Ezsurf.biz hijacked Chrome, not IE or Edge... and only for one windows 10 user [Archive]

msdiniz

2015-12-14, 22:09

Hi, all. 
I'm having problems with ezsurf.biz on last 3 to 4 months, I guess; it captured startup page of Chrome, but not IE or Edge... and only for mine windows 10 user (Marcelo), not for the other user (Grazi). 
I have N360 and Malwarebytes, both full versions, and they cant detect any problem. 
I deleted all Chrome extensions and mine Chrome user... useless. 
I did a register backup with the tweaking.com tool. 
I hope someone can help with resolving these problems, below are my FRST & aswMBR logs. 
TIA 
 
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:14-12-2015 
Executado por Marcelo (administrador) em MARCELO-CASA (14-12-2015 17:59:07) 
Executando a partir de D:\users\Marcelo\Downloads 
Perfis Carregados: Marcelo & MSSQL$ADK (Perfis Disponíveis: Marcelo & Grazi & MSSQL$ADK & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic) 
Platform: Windows 10 Pro Versão 1511 (X64) Idioma: Português (Brasil) 
Internet Explorer Versão 11 (Navegador padrão: Chrome) 
Modo da Inicialização: Normal 
Tutorial da Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a> 
 
==================== Processos (Whitelisted) ================= 
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) 
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY PDF Transformer+\NetworkLicenseServer.exe 
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe 
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe 
(ABBYY InfoPoisk LLC) C:\Program Files (x86)\Common Files\ABBYY\ScreenshotReader\11.00\Licensing\NetworkLicenseServer.exe 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe 
() C:\Program Files\GKrellM\bin\gkrellmd.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe 
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe 
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe 
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe 
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe 
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe 
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe 
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe 
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe 
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe 
() C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe 
(FirebirdSQL Project) C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fb_inet_server.exe 
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe 
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe 
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe 
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe 
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe 
() C:\Program Files (x86)\QNAP\QVR\QVRService.exe 
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe 
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe 
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe 
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe 
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe 
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe 
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe 
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe 
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe 
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\n360.exe 
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe 
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe 
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe 
(Microsoft Corporation) C:\Windows\System32\vmms.exe 
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe 
() C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe 
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\n360.exe 
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe 
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe 
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe 
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe 
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe 
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 
(SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe 
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe 
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe 
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe 
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe 
() C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe 
(Valve Corporation) D:\Steam\Steam.exe 
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe 
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe 
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe 
(Notably Good Ltd) C:\Program Files (x86)\Affixa\AffixaTray.exe 
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe 
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe 
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE 
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY Screenshot Reader 11\ScreenshotReader.exe 
(CIGAM Software Corporativo) C:\Program Files (x86)\ERP CIGAM\CIGAM Boletos\CGBoletos.exe 
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 
(QNAP) C:\Program Files (x86)\QNAP\myQNAPcloud Connect\NetworkDriveAgent.exe 
(Herman van Eijk) C:\Program Files (x86)\MCE Standby Tool\mst.exe 
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe 
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe 
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe 
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe 
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe 
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe 
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe 
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe 
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe 
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe 
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe 
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe 
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe 
(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe 
Falha ao acessar processo -> explorer.exe 
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe 
(Microsoft Corporation) C:\Windows\splwow64.exe 
(Tracker Software Products (Canada) Ltd.) C:\Program Files (x86)\ABBYY PDF Transformer+\pdfSaver5a.exe 
Falha ao acessar processo -> WINWORD.EXE 
Falha ao acessar processo -> explorer.exe 
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe 
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe 
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe 
(SillySot Software) C:\Program Files\Iconoid\iconoid64.exe 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe 
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE 
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe 
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe 
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe 
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Microsoft Corporation) C:\Windows\System32\cmd.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\conathst.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe 
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
 
 
==================== Registro (Whitelisted) =========================== 
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) 
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor) 
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor) 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch 
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2015-03-18] (Copyright 2013 SAMSUNG) 
HKLM\...\Run: [SACMonitor] => C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe [2183312 2012-04-16] (SafeNet, Inc.) 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-12] (NVIDIA Corporation) 
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) 
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-08-18] (GAS Tecnologia LTDA) 
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis) 
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.) 
HKLM-x32\...\Run: [] => [X] 
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis) 
HKLM-x32\...\Run: [Retail.SSR11] => C:\Program Files (x86)\ABBYY Screenshot Reader 11\ScreenshotReader.exe [1297936 2013-09-16] (ABBYY Production LLC) 
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) 
HKLM-x32\...\Run: [NetworkDriveAgent] => C:\Program Files (x86)\QNAP\myQNAPcloud Connect\NetworkDriveAgent.exe [1743592 2014-12-24] (QNAP) 
HKLM-x32\...\Run: [MCE Standby Tool] => C:\Program Files (x86)\MCE Standby Tool\mst.exe [1451008 2011-01-30] (Herman van Eijk) 
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) 
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) 
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2013-08-15] (Google) 
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric) 
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.) 
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.) 
HKLM-x32\...\Run: [AffixaPersonalSettings] => C:\Program Files (x86)\Affixa\AffixaHandler.exe [209272 2015-04-08] (Notably Good Ltd) 
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH) 
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.) 
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-12-04] (RealNetworks, Inc.) 
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.) 
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.) 
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) 
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.) 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) 
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) 
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco) 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [Iconoid] => C:\Program Files\Iconoid\iconoid64.exe [313344 2010-08-21] (SillySot Software) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [Allway Sync] => C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe [93488 2015-10-29] () 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [Steam] => D:\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe [762368 2013-07-05] (Oracle Corporation) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-04-28] (Samsung) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [Affixa] => C:\Program Files (x86)\Affixa\AffixaTray.exe [643584 2015-04-08] (Notably Good Ltd) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [Google Update] => C:\Users\Marcelo\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-10-30] (Google Inc.) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\Run: [Todoist] => C:\Users\Marcelo\AppData\Local\Todoist\WindowsDesktopApp\Todoist.exe [171080 2015-09-29] (Doist Ltd.) 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\RunOnce: [Uninstall C:\Users\Marcelo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marcelo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64" 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\...\RunOnce: [Uninstall C:\Users\Marcelo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marcelo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1" 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation) 
HKU\S-1-5-80-4287524181-3401991209-718407576-1481970793-3068686015\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation) 
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco) 
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) 
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) 
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google) 
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) 
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) 
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation) 
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Marcelo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-11] (Microsoft Corporation) 
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Marcelo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-11] (Microsoft Corporation) 
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Marcelo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-11] (Microsoft Corporation) 
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) 
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) 
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) 
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl) 
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl) 
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl) 
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Marcelo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-11] (Microsoft Corporation) 
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Marcelo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-11] (Microsoft Corporation) 
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Marcelo\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-11] (Microsoft Corporation) 
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) 
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl) 
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl) 
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2014-06-03] (Hermann Schinagl) 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2013-08-14] 
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk [2013-08-14] 
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe () 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2013-08-15] 
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric) 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013-08-20] 
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) 
Startup: C:\Users\Grazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-12-21] 
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) 
Startup: C:\Users\Grazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2014-12-21] 
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) 
InternetURL: C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CIGAM Boletos.url -> file:///C:\Program Files (x86)\ERP CIGAM\CIGAM Boletos\CGBoletos.exe 
Startup: C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013-08-15] 
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) 
Startup: C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2015-01-01] 
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) 
Startup: C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Officejet Pro 8500 A910 (Rede).lnk [2015-08-15] 
ShortcutTarget: Monitorar alertas de tinta - HP Officejet Pro 8500 A910 (Rede).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.) 
Startup: C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerChute.exe.lnk [2013-08-29] 
ShortcutTarget: PowerChute.exe.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\PowerChute.exe (Schneider Electric) 
 
==================== Internet (Whitelisted) ==================== 
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) 
 
Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [66048 2015-10-30] (Microsoft Corporation) 
Winsock: Catalog5-x64 09 C:\Windows\system32\wlidnsp.dll [66048 2015-10-30] (Microsoft Corporation) 
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt 
Tcpip\Parameters: [DhcpNameServer] 201.17.1.90 201.17.0.65 
Tcpip\..\Interfaces\{83b14409-9338-4711-aa61-ffe332fe7807}: [DhcpNameServer] 201.17.1.90 201.17.0.65 
 
Internet Explorer: 
================== 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/ 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie 
HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie 
SearchScopes: HKU\S-1-5-21-3919632497-1473999287-3719428057-1000 -> DefaultScope {AB8E0A1C-25EF-49A6-A15D-F4DE1B9CFA83} URL = hxxps://www.google.com/search?q={searchTerms} 
SearchScopes: HKU\S-1-5-21-3919632497-1473999287-3719428057-1000 -> {37A1CB8F-91AE-4CED-9B46-1F83FC36B8BB} URL = hxxp://www.google.com/search?hl=en&q={searchTerms} 
SearchScopes: HKU\S-1-5-21-3919632497-1473999287-3719428057-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=Vec0qmTC8rtxwowValP4_hwOmvc?q={searchTerms} 
SearchScopes: HKU\S-1-5-21-3919632497-1473999287-3719428057-1000 -> {AB8E0A1C-25EF-49A6-A15D-F4DE1B9CFA83} URL = hxxps://www.google.com/search?q={searchTerms} 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation) 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation) 
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) 
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) 
BHO: Sem Nome -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Nenhum Arquivo 
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation) 
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation) 
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated) 
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) 
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) 
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => Nenhum Arquivo 
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) 
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated) 
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) 
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) 
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) 
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco) 
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) 
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated) 
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation) 
Toolbar: HKU\S-1-5-21-3919632497-1473999287-3719428057-1000 -> Sem Nome - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Nenhum Arquivo 
DPF: HKLM-x32 {721700FE-7F0E-49C5-BDED-CA92B7CB1245} hxxp://192.168.0.5/camclictrl.cab 
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) 
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) 
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) 
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation) 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) 
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) 
 
FireFox: 
======== 
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-10] () 
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.) 
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation) 
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation) 
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) 
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) 
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-10] () 
FF Plugin-x32: @D-Link.com/camclictrl -> C:\Program Files (x86)\D-Link\Plugin\npCamCliCtrl.dll [2013-10-11] (D-Link Corp.) 
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) 
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) 
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) 
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation) 
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation) 
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation) 
FF Plugin-x32: @qnap.com/QVR -> C:\Program Files (x86)\QNAP\QVR\npQVRHost.dll [2015-09-03] ( QNAP System, Inc) 
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-12-04] (RealNetworks, Inc.) 
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) 
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) 
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) 
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-12-04] (RealPlayer) 
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) 
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) 
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) 
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) 
FF Plugin HKU\S-1-5-21-3919632497-1473999287-3719428057-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Marcelo\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) 
FF Plugin HKU\S-1-5-21-3919632497-1473999287-3719428057-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Marcelo\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.) 
FF Plugin HKU\S-1-5-21-3919632497-1473999287-3719428057-1000: <a href="http://www.mydlink.com/Uplayer" target="_blank">www.mydlink.com/Uplayer</a> -> C:\Users\Marcelo\AppData\Roaming\dlink\Uplayer\1.0.0.33\npUplayer.dll [2015-07-09] (D-LINK CORPORATION) 
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon 
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2015-12-04] [não assinado] 
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext 
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-04] [não assinado] 
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt 
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-10-28] [não assinado] 
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon 
 
Chrome: 
======= 
CHR HomePage: Profile 1 -> hxxp://www.google.com.br/ 
CHR StartupUrls: Profile 1 -> "hxxps://mail.google.com/mail/u/0/?shva=1#inbox","hxxps://www.google.com/calendar/render?tab=mc","hxxps://mail.google.com/mail/u/0/?tab=cm#contacts","hxxps://www.todoist.com/","hxxp://www.uol.com.br/","hxxp://globoesporte.globo.com/","hxxp://magnatune.com/artists/albums/paternoster-cellosuites1/","hxxp://cbn.globoradio.globo.com/Player/playerAoVivoRJ.htm","hxxps://chrome.google.com/webstore/category/extensions?hl=pt-BR","hxxps://flipboard.com/","hxxp://www.google.com/" 
CHR DefaultSearchKeyword: Profile 1 -> google.com.br_ 
CHR Profile: C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default 
CHR Extension: (Google Drive) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20] 
CHR Extension: (YouTube) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] 
CHR Extension: (Norton Security Toolbar) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-07] 
CHR Extension: (Google Search) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] 
CHR Extension: (Google Agenda) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-13] 
CHR Extension: (EXAME.com para Chrome) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjeomhheecfjcmhkncjhoedhchbahmpg [2015-09-15] 
CHR Extension: (Kindle Cloud Reader) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-09-15] 
CHR Extension: (Flow) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihgnmdcofnoffcdffjonphfgmenojooh [2015-09-15] 
CHR Extension: (YouTube) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoffpmfcdnncgblkdnobhomnjnkofdm [2015-09-16] 
CHR Extension: (Online PDF Tools) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2015-09-15] 
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2015-09-15] 
CHR Extension: (conversor de moeda) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno [2015-09-15] 
CHR Extension: (ShiftEdit) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij [2015-09-27] 
CHR Extension: (Codenvy) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefigjbiimiemfhjmibbgemkpenelmag [2015-09-15] 
CHR Extension: (Google Maps) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-19] 
CHR Extension: (Google Search) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpjmkngecpnnajkmdhplmeoelenkpgk [2015-09-16] 
CHR Extension: (PDF Cloud Tools) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpieolhcmajmolkhbbeljknkcdcmffk [2015-09-15] 
CHR Extension: (Google Play Books) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-09-15] 
CHR Extension: (Conversor de Unidade Universal) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafkejlpknmikohhgdelefdeeieplkog [2015-09-15] 
CHR Extension: (Cloud9) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2015-09-15] 
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-15] 
CHR Extension: (Picasa) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-09-15] 
CHR Extension: (RealtimeBoard) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg [2015-09-15] 
CHR Extension: (Booking.com) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pficdecjkdlnacnnbkociacmdbpmhdoc [2015-09-15] 
CHR Extension: (Gmail) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-15] 
CHR Profile: C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1 
CHR Extension: (Google Drive) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-14] 
CHR Extension: (YouTube) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-14] 
CHR Extension: (Norton Security Toolbar) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-12-14] 
CHR Extension: (Google Search) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-14] 
CHR Extension: (Google Agenda) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-12-14] 
CHR Extension: (Documentos Google off-line) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-14] 
CHR Extension: (EXAME.com para Chrome) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjeomhheecfjcmhkncjhoedhchbahmpg [2015-12-14] 
CHR Extension: (Kindle Cloud Reader) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-12-14] 
CHR Extension: (Flow) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihgnmdcofnoffcdffjonphfgmenojooh [2015-12-14] 
CHR Extension: (Norton Identity Safe) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-14] 
CHR Extension: (YouTube) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ijoffpmfcdnncgblkdnobhomnjnkofdm [2015-12-14] 
CHR Extension: (Online PDF Tools) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn [2015-12-14] 
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2015-12-14] 
CHR Extension: (conversor de moeda) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbhghjdcfghfhlogkgdklfgmpodeglno [2015-12-14] 
CHR Extension: (ShiftEdit) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij [2015-12-14] 
CHR Extension: (Codenvy) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lefigjbiimiemfhjmibbgemkpenelmag [2015-12-14] 
CHR Extension: (Google Maps) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-12-14] 
CHR Extension: (Google Search) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfpjmkngecpnnajkmdhplmeoelenkpgk [2015-12-14] 
CHR Extension: (PDF Cloud Tools) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjpieolhcmajmolkhbbeljknkcdcmffk [2015-12-14] 
CHR Extension: (Google Play Books) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2015-12-14] 
CHR Extension: (Conversor de Unidade Universal) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nafkejlpknmikohhgdelefdeeieplkog [2015-12-14] 
CHR Extension: (Cloud9) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2015-12-14] 
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-14] 
CHR Extension: (Picasa) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-12-14] 
CHR Extension: (RealtimeBoard) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\opfmbdmhambgleempeofcjjhjclimccg [2015-12-14] 
CHR Extension: (Booking.com) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pficdecjkdlnacnnbkociacmdbpmhdoc [2015-12-14] 
CHR Extension: (Gmail) - C:\Users\Marcelo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-14] 
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30] 
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx 
CHR HKU\S-1-5-21-3919632497-1473999287-3719428057-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx 
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30] 
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] 
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx 
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] 
 
==================== Serviços (Whitelisted) ======================== 
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) 
 
R2 ABBYY.Licensing.PDFTransformer.Classic.4.0; C:\Program Files (x86)\ABBYY PDF Transformer+\NetworkLicenseServer.exe [965848 2015-06-22] (ABBYY Production LLC) 
R2 ABBYY.Licensing.ScreenshotReader.Windows.11.0; C:\Program Files (x86)\Common Files\ABBYY\ScreenshotReader\11.00\Licensing\NetworkLicenseServer.exe [821048 2013-08-14] (ABBYY InfoPoisk LLC) 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [Arquivo não assinado] 
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric) 
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric) 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] () 
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.) 
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.) 
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [Arquivo não assinado] 
R2 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2015-10-29] () [Arquivo não assinado] 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) 
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation) 
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-15] (Dropbox, Inc.) 
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-15] (Dropbox, Inc.) 
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc) 
R2 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fb_inet_server.exe [1974272 2007-03-02] (FirebirdSQL Project) [Arquivo não assinado] 
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-08-14] (Macrovision Europe Ltd.) [Arquivo não assinado] 
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [394752 2015-12-04] (Microsoft Corporation) 
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [Arquivo não assinado] 
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries) 
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-09-29] (GAS Tecnologia) 
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-12] (NVIDIA Corporation) 
R2 gkrellmd; C:\Program Files\GKrellM\bin\gkrellmd.exe [75776 2010-10-13] () [Arquivo não assinado] 
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2013-08-15] (Google) 
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) 
R2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2015-12-04] (Microsoft Corporation) 
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [17408 2015-12-04] (Microsoft Corporation) 
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation) 
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-10-31] (LogMeIn, Inc.) 
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-31] (LogMeIn, Inc.) 
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.) 
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) 
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) 
R2 MSSQL$ADK; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation) 
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation) 
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation) 
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-12] (NVIDIA Corporation) 
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-12] (NVIDIA Corporation) 
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-12] (NVIDIA Corporation) 
R2 QVRService; C:\Program Files (x86)\QNAP\QVR\QVRService.exe [73728 2015-09-03] () [Arquivo não assinado] 
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () 
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSrv.exe [10384 2012-04-16] (SafeNet, Inc.) 
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2015-03-18] (Copyright 2013 SAMSUNG) 
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) 
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.) 
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.) 
S4 SQLAgent$ADK; C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation) 
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) 
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Arquivo não assinado] 
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) 
S3 Visual Studio Analyzer RPC bridge; C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [Arquivo não assinado] 
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2015-12-04] (Microsoft Corporation) 
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2015-12-04] (Microsoft Corporation) 
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation) 
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-08-18] (GAS Tecnologia LTDA) 
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) 
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) 
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2015-12-04] (Microsoft Corporation) 
 
===================== Drivers (Whitelisted) ========================== 
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) 
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.) 
R3 AKSIFDH; C:\Windows\system32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.) 
S3 AKSUP; C:\Windows\system32\drivers\aksup.sys [44712 2008-07-30] (Aladdin Knowledge Systems, Ltd.) 
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] () 
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] () 
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology) 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] () 
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] () 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20151207.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation) 
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation) 
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation) 
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation) 
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () 
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2014-09-22] (Acronis International GmbH) 
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2015-12-04] (Microsoft Corporation) 
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20151211.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation) 
R3 iKeyEnum; C:\Windows\system32\DRIVERS\ikeyenum.sys [16160 2010-07-08] (SafeNet, Inc.) 
R3 iKeyIFD; C:\Windows\system32\DRIVERS\ikeyifd.sys [22304 2010-07-08] (SafeNet, Inc.) 
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.) 
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2015-12-04] (Microsoft Corporation) 
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation) 
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) 
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-14] (Malwarebytes) 
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) 
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151214.002\ENG64.SYS [138488 2015-10-27] (Symantec Corporation) 
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151214.002\EX64.SYS [2148080 2015-10-27] (Symantec Corporation) 
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-12] (NVIDIA Corporation) 
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) 
S3 OXUDIDRV; C:\Windows\system32\Drivers\OXUDIDRV_X64.sys [31280 2010-05-25] () 
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2015-12-04] (Microsoft Corporation) 
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2015-12-04] (Microsoft Corporation) 
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2015-12-04] (Microsoft Corporation) 
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] () 
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () 
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) 
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) 
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation) 
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation) 
S3 STTub30; C:\Windows\System32\Drivers\STTub30.sys [44184 2015-10-29] (STMicroelectronics) 
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation) 
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation) 
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-26] (Symantec Corporation) 
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation) 
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation) 
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2015-12-04] (Microsoft Corporation) 
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-07-26] (Acronis International GmbH) 
S2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-26] (Acronis International GmbH) 
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2015-12-04] (Microsoft Corporation) 
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2015-12-04] (Microsoft Corporation) 
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2015-12-04] (Microsoft Corporation) 
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2015-12-04] (Microsoft Corporation) 
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2015-12-04] (Microsoft Corporation) 
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) 
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) 
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) 
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil) 
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2015-12-04] (Microsoft Corporation) 
U3 idsvc; não ImagePath 
U5 REALPLAYERUPDATESVC; não ImagePath 
 
==================== NetSvcs (Whitelisted) =================== 
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) 
 
 
==================== Um Mês Criados arquivos e pastas ======== 
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 
 
2015-12-14 17:57 - 2015-12-14 17:59 - 00000000 ____D C:\FRST 
2015-12-14 17:57 - 2015-12-14 17:57 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-MARCELO-CASA-Windows-10-Pro-(64-bit).dat 
2015-12-14 17:57 - 2015-12-14 17:57 - 00000000 ____D C:\RegBackup 
2015-12-14 17:56 - 2015-12-14 17:56 - 00016681 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt 
2015-12-14 17:56 - 2015-12-14 17:56 - 00002325 _____ C:\Users\Marcelo\Desktop\Tweaking.com - Registry Backup.lnk 
2015-12-14 17:56 - 2015-12-14 17:56 - 00000000 ____D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com 
2015-12-14 17:56 - 2015-12-14 17:56 - 00000000 ____D C:\Program Files (x86)\Tweaking.com 
2015-12-14 17:45 - 2015-12-14 17:45 - 00000000 ____D C:\Program Files (x86)\ESET 
2015-12-14 17:22 - 2015-12-09 22:26 - 00002363 _____ C:\Users\Marcelo\Desktop\Marcelo - Chrome.lnk 
2015-12-14 16:52 - 2015-12-14 16:52 - 00001371 _____ C:\Users\Marcelo\Desktop\Todoist.lnk 
2015-12-14 16:52 - 2015-12-14 16:52 - 00000000 ____D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Todoist 
2015-12-14 16:52 - 2015-12-14 16:52 - 00000000 ____D C:\Users\Marcelo\AppData\Local\Todoist 
2015-12-14 16:52 - 2015-12-14 16:52 - 00000000 ____D C:\Users\Marcelo\AppData\Local\Doist_Ltd 
2015-12-11 14:29 - 2015-12-11 14:29 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk 
2015-12-11 14:29 - 2015-12-11 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 
2015-12-09 22:49 - 2015-12-09 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 
2015-12-05 12:21 - 2015-12-05 12:21 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 
2015-12-04 08:41 - 2015-12-04 08:41 - 00000000 ____D C:\Users\Marcelo\AppData\Local\ActiveSync 
2015-12-04 08:39 - 2015-12-04 08:39 - 00000020 ___SH C:\Users\Marcelo\ntuser.ini 
2015-12-04 05:19 - 2015-12-04 06:00 - 00000000 ___DC C:\WINDOWS\Panther 
2015-12-04 05:17 - 2015-12-04 05:17 - 00000000 ____D C:\Windows.old 
2015-12-04 05:16 - 2015-12-04 05:16 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 22394880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 14384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 13376512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 13017088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 12120064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 03670832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 
2015-12-04 05:16 - 2015-12-04 05:16 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 
2015-12-04 05:16 - 2015-12-04 05:16 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 
2015-12-04 05:16 - 2015-12-04 05:16 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 01998848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 
2015-12-04 05:16 - 2015-12-04 05:16 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 01126744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 01036640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00940888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 
2015-12-04 05:16 - 2015-12-04 05:16 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00798560 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 
2015-12-04 05:16 - 2015-12-04 05:16 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 
2015-12-04 05:16 - 2015-12-04 05:16 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 
2015-12-04 05:16 - 2015-12-04 05:16 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 
2015-12-04 05:16 - 2015-12-04 05:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 
2015-12-04 05:16 - 2015-12-04 05:16 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00071008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 
2015-12-04 05:16 - 2015-12-04 05:16 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys 
2015-12-04 05:16 - 2015-12-04 05:16 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe 
2015-12-04 05:16 - 2015-12-04 05:16 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 
2015-12-04 05:16 - 2015-12-04 05:16 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 
2015-12-04 05:15 - 2015-12-04 05:15 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 
2015-12-04 05:13 - 2015-12-04 05:13 - 00004096 _____ C:\WINDOWS\system32\config\VSMIDK 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ____D C:\WINDOWS\system32\msmq 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ____D C:\WINDOWS\system32\BestPractices 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ____D C:\WINDOWS\system32\0416 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ____D C:\Program Files\Reference Assemblies 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ____D C:\Program Files\MSBuild 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ____D C:\Program Files\Hyper-V 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 
2015-12-04 05:13 - 2015-12-04 05:13 - 00000000 ____D C:\inetpub 
2015-12-04 05:13 - 2015-12-04 04:31 - 00000000 ____D C:\Program Files (x86)\MSBuild 
2015-12-04 05:13 - 2015-10-23 18:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 
2015-12-04 05:13 - 2015-10-23 18:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 
2015-12-04 05:13 - 2015-10-23 18:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 
2015-12-04 05:12 - 2015-10-23 18:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 
2015-12-04 05:12 - 2015-10-23 18:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 
2015-12-04 05:12 - 2015-10-23 18:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Histórico 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Dados de Aplicativos 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default\Modelos 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default\Meus Documentos 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default\Menu Iniciar 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default\Dados de Aplicativos 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default\Configurações Locais 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default\AppData\Local\Histórico 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default\Ambiente de Rede 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default\Ambiente de Impressão 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Histórico 
2015-12-04 04:58 - 2015-12-04 04:58 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Dados de Aplicativos 
2015-12-04 04:56 - 2015-12-11 02:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 
2015-12-04 04:43 - 2015-12-04 04:43 - 00000020 ___SH C:\Users\MSSQL$ADK\ntuser.ini 
2015-12-04 04:41 - 2015-12-04 04:41 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 
2015-12-04 04:41 - 2015-12-04 04:41 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Roaming\Media Center Programs 
2015-12-04 04:41 - 2015-12-04 04:41 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\Microsoft Help 
2015-12-04 04:41 - 2015-12-04 04:41 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\Google 
2015-12-04 04:41 - 2015-12-04 04:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs 
2015-12-04 04:41 - 2015-12-04 04:41 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 
2015-12-04 04:41 - 2015-12-04 04:41 - 00000000 ____D C:\Users\Default\AppData\Local\Google 
2015-12-04 04:41 - 2015-12-04 04:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs 
2015-12-04 04:41 - 2015-12-04 04:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 
2015-12-04 04:41 - 2015-12-04 04:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 
2015-12-04 04:31 - 2015-12-04 04:31 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines 
2015-12-04 04:26 - 2015-12-04 04:42 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 
2015-12-04 04:23 - 2015-12-04 08:42 - 00000000 ____D C:\Users\Marcelo 
2015-12-04 04:23 - 2015-12-04 04:57 - 00000000 ____D C:\Users\Grazi 
2015-12-04 04:23 - 2015-12-04 04:54 - 00000000 ____D C:\Users\Classic .NET AppPool 
2015-12-04 04:23 - 2015-12-04 04:54 - 00000000 ____D C:\Users\.NET v2.0 Classic 
2015-12-04 04:23 - 2015-12-04 04:53 - 00000000 ____D C:\Users\DefaultAppPool 
2015-12-04 04:23 - 2015-12-04 04:53 - 00000000 ____D C:\Users\.NET v4.5 
2015-12-04 04:23 - 2015-12-04 04:52 - 00000000 ____D C:\Users\.NET v2.0 
2015-12-04 04:23 - 2015-12-04 04:51 - 00000000 ____D C:\Users\.NET v4.5 Classic 
2015-12-04 04:23 - 2015-12-04 04:45 - 00000000 ____D C:\Users\MSSQL$ADK 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\MSSQL$ADK\Modelos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\MSSQL$ADK\Meus Documentos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\MSSQL$ADK\Menu Iniciar 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\MSSQL$ADK\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\MSSQL$ADK\Configurações Locais 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\MSSQL$ADK\AppData\Local\Histórico 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\MSSQL$ADK\AppData\Local\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\MSSQL$ADK\Ambiente de Rede 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\MSSQL$ADK\Ambiente de Impressão 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Marcelo\Modelos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Marcelo\Meus Documentos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Marcelo\Menu Iniciar 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Marcelo\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Marcelo\Configurações Locais 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Marcelo\AppData\Local\Histórico 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Marcelo\AppData\Local\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Marcelo\Ambiente de Rede 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Marcelo\Ambiente de Impressão 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Grazi\Modelos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Grazi\Meus Documentos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Grazi\Menu Iniciar 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Grazi\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Grazi\Configurações Locais 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Grazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Grazi\AppData\Local\Histórico 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Grazi\AppData\Local\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Grazi\Ambiente de Rede 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Grazi\Ambiente de Impressão 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Modelos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Meus Documentos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Menu Iniciar 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Configurações Locais 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Histórico 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Ambiente de Rede 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\DefaultAppPool\Ambiente de Impressão 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Modelos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Meus Documentos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Menu Iniciar 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Configurações Locais 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Classic .NET AppPool\AppData\Local\Histórico 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Classic .NET AppPool\AppData\Local\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Ambiente de Rede 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\Classic .NET AppPool\Ambiente de Impressão 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5\Modelos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5\Meus Documentos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5\Menu Iniciar 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5\Configurações Locais 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Local\Histórico 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5\AppData\Local\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5\Ambiente de Rede 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5\Ambiente de Impressão 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Modelos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Meus Documentos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Menu Iniciar 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Configurações Locais 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Local\Histórico 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\AppData\Local\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Ambiente de Rede 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v4.5 Classic\Ambiente de Impressão 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0\Modelos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0\Meus Documentos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0\Menu Iniciar 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0\Configurações Locais 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0\AppData\Local\Histórico 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0\AppData\Local\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0\Ambiente de Rede 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0\Ambiente de Impressão 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Modelos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Meus Documentos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Menu Iniciar 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Configurações Locais 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\AppData\Local\Histórico 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\AppData\Local\Dados de Aplicativos 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Ambiente de Rede 
2015-12-04 04:23 - 2015-12-04 04:23 - 00000000 _SHDL C:\Users\.NET v2.0 Classic\Ambiente de Impressão 
2015-12-04 04:22 - 2015-12-11 14:30 - 02376140 _____ C:\WINDOWS\system32\PerfStringBackup.INI 
2015-12-04 04:22 - 2015-12-04 04:22 - 02034332 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 
2015-12-04 04:21 - 2015-12-04 04:31 - 00000000 ____D C:\Program Files\Common Files\logishrd 
2015-12-04 04:21 - 2015-12-04 04:21 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys 
2015-12-04 04:21 - 2015-12-04 04:21 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf 
2015-12-04 04:21 - 2015-12-04 04:21 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 
2015-12-04 04:21 - 2015-12-04 04:21 - 00000000 ____D C:\Program Files\Realtek 
2015-12-04 04:20 - 2015-12-04 04:43 - 00370696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 
2015-12-04 04:20 - 2015-12-04 04:43 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA 
2015-12-04 04:20 - 2015-12-04 04:43 - 00000000 ____D C:\ProgramData\NVIDIA 
2015-12-04 04:20 - 2015-12-04 04:32 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation 
2015-12-04 04:20 - 2015-12-04 04:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 
2015-12-04 04:20 - 2015-12-04 04:31 - 00000000 ____D C:\Program Files\NVIDIA Corporation 
2015-12-04 04:20 - 2015-12-04 04:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 
2015-12-04 04:20 - 2015-11-24 17:32 - 06358648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 
2015-12-04 04:20 - 2015-11-24 17:32 - 02983032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 
2015-12-04 04:20 - 2015-11-24 17:32 - 02554672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 
2015-12-04 04:20 - 2015-11-24 17:32 - 00938616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 
2015-12-04 04:20 - 2015-11-24 17:32 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 
2015-12-04 04:20 - 2015-11-24 17:32 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 
2015-12-04 04:20 - 2015-11-23 18:35 - 06049858 _____ C:\WINDOWS\system32\nvcoproc.bin 
2015-12-04 04:20 - 2015-10-30 05:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 
2015-12-02 18:37 - 2013-06-26 18:05 - 00226744 _____ (Micromed Biotecnologia Ltda.) C:\WINDOWS\SysWOW64\MMDSCP.dll 
2015-12-01 20:26 - 2015-12-01 20:26 - 00002223 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk 
2015-12-01 20:26 - 2015-11-24 16:42 - 00102704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 
2015-12-01 20:23 - 2015-11-25 22:34 - 11228488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 
2015-12-01 20:23 - 2015-11-24 21:07 - 42913912 _____ C:\WINDOWS\system32\nvcompiler.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 37882672 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 22345336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 18487360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 18389624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 16561320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 15933400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 15839392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 14844304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 13533416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 12870384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 12040952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 03540360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 03126800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 02876536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 02496816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 01905272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435906.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 01572496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435906.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00877872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00861816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00689784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00673912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00539464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00445400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00205456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 
2015-12-01 20:23 - 2015-11-24 21:07 - 00177416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00039240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 
2015-12-01 20:23 - 2015-11-24 21:07 - 00034494 _____ C:\WINDOWS\system32\nvinfo.pb 
2015-12-01 13:06 - 2015-12-04 04:42 - 00000000 ____D C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú 
2015-11-26 20:33 - 2015-11-26 20:33 - 00000000 ___DL C:\Users\Todos os Usuários\Package Cache 
2015-11-26 20:33 - 2015-11-26 20:33 - 00000000 ___DL C:\ProgramData\Package Cache 
2015-11-26 16:51 - 2015-12-04 04:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Size 
2015-11-26 16:51 - 2015-11-26 16:51 - 00001124 _____ C:\Users\Marcelo\Desktop\Folder Size.lnk 
2015-11-26 16:51 - 2015-11-26 16:51 - 00000000 ____D C:\Users\Todos os Usuários\MindGems 
2015-11-26 16:51 - 2015-11-26 16:51 - 00000000 ____D C:\ProgramData\MindGems 
2015-11-26 16:51 - 2015-11-26 16:51 - 00000000 ____D C:\Program Files (x86)\Folder Size 
2015-11-22 14:09 - 2015-11-16 01:54 - 01905456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435900.dll 
2015-11-22 14:09 - 2015-11-16 01:54 - 01564792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435900.dll 
2015-11-22 14:07 - 2015-11-12 16:37 - 00112712 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 
2015-11-17 23:09 - 2015-11-26 17:31 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 
2015-11-17 23:09 - 2015-11-17 23:09 - 00002137 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 
2015-11-14 01:58 - 2015-11-14 01:58 - 00000877 _____ C:\Users\Marcelo\Desktop\Steam.exe.lnk 
 
==================== Um Mês Modificados arquivos e pastas ======== 
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 
 
2015-12-14 17:57 - 2015-10-30 04:28 - 00000000 ____D C:\Windows 
2015-12-14 17:48 - 2015-09-15 23:43 - 00001048 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 
2015-12-14 17:42 - 2015-10-30 20:32 - 00001112 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3919632497-1473999287-3719428057-1000UA.job 
2015-12-14 17:42 - 2015-10-30 20:32 - 00001060 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3919632497-1473999287-3719428057-1000Core.job 
2015-12-14 17:40 - 2014-02-02 01:16 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 
2015-12-14 17:38 - 2013-08-15 01:08 - 00004182 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EE067CFD-7726-43B7-B927-6D762F2BD2ED} 
2015-12-14 17:25 - 2013-08-15 00:32 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 
2015-12-14 15:47 - 2015-10-01 19:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360 
2015-12-14 14:51 - 2015-02-02 09:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 
2015-12-14 12:48 - 2015-04-09 19:31 - 00000000 ____D C:\Program Files (x86)\Affixa 
2015-12-14 10:53 - 2013-08-15 00:45 - 00000000 _____ C:\WINDOWS\Path.idx 
2015-12-14 10:23 - 2013-08-15 00:53 - 00001640 _____ C:\WINDOWS\MB.idx 
2015-12-14 10:00 - 2015-09-15 23:11 - 00000414 _____ C:\WINDOWS\Tasks\Allway Sync_{4DECC64D2D0B616FB06E6AEDC6D65E89}.job 
2015-12-14 09:00 - 2014-12-03 19:35 - 00000388 _____ C:\WINDOWS\Tasks\Allway Sync_{449BCC86312B1EEA3A71EAE5662C34AA}.job 
2015-12-14 05:25 - 2013-08-15 00:32 - 00001098 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 
2015-12-14 04:13 - 2015-10-30 05:24 - 00000000 ____D C:\WINDOWS\AppReadiness 
2015-12-13 11:21 - 2015-10-30 05:24 - 00000000 ____D C:\WINDOWS\system32\NDF 
2015-12-13 11:21 - 2013-08-27 13:15 - 00000000 ____D C:\Users\Marcelo\AppData\Local\ElevatedDiagnostics 
2015-12-13 01:19 - 2015-10-30 05:24 - 00000000 ___HD C:\Program Files\WindowsApps 
2015-12-12 22:48 - 2015-09-15 23:43 - 00001044 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 
2015-12-12 08:58 - 2015-10-30 05:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports 
2015-12-11 16:40 - 2014-12-03 17:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer 
2015-12-11 14:30 - 2015-10-30 17:11 - 00987028 _____ C:\WINDOWS\system32\prfh0416.dat 
2015-12-11 14:30 - 2015-10-30 17:11 - 00232754 _____ C:\WINDOWS\system32\prfc0416.dat 
2015-12-11 14:30 - 2015-10-30 05:21 - 00000000 ____D C:\WINDOWS\INF 
2015-12-11 14:20 - 2015-10-30 05:11 - 00000000 ____D C:\WINDOWS\CbsTemp 
2015-12-11 08:44 - 2015-08-17 19:07 - 00002433 _____ C:\Users\Marcelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 
2015-12-11 08:40 - 2013-12-04 08:39 - 00003590 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3919632497-1473999287-3719428057-1000 
2015-12-11 08:40 - 2013-12-04 08:39 - 00003530 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3919632497-1473999287-3719428057-1000 
2015-12-10 20:51 - 2013-08-15 02:01 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 
2015-12-10 20:51 - 2013-08-15 02:01 - 00000000 ____D C:\ProgramData\Microsoft Help 
2015-12-10 20:49 - 2015-04-07 13:35 - 00000000 ____D C:\ProgramData