cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01
Executado por andradefilho (ATENÇÃO: O usuário não é o administrador) em ANDRADEFILHO_I5 (25-03-2016 02:14:54)
Executando a partir de C:\Users\andradefilho\Downloads
Perfis Carregados: andradefilho & Administrador (Perfis Disponíveis: andradefilho & Administrador)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

Falha ao acessar processo -> smss.exe
Falha ao acessar processo -> csrss.exe
Falha ao acessar processo -> wininit.exe
Falha ao acessar processo -> csrss.exe
Falha ao acessar processo -> winlogon.exe
Falha ao acessar processo -> services.exe
Falha ao acessar processo -> lsass.exe
Falha ao acessar processo -> lsm.exe
Falha ao acessar processo -> svchost.exe
() C:\Program Files (x86)\GbPlugin\gbpsv.exe
Falha ao acessar processo -> svchost.exe
Falha ao acessar processo -> svchost.exe
Falha ao acessar processo -> svchost.exe
Falha ao acessar processo -> svchost.exe
Falha ao acessar processo -> svchost.exe
Falha ao acessar processo -> svchost.exe
Falha ao acessar processo -> spoolsv.exe
Falha ao acessar processo -> svchost.exe
Falha ao acessar processo -> svchost.exe
Falha ao acessar processo -> FileZilla Server.exe
Falha ao acessar processo -> MDM.EXE
Falha ao acessar processo -> mysqld.exe
Falha ao acessar processo -> svchost.exe
Falha ao acessar processo -> core.exe
Falha ao acessar processo -> WlanWpsSvc.exe
Falha ao acessar processo -> svchost.exe
Falha ao acessar processo -> osmsg.exe
Falha ao acessar processo -> explorer.exe
Falha ao acessar processo -> SearchIndexer.exe
() C:\Program Files (x86)\GbPlugin\gbpsv.exe
Falha ao acessar processo -> sppsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(JURID Publicações Eletrônicas) C:\Program Files (x86)\JURID Publicacoes Eletronicas\Auxilium\bin\AxMonEventos.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(JURID Publicações Eletrônicas) C:\Program Files (x86)\JURID Publicacoes Eletronicas\Auxilium\bin\AxServidor.exe
(The Firebird Project) C:\Program Files (x86)\JURID Publicacoes Eletronicas\Auxilium\bin\fb_inet_server.exe
Falha ao acessar processo -> wmpnetwk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5256336 2012-07-11] (VIA)
HKLM-x32\...\Run: [Auxilium - Servidor] => C:\Program Files (x86)\JURID Publicacoes Eletronicas\Auxilium\bin\AxServidor.exe [1543680 2009-05-27] (JURID Publicações Eletrônicas)
HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal)
HKU\S-1-5-21-2744830905-1671649645-436525760-1000\...\Run: [AxMonitor] => C:\Program Files (x86)\JURID Publicacoes Eletronicas\Auxilium\bin\AxMonEventos.exe [1615360 2009-05-27] (JURID Publicações Eletrônicas)
HKU\S-1-5-21-2744830905-1671649645-436525760-1000\...\Run: [Pritc] => C:\Windows\TEMP\is-QFO31.tmp\print.exe <===== ATENÇÃO
HKU\S-1-5-21-2744830905-1671649645-436525760-1000\...\MountPoints2: {8bb83965-ef56-11e5-b705-7427ea78643b} - I:\MotoCastSetup.exe -a
HKU\S-1-5-21-2744830905-1671649645-436525760-500\...\Run: [AxMonitor] => C:\Program Files (x86)\JURID Publicacoes Eletronicas\Auxilium\bin\AxMonEventos.exe [1615360 2009-05-27] (JURID Publicações Eletrônicas)
HKU\S-1-5-21-2744830905-1671649645-436525760-500\...\Run: [msiql] => C:\ProgramData\mspop.exe /RUNNING
HKU\S-1-5-21-2744830905-1671649645-436525760-500\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /DEFAULT
HKU\S-1-5-21-2744830905-1671649645-436525760-500\...\Run: [Pritc] => C:\Windows\TEMP\is-H99RP.tmp\print.exe <===== ATENÇÃO
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: acaptuser32.dll => Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-11-04] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2015-12-21]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe (D-Link Corp.)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2015-12-30] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\..\Interfaces\{48F671DD-323D-4D13-A038-D8DE58EDB611}: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{97D55A80-1E0E-46C8-89F9-41266562B416}: [NameServer] 192.168.0.99,192.168.0.1
Tcpip\..\Interfaces\{C6059057-C1B2-4E7C-8E09-933537B55243}: [NameServer] 192.168.25.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_11¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0Czz0F0CyEtDtDyCyDyE0CyDtDtC0AtN0D0Tzu0StCyDtAyCtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0BtC0DtB0D0BtBtGyE0CtByDtGtBtBzytBtGtAtAtCyEtGtCzy0FtAyE0CyCyCyDtC0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0D0FtCtDyCzytGzy0E0B0CtGyEtDtDtBtGzytD0DzztGtCzz0BtAyCtB0AyDtD0D0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D1465894015%26a%3Dwncy_nwmeddnld_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_11¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0Czz0F0CyEtDtDyCyDyE0CyDtDtC0AtN0D0Tzu0StCyDtAyCtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0BtC0DtB0D0BtBtGyE0CtByDtGtBtBzytBtGtAtAtCyEtGtCzy0FtAyE0CyCyCyDtC0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0D0FtCtDyCzytGzy0E0B0CtGyEtDtDtBtGzytD0DzztGtCzz0BtAyCtB0AyDtD0D0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D1465894015%26a%3Dwncy_nwmeddnld_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_11¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0Czz0F0CyEtDtDyCyDyE0CyDtDtC0AtN0D0Tzu0StCyDtAyCtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0BtC0DtB0D0BtBtGyE0CtByDtGtBtBzytBtGtAtAtCyEtGtCzy0FtAyE0CyCyCyDtC0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0D0FtCtDyCzytGzy0E0B0CtGyEtDtDtBtGzytD0DzztGtCzz0BtAyCtB0AyDtD0D0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D1465894015%26a%3Dwncy_nwmeddnld_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2744830905-1671649645-436525760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com.br/
URLSearchHook: [S-1-5-21-2744830905-1671649645-436525760-500] ATENÇÃO => A URLSearchHook Padrão está ausente
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_nwmeddnld_16_11¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0F0Czz0F0CyEtDtDyCyDyE0CyDtDtC0AtN0D0Tzu0StCyDtAyDtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyE0CzztC0AtB0EyDtGtA0BtDtBtG0DyBzztDtGyE0DtDyEtG0AyC0FyEyEyC0DyDzyyC0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0D0FtCtDyCzytGzy0E0B0CtGyEtDtDtBtGzytD0DzztGtCzz0BtAyCtB0AyDtD0D0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D1251897623%26a%3Djmb_nwmeddnld_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_nwmeddnld_16_11¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0F0Czz0F0CyEtDtDyCyDyE0CyDtDtC0AtN0D0Tzu0StCyDtAyDtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyE0CzztC0AtB0EyDtGtA0BtDtBtG0DyBzztDtGyE0DtDyEtG0AyC0FyEyEyC0DyDzyyC0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0D0FtCtDyCzytGzy0E0B0CtGyEtDtDtBtGzytD0DzztGtCzz0BtAyCtB0AyDtD0D0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D1251897623%26a%3Djmb_nwmeddnld_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_11¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0Czz0F0CyEtDtDyCyDyE0CyDtDtC0AtN0D0Tzu0StCyDtAyCtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0BtC0DtB0D0BtBtGyE0CtByDtGtBtBzytBtGtAtAtCyEtGtCzy0FtAyE0CyCyCyDtC0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0D0FtCtDyCzytGzy0E0B0CtGyEtDtDtBtGzytD0DzztGtCzz0BtAyCtB0AyDtD0D0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D1465894015%26a%3Dwncy_nwmeddnld_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_nwmeddnld_16_11¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0F0Czz0F0CyEtDtDyCyDyE0CyDtDtC0AtN0D0Tzu0StCyDtAyDtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyE0CzztC0AtB0EyDtGtA0BtDtBtG0DyBzztDtGyE0DtDyEtG0AyC0FyEyEyC0DyDzyyC0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0D0FtCtDyCzytGzy0E0B0CtGyEtDtDtBtGzytD0DzztGtCzz0BtAyCtB0AyDtD0D0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D1251897623%26a%3Djmb_nwmeddnld_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_nwmeddnld_16_11¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0F0Czz0F0CyEtDtDyCyDyE0CyDtDtC0AtN0D0Tzu0StCyDtAyDtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyE0CzztC0AtB0EyDtGtA0BtDtBtG0DyBzztDtGyE0DtDyEtG0AyC0FyEyEyC0DyDzyyC0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0D0FtCtDyCzytGzy0E0B0CtGyEtDtDtBtGzytD0DzztGtCzz0BtAyCtB0AyDtD0D0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D1251897623%26a%3Djmb_nwmeddnld_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_nwmeddnld_16_11¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0Czz0F0CyEtDtDyCyDyE0CyDtDtC0AtN0D0Tzu0StCyDtAyCtN1L2XzutAtFtCzytFtAtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0BtC0DtB0D0BtBtGyE0CtByDtGtBtBzytBtGtAtAtCyEtGtCzy0FtAyE0CyCyCyDtC0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0B0D0FtCtDyCzytGzy0E0B0CtGyEtDtDtBtGzytD0DzztGtCzz0BtAyCtB0AyDtD0D0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByDyB%26cr%3D1465894015%26a%3Dwncy_nwmeddnld_16_11%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll [2015-09-22] (Caixa Economica Federal)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-10-28] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Sem Nome - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2744830905-1671649645-436525760-1000 -> Sem Nome - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Nenhum Arquivo
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-11-06] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-11-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-11-06] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-11-06] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\andradefilho\AppData\Roaming\Mozilla\Firefox\Profiles\6e4re9ti.default-1458328246767
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-2744830905-1671649645-436525760-1000: gastecnologia.com.br/sf/cef -> C:\Users\andradefilho\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-2744830905-1671649645-436525760-1000: gastecnologia.com.br/sf/cef64 -> C:\Users\andradefilho\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF Extension: New Tab by Yahoo - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-11-23] [não assinado]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFPlgn [2016-03-18] [não assinado]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{58931F90-7418-F91C-7D0E-6744BB523292}] - C:\Program Files (x86)\version09CheckMeUp\194.xpi => não encontrado (a)
FF HKU\S-1-5-21-2744830905-1671649645-436525760-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\andradefilho\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\andradefilho\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-12-21] [não assinado]
FF HKU\S-1-5-21-2744830905-1671649645-436525760-1000\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.4
FF Extension: Free Download Manager extension - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.4 [2016-03-16]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\andradefilho\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\andradefilho\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (YouTube) - C:\Users\andradefilho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-15]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\andradefilho\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-15]
CHR Extension: (Gmail) - C:\Users\andradefilho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-15]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2016-03-16]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.4.24\Exts\Chrome.crx [2016-03-16]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [827904 2016-01-28] (FileZilla Project) [Arquivo não assinado]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-12-16] (Macrovision Europe Ltd.) [Arquivo não assinado]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-03-10] (TODO: ) [Arquivo não assinado]
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [39622144 2016-02-02] () [Arquivo não assinado]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [Arquivo não assinado]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936 2008-06-26] () [Arquivo não assinado]
S2 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X]
S3 XBox; %SystemRoot%\system32\config\systemprofile\AppData\Roaming\XBox\XBLive.exe [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20150921.003\BHDrvx64.sys [1650936 2015-09-23] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605040.018\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-20] (Symantec Corporation)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-03-25] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20150930.101\IDSVia64.sys [767224 2015-09-23] (Symantec Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-03-16] (DotC United Inc)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20150923.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20150923.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2013-11-15] (Realtek Semiconductor Corporation )
R1 SRTSP; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605040.018\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605040.018\SYMEFASI64.SYS [1620720 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-03-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605040.018\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [40448 2011-01-21] (Generic)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2016-01-19] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2016-01-19] (Oracle Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-03-25] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-25 01:40 - 2016-03-25 01:54 - 00000452 _____ C:\Users\andradefilho\Downloads\Search.txt
2016-03-25 01:33 - 2016-03-25 02:14 - 00027320 _____ C:\Users\andradefilho\Downloads\FRST.txt
2016-03-25 01:33 - 2016-03-25 01:34 - 00030962 _____ C:\Users\andradefilho\Downloads\Addition.txt
2016-03-25 01:32 - 2016-03-25 02:14 - 00000000 ____D C:\FRST
2016-03-25 01:32 - 2016-03-25 01:32 - 02374144 _____ (Farbar) C:\Users\andradefilho\Downloads\FRST64.exe
2016-03-25 01:31 - 2016-03-25 01:31 - 01725440 _____ (Farbar) C:\Users\andradefilho\Downloads\FRST.exe
2016-03-25 01:28 - 2016-03-25 01:28 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-03-25 01:28 - 2016-03-25 01:28 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-03-24 11:49 - 2016-03-24 11:49 - 01060166 _____ C:\Users\andradefilho\Downloads\117_golf.pdf
2016-03-23 23:55 - 2016-03-23 23:55 - 00066245 _____ C:\Users\andradefilho\Downloads\Once.Upon.a.Time.S05E14.rar
2016-03-23 23:54 - 2016-03-23 23:54 - 333921094 _____ C:\Users\andradefilho\Downloads\Once.Upon.a.Time.S05E14.XviD-AFG.avi
2016-03-23 23:01 - 2016-03-23 23:03 - 1494199272 _____ C:\Users\andradefilho\Downloads\Once.Upon.a.Time.S05E14.720P.HDTV.x264.mkv
2016-03-23 20:06 - 2016-03-23 20:06 - 06128206 _____ C:\Users\andradefilho\Downloads\On.Up.a.Ti.5.14.720p.MP4LEG_SerieFilmes.rar
2016-03-23 14:59 - 2016-03-23 14:59 - 00057183 _____ C:\Users\andradefilho\Downloads\indice-benedicto.pdf
2016-03-23 07:33 - 2016-03-23 07:33 - 00145393 _____ C:\Users\andradefilho\Downloads\Once.Upon.a.Time.S05E13.rar
2016-03-23 07:23 - 2016-03-23 07:23 - 00550400 _____ C:\Users\andradefilho\Downloads\AdobeFlashPlayer_2016_.exe
2016-03-22 20:45 - 2016-03-22 20:45 - 06373131 _____ C:\Users\andradefilho\Downloads\CAT_FIAT.PDF
2016-03-22 03:31 - 2016-03-22 03:31 - 00000000 ____D C:\Users\andradefilho\AppData\Local\Macromedia
2016-03-21 09:38 - 2016-03-21 09:38 - 10723691 _____ C:\Users\andradefilho\Downloads\pagina (1).pdf
2016-03-19 12:36 - 2016-03-21 08:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 18:38 - 2016-03-18 18:38 - 01105352 _____ C:\Users\andradefilho\Downloads\Relatorio de Produtos.xlsx
2016-03-18 16:10 - 2016-03-18 16:10 - 00000000 ____D C:\Users\andradefilho\Desktop\Dados anteriores do Firefox
2016-03-18 16:07 - 2016-03-18 16:07 - 00000000 ____D C:\Users\andradefilho\AppData\Roaming\UG
2016-03-18 15:46 - 2016-03-18 15:46 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\UG
2016-03-18 15:37 - 2016-03-18 16:27 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2016-03-18 15:37 - 2016-03-18 16:27 - 00000000 ____D C:\ProgramData\Temp
2016-03-18 15:37 - 2016-03-18 15:37 - 02612608 _____ (Banco do Brasil SA) C:\Users\andradefilho\Downloads\DiagnosticoBB.exe
2016-03-18 14:53 - 2016-03-18 16:10 - 00000000 ____D C:\Program Files (x86)\UPCleaner
2016-03-18 05:44 - 2016-03-25 01:15 - 00000000 ____D C:\Users\andradefilho\Downloads\AntiMalWare
2016-03-18 05:42 - 2016-03-18 05:42 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-18 05:42 - 2016-03-18 05:42 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-03-18 05:42 - 2016-03-18 05:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-18 05:42 - 2016-03-18 05:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-18 05:42 - 2016-03-18 05:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-18 05:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-18 05:42 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-18 05:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-18 05:23 - 2016-03-18 05:23 - 00001088 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-03-18 05:23 - 2016-03-18 05:23 - 00000000 ____D C:\Users\Todos os Usuários\VS Revo Group
2016-03-18 05:23 - 2016-03-18 05:23 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-03-18 05:23 - 2016-03-18 05:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-03-18 05:23 - 2016-03-18 05:23 - 00000000 ____D C:\Program Files\VS Revo Group
2016-03-18 05:23 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-03-17 22:07 - 2016-03-25 01:28 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-03-17 05:23 - 2016-03-17 05:24 - 06516656 _____ (Tim Kosse) C:\Users\andradefilho\Downloads\FileZilla_3.16.1_win64-setup.exe
2016-03-16 13:34 - 2016-03-16 13:34 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-03-16 13:34 - 2016-03-16 13:34 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-03-16 13:34 - 2016-03-16 13:34 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-03-16 13:32 - 2016-03-16 13:35 - 00000000 ____D C:\Users\Todos os Usuários\Norton
2016-03-16 13:32 - 2016-03-16 13:35 - 00000000 ____D C:\ProgramData\Norton
2016-03-16 13:32 - 2016-03-16 13:32 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-03-16 13:32 - 2016-03-16 13:32 - 00000000 ____D C:\Users\Todos os Usuários\NortonInstaller
2016-03-16 13:32 - 2016-03-16 13:32 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-03-16 13:32 - 2016-03-16 13:32 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-03-16 13:32 - 2016-03-16 13:32 - 00000000 ____D C:\Program Files (x86)\Norton Security
2016-03-16 13:28 - 2016-03-18 15:04 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-03-16 13:28 - 2016-03-16 13:28 - 00060136 ____N (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-03-16 06:29 - 2016-03-16 06:30 - 22047624 _____ C:\Users\andradefilho\Downloads\lojas_mercante(5).sql
2016-03-15 23:41 - 2016-03-18 15:46 - 00000000 ____D C:\Program Files (x86)\osTip
2016-03-15 23:16 - 2016-03-15 23:16 - 00000000 ____D C:\Users\andradefilho\AppData\Local\Chromium
2016-03-15 22:27 - 2016-03-15 22:35 - 00000000 ____D C:\Windows\Minidump
2016-03-15 22:25 - 2016-03-15 22:25 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2016-03-15 22:13 - 2016-03-15 22:13 - 00631808 _____ C:\Windows\qas.dat
2016-03-15 22:05 - 2016-03-25 01:23 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-15 21:38 - 2016-03-15 21:38 - 08183332 _____ C:\Users\andradefilho\Downloads\delacao_delcidio_do_amaral.pdf
2016-03-14 23:52 - 2016-03-18 16:10 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-03-14 23:52 - 2016-03-18 16:10 - 00000372 __RSH C:\ProgramData\ntuser.pol
2016-03-14 23:51 - 2016-03-18 15:22 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-03-14 23:51 - 2016-03-18 15:22 - 00000000 ____D C:\ProgramData\System32
2016-03-14 23:51 - 2016-03-15 10:34 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-03-14 13:07 - 2016-03-14 13:07 - 01664723 _____ C:\Users\andradefilho\Downloads\Oficio_e_Resposta_31_07_2014 (1).pdf
2016-03-14 08:03 - 2016-03-14 08:03 - 00388307 _____ C:\Users\andradefilho\Downloads\doc_34755556.pdf
2016-03-14 07:52 - 2016-03-14 07:52 - 00037374 _____ C:\Users\andradefilho\Downloads\cata_citatoria.pdf
2016-03-14 07:51 - 2016-03-14 07:51 - 01312504 _____ C:\Users\andradefilho\Downloads\doc_34755557.pdf
2016-03-13 08:10 - 2016-03-13 08:10 - 00893046 _____ C:\Users\andradefilho\Downloads\locallizo_loja_com_Categoria.sql
2016-03-13 08:08 - 2016-03-13 08:08 - 01108407 _____ C:\Users\andradefilho\Downloads\locallizo_loja.sql
2016-03-12 19:13 - 2016-03-12 19:14 - 00748642 _____ C:\Users\andradefilho\Downloads\ppb_categories.csv
2016-03-12 18:49 - 2016-03-12 18:49 - 00927638 _____ C:\Users\andradefilho\Downloads\php_probid_71_Categias_traduzida.sql
2016-03-12 00:02 - 2016-03-12 00:02 - 07670784 _____ C:\Users\andradefilho\Downloads\oc_mytable_Geral.xls
2016-03-11 21:24 - 2016-03-11 21:30 - 01065724 _____ C:\Users\andradefilho\Downloads\oc_mytable_motos.csv
2016-03-11 21:23 - 2016-03-11 21:23 - 01379359 _____ C:\Users\andradefilho\Downloads\oc_mytable_motos.sql
2016-03-11 21:20 - 2016-03-11 21:20 - 05463552 _____ C:\Users\andradefilho\Downloads\oc_mytable_dismec2.xls
2016-03-11 21:08 - 2016-03-11 21:08 - 04257686 _____ C:\Users\andradefilho\Downloads\oc_mytable_dismec(1).csv
2016-03-11 20:51 - 2016-03-11 21:20 - 03433993 _____ C:\Users\andradefilho\Downloads\oc_mytable_dismec.csv
2016-03-11 10:25 - 2016-03-11 10:26 - 17118813 _____ C:\Users\andradefilho\Downloads\2016-03-11_14-25-43_backup.sql
2016-03-11 07:46 - 2016-03-11 07:46 - 00138240 _____ C:\Users\andradefilho\Downloads\Produtos_sem_preço.xls
2016-03-11 07:42 - 2016-03-11 07:47 - 01123328 _____ C:\Users\andradefilho\Downloads\Peças_Renato_Sem_Movimento (2).xls
2016-03-11 05:18 - 2016-03-11 05:18 - 00002651 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Abrir documento do Office.lnk
2016-03-11 05:18 - 2016-03-11 05:18 - 00002627 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Novo documento do Office.lnk
2016-03-11 04:26 - 2016-03-11 04:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-03-10 21:56 - 2016-03-10 21:56 - 00000041 _____ C:\Users\Todos os Usuários\xcgui_debug.txt
2016-03-10 21:56 - 2016-03-10 21:56 - 00000041 _____ C:\ProgramData\xcgui_debug.txt
2016-03-10 16:29 - 2016-03-16 00:03 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\LightGate
2016-03-10 16:29 - 2016-03-10 16:29 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-03-10 15:58 - 2016-03-10 15:58 - 00001741 ____R C:\Yeabeats Browser.lnk
2016-03-10 15:58 - 2016-03-10 15:58 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-03-10 15:58 - 2016-03-10 15:58 - 00000000 ____D C:\ProgramData\Windows Update
2016-03-10 15:57 - 2016-03-15 04:02 - 00007347 _____ C:\Users\Todos os Usuários\webad.xml
2016-03-10 15:57 - 2016-03-15 04:02 - 00007347 _____ C:\ProgramData\webad.xml
2016-03-10 15:57 - 2016-03-10 15:57 - 01734656 _____ C:\Users\Todos os Usuários\serviceXX.exe
2016-03-10 15:57 - 2016-03-10 15:57 - 01734656 _____ C:\ProgramData\serviceXX.exe
2016-03-10 15:57 - 2016-03-10 15:57 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-03-10 15:57 - 2016-03-10 15:57 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\UPUpdata
2016-03-10 15:57 - 2016-03-10 15:57 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\gplyra
2016-03-10 15:57 - 2016-03-02 13:36 - 01888256 _____ C:\Users\Todos os Usuários\mspopXX.exe
2016-03-10 15:57 - 2016-03-02 13:36 - 01888256 _____ C:\ProgramData\mspopXX.exe
2016-03-10 15:57 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGateRRR.exe
2016-03-10 15:57 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGateRRR.exe
2016-03-10 15:40 - 2016-03-10 15:41 - 00000911 _____ C:\Windows\SysWOW64\${LOGFILE}
2016-03-10 15:17 - 2016-03-10 15:17 - 00000017 _____ C:\Users\andradefilho\AppData\Local\resmon.resmoncfg
2016-03-09 20:26 - 2016-03-09 20:26 - 01020554 _____ C:\Users\andradefilho\Downloads\Docs. 08 a 11.pdf
2016-03-09 20:26 - 2016-03-09 20:26 - 01020553 _____ C:\Users\andradefilho\Downloads\Docs. 08 a 11 (1).pdf
2016-03-09 20:26 - 2016-03-09 20:26 - 01014321 _____ C:\Users\andradefilho\Downloads\Parte Doc.01C a 01F.pdf
2016-03-09 20:26 - 2016-03-09 20:26 - 00555269 _____ C:\Users\andradefilho\Downloads\Docs. 12 a 15.pdf
2016-03-09 20:26 - 2016-03-09 20:26 - 00548967 _____ C:\Users\andradefilho\Downloads\Defesa Maison Dor.pdf
2016-03-09 20:14 - 2016-03-09 20:14 - 00057422 _____ C:\Users\andradefilho\Downloads\fotos-conteudo(2).bin
2016-03-09 20:13 - 2016-03-09 20:13 - 00057422 _____ C:\Users\andradefilho\Downloads\fotos-conteudo.bin
2016-03-09 20:13 - 2016-03-09 20:13 - 00057422 _____ C:\Users\andradefilho\Downloads\fotos-conteudo(1).bin
2016-03-09 18:16 - 2016-03-09 18:16 - 00005063 _____ C:\Users\andradefilho\Downloads\Post1119-master.zip
2016-03-09 18:05 - 2016-03-09 18:05 - 00001776 _____ C:\Users\andradefilho\Downloads\postagem12.zip
2016-03-09 18:02 - 2016-03-09 18:02 - 00162741 _____ C:\Users\andradefilho\Downloads\crud-php-mysql-cadastro(1).zip
2016-03-09 17:57 - 2016-03-09 17:57 - 00162741 _____ C:\Users\andradefilho\Downloads\crud-php-mysql-cadastro.zip
2016-03-09 17:33 - 2016-03-09 17:33 - 00011261 _____ C:\Users\andradefilho\Downloads\cadprod0-foto(4).bin
2016-03-09 17:29 - 2016-03-09 17:29 - 00011430 _____ C:\Users\andradefilho\Downloads\cadprod0-foto(2).bin
2016-03-09 17:29 - 2016-03-09 17:29 - 00011277 _____ C:\Users\andradefilho\Downloads\cadprod0-foto(3).bin
2016-03-09 17:28 - 2016-03-09 17:28 - 00012564 _____ C:\Users\andradefilho\Downloads\cadprod0-foto(1).bin
2016-03-09 17:26 - 2016-03-09 17:26 - 00006763 _____ C:\Users\andradefilho\Downloads\cadprod0-foto.bin
2016-03-09 10:37 - 2016-03-09 10:37 - 00001255 _____ C:\Users\Public\Desktop\DPRU Database Converter-MS SQL to MySQL.lnk
2016-03-09 10:37 - 2016-03-09 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DPRU Database Converter-MS SQL to MySQL
2016-03-09 10:37 - 2016-03-09 10:37 - 00000000 ____D C:\Program Files (x86)\DPRU Database Converter-MS SQL to MySQL
2016-03-09 05:37 - 2016-03-09 05:38 - 00001467 _____ C:\Users\andradefilho\Downloads\exemplos.zip
2016-03-08 23:53 - 2016-03-18 05:58 - 00001149 _____ C:\Users\andradefilho\Desktop\Continuar a Instalação de keygen - Free Download.lnk
2016-03-08 23:37 - 2016-03-08 23:36 - 00001667 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-03-08 18:31 - 2016-03-08 18:31 - 00000000 ____D C:\Users\andradefilho\Downloads\multimerch-master_7.2
2016-03-08 16:34 - 2016-03-09 00:22 - 00169675 _____ C:\Users\Administrador\migration_script.sql
2016-03-08 16:18 - 2016-03-08 16:18 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\MySQL
2016-03-08 15:56 - 2016-03-08 15:56 - 396300288 _____ C:\Users\andradefilho\Downloads\mysql-installer-community-5.7.11.0 (1).msi
2016-03-08 15:26 - 2016-03-08 15:46 - 00000000 ____D C:\Users\Todos os Usuários\MySQL
2016-03-08 15:26 - 2016-03-08 15:46 - 00000000 ____D C:\ProgramData\MySQL
2016-03-08 15:26 - 2016-03-08 15:26 - 00000000 ____D C:\Program Files (x86)\MySQL
2016-03-08 15:24 - 2016-03-08 15:24 - 01542203 _____ C:\Users\andradefilho\Downloads\multimerch-master_7.2.zip
2016-03-08 15:16 - 2016-03-08 15:24 - 396300288 _____ C:\Users\andradefilho\Downloads\mysql-installer-community-5.7.11.0.msi
2016-03-08 14:05 - 2016-03-08 14:09 - 00000000 ____D C:\Users\andradefilho\Documents\SQL Server Management Studio
2016-03-08 14:05 - 2016-03-08 14:05 - 00000000 ____D C:\Users\andradefilho\Documents\Visual Studio 2005
2016-03-08 14:05 - 2016-03-08 14:05 - 00000000 ____D C:\Users\andradefilho\AppData\Local\Microsoft Help
2016-03-08 13:49 - 2016-03-10 21:37 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-03-08 13:49 - 2016-03-10 15:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2016-03-08 12:29 - 2016-03-10 21:40 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-03-08 12:25 - 2016-03-10 21:35 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-03-08 10:58 - 2016-03-08 11:04 - 352384426 _____ C:\Users\andradefilho\Downloads\Once.Upon.a.Time.S05E12.AVI.LEG.DownloadsFull.Net.avi
2016-03-06 23:58 - 2016-03-06 23:58 - 00374815 _____ C:\Users\andradefilho\Downloads\lojas_oc2020vitalia.sql
2016-03-04 06:57 - 2016-03-04 06:57 - 12162720 _____ C:\Users\andradefilho\Downloads\admin_oc1564mv_modificada_produto_category.sql
2016-03-04 05:56 - 2016-03-04 05:57 - 01487453 _____ C:\Users\andradefilho\Downloads\admin_oc1564mv_original.sql
2016-03-03 23:44 - 2016-03-03 23:44 - 00342538 _____ C:\Users\andradefilho\Downloads\admin_oc1564mv(1).sql
2016-03-03 22:51 - 2016-03-03 22:51 - 00669172 _____ C:\Users\andradefilho\Downloads\lojas_mercantelojas_mercante_oc_2020_com_mv.sql.rar
2016-03-03 22:48 - 2016-03-11 21:48 - 13391497 _____ C:\Users\andradefilho\Downloads\lojas_mercantelojas_mercante_oc_2020_com_mv.sql.sql
2016-03-03 22:44 - 2016-03-03 22:45 - 13483941 _____ C:\Users\andradefilho\Downloads\lojas_mercante_oc_2020_com_jounal_e_mv.sql
2016-03-03 17:31 - 2016-03-03 17:31 - 00580242 _____ C:\Users\andradefilho\Downloads\oc_ms_product.sql
2016-03-03 17:30 - 2016-03-03 17:30 - 01170521 _____ C:\Users\andradefilho\Downloads\oc_mytable(3).sql
2016-03-03 17:29 - 2016-03-03 17:29 - 01170521 _____ C:\Users\andradefilho\Downloads\oc_mytable(2).sql
2016-03-03 17:29 - 2016-03-03 17:29 - 01170521 _____ C:\Users\andradefilho\Downloads\oc_mytable(1).sql
2016-03-03 17:28 - 2016-03-03 17:28 - 02093919 _____ C:\Users\andradefilho\Downloads\oc_product(3).sql
2016-03-03 17:28 - 2016-03-03 17:28 - 02093919 _____ C:\Users\andradefilho\Downloads\oc_product(2).sql
2016-03-03 17:27 - 2016-03-03 17:27 - 07828626 _____ C:\Users\andradefilho\Downloads\oc_product_description(1).sql
2016-03-03 17:26 - 2016-03-03 17:27 - 00079723 _____ C:\Users\andradefilho\Downloads\oc_product_to_category.sql
2016-03-03 17:26 - 2016-03-03 17:26 - 00068535 _____ C:\Users\andradefilho\Downloads\oc_product_to_store.sql
2016-03-03 17:20 - 2016-03-03 17:21 - 02739800 _____ (DRPU Software Pvt. Ltd. ) C:\Users\andradefilho\Downloads\mssql-to-mysql.exe
2016-03-03 16:59 - 2016-03-03 16:59 - 13483813 _____ C:\Users\andradefilho\Downloads\lojas_mercante(4).sql
2016-03-03 15:43 - 2016-03-03 15:46 - 03170624 _____ C:\Users\andradefilho\Downloads\default2v1.1.3.zip
2016-03-03 05:58 - 2016-03-03 05:59 - 02093919 _____ C:\Users\andradefilho\Downloads\oc_product(1).sql
2016-03-03 05:54 - 2016-03-03 05:54 - 02093919 _____ C:\Users\andradefilho\Downloads\oc_product.sql
2016-03-02 23:27 - 2016-03-02 23:28 - 16106743 _____ C:\Users\andradefilho\Downloads\2016-03-03_03-27-38_backup.sql
2016-03-02 17:48 - 2016-03-02 17:48 - 00657752 _____ C:\Users\andradefilho\Downloads\lojas_mercante(3).rar
2016-03-02 17:46 - 2016-03-02 17:46 - 00000600 _____ C:\Users\andradefilho\AppData\Roaming\PUTTY.RND
2016-03-02 17:24 - 2016-03-02 17:24 - 13448274 _____ C:\Users\andradefilho\Downloads\lojas_mercante(3).sql
2016-03-02 16:19 - 2016-03-02 17:17 - 07813937 _____ C:\Users\andradefilho\Downloads\oc_product_description.sql
2016-03-02 16:02 - 2016-03-02 14:44 - 06568344 _____ (Tim Kosse) C:\Users\andradefilho\Downloads\FileZilla_3.16.0_win64-setup.exe
2016-03-02 14:46 - 2016-03-03 15:27 - 01172884 _____ C:\Users\andradefilho\Downloads\oc_mytable.sql
2016-03-01 17:20 - 2016-03-01 18:13 - 01920324 _____ C:\Users\andradefilho\Downloads\convertcsv(2).sql
2016-03-01 17:09 - 2016-03-01 17:09 - 01920255 _____ C:\Users\andradefilho\Downloads\convertcsv(1).sql
2016-03-01 16:31 - 2016-03-01 16:31 - 01885307 _____ C:\Users\andradefilho\Downloads\convertcsv.sql
2016-03-01 13:22 - 2016-03-01 13:23 - 00967034 _____ C:\Users\andradefilho\Downloads\(Ravis) Tabela de Preço - Outubro 2015.xlsx
2016-03-01 00:49 - 2016-03-01 00:49 - 00544737 _____ C:\Users\andradefilho\Downloads\summernote-master.zip
2016-03-01 00:49 - 2016-03-01 00:49 - 00000000 ____D C:\Users\andradefilho\Downloads\summernote-master
2016-02-29 20:32 - 2016-02-29 20:32 - 00309550 _____ C:\Users\andradefilho\Downloads\2016-03-01_00-32-17_backup.sql
2016-02-29 17:38 - 2016-02-29 17:38 - 00449956 _____ C:\Users\andradefilho\Downloads\lojas_mercante(2).sql
2016-02-29 15:30 - 2016-02-29 15:31 - 00078907 _____ C:\Users\andradefilho\Downloads\2016-02-29_19-30-55_backup.sql
2016-02-29 11:45 - 2016-02-29 11:45 - 00309529 _____ C:\Users\andradefilho\Downloads\2016-02-29_15-45-50_backup.sql
2016-02-29 10:54 - 2016-02-29 10:54 - 00449956 _____ C:\Users\andradefilho\Downloads\lojas_mercante(1).sql
2016-02-29 04:02 - 2016-02-29 04:02 - 00002451 _____ C:\Users\Public\Desktop\Bitvise SSH Client.lnk
2016-02-29 04:02 - 2016-02-29 04:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitvise SSH Client
2016-02-29 04:02 - 2016-02-29 04:02 - 00000000 ____D C:\Program Files (x86)\Bitvise SSH Client
2016-02-28 01:05 - 2016-02-28 01:05 - 00039510 _____ C:\Users\andradefilho\Downloads\oc_categoryx.sql
2016-02-27 13:03 - 2016-02-27 13:06 - 00335642 _____ C:\Users\andradefilho\Downloads\lojas_oc2020.sql
2016-02-27 12:18 - 2016-02-27 12:18 - 00001602 _____ C:\Users\andradefilho\Downloads\oc_category.sql
2016-02-27 11:44 - 2016-02-27 11:44 - 00001762 _____ C:\Users\andradefilho\Downloads\oc_banner_image_description.sql
2016-02-26 15:29 - 2016-02-26 15:29 - 00059392 _____ C:\Users\andradefilho\Documents\Pasta1.xls
2016-02-26 11:36 - 2016-02-26 11:36 - 00406907 _____ C:\Users\andradefilho\Downloads\TRF1 PRO 11-074 - REQUER DE CADASTRO DE REP DE ADV E PROC TRF.pdf
2016-02-25 19:35 - 2016-02-25 19:35 - 00381848 _____ C:\Users\andradefilho\Downloads\mlivre_loja.sql
2016-02-24 10:22 - 2016-02-24 10:22 - 00171197 _____ C:\Users\andradefilho\Downloads\2016-02-24_12-23-39_backup.sql
2016-02-24 10:22 - 2016-02-24 10:22 - 00000508 _____ C:\Users\andradefilho\Downloads\2016-02-24_12-23-25_backup.sql
2016-02-24 09:06 - 2016-02-24 09:06 - 00037498 _____ C:\Users\andradefilho\Downloads\pagina.pdf
2016-02-24 07:53 - 2016-02-24 07:53 - 00000508 _____ C:\Users\andradefilho\Downloads\2016-02-24_09-53-59_backup.sql
2016-02-24 06:37 - 2016-03-25 00:08 - 00001382 _____ C:\Windows\system32\Drivers\etc\hosts.txt

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-25 01:28 - 2015-12-21 11:08 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-03-25 01:28 - 2015-12-21 11:07 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-03-25 01:28 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-25 01:27 - 2009-07-14 01:45 - 00010128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-25 01:27 - 2009-07-14 01:45 - 00010128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-25 01:12 - 2016-02-12 17:25 - 00000000 ____D C:\filmes
2016-03-25 00:39 - 2015-12-21 11:07 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-03-25 00:39 - 2015-12-21 11:07 - 00000000 ____D C:\ProgramData\GbPlugin
2016-03-25 00:23 - 2015-12-16 17:27 - 00000000 ____D C:\Users\andradefilho\AppData\Roaming\vlc
2016-03-25 00:10 - 2015-12-17 06:32 - 00000600 _____ C:\Users\andradefilho\AppData\Local\PUTTY.RND
2016-03-25 00:10 - 2015-12-17 06:11 - 00000000 ____D C:\Users\andradefilho\AppData\Roaming\FileZilla
2016-03-23 20:30 - 2015-12-18 18:48 - 00000000 ____D C:\Users\andradefilho\AppData\Local\CrashDumps
2016-03-23 10:52 - 2016-01-14 14:42 - 00000000 ____D C:\Users\andradefilho\AppData\Roaming\Free Download Manager
2016-03-21 18:22 - 2009-08-06 01:31 - 00737222 _____ C:\Windows\system32\prfh0416.dat
2016-03-21 18:22 - 2009-08-06 01:31 - 00161698 _____ C:\Windows\system32\prfc0416.dat
2016-03-21 18:22 - 2009-07-14 02:13 - 01728714 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-21 18:22 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-03-21 08:18 - 2015-12-16 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-19 23:19 - 2015-12-17 02:02 - 00001869 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-03-19 23:19 - 2015-12-17 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-03-19 23:19 - 2015-12-17 02:02 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-03-18 15:39 - 2015-12-21 11:07 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2016-03-18 15:39 - 2015-12-21 11:07 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2016-03-18 05:58 - 2016-02-14 10:25 - 00000505 _____ C:\Users\andradefilho\Desktop\Ferramentas Administrativas - Atalho.lnk
2016-03-18 05:58 - 2015-12-22 12:56 - 00001267 _____ C:\Users\andradefilho\Desktop\Dicionário de Latim.lnk
2016-03-18 05:58 - 2015-12-18 18:48 - 00000000 ____D C:\Users\andradefilho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-18 05:58 - 2015-12-18 03:24 - 00001025 _____ C:\Users\andradefilho\Desktop\Biblioteca Forense 2.lnk
2016-03-18 05:58 - 2015-12-15 21:21 - 00001430 _____ C:\Users\andradefilho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-18 05:58 - 2015-12-15 21:21 - 00001396 _____ C:\Users\andradefilho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-03-18 05:57 - 2015-05-12 10:45 - 00000000 ____D C:\temp
2016-03-17 15:38 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-16 00:04 - 2015-12-18 01:53 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\Free Download Manager
2016-03-15 23:57 - 2015-07-27 18:58 - 00000000 ____D C:\Instalar
2016-03-15 23:18 - 2009-07-13 23:34 - 00000601 _____ C:\Windows\win.ini
2016-03-15 23:11 - 2015-12-17 21:47 - 00000000 ____D C:\Users\Administrador\.oracle_jre_usage
2016-03-15 23:00 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Registration
2016-03-15 22:55 - 2015-12-18 18:49 - 00000000 ____D C:\Users\andradefilho\.oracle_jre_usage
2016-03-15 22:11 - 2015-12-16 17:27 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 22:11 - 2015-12-16 17:27 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-15 22:09 - 2015-12-16 18:06 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-15 22:09 - 2015-12-16 18:06 - 00001060 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-15 22:09 - 2015-12-16 17:27 - 00001307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 22:09 - 2015-12-16 17:27 - 00001295 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-15 11:22 - 2015-12-17 03:03 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-03-15 11:22 - 2015-12-16 03:03 - 00000000 ____D C:\Windows\Panther
2016-03-14 23:55 - 2015-12-16 17:26 - 00001005 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-14 23:52 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-14 23:51 - 2015-12-16 17:20 - 00000000 ____D C:\Users\Todos os Usuários\Intel
2016-03-14 23:51 - 2015-12-16 17:20 - 00000000 ____D C:\ProgramData\Intel
2016-03-14 23:48 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-03-14 23:40 - 2016-01-25 10:21 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\Opera Software
2016-03-14 06:21 - 2009-07-14 01:45 - 00417544 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-11 20:31 - 2015-12-16 17:26 - 00111800 _____ C:\Users\andradefilho\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-11 05:18 - 2015-12-18 03:17 - 00000849 _____ C:\Windows\ODBC.INI
2016-03-11 05:18 - 2015-12-18 03:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-03-11 05:18 - 2009-07-14 04:46 - 00000000 ____D C:\Windows\ShellNew
2016-03-11 05:17 - 2015-12-18 03:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-11 05:17 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system
2016-03-11 05:17 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Help
2016-03-11 04:27 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\IME
2016-03-11 04:26 - 2015-12-18 03:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-03-10 21:42 - 2015-12-17 02:02 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\FileZilla
2016-03-10 21:40 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-10 12:55 - 2015-12-16 18:56 - 00000000 ____D C:\Users\Administrador
2016-03-09 17:26 - 2016-01-18 09:43 - 00000000 ____D C:\Windows\system32\appmgmt
2016-03-08 19:22 - 2015-12-18 08:59 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\vlc
2016-03-08 15:29 - 2016-01-21 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2016-03-08 15:29 - 2016-01-21 17:52 - 00000000 ____D C:\Program Files\MySQL
2016-02-26 17:00 - 2016-01-16 12:50 - 00000000 ____D C:\Users\andradefilho\.VirtualBox

==================== Arquivos na raiz de alguns diretórios =======

2016-03-02 17:46 - 2016-03-02 17:46 - 0000600 _____ () C:\Users\andradefilho\AppData\Roaming\PUTTY.RND
2015-12-21 11:07 - 2015-12-21 11:07 - 0018194 _____ () C:\Users\andradefilho\AppData\Roaming\unins000.dat
2015-12-21 11:07 - 2015-12-21 11:07 - 0730322 _____ () C:\Users\andradefilho\AppData\Roaming\unins000.exe
2015-12-17 06:32 - 2016-03-25 00:10 - 0000600 _____ () C:\Users\andradefilho\AppData\Local\PUTTY.RND
2016-03-10 15:17 - 2016-03-10 15:17 - 0000017 _____ () C:\Users\andradefilho\AppData\Local\resmon.resmoncfg
2016-01-19 12:22 - 2016-01-19 12:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-03-10 15:57 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGateRRR.exe
2016-03-10 15:57 - 2016-03-02 13:36 - 1888256 _____ () C:\ProgramData\mspopXX.exe
2016-03-10 15:57 - 2016-03-10 15:57 - 1734656 _____ () C:\ProgramData\serviceXX.exe
2016-03-10 15:57 - 2016-03-15 04:02 - 0007347 _____ () C:\ProgramData\webad.xml
2016-03-10 21:56 - 2016-03-10 21:56 - 0000041 _____ () C:\ProgramData\xcgui_debug.txt

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\LightGateRRR.exe
C:\ProgramData\mspopXX.exe
C:\ProgramData\serviceXX.exe
C:\Users\Todos os Usuários\LightGateRRR.exe
C:\Users\Todos os Usuários\mspopXX.exe
C:\Users\Todos os Usuários\serviceXX.exe


Alguns arquivos em TEMP:
====================
C:\Users\andradefilho\AppData\Local\Temp\i4jdel0.exe
C:\Users\andradefilho\AppData\Local\Temp\INSTALAR.EXE
C:\Users\andradefilho\AppData\Local\Temp\JuridPremium.dll
C:\Users\andradefilho\AppData\Local\Temp\mdi064.dll
C:\Users\andradefilho\AppData\Local\Temp\MSKeyStoreJNI.dll
C:\Users\andradefilho\AppData\Local\Temp\unrar.dll


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


ATENÇÃO: ==> Não foi possível acessar BCD. O usuário não é o administrador

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité