sysid100.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\sysid100.dat
C:\Users\Henrique\Kontakt 5 16out.dll
C:\Users\Henrique\Kontakt 5 8out.dll
C:\Users\Henrique\Kontakt 5.dll
C:\Users\Henrique\Uninstal FreeAlpha 64.exe
C:\Users\Todos os Usuários\sysid100.dat
Alguns arquivos em TEMP:
====================
C:\Users\Henrique\AppData\Local\Temp\18876669-1650-4c82-9fe8-ec467308849d.exe
C:\Users\Henrique\AppData\Local\Temp\596963.exe
C:\Users\Henrique\AppData\Local\Temp\atcMedia2521441945802.exe
C:\Users\Henrique\AppData\Local\Temp\atcMedia9651449813108.exe
C:\Users\Henrique\AppData\Local\Temp\BackupSetup.exe
C:\Users\Henrique\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.9.107990.exe
C:\Users\Henrique\AppData\Local\Temp\Baidu_Secure_SystemUp_5.1.3.114963.exe
C:\Users\Henrique\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Henrique\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Henrique\AppData\Local\Temp\libeay32.dll
C:\Users\Henrique\AppData\Local\Temp\msvcr120.dll
C:\Users\Henrique\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Henrique\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Henrique\AppData\Local\Temp\sqlite3.dll
C:\Users\Henrique\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Henrique\AppData\Local\Temp\ytb.exe
C:\Users\Henrique\AppData\Local\Temp\{DBF1772C-36E6-4B0C-8F81-47EA160ABAA4}-DropboxClient_8.4.19.exe
C:\Users\Henrique\AppData\Local\Temp\{EFF6EB2B-47B6-420A-AB9F-701EEFF5D899}-47.0.2526.111_47.0.2526.106_chrome_updater_3stage.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-06-26 20:29
==================== Fim de FRST.txt ============================
Executado por Henrique (administrador) em HENRIQUE-PC (20-12-2016 22:38:34)
Executando a partir de C:\Users\Henrique\Desktop
Perfis Carregados: Henrique (Perfis Disponíveis: Henrique)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Yahoo Inc.) C:\Program Files (x86)\Yahoo!\yset\{7753174E-7311-A44C-9E1C-935641C981B9}\YSearchUtilSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
() C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\Codecs\CodecUACManager.exe [68848 2016-08-31] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\Codecs\UpdateChecker.exe"
HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\...\MountPoints2: {7ba53258-b57c-11e5-91d2-0015833d0a57} - E:\AutoRun.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2016-09-12]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50466;https=127.0.0.1:50466
AutoConfigURL: [S-1-5-21-3160577149-2990376065-3891691935-1000] => hxxp://no-stops.com/wpad.dat?8055c94fd42e5024c55b068e301bf4a421578369
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D6438B27-1B6B-4DF1-B953-0ED31A0E4FD4}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://no-stops.com/wpad.dat?8055c94fd42e5024c55b068e301bf4a421578369
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.top8844.com?oem=mbtkv3&uid=TE85113Q239MTR_HitachiHTS545050A7E380&tm=1427646292
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=TE85113Q239MTR_HitachiHTS545050A7E380&tm=1427646292
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3160577149-2990376065-3891691935-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3160577149-2990376065-3891691935-1000 -> {112F6D7A-5A4C-4A71-AE89-D7EA1522F5CA} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3160577149-2990376065-3891691935-1000 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-18] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-18] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-18] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com%2Cbr/"
CHR Profile: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default [2016-12-20]
CHR Extension: (YouTube) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-01]
CHR Extension: (Google Search) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-01]
CHR Extension: (Video DownloadHelper) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-01]
CHR Extension: (Chrome Media Router) - C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR Profile: C:\Users\Henrique\AppData\Local\Google\Chrome\User Data\System Profile [2016-01-29]
CHR HKU\S-1-5-21-3160577149-2990376065-3891691935-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-14] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-05] (Dropbox, Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S2 NetLogHandler; C:\Users\Henrique\AppData\Roaming\Netlog\Netlog.exe [167704 2015-06-08] (QNT)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-22] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{7753174E-7311-A44C-9E1C-935641C981B9}\YSearchUtilSvc.exe [182736 2016-10-07] (Yahoo Inc.)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-03] ()
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-12-20] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-12-20] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-08] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2016-09-07] ()
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33520 2014-12-04] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2016-12-20] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-22] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-12-20] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 cpuz134; \??\C:\Users\Henrique\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-12-20 22:38 - 2016-12-20 22:39 - 00018766 _____ C:\Users\Henrique\Desktop\FRST.txt
2016-12-20 22:37 - 2016-12-20 22:38 - 00000000 ____D C:\FRST
2016-12-20 22:35 - 2016-12-20 22:35 - 02420224 _____ (Farbar) C:\Users\Henrique\Desktop\FRST64.exe
2016-12-20 22:32 - 2016-12-20 22:32 - 00002750 _____ C:\Users\Henrique\Desktop\FSS.txt
2016-12-20 22:28 - 2016-12-20 22:28 - 00899584 _____ (Farbar) C:\Users\Henrique\Desktop\FSS.exe
2016-12-20 21:40 - 2016-12-20 21:40 - 00000000 ____D C:\8aecbe036cdae541e77065
2016-12-20 21:39 - 2016-12-20 21:40 - 00889416 _____ (Microsoft Corporation) C:\Users\Henrique\Downloads\dotNetFx40_Full_setup.exe
2016-12-20 21:19 - 2016-12-20 21:19 - 00000000 ____D C:\d8a18d526c400c0473
2016-12-20 20:26 - 2016-12-20 20:26 - 00000000 ____D C:\4d20d623f8920fcfa4b97ae7bfdb
2016-12-20 19:48 - 2016-12-20 19:48 - 00000000 ____D C:\5c1a89f67cc99502506ee3f295
2016-12-20 19:40 - 2016-12-20 19:41 - 00000000 ____D C:\Users\Henrique\Downloads\KLM v.3.0
2016-12-20 19:39 - 2016-12-20 19:39 - 02683579 _____ C:\Users\Henrique\Downloads\KLM v.3.0.rar
2016-12-18 12:43 - 2016-12-18 15:34 - 00003353 _____ C:\Users\Henrique\Downloads\ninguem-explica-deus (1).txt
2016-12-16 17:04 - 2016-12-16 17:04 - 00000000 __HDC C:\Users\Todos os Usuários\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}
2016-12-16 17:04 - 2016-12-16 17:04 - 00000000 __HDC C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}
2016-12-16 17:02 - 2016-12-16 17:02 - 00000000 ____D C:\Users\Public\Documents\Kontakt Factory Selection Library
2016-12-16 17:01 - 2016-12-16 17:01 - 652066816 _____ C:\Users\Henrique\Downloads\Kontakt_Factory_Selection.iso
2016-12-16 15:47 - 2016-12-16 15:47 - 00000000 __HDC C:\Users\Todos os Usuários\{72F2A743-44A4-4035-BE3B-80C2E67B0CEB}
2016-12-16 15:47 - 2016-12-16 15:47 - 00000000 __HDC C:\ProgramData\{72F2A743-44A4-4035-BE3B-80C2E67B0CEB}
2016-12-16 15:46 - 2016-12-16 15:47 - 00001014 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2016-12-16 15:45 - 2016-12-16 15:45 - 00000000 ____D C:\Users\Todos os Usuários\Native Instruments
2016-12-16 15:45 - 2016-12-16 15:45 - 00000000 ____D C:\ProgramData\Native Instruments
2016-12-16 15:45 - 2016-12-16 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2016-12-16 15:36 - 2016-12-16 15:36 - 00000000 ___DC C:\Users\Todos os Usuários\{C0A56C90-63A5-498A-9F30-3E1C9B7A3718}
2016-12-16 15:36 - 2016-12-16 15:36 - 00000000 ___DC C:\ProgramData\{C0A56C90-63A5-498A-9F30-3E1C9B7A3718}
2016-12-16 14:32 - 2016-12-16 15:28 - 00003272 _____ C:\Users\Henrique\Downloads\ninguem-explica-deus.txt
2016-12-16 12:55 - 2016-12-16 12:55 - 00000839 _____ C:\Users\Henrique\Desktop\sc3.tmp
2016-12-16 02:55 - 2016-12-16 03:00 - 89618337 _____ C:\Users\Henrique\Downloads\VSUpright_v1_64bit.zip
2016-12-16 01:53 - 2016-12-16 01:53 - 00082541 _____ C:\Users\Henrique\Uninstal FreeAlpha 64.exe
2016-12-16 01:53 - 2016-12-16 01:53 - 00000000 ____D C:\Users\Henrique\Alpha 3 Banks
2016-12-16 00:56 - 2016-12-16 00:56 - 00000000 ____D C:\Users\Henrique\Downloads\FreeAlpha-330
2016-12-16 00:55 - 2016-12-16 00:56 - 09492658 _____ C:\Users\Henrique\Downloads\FreeAlpha-330.zip
2016-12-16 00:26 - 2016-12-16 00:26 - 00730868 _____ C:\Users\Henrique\Downloads\azr3.zip
2016-12-16 00:00 - 2016-12-16 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-15 22:41 - 2016-12-15 23:36 - 873553671 _____ C:\Users\Henrique\Downloads\Salamander_Piano_-_64.zip
2016-12-15 22:26 - 2016-12-15 22:26 - 00001615 _____ C:\Users\Henrique\Desktop\fm7 - Atalho.lnk
2016-12-15 19:41 - 2016-12-15 19:41 - 00104096 _____ C:\Users\Henrique\Downloads\readelay-x64.zip
2016-12-15 01:28 - 2016-12-15 22:29 - 00000000 ____D C:\Users\Henrique\Downloads\Músicas Hillsong
2016-12-15 00:03 - 2016-12-15 00:03 - 00000000 ____D C:\Users\Public\Documents\NI Resources
2016-12-14 16:22 - 2016-09-07 11:26 - 00112408 _____ C:\Windows\system32\Drivers\NIWinCDEmu.sys
2016-12-14 16:21 - 2016-12-14 16:22 - 05621520 _____ (Native Instruments GmbH) C:\Users\Henrique\Downloads\Kontakt_Factory_Selection_Downloader.exe
2016-12-14 16:00 - 2016-12-14 16:00 - 00000000 ____D C:\Users\Henrique\AppData\Local\Native Instruments
2016-12-14 15:59 - 2016-12-14 16:22 - 00000000 ____D C:\Users\Henrique\Documents\Native Instruments
2016-12-14 15:45 - 2015-07-18 11:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-12-14 15:45 - 2015-07-18 11:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-12-14 15:26 - 2016-12-14 15:26 - 00000000 ____D C:\2b150e9a815c3db4e7c3425a
2016-12-14 15:16 - 2016-12-14 15:17 - 14749120 _____ (Microsoft Corporation) C:\Users\Henrique\Downloads\vc_redist.x64.exe
2016-12-14 13:15 - 2016-12-14 13:15 - 00000000 ____D C:\60cc200aa39a933247
2016-12-14 12:20 - 2016-12-16 17:04 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2016-12-14 12:20 - 2016-12-16 15:45 - 00000000 ____D C:\Program Files\Native Instruments
2016-12-14 12:20 - 2016-12-14 12:20 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-12-14 00:10 - 2016-12-14 00:10 - 00000000 ____D C:\a20df821749628bb7cc46f
2016-12-13 20:46 - 2016-12-13 20:46 - 00000000 ____D C:\f126d6f6e17dcd0b0f05
2016-12-13 20:39 - 2016-12-13 20:39 - 00000000 ____D C:\Users\Henrique\Downloads\Kontakt_5_565_PC
2016-12-13 20:03 - 2016-12-13 20:38 - 524116068 _____ C:\Users\Henrique\Downloads\Kontakt_5_565_PC.zip
2016-12-13 19:56 - 2016-12-13 19:56 - 00001326 _____ C:\Users\Henrique\Desktop\vsthost - Atalho.lnk
2016-12-13 17:42 - 2016-12-13 17:42 - 00000000 ____D C:\Users\Henrique\Downloads\NativeInstrumentsFM7-PresetsCollection
2016-12-13 17:21 - 2016-12-14 16:22 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2016-12-13 17:21 - 2016-12-13 17:21 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
2016-12-13 17:21 - 2016-12-13 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
2016-12-13 17:21 - 2001-07-03 16:56 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2016-12-13 17:21 - 2001-07-03 16:56 - 00401462 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2016-12-13 17:21 - 2001-07-03 16:56 - 00295000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2016-12-13 17:21 - 2001-07-03 16:56 - 00077878 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2016-12-13 17:16 - 2016-12-13 17:17 - 05104459 _____ C:\Users\Henrique\Downloads\NI-FM7-Synth-Native-instruments.exe
2016-12-13 17:16 - 2016-12-13 17:17 - 02338612 _____ C:\Users\Henrique\Downloads\NativeInstrumentsFM7-PresetsCollection.exe
2016-12-13 16:33 - 2016-12-13 16:36 - 00000000 ____D C:\Users\Henrique\Downloads\vsthost_149
2016-12-12 20:55 - 2016-12-12 20:55 - 00011739 _____ C:\Users\Henrique\Downloads\Boleto (1).pdf
2016-12-07 01:58 - 2016-12-07 01:58 - 00000004 _____ C:\Users\Todos os Usuários\sysid100.dat
2016-12-07 01:58 - 2016-12-07 01:58 - 00000004 _____ C:\ProgramData\sysid100.dat
2016-12-07 01:56 - 2016-12-07 01:56 - 00000000 ____D C:\Users\Henrique\TruePianos Settings
2016-12-07 01:41 - 2016-12-07 01:41 - 00000848 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruePianos Standalone.lnk
2016-12-07 01:40 - 2016-12-07 01:41 - 00000000 ____D C:\Program Files\TruePianos
2016-12-07 01:37 - 2016-12-07 01:37 - 00000000 ____D C:\Users\Henrique\Downloads\TRUE-PIANOS
2016-12-07 01:20 - 2016-12-07 01:32 - 305994384 _____ C:\Users\Henrique\Downloads\TRUE-PIANOS.zip
2016-12-06 23:59 - 2016-12-16 03:01 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Maize Sampler Player
2016-12-06 22:00 - 2016-12-16 01:55 - 00000000 ____D C:\Users\Henrique\Downloads\MeusVSTs
2016-12-06 21:58 - 2016-12-06 21:58 - 03086950 _____ C:\Users\Henrique\Downloads\vsthost_149.zip
2016-12-06 21:21 - 2016-12-06 21:21 - 00001157 _____ C:\Users\Henrique\Downloads\ASIO4ALL v2 - Manual de Instruções.lnk
2016-12-06 21:21 - 2016-12-06 21:21 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-12-06 21:21 - 2016-12-06 21:21 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2016-12-06 20:35 - 2016-12-06 20:36 - 00507449 _____ C:\Users\Henrique\Downloads\ASIO4ALL_2_13_Portuguese.exe
2016-12-06 20:31 - 2016-12-06 20:31 - 00000000 ____D C:\Users\Todos os Usuários\FileFinder
2016-12-06 20:31 - 2016-12-06 20:31 - 00000000 ____D C:\ProgramData\FileFinder
2016-12-06 20:30 - 2016-12-06 20:31 - 00000000 ____D C:\Users\Todos os Usuários\FFinder LTD
2016-12-06 20:30 - 2016-12-06 20:31 - 00000000 ____D C:\ProgramData\FFinder LTD
2016-12-06 18:18 - 2016-12-06 18:18 - 01180815 _____ C:\Users\Henrique\Downloads\UMX490_UMX610_M_PT.pdf
2016-12-06 13:47 - 2016-12-19 21:18 - 00000000 ____D C:\Users\Henrique\Downloads\coral
2016-12-05 18:07 - 2016-12-05 18:07 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-05 18:07 - 2016-12-05 18:07 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-05 18:07 - 2016-12-05 18:07 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-05 18:07 - 2016-12-05 18:07 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-30 21:59 - 2016-11-30 22:30 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\obs-studio
2016-11-30 21:58 - 2016-11-30 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-11-30 11:27 - 2016-11-30 11:27 - 65475696 _____ (Native Instruments GmbH) C:\Users\Henrique\Kontakt 5.dll
2016-11-30 11:26 - 2016-11-30 11:26 - 00051824 _____ (Native Instruments GmbH) C:\Users\Henrique\Kontakt 5 8out.dll
2016-11-30 11:26 - 2016-11-30 11:26 - 00051824 _____ (Native Instruments GmbH) C:\Users\Henrique\Kontakt 5 16out.dll
2016-11-24 21:21 - 2016-11-24 21:21 - 00000000 ____D C:\Users\Henrique\Documents\Harmônicas
2016-11-24 21:20 - 2016-11-24 21:20 - 00000000 ____D C:\Users\Henrique\Documents\Espíritas
2016-11-21 18:03 - 2016-11-21 18:03 - 00356080 _____ C:\Windows\Minidump\112116-17440-01.dmp
2016-11-15 20:05 - 2016-11-15 20:05 - 319441201 _____ C:\Users\Henrique\Downloads\Harpa Crista Cifrada Completa.pdf
2016-11-15 01:01 - 2016-12-18 21:36 - 00000000 ____D C:\Users\Henrique\Downloads\Cifras igreja
2016-11-14 15:08 - 2016-11-14 15:08 - 00356080 _____ C:\Windows\Minidump\111416-19281-01.dmp
2016-11-13 15:37 - 2016-12-04 17:30 - 00000000 ____D C:\Users\Henrique\Downloads\IEQ
2016-11-13 15:32 - 2016-11-13 15:32 - 00000000 ____D C:\Users\Henrique\Downloads\Eu navegarei_data
2016-11-13 15:08 - 2016-11-13 15:32 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Audacity
2016-11-13 15:08 - 2016-11-13 15:08 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-13 15:08 - 2016-11-13 15:08 - 00001011 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-13 15:08 - 2016-11-13 15:08 - 00000000 ____D C:\Users\Henrique\AppData\Local\Audacity
2016-11-13 15:07 - 2016-11-13 15:08 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-11-09 12:42 - 2016-11-09 12:42 - 00011961 _____ C:\Users\Henrique\Downloads\Boleto.pdf
2016-10-18 21:27 - 2016-10-18 21:27 - 00000000 ____D C:\Users\Henrique\AppData\Local\YSearchUtil
2016-10-18 21:27 - 2016-10-18 21:27 - 00000000 ____D C:\Program Files (x86)\Yahoo!
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-12-20 22:34 - 2016-04-03 23:20 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-20 22:08 - 2016-02-21 23:13 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-12-20 22:07 - 2016-02-21 23:13 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2016-12-20 22:07 - 2015-02-13 16:06 - 00002848 _____ C:\Windows\System32\Tasks\SlimDrivers Startup
2016-12-20 22:07 - 2015-02-13 16:06 - 00000416 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2016-12-20 22:06 - 2016-08-03 13:41 - 00013920 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2016-12-20 22:06 - 2016-05-31 00:28 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-12-20 22:06 - 2016-02-21 23:13 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-12-20 22:06 - 2016-02-21 23:13 - 00000000 ____D C:\ProgramData\GbPlugin
2016-12-20 22:06 - 2016-02-21 23:13 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-12-20 22:06 - 2016-02-14 12:36 - 00001020 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-20 22:06 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-20 22:05 - 2009-07-14 02:45 - 00020976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-20 22:05 - 2009-07-14 02:45 - 00020976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-20 21:53 - 2016-02-14 12:36 - 00001024 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-19 00:55 - 2010-11-21 07:37 - 00004284 _____ C:\Windows\system32\prfh0416.dat
2016-12-19 00:55 - 2010-11-21 07:37 - 00004092 _____ C:\Windows\system32\prfc0416.dat
2016-12-19 00:55 - 2009-07-14 03:13 - 00715748 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-19 00:55 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-12-18 12:53 - 2015-02-15 04:16 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 12:53 - 2015-02-15 04:16 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 23:50 - 2016-04-21 22:27 - 00000000 ____D C:\Users\Henrique\AppData\Local\CrashDumps
2016-12-16 15:45 - 2015-02-13 10:37 - 00000000 ____D C:\Users\Henrique
2016-12-16 13:38 - 2016-09-12 16:55 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-12-16 13:38 - 2016-09-12 16:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-16 11:58 - 2016-06-25 23:59 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\uTorrent
2016-12-16 03:38 - 2015-07-07 00:01 - 00000000 ___SD C:\Users\Henrique\AppData\LocalLow\Temp
2016-12-16 00:01 - 2016-02-14 12:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-15 21:49 - 2015-03-29 14:30 - 00000000 ____D C:\Users\Henrique\AppData\Roaming\Skype
2016-12-14 22:55 - 2016-01-29 11:12 - 00002353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 17:14 - 2009-07-14 03:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-06 18:11 - 2016-02-14 12:43 - 00000000 ___RD C:\Users\Henrique\Dropbox
2016-11-29 00:47 - 2016-02-14 12:36 - 00004020 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 00:47 - 2016-02-14 12:36 - 00003768 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-21 18:03 - 2015-02-23 08:55 - 495908730 _____ C:\Windows\MEMORY.DMP
2016-11-21 18:03 - 2015-02-23 08:55 - 00000000 ____D C:\Windows\Minidump
==================== Arquivos na raiz de alguns diretórios =======
2016-03-28 19:54 - 2016-03-28 19:54 - 0000036 _____ () C:\Users\Henrique\AppData\Local\housecall.guid.cache
2016-07-14 12:56 - 2016-07-14 12:56 - 0000000 _____ () C:\Users\Henrique\AppData\Local\{008FF7DB-6528-4B87-A9CA-7114528B6460}
2015-02-15 09:01 - 2015-02-15 09:01 - 0000227 _____ () C:\ProgramData\bc.ini
2016-12-07 01:58 - 2016-12-07 01:58 - 0000004 _____ () C:\ProgramData\sysid100.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\sysid100.dat
C:\Users\Henrique\Kontakt 5 16out.dll
C:\Users\Henrique\Kontakt 5 8out.dll
C:\Users\Henrique\Kontakt 5.dll
C:\Users\Henrique\Uninstal FreeAlpha 64.exe
C:\Users\Todos os Usuários\sysid100.dat
Alguns arquivos em TEMP:
====================
C:\Users\Henrique\AppData\Local\Temp\18876669-1650-4c82-9fe8-ec467308849d.exe
C:\Users\Henrique\AppData\Local\Temp\596963.exe
C:\Users\Henrique\AppData\Local\Temp\atcMedia2521441945802.exe
C:\Users\Henrique\AppData\Local\Temp\atcMedia9651449813108.exe
C:\Users\Henrique\AppData\Local\Temp\BackupSetup.exe
C:\Users\Henrique\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.9.107990.exe
C:\Users\Henrique\AppData\Local\Temp\Baidu_Secure_SystemUp_5.1.3.114963.exe
C:\Users\Henrique\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Henrique\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Henrique\AppData\Local\Temp\libeay32.dll
C:\Users\Henrique\AppData\Local\Temp\msvcr120.dll
C:\Users\Henrique\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Henrique\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Henrique\AppData\Local\Temp\sqlite3.dll
C:\Users\Henrique\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Henrique\AppData\Local\Temp\ytb.exe
C:\Users\Henrique\AppData\Local\Temp\{DBF1772C-36E6-4B0C-8F81-47EA160ABAA4}-DropboxClient_8.4.19.exe
C:\Users\Henrique\AppData\Local\Temp\{EFF6EB2B-47B6-420A-AB9F-701EEFF5D899}-47.0.2526.111_47.0.2526.106_chrome_updater_3stage.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-06-26 20:29
==================== Fim de FRST.txt ============================