Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 03-10-2016
Executado por Vivi (administrador) em VIVI-PC (04-10-2016 15:27:18)
Executando a partir de C:\Users\Vivi\Desktop
Perfis Carregados: Vivi (Perfis Disponíveis: Vivi & Convidado)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\systips\tipssvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Client\client.exe
() C:\Program Files (x86)\Client\client.exe
(Uni4 Sistemas) C:\Hiper\Administrativo\Hiper.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal)
HKU\S-1-5-21-3178920639-1780397730-1484264769-1000\...\Run: [{5C461522-A3FD-4778-9693-B351C12981BC}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\QCBKZEIMCJDUAS').UQjKd)));
HKU\S-1-5-21-3178920639-1780397730-1484264769-1000\...\MountPoints2: {817662a8-6e4b-11e6-9f27-9883890e43ed} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3178920639-1780397730-1484264769-1000\...\MountPoints2: {a7057ddd-f0e5-11e5-9f9e-9883890e43ed} - E:\setup.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
Startup: C:\Users\Vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\corelsetup.exe [2016-10-04] ()
GroupPolicy: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\..\Interfaces\{9D31C921-09B9-4265-86F9-DCD536B9C1F4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D285D251-8B0C-453A-9DFA-FF405BCE5FF8}: [NameServer] 200.165.132.148,8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=f53267b56a5a15cd5ed43f2cbb5cfbf8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=f53267b56a5a15cd5ed43f2cbb5cfbf8
HKU\S-1-5-21-3178920639-1780397730-1484264769-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={C89C5263-4F2A-4EB8-8A2D-067CB596297F}&mid=53b31f52bf7947cfa1f349cacfeaaa1e-1c1bdd841e3807ccddb04751365a5d7aa3462791&lang=pt-br&ds=st011&pr=sa&d=2016-10-03 10:13:41&v=11.0.0.9&sap=hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzytD0EyEtA0E0D0FtD0AyDtN0D0Tzu0StCyCyEzztN1L2XzutAtFtBtAtFtCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0B0E0FtAzytDtGtByBtBzytGtC0C0EyEtGyEyDyCyEtG0DtByBtAtD0FtBtDtB0EyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAyD0D0B0C0A0CtGtC0DzzyEtGyEtCzy0DtGzzyEtBtBtGyE0ByCyCtCtA0F0AtBtBzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtCzytC%26cr%3D537123194%26a%3Dwncy_freaudedtr_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzytD0EyEtA0E0D0FtD0AyDtN0D0Tzu0StCyCyEzztN1L2XzutAtFtBtAtFtCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0B0E0FtAzytDtGtByBtBzytGtC0C0EyEtGyEyDyCyEtG0DtByBtAtD0FtBtDtB0EyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAyD0D0B0C0A0CtGtC0DzzyEtGyEtCzy0DtGzzyEtBtBtGyE0ByCyCtCtA0F0AtBtBzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtCzytC%26cr%3D537123194%26a%3Dwncy_freaudedtr_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzytD0EyEtA0E0D0FtD0AyDtN0D0Tzu0StCyCyEzztN1L2XzutAtFtBtAtFtCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0B0E0FtAzytDtGtByBtBzytGtC0C0EyEtGyEyDyCyEtG0DtByBtAtD0FtBtDtB0EyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAyD0D0B0C0A0CtGtC0DzzyEtGyEtCzy0DtGzzyEtBtBtGyE0ByCyCtCtA0F0AtBtBzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtCzytC%26cr%3D537123194%26a%3Dwncy_freaudedtr_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzytD0EyEtA0E0D0FtD0AyDtN0D0Tzu0StCyCyEzztN1L2XzutAtFtBtAtFtCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0B0E0FtAzytDtGtByBtBzytGtC0C0EyEtGyEyDyCyEtG0DtByBtAtD0FtBtDtB0EyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAyD0D0B0C0A0CtGtC0DzzyEtGyEtCzy0DtGzzyEtBtBtGyE0ByCyCtCtA0F0AtBtBzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtCzytC%26cr%3D537123194%26a%3Dwncy_freaudedtr_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3178920639-1780397730-1484264769-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={C89C5263-4F2A-4EB8-8A2D-067CB596297F}&mid=53b31f52bf7947cfa1f349cacfeaaa1e-1c1bdd841e3807ccddb04751365a5d7aa3462791&lang=pt-br&ds=st011&pr=sa&d=2016-10-03 10:13:41&v=11.0.0.9&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3178920639-1780397730-1484264769-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzytD0EyEtA0E0D0FtD0AyDtN0D0Tzu0StCyCyEzztN1L2XzutAtFtBtAtFtCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0B0E0FtAzytDtGtByBtBzytGtC0C0EyEtGyEyDyCyEtG0DtByBtAtD0FtBtDtB0EyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAyD0D0B0C0A0CtGtC0DzzyEtGyEtCzy0DtGzzyEtBtBtGyE0ByCyCtCtA0F0AtBtBzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtCzytC%26cr%3D537123194%26a%3Dwncy_freaudedtr_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3178920639-1780397730-1484264769-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={C89C5263-4F2A-4EB8-8A2D-067CB596297F}&mid=53b31f52bf7947cfa1f349cacfeaaa1e-1c1bdd841e3807ccddb04751365a5d7aa3462791&lang=pt-br&ds=st011&pr=sa&d=2016-10-03 10:13:41&v=11.0.0.9&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3178920639-1780397730-1484264769-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-04] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Vivi\AppData\Roaming\Mozilla\Firefox\Profiles\R7z4t5Ok.default [2016-10-03]
FF Extension: (Avira Browser Safety) - C:\Users\Vivi\AppData\Roaming\Mozilla\Firefox\Profiles\R7z4t5Ok.default\Extensions\abs@avira.com [2016-06-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxp://google.com.br/"
CHR DefaultSearchURL: Profile 1 -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Default [2016-10-04]
CHR Profile: C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-10-04]
CHR Extension: (Google Docs) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-16]
CHR Extension: (Google Drive) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-16]
CHR Extension: (YouTube) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-16]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-22]
CHR Extension: (Documentos Google off-line) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-22]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Search Manager) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-09-08]
CHR Extension: (Gmail) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-16]
CHR Extension: (Chrome Media Router) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR Profile: C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3178920639-1780397730-1484264769-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 TipsService; C:\Program Files (x86)\systips\tipssvc.exe [317440 2015-07-06] () [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R0 507FA612; C:\Windows\System32\drivers\507FA612.sys [478392 2016-07-07] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30360 2014-10-09] (Intel Corporation)
S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-10-04 15:27 - 2016-10-04 15:27 - 00017585 _____ C:\Users\Vivi\Desktop\FRST.txt
2016-10-04 15:26 - 2016-10-04 15:27 - 00000000 ____D C:\FRST
2016-10-04 15:24 - 2016-10-04 15:24 - 02404864 _____ (Farbar) C:\Users\Vivi\Desktop\FRST64.exe
2016-10-04 09:26 - 2016-10-04 09:26 - 00003312 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTaskCore
2016-10-04 09:26 - 2016-10-04 09:26 - 00000000 ____D C:\Program Files (x86)\gs
2016-10-04 09:26 - 2016-10-04 09:26 - 00000000 ____D C:\Program Files (x86)\Corel
2016-10-04 09:26 - 2016-10-04 09:22 - 00003063 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X8 (64-Bit).lnk
2016-10-04 09:26 - 2016-10-04 09:22 - 00003015 _____ C:\Users\Public\Desktop\CorelDRAW X8 (64-Bit).lnk
2016-10-04 09:25 - 2016-10-04 09:25 - 00000000 ____D C:\Program Files\Common Files\Corel
2016-10-04 09:23 - 2016-10-04 09:23 - 00000000 ____D C:\Users\Public\Documents\Corel
2016-10-04 09:22 - 2016-10-04 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)
2016-10-04 09:18 - 2016-10-04 09:26 - 00000000 ____D C:\Program Files\Corel
2016-10-04 09:18 - 2016-10-04 09:18 - 00003286 _____ C:\Windows\System32\Tasks\Client Monitor
2016-10-04 09:17 - 2016-10-04 09:17 - 00621568 _____ C:\Users\Vivi\AppData\Roaming\repair.exe
2016-10-04 09:17 - 2016-10-04 09:17 - 00000000 ____D C:\Windows\System32\Tasks\Update
2016-10-04 09:17 - 2016-10-04 09:17 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Monitor
2016-10-04 09:17 - 2016-10-04 09:17 - 00000000 ____D C:\Program Files (x86)\Client
2016-10-04 09:12 - 2016-10-04 09:12 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-04 09:12 - 2016-10-04 09:12 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-04 09:12 - 2016-10-04 09:12 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Google
2016-10-04 09:12 - 2016-10-04 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-04 09:12 - 2016-10-04 09:12 - 00000000 ____D C:\Program Files\CCleaner
2016-10-04 09:11 - 2016-10-04 09:12 - 00000000 ____D C:\Users\Todos os Usuários\Google
2016-10-04 09:11 - 2016-10-04 09:12 - 00000000 ____D C:\ProgramData\Google
2016-10-04 09:11 - 2016-10-04 09:11 - 00000000 ____D C:\Program Files\Google
2016-10-04 09:09 - 2016-10-04 09:10 - 08244656 _____ (Piriform Ltd) C:\Users\Vivi\Downloads\ccsetup522.exe
2016-10-03 17:56 - 2016-10-04 09:02 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Opera Software
2016-10-03 17:56 - 2016-10-04 09:02 - 00000000 ____D C:\Users\Vivi\AppData\Local\Opera Software
2016-10-03 17:44 - 2016-10-04 09:03 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2016-10-03 17:44 - 2016-10-03 17:44 - 00001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-10-03 17:44 - 2016-10-03 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-10-03 17:44 - 2016-10-03 17:44 - 00000000 ____D C:\Program Files\VS Revo Group
2016-10-03 17:43 - 2016-10-03 17:44 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\opera_helper
2016-10-03 17:43 - 2016-10-03 17:43 - 07093624 _____ (VS Revo Group ) C:\Users\Vivi\Downloads\Baixaki_revo-uninstaller [1].exe
2016-10-03 17:00 - 2016-10-03 17:00 - 00013497 _____ C:\Users\Vivi\Desktop\Grade Outdoor 3X9m - Atalho.lnk
2016-10-03 16:25 - 2016-10-03 16:25 - 00000000 ____D C:\Users\Todos os Usuários\VsTelemetry
2016-10-03 16:25 - 2016-10-03 16:25 - 00000000 ____D C:\ProgramData\VsTelemetry
2016-10-03 16:18 - 2016-10-04 09:25 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2016-10-03 16:18 - 2016-10-04 09:25 - 00000000 ____D C:\ProgramData\Corel
2016-10-03 10:16 - 2016-10-03 10:16 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\PowerISO
2016-10-03 10:14 - 2016-10-03 10:14 - 00001011 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-10-03 10:14 - 2016-10-03 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-10-03 10:12 - 2016-10-03 10:14 - 00000000 ____D C:\Program Files (x86)\PowerISO
2016-10-03 10:12 - 2012-04-19 00:57 - 00126912 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2016-10-03 10:06 - 2016-10-03 10:08 - 00000000 ____D C:\Users\Vivi\Documents\WIN8
2016-09-30 22:31 - 2016-09-30 22:31 - 00000000 ____D C:\Users\Vivi\Desktop\coisas
2016-09-30 22:31 - 2016-09-29 22:30 - 22571694 _____ C:\Users\Vivi\Desktop\CardapioGourmer.cdr
2016-09-30 21:39 - 2016-09-30 21:39 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Adobe
2016-09-30 21:39 - 2016-09-30 21:39 - 00000000 ____D C:\Users\Vivi\AppData\Local\Adobe
2016-09-30 21:39 - 2016-09-30 21:39 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-09-30 21:39 - 2016-09-30 21:39 - 00000000 ____D C:\ProgramData\Adobe
2016-09-30 21:30 - 2016-09-30 21:30 - 01206712 _____ C:\Users\Convidado\Desktop\0111.cdr.pdf
2016-09-30 21:03 - 2016-09-30 21:03 - 03331556 _____ C:\Users\Vivi\Documents\DEUSPF.pdf
2016-09-30 17:15 - 2016-09-30 22:26 - 04790888 _____ C:\Users\Vivi\Documents\0111.pdf
2016-09-29 22:13 - 2016-09-29 22:37 - 03569384 _____ C:\Users\Vivi\Documents\Cardapio8).pdf
2016-09-29 21:26 - 2016-09-29 21:26 - 00107257 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-29 at 9.25.35 PM.jpeg
2016-09-29 21:18 - 2016-09-29 21:18 - 00165033 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-29 at 9.15.33 PM (2).jpeg
2016-09-29 21:17 - 2016-09-29 21:17 - 00124167 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-29 at 9.15.33 PM.jpeg
2016-09-29 21:17 - 2016-09-29 21:17 - 00102457 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-29 at 9.15.33 PM (1).jpeg
2016-09-27 18:57 - 2016-09-27 22:10 - 03300615 _____ C:\Users\Vivi\Downloads\cardapio correto.cdr
2016-09-27 18:57 - 2016-09-27 18:57 - 02283499 _____ C:\Users\Vivi\Downloads\Backup_of_cardapio correto.cdr
2016-09-27 17:30 - 2016-09-27 17:30 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2016-09-23 13:50 - 2016-09-23 13:50 - 00527552 _____ C:\Users\Convidado\Desktop\casamento 210 - DIEGO.pdf
2016-09-19 17:40 - 2016-09-18 21:00 - 442069090 _____ C:\Users\Convidado\Desktop\AnoAtual.xml
2016-09-19 17:37 - 2016-09-19 17:37 - 11047019 _____ C:\Users\Convidado\Downloads\AnoAtual.zip
2016-09-19 15:58 - 2016-09-19 15:58 - 00213461 _____ C:\Users\Convidado\Downloads\A4_GRANITO_06.pdf
2016-09-19 15:58 - 2016-09-19 15:58 - 00188138 _____ C:\Users\Convidado\Downloads\A4_GRANITO_02.pdf
2016-09-19 15:58 - 2016-09-19 15:58 - 00166181 _____ C:\Users\Convidado\Downloads\A4_GRANITO_01.pdf
2016-09-19 15:58 - 2016-09-19 15:58 - 00164145 _____ C:\Users\Convidado\Downloads\A4_GRANITO_03.pdf
2016-09-19 15:58 - 2016-09-19 15:58 - 00156316 _____ C:\Users\Convidado\Downloads\A4_GRANITO_04.pdf
2016-09-19 15:58 - 2016-09-19 15:58 - 00152608 _____ C:\Users\Convidado\Downloads\A4_GRANITO_05.pdf
2016-09-19 15:55 - 2016-09-19 15:55 - 00148840 _____ C:\Users\Convidado\Downloads\A3_GESSO_03.pdf
2016-09-19 15:46 - 2016-09-19 15:46 - 00204046 _____ C:\Users\Convidado\Downloads\A3_GESSO_01.pdf
2016-09-19 15:46 - 2016-09-19 15:46 - 00161589 _____ C:\Users\Convidado\Downloads\A3_GESSO_09 (1).pdf
2016-09-19 15:46 - 2016-09-19 15:46 - 00146587 _____ C:\Users\Convidado\Downloads\A3_GESSO_02.pdf
2016-09-19 15:46 - 2016-09-19 15:46 - 00142185 _____ C:\Users\Convidado\Downloads\A3_GESSO_05.pdf
2016-09-19 15:46 - 2016-09-19 15:46 - 00141708 _____ C:\Users\Convidado\Downloads\A3_GESSO_06.pdf
2016-09-19 15:45 - 2016-09-19 15:45 - 00180827 _____ C:\Users\Convidado\Downloads\A3_GESSO_08.pdf
2016-09-19 15:45 - 2016-09-19 15:45 - 00161589 _____ C:\Users\Convidado\Downloads\A3_GESSO_09.pdf
2016-09-19 15:38 - 2016-09-19 15:38 - 00140554 _____ C:\Users\Convidado\Downloads\A3_GESSO_04 (1).pdf
2016-09-19 15:36 - 2016-09-19 15:36 - 00147638 _____ C:\Users\Convidado\Downloads\A3_GESSO_07 (2).pdf
2016-09-19 15:36 - 2016-09-19 15:36 - 00140554 _____ C:\Users\Convidado\Downloads\A3_GESSO_04.pdf
2016-09-19 15:35 - 2016-09-19 15:35 - 00147638 _____ C:\Users\Convidado\Downloads\A3_GESSO_07 (1).pdf
2016-09-19 15:28 - 2016-09-19 15:28 - 00147638 _____ C:\Users\Convidado\Downloads\A3_GESSO_07.pdf
2016-09-16 19:54 - 2016-09-16 19:54 - 00135033 _____ C:\Users\Vivi\Downloads\bolmail carro.pdf
2016-09-16 19:30 - 2016-09-16 19:30 - 00021979 _____ C:\Users\Vivi\Downloads\boletoClaro_225619810.pdf
2016-09-16 17:59 - 2016-09-16 17:59 - 00064996 _____ C:\Users\Vivi\Downloads\10K PATRICK COMP.pdf
2016-09-16 08:56 - 2016-09-16 08:56 - 00431237 _____ C:\Users\Vivi\Downloads\ARTES_I9.cdr
2016-09-14 19:32 - 2016-09-14 19:32 - 00110801 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-14 at 7.28.04 PM.jpeg
2016-09-14 19:32 - 2016-09-14 19:32 - 00059308 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-14 at 7.28.03 PM.jpeg
2016-09-09 19:42 - 2016-09-09 19:45 - 03643427 _____ C:\Users\Convidado\Downloads\Livro-lan.pptx
2016-09-08 14:27 - 2016-09-08 14:27 - 00014432 _____ C:\Users\Vivi\Downloads\ceb81f9d-87bf-4f0b-b819-ab7fec197507.pdf
2016-09-02 08:49 - 2016-09-02 08:49 - 00535891 _____ C:\Users\Vivi\Downloads\AGENTE DE PESQUISAS E M.pdf
2016-09-02 08:48 - 2016-09-02 08:48 - 00508923 _____ C:\Users\Vivi\Downloads\prova_agente_de_pesquisas_e_mapeamento_gabarito_1 2014.pdf
2016-09-02 08:48 - 2016-09-02 08:48 - 00035324 _____ C:\Users\Vivi\Downloads\gab 2007.pdf
2016-09-02 08:47 - 2016-09-02 08:47 - 00409264 _____ C:\Users\Vivi\Downloads\PROVA AGENTE DE PESQUISAS E MAPEAMENTO - GABARITO 2.pdf
2016-09-02 08:45 - 2016-09-02 08:45 - 00741320 _____ C:\Users\Vivi\Downloads\IBGE 01_2007.pdf
2016-09-02 08:43 - 2016-09-02 08:43 - 00173109 _____ C:\Users\Vivi\Downloads\gabarito_prova_agente_de_pesquisas_e_mapeamento_gabarito_12014.pdf
2016-09-02 08:42 - 2016-09-02 08:42 - 00019237 _____ C:\Users\Vivi\Downloads\GABARITO OFICIAL - CONCURSO PBLICO.pdf
2016-09-01 11:29 - 2016-09-01 11:29 - 00375343 _____ C:\Users\Vivi\Downloads\CV Luciana Carlini.pdf 3.pdf
2016-08-31 19:30 - 2016-08-31 19:56 - 00001456 _____ C:\Users\Vivi\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-08-30 20:26 - 2016-08-30 20:26 - 07640369 _____ C:\Users\Vivi\Downloads\ap-ibge-geogr COMPLETO.pdf
2016-08-30 14:15 - 2016-08-30 14:15 - 05076013 _____ C:\Users\Vivi\Downloads\LAMINA 60.15.2.pdf
2016-08-29 21:48 - 2016-08-29 21:48 - 00000000 ____D C:\Users\Vivi\AppData\Local\Foxit Reader
2016-08-29 14:12 - 2016-08-29 14:12 - 00016864 _____ C:\Users\Vivi\Downloads\custo consumiveis C452-552-652-genericos.xlsx
2016-08-26 15:40 - 2016-08-26 15:40 - 00478818 _____ C:\Users\Vivi\Downloads\CONTRATO SOCIAL - ARTE PLENNA 01.pdf
2016-08-26 15:40 - 2016-08-26 15:40 - 00339237 _____ C:\Users\Vivi\Downloads\CONTRATO SOCIAL - ARTE PLENNA 03.pdf
2016-08-26 15:39 - 2016-08-26 15:39 - 00456403 _____ C:\Users\Vivi\Downloads\CONTRATO SOCIAL - ARTE PLENNA 02 (1).pdf
2016-08-26 15:35 - 2016-08-26 15:35 - 00456403 _____ C:\Users\Vivi\Downloads\CONTRATO SOCIAL - ARTE PLENNA 02.pdf
2016-08-25 18:01 - 2016-08-25 18:01 - 00008226 _____ C:\Recibo LR.pdf
2016-08-25 17:55 - 2016-08-25 17:55 - 00008226 _____ C:\Users\Vivi\Downloads\Recibo LR.pdf
2016-08-25 17:13 - 2016-08-25 17:13 - 00346751 _____ C:\Users\Vivi\Downloads\portugues_2016.pdf
2016-08-25 15:57 - 2016-08-25 15:57 - 00000027 _____ C:\Users\Vivi\Downloads\ATT00001.txt
2016-08-23 21:31 - 2016-08-23 21:31 - 00000000 ____D C:\Nova pasta
2016-08-23 15:53 - 2016-08-23 15:53 - 03804398 _____ C:\Users\Vivi\Downloads\artes.zip
2016-08-23 08:37 - 2016-08-23 08:40 - 31969613 _____ C:\Users\Vivi\Downloads\OUTDOOR.zip
2016-08-18 10:58 - 2016-08-18 09:06 - 00258586 _____ C:\alexei.pdf
2016-08-17 12:40 - 2016-08-17 12:40 - 00558192 _____ C:\Users\Vivi\Downloads\details (1).htm
2016-08-17 12:38 - 2016-08-17 12:38 - 00558192 _____ C:\Users\Vivi\Downloads\details.htm
2016-08-16 15:19 - 2016-08-16 15:19 - 00341504 _____ C:\Users\Vivi\AppData\Roaming\wsrv_f6e7f0a5.dat
2016-08-16 15:18 - 2016-08-16 15:18 - 00161792 ___SH (Ticketracker) C:\Users\Vivi\bqabwtwi.exe
2016-08-13 18:00 - 2016-08-13 18:00 - 00143964 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-08-13 at 5.59.28 PM.jpeg
2016-08-13 18:00 - 2016-08-13 18:00 - 00143964 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-08-13 at 5.59.28 PM (1).jpeg
2016-08-13 11:22 - 2000-07-15 00:00 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfc42.dl_
2016-08-13 11:21 - 2016-08-14 07:40 - 00000000 ____D C:\Program Files (x86)\HiTi
2016-08-13 11:15 - 2016-08-13 11:15 - 00000000 ____D C:\V 2.1.36.74_20080221
2016-08-13 11:09 - 2016-08-13 11:10 - 14437427 _____ C:\IDesireeV2.1.36.74.exe
2016-08-12 19:56 - 2016-08-12 19:56 - 00054331 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-08-10 at 23.18.40.jpeg
2016-08-12 19:51 - 2016-08-12 19:51 - 00057124 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-08-10 at 23.18.48.jpeg
2016-08-12 13:59 - 2016-08-12 13:59 - 00407299 _____ C:\Users\Vivi\Downloads\SKMBT_C65216081211160.pdf
2016-08-11 11:24 - 2016-08-11 11:24 - 00247177 _____ C:\Users\Vivi\Downloads\SKMBT_C65216080311140.pdf
2016-08-11 11:23 - 2016-08-11 11:23 - 00280149 _____ C:\Users\Vivi\Downloads\SKMBT_C65216080311130.pdf
2016-08-11 11:23 - 2016-08-11 11:23 - 00105856 _____ C:\Users\Vivi\Downloads\SKMBT_C65216080311131.pdf
2016-08-11 11:23 - 2016-08-11 11:23 - 00010164 _____ C:\Users\Vivi\Downloads\06.pdf
2016-08-11 11:22 - 2016-08-11 11:22 - 00010202 _____ C:\Users\Vivi\Downloads\04.pdf
2016-08-11 11:22 - 2016-08-11 11:22 - 00009526 _____ C:\Users\Vivi\Downloads\03.pdf
2016-08-11 11:22 - 2016-08-11 11:22 - 00009518 _____ C:\Users\Vivi\Downloads\02.pdf
2016-08-11 11:22 - 2016-08-11 11:22 - 00009508 _____ C:\Users\Vivi\Downloads\05.pdf
2016-08-11 11:21 - 2016-08-11 11:21 - 00011002 _____ C:\Users\Vivi\Downloads\01.pdf
2016-08-08 21:36 - 2016-08-08 21:37 - 00140732 _____ C:\Users\Vivi\Downloads\carrancaurbana-voucher-05-08-2016.pdf
2016-08-05 14:56 - 2016-08-05 14:56 - 00595434 _____ C:\Users\Vivi\Downloads\CLIP CDR (2).cdr
2016-08-05 14:54 - 2016-08-05 14:54 - 00595434 _____ C:\Users\Vivi\Downloads\CLIP CDR.cdr
2016-08-05 14:54 - 2016-08-05 14:54 - 00595434 _____ C:\Users\Vivi\Downloads\CLIP CDR (1).cdr
2016-08-03 21:06 - 2016-08-03 21:06 - 00155514 _____ C:\Users\Vivi\Downloads\Vânia currículo.pdf
2016-08-01 17:24 - 2016-08-01 17:24 - 00000000 ____D C:\Users\Todos os Usuários\gbas
2016-08-01 17:24 - 2016-08-01 17:24 - 00000000 ____D C:\ProgramData\gbas
2016-08-01 17:22 - 2016-09-27 17:30 - 00002128 _____ C:\Users\Vivi\Desktop\Itaú.lnk
2016-08-01 17:22 - 2016-09-27 17:30 - 00000000 ____D C:\Users\Vivi\AppData\Local\Aplicativo Itau
2016-07-28 18:04 - 2016-07-28 18:04 - 11077877 _____ C:\Users\Vivi\Downloads\Outlook.com.zip
2016-07-28 16:05 - 2016-07-28 16:05 - 00569174 _____ C:\Users\Vivi\Downloads\5760.zip
2016-07-28 16:00 - 2016-07-28 16:00 - 01164466 _____ C:\Users\Vivi\Downloads\13936.zip
2016-07-28 15:55 - 2016-07-28 15:55 - 00965359 _____ C:\Users\Vivi\Downloads\4220.zip
2016-07-28 10:58 - 2016-07-28 11:09 - 42994508 _____ C:\Users\Vivi\Downloads\outdoor (1).rar
2016-07-28 10:57 - 2016-07-28 11:09 - 42994508 _____ C:\Users\Vivi\Downloads\outdoor.rar
2016-07-26 16:59 - 2016-07-26 16:59 - 00191611 _____ C:\Users\Vivi\Downloads\ORC1 (2).PDF
2016-07-26 16:48 - 2016-07-26 16:48 - 00191611 _____ C:\Users\Vivi\Downloads\ORC1 (1).PDF
2016-07-25 18:29 - 2016-07-25 18:29 - 00000040 ____H C:\BE119EF36688
2016-07-22 18:31 - 2016-07-22 18:31 - 00547016 _____ C:\Users\Vivi\Downloads\BATMAN.cdr
2016-07-22 18:21 - 2016-09-22 20:23 - 00000000 ____D C:\Users\Vivi\AppData\Local\ElevatedDiagnostics
2016-07-20 17:21 - 2016-07-20 17:21 - 00024720 _____ C:\Users\Convidado\Downloads\Revistas_8_Paginas_148x210_4x4_221.cdr
2016-07-20 17:15 - 2016-07-20 17:15 - 00028426 _____ C:\Users\Convidado\Downloads\Folders_297x420_4x4_211.cdr
2016-07-18 19:50 - 2016-07-18 19:50 - 00000000 ____D C:\Users\Convidado\Desktop\01
2016-07-15 18:04 - 2016-07-15 18:04 - 89046926 _____ C:\Users\Vivi\Documents\EMAIL VIVI.rar
2016-07-15 16:51 - 2016-07-15 16:51 - 00108515 _____ C:\Users\Vivi\Documents\https___mup.comercioeletronico.com.br_paymethods_boleto_model5_prepara_pagto.pdf
2016-07-15 15:44 - 2016-07-15 15:44 - 00229713 _____ C:\Users\Vivi\Documents\original_59c33016884a62116be975a9bb8257e3.jpeg
2016-07-15 15:40 - 2016-07-15 15:40 - 00220563 _____ C:\Users\Vivi\Documents\original_755ca991519a414e5163ba545c5ae81c.jpeg
2016-07-15 15:39 - 2016-07-15 15:39 - 00402205 _____ C:\Users\Vivi\Documents\original_09d87d5398bb0c2e2731323614b7a079.jpeg
2016-07-15 15:39 - 2016-07-15 15:39 - 00344259 _____ C:\Users\Vivi\Documents\original_daa8324f5eb38da4cfa70005b3ea67c7.jpeg
2016-07-15 15:38 - 2016-07-15 15:38 - 00225670 _____ C:\Users\Vivi\Documents\original_b018b23fa2be002ab28fcdeafcca43b2.jpeg
2016-07-14 20:28 - 2016-07-14 20:29 - 00203773 _____ C:\Users\Vivi\Downloads\Exames resultados.pdf
2016-07-14 20:22 - 2016-07-14 20:22 - 00447350 _____ C:\Users\Vivi\Downloads\Certificado Regina Sampaio001.pdf
2016-07-14 17:05 - 2016-07-14 17:07 - 49638727 _____ C:\Users\Vivi\Downloads\file_d9d2863175.pdf
2016-07-14 17:05 - 2016-07-14 17:05 - 02164728 _____ C:\Users\Vivi\Downloads\file_85cbf618fa.pdf
2016-07-14 16:59 - 2016-07-14 17:05 - 88533633 _____ C:\Users\Vivi\Downloads\file_716b64b2c1.pdf
2016-07-13 21:39 - 2016-07-13 21:39 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\AVAST Software
2016-07-11 15:57 - 2016-07-11 16:06 - 01053320 _____ C:\Users\Vivi\Downloads\cupomChurrasco.cdr
2016-07-08 21:27 - 2016-07-08 21:27 - 00102448 _____ C:\Users\Vivi\Downloads\WhatsApp-Image-20160708.jpeg
2016-07-08 12:56 - 2016-07-08 12:56 - 00137182 _____ C:\Users\Vivi\Downloads\Boletos.pdf
2016-07-07 22:02 - 2016-07-07 22:02 - 05969730 _____ C:\Users\Vivi\Downloads\IMG-20160707-WA0040.jpg.psd
2016-07-07 14:41 - 2015-03-08 23:51 - 00000000 ____D C:\Users\Vivi\Documents\Clementine
2016-07-07 13:54 - 2016-07-07 13:55 - 05851646 _____ C:\Users\Vivi\Downloads\Creps_PapeisDeParede.zip
2016-07-07 13:45 - 2016-07-07 13:51 - 18396177 _____ C:\Users\Vivi\Downloads\Creps_470x220cm.pdf
2016-07-07 10:43 - 2016-07-07 10:56 - 00000000 ____D C:\KVRT_Data
2016-07-07 10:43 - 2016-07-07 10:43 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\507FA612.sys
2016-07-07 09:04 - 2016-06-20 09:59 - 05358823 _____ C:\Users\Vivi\Documents\O928ZP1.eps
2016-07-06 17:57 - 2016-07-06 17:57 - 00921927 _____ C:\Users\Vivi\Documents\fotos pra cracha como sera.psd
2016-07-06 12:46 - 2016-07-06 13:05 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\ImgBurn
2016-07-06 12:40 - 2016-07-06 12:40 - 00001881 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-07-06 12:40 - 2016-07-06 12:40 - 00001869 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2016-07-06 12:40 - 2016-07-06 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2016-07-06 12:40 - 2016-07-06 12:40 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2016-07-06 12:39 - 2016-07-06 12:39 - 03101913 _____ (LIGHTNING UK!) C:\Users\Vivi\Downloads\Setup_ImgBurn_2.5.8.0.exe
2016-07-06 12:29 - 2016-07-06 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2016-07-06 12:19 - 2016-07-07 10:57 - 00000000 ____D C:\Users\Todos os Usuários\{C74D022E-4D0F-88E8-CBC9-16AA518B9D64}
2016-07-06 12:19 - 2016-07-07 10:57 - 00000000 ____D C:\ProgramData\{C74D022E-4D0F-88E8-CBC9-16AA518B9D64}
2016-07-06 12:19 - 2016-07-06 12:19 - 00002397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-07-06 12:19 - 2016-07-06 12:19 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-07-06 12:19 - 2016-07-06 12:19 - 00000372 __RSH C:\ProgramData\ntuser.pol
2016-07-06 12:18 - 2016-07-06 12:18 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-06 12:12 - 2016-07-06 12:12 - 02496000 _____ C:\Users\Vivi\Downloads\PCWinISOBurn.msi
2016-07-06 11:57 - 2016-07-06 11:57 - 01994466 _____ C:\Users\Vivi\Downloads\tabelaprecos.xls
2016-07-06 11:11 - 2016-07-06 11:11 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\NCH Software
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-10-04 15:23 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-10-04 15:07 - 2009-07-14 01:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-04 15:07 - 2009-07-14 01:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-04 14:57 - 2016-03-15 11:39 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-04 09:15 - 2016-04-06 10:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-10-04 09:14 - 2016-03-15 09:24 - 00000000 ____D C:\Windows\Panther
2016-10-04 09:12 - 2016-03-15 11:38 - 00000000 ____D C:\Users\Vivi\AppData\Local\Google
2016-10-04 09:11 - 2016-03-15 11:39 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-04 09:01 - 2016-03-15 09:49 - 00001423 _____ C:\Users\Vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-04 09:01 - 2016-03-15 09:49 - 00001389 _____ C:\Users\Vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-10-04 09:00 - 2016-06-29 18:29 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-10-04 09:00 - 2016-06-29 18:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-04 08:57 - 2016-06-22 12:38 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-10-04 08:57 - 2016-06-22 12:38 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-04 08:11 - 2011-04-12 10:40 - 00708230 _____ C:\Windows\system32\prfh0416.dat
2016-10-04 08:11 - 2011-04-12 10:40 - 00148010 _____ C:\Windows\system32\prfc0416.dat
2016-10-04 08:11 - 2009-07-14 02:13 - 01641362 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-04 08:07 - 2016-03-15 11:39 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-04 08:07 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-03 20:58 - 2016-03-15 11:40 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 20:58 - 2016-03-15 11:40 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-03 16:27 - 2016-03-15 12:01 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Corel
2016-10-03 16:25 - 2016-03-15 09:54 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-10-03 16:25 - 2016-03-15 09:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-03 16:08 - 2016-03-15 11:51 - 01598992 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-03 15:59 - 2016-03-21 18:16 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Corel
2016-09-26 18:49 - 2016-03-16 09:10 - 00000132 _____ C:\Users\Vivi\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2016-09-23 17:34 - 2009-07-14 02:32 - 00000000 ____D C:\Windows\system32\FxsTmp
==================== Arquivos na raiz de alguns diretórios =======
2016-06-03 08:44 - 2016-06-03 09:09 - 0000132 _____ () C:\Users\Vivi\AppData\Roaming\Preferências do Formato BMP do Adobe CS6
2016-03-16 09:10 - 2016-09-26 18:49 - 0000132 _____ () C:\Users\Vivi\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2016-10-04 09:17 - 2016-10-04 09:17 - 0621568 _____ () C:\Users\Vivi\AppData\Roaming\repair.exe
2016-08-16 15:19 - 2016-08-16 15:19 - 0341504 _____ () C:\Users\Vivi\AppData\Roaming\wsrv_f6e7f0a5.dat
2016-04-09 15:31 - 2016-08-19 20:48 - 0001456 _____ () C:\Users\Vivi\AppData\Local\Adobe Salvar para Web 13.0 Prefs
2016-08-31 19:30 - 2016-08-31 19:56 - 0001456 _____ () C:\Users\Vivi\AppData\Local\Adobe Save for Web 13.0 Prefs
Arquivos para serem movidos ou deletados:
====================
C:\Users\Vivi\bqabwtwi.exe
Alguns arquivos em TEMP:
====================
C:\Users\Convidado\AppData\Local\Temp\avgnt.exe
C:\Users\Vivi\AppData\Local\Temp\AVG.exe
C:\Users\Vivi\AppData\Local\Temp\avguidx.dll
C:\Users\Vivi\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Vivi\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Vivi\AppData\Local\Temp\Keygen1.exe
C:\Users\Vivi\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Vivi\AppData\Local\Temp\Opera_installer_2016104149964.dll
C:\Users\Vivi\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Vivi\AppData\Local\Temp\UNINSTALL.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-09-26 15:34
==================== Fim de FRST.txt ============================
Executado por Vivi (administrador) em VIVI-PC (04-10-2016 15:27:18)
Executando a partir de C:\Users\Vivi\Desktop
Perfis Carregados: Vivi (Perfis Disponíveis: Vivi & Convidado)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\systips\tipssvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Client\client.exe
() C:\Program Files (x86)\Client\client.exe
(Uni4 Sistemas) C:\Hiper\Administrativo\Hiper.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal)
HKU\S-1-5-21-3178920639-1780397730-1484264769-1000\...\Run: [{5C461522-A3FD-4778-9693-B351C12981BC}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\QCBKZEIMCJDUAS').UQjKd)));
HKU\S-1-5-21-3178920639-1780397730-1484264769-1000\...\MountPoints2: {817662a8-6e4b-11e6-9f27-9883890e43ed} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3178920639-1780397730-1484264769-1000\...\MountPoints2: {a7057ddd-f0e5-11e5-9f9e-9883890e43ed} - E:\setup.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
Startup: C:\Users\Vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\corelsetup.exe [2016-10-04] ()
GroupPolicy: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\..\Interfaces\{9D31C921-09B9-4265-86F9-DCD536B9C1F4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D285D251-8B0C-453A-9DFA-FF405BCE5FF8}: [NameServer] 200.165.132.148,8.8.8.8
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=f53267b56a5a15cd5ed43f2cbb5cfbf8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=f53267b56a5a15cd5ed43f2cbb5cfbf8
HKU\S-1-5-21-3178920639-1780397730-1484264769-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={C89C5263-4F2A-4EB8-8A2D-067CB596297F}&mid=53b31f52bf7947cfa1f349cacfeaaa1e-1c1bdd841e3807ccddb04751365a5d7aa3462791&lang=pt-br&ds=st011&pr=sa&d=2016-10-03 10:13:41&v=11.0.0.9&sap=hp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzytD0EyEtA0E0D0FtD0AyDtN0D0Tzu0StCyCyEzztN1L2XzutAtFtBtAtFtCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0B0E0FtAzytDtGtByBtBzytGtC0C0EyEtGyEyDyCyEtG0DtByBtAtD0FtBtDtB0EyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAyD0D0B0C0A0CtGtC0DzzyEtGyEtCzy0DtGzzyEtBtBtGyE0ByCyCtCtA0F0AtBtBzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtCzytC%26cr%3D537123194%26a%3Dwncy_freaudedtr_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzytD0EyEtA0E0D0FtD0AyDtN0D0Tzu0StCyCyEzztN1L2XzutAtFtBtAtFtCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0B0E0FtAzytDtGtByBtBzytGtC0C0EyEtGyEyDyCyEtG0DtByBtAtD0FtBtDtB0EyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAyD0D0B0C0A0CtGtC0DzzyEtGyEtCzy0DtGzzyEtBtBtGyE0ByCyCtCtA0F0AtBtBzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtCzytC%26cr%3D537123194%26a%3Dwncy_freaudedtr_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzytD0EyEtA0E0D0FtD0AyDtN0D0Tzu0StCyCyEzztN1L2XzutAtFtBtAtFtCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0B0E0FtAzytDtGtByBtBzytGtC0C0EyEtGyEyDyCyEtG0DtByBtAtD0FtBtDtB0EyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAyD0D0B0C0A0CtGtC0DzzyEtGyEtCzy0DtGzzyEtBtBtGyE0ByCyCtCtA0F0AtBtBzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtCzytC%26cr%3D537123194%26a%3Dwncy_freaudedtr_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzytD0EyEtA0E0D0FtD0AyDtN0D0Tzu0StCyCyEzztN1L2XzutAtFtBtAtFtCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0B0E0FtAzytDtGtByBtBzytGtC0C0EyEtGyEyDyCyEtG0DtByBtAtD0FtBtDtB0EyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAyD0D0B0C0A0CtGtC0DzzyEtGyEtCzy0DtGzzyEtBtBtGyE0ByCyCtCtA0F0AtBtBzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtCzytC%26cr%3D537123194%26a%3Dwncy_freaudedtr_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3178920639-1780397730-1484264769-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={C89C5263-4F2A-4EB8-8A2D-067CB596297F}&mid=53b31f52bf7947cfa1f349cacfeaaa1e-1c1bdd841e3807ccddb04751365a5d7aa3462791&lang=pt-br&ds=st011&pr=sa&d=2016-10-03 10:13:41&v=11.0.0.9&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3178920639-1780397730-1484264769-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_freaudedtr_16_27¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzyzzzztAzzzytD0EyEtA0E0D0FtD0AyDtN0D0Tzu0StCyCyEzztN1L2XzutAtFtBtAtFtCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0B0E0FtAzytDtGtByBtBzytGtC0C0EyEtGyEyDyCyEtG0DtByBtAtD0FtBtDtB0EyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtAyD0D0B0C0A0CtGtC0DzzyEtGyEtCzy0DtGzzyEtBtBtGyE0ByCyCtCtA0F0AtBtBzzyE2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtCzytC%26cr%3D537123194%26a%3Dwncy_freaudedtr_16_27%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3178920639-1780397730-1484264769-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={C89C5263-4F2A-4EB8-8A2D-067CB596297F}&mid=53b31f52bf7947cfa1f349cacfeaaa1e-1c1bdd841e3807ccddb04751365a5d7aa3462791&lang=pt-br&ds=st011&pr=sa&d=2016-10-03 10:13:41&v=11.0.0.9&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-04] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-10-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-3178920639-1780397730-1484264769-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-10-04] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Vivi\AppData\Roaming\Mozilla\Firefox\Profiles\R7z4t5Ok.default [2016-10-03]
FF Extension: (Avira Browser Safety) - C:\Users\Vivi\AppData\Roaming\Mozilla\Firefox\Profiles\R7z4t5Ok.default\Extensions\abs@avira.com [2016-06-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxp://google.com.br/"
CHR DefaultSearchURL: Profile 1 -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Default [2016-10-04]
CHR Profile: C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-10-04]
CHR Extension: (Google Docs) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-16]
CHR Extension: (Google Drive) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-16]
CHR Extension: (YouTube) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-16]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-22]
CHR Extension: (Documentos Google off-line) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-22]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Search Manager) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-09-08]
CHR Extension: (Gmail) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-16]
CHR Extension: (Chrome Media Router) - C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR Profile: C:\Users\Vivi\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3178920639-1780397730-1484264769-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 TipsService; C:\Program Files (x86)\systips\tipssvc.exe [317440 2015-07-06] () [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R0 507FA612; C:\Windows\System32\drivers\507FA612.sys [478392 2016-07-07] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30360 2014-10-09] (Intel Corporation)
S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-10-04 15:27 - 2016-10-04 15:27 - 00017585 _____ C:\Users\Vivi\Desktop\FRST.txt
2016-10-04 15:26 - 2016-10-04 15:27 - 00000000 ____D C:\FRST
2016-10-04 15:24 - 2016-10-04 15:24 - 02404864 _____ (Farbar) C:\Users\Vivi\Desktop\FRST64.exe
2016-10-04 09:26 - 2016-10-04 09:26 - 00003312 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTaskCore
2016-10-04 09:26 - 2016-10-04 09:26 - 00000000 ____D C:\Program Files (x86)\gs
2016-10-04 09:26 - 2016-10-04 09:26 - 00000000 ____D C:\Program Files (x86)\Corel
2016-10-04 09:26 - 2016-10-04 09:22 - 00003063 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X8 (64-Bit).lnk
2016-10-04 09:26 - 2016-10-04 09:22 - 00003015 _____ C:\Users\Public\Desktop\CorelDRAW X8 (64-Bit).lnk
2016-10-04 09:25 - 2016-10-04 09:25 - 00000000 ____D C:\Program Files\Common Files\Corel
2016-10-04 09:23 - 2016-10-04 09:23 - 00000000 ____D C:\Users\Public\Documents\Corel
2016-10-04 09:22 - 2016-10-04 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)
2016-10-04 09:18 - 2016-10-04 09:26 - 00000000 ____D C:\Program Files\Corel
2016-10-04 09:18 - 2016-10-04 09:18 - 00003286 _____ C:\Windows\System32\Tasks\Client Monitor
2016-10-04 09:17 - 2016-10-04 09:17 - 00621568 _____ C:\Users\Vivi\AppData\Roaming\repair.exe
2016-10-04 09:17 - 2016-10-04 09:17 - 00000000 ____D C:\Windows\System32\Tasks\Update
2016-10-04 09:17 - 2016-10-04 09:17 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Monitor
2016-10-04 09:17 - 2016-10-04 09:17 - 00000000 ____D C:\Program Files (x86)\Client
2016-10-04 09:12 - 2016-10-04 09:12 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-04 09:12 - 2016-10-04 09:12 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-04 09:12 - 2016-10-04 09:12 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Google
2016-10-04 09:12 - 2016-10-04 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-04 09:12 - 2016-10-04 09:12 - 00000000 ____D C:\Program Files\CCleaner
2016-10-04 09:11 - 2016-10-04 09:12 - 00000000 ____D C:\Users\Todos os Usuários\Google
2016-10-04 09:11 - 2016-10-04 09:12 - 00000000 ____D C:\ProgramData\Google
2016-10-04 09:11 - 2016-10-04 09:11 - 00000000 ____D C:\Program Files\Google
2016-10-04 09:09 - 2016-10-04 09:10 - 08244656 _____ (Piriform Ltd) C:\Users\Vivi\Downloads\ccsetup522.exe
2016-10-03 17:56 - 2016-10-04 09:02 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Opera Software
2016-10-03 17:56 - 2016-10-04 09:02 - 00000000 ____D C:\Users\Vivi\AppData\Local\Opera Software
2016-10-03 17:44 - 2016-10-04 09:03 - 00000000 ____D C:\Program Files (x86)\WeatherTool
2016-10-03 17:44 - 2016-10-03 17:44 - 00001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-10-03 17:44 - 2016-10-03 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-10-03 17:44 - 2016-10-03 17:44 - 00000000 ____D C:\Program Files\VS Revo Group
2016-10-03 17:43 - 2016-10-03 17:44 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\opera_helper
2016-10-03 17:43 - 2016-10-03 17:43 - 07093624 _____ (VS Revo Group ) C:\Users\Vivi\Downloads\Baixaki_revo-uninstaller [1].exe
2016-10-03 17:00 - 2016-10-03 17:00 - 00013497 _____ C:\Users\Vivi\Desktop\Grade Outdoor 3X9m - Atalho.lnk
2016-10-03 16:25 - 2016-10-03 16:25 - 00000000 ____D C:\Users\Todos os Usuários\VsTelemetry
2016-10-03 16:25 - 2016-10-03 16:25 - 00000000 ____D C:\ProgramData\VsTelemetry
2016-10-03 16:18 - 2016-10-04 09:25 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2016-10-03 16:18 - 2016-10-04 09:25 - 00000000 ____D C:\ProgramData\Corel
2016-10-03 10:16 - 2016-10-03 10:16 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\PowerISO
2016-10-03 10:14 - 2016-10-03 10:14 - 00001011 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-10-03 10:14 - 2016-10-03 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-10-03 10:12 - 2016-10-03 10:14 - 00000000 ____D C:\Program Files (x86)\PowerISO
2016-10-03 10:12 - 2012-04-19 00:57 - 00126912 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2016-10-03 10:06 - 2016-10-03 10:08 - 00000000 ____D C:\Users\Vivi\Documents\WIN8
2016-09-30 22:31 - 2016-09-30 22:31 - 00000000 ____D C:\Users\Vivi\Desktop\coisas
2016-09-30 22:31 - 2016-09-29 22:30 - 22571694 _____ C:\Users\Vivi\Desktop\CardapioGourmer.cdr
2016-09-30 21:39 - 2016-09-30 21:39 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Adobe
2016-09-30 21:39 - 2016-09-30 21:39 - 00000000 ____D C:\Users\Vivi\AppData\Local\Adobe
2016-09-30 21:39 - 2016-09-30 21:39 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-09-30 21:39 - 2016-09-30 21:39 - 00000000 ____D C:\ProgramData\Adobe
2016-09-30 21:30 - 2016-09-30 21:30 - 01206712 _____ C:\Users\Convidado\Desktop\0111.cdr.pdf
2016-09-30 21:03 - 2016-09-30 21:03 - 03331556 _____ C:\Users\Vivi\Documents\DEUSPF.pdf
2016-09-30 17:15 - 2016-09-30 22:26 - 04790888 _____ C:\Users\Vivi\Documents\0111.pdf
2016-09-29 22:13 - 2016-09-29 22:37 - 03569384 _____ C:\Users\Vivi\Documents\Cardapio8).pdf
2016-09-29 21:26 - 2016-09-29 21:26 - 00107257 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-29 at 9.25.35 PM.jpeg
2016-09-29 21:18 - 2016-09-29 21:18 - 00165033 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-29 at 9.15.33 PM (2).jpeg
2016-09-29 21:17 - 2016-09-29 21:17 - 00124167 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-29 at 9.15.33 PM.jpeg
2016-09-29 21:17 - 2016-09-29 21:17 - 00102457 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-29 at 9.15.33 PM (1).jpeg
2016-09-27 18:57 - 2016-09-27 22:10 - 03300615 _____ C:\Users\Vivi\Downloads\cardapio correto.cdr
2016-09-27 18:57 - 2016-09-27 18:57 - 02283499 _____ C:\Users\Vivi\Downloads\Backup_of_cardapio correto.cdr
2016-09-27 17:30 - 2016-09-27 17:30 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2016-09-23 13:50 - 2016-09-23 13:50 - 00527552 _____ C:\Users\Convidado\Desktop\casamento 210 - DIEGO.pdf
2016-09-19 17:40 - 2016-09-18 21:00 - 442069090 _____ C:\Users\Convidado\Desktop\AnoAtual.xml
2016-09-19 17:37 - 2016-09-19 17:37 - 11047019 _____ C:\Users\Convidado\Downloads\AnoAtual.zip
2016-09-19 15:58 - 2016-09-19 15:58 - 00213461 _____ C:\Users\Convidado\Downloads\A4_GRANITO_06.pdf
2016-09-19 15:58 - 2016-09-19 15:58 - 00188138 _____ C:\Users\Convidado\Downloads\A4_GRANITO_02.pdf
2016-09-19 15:58 - 2016-09-19 15:58 - 00166181 _____ C:\Users\Convidado\Downloads\A4_GRANITO_01.pdf
2016-09-19 15:58 - 2016-09-19 15:58 - 00164145 _____ C:\Users\Convidado\Downloads\A4_GRANITO_03.pdf
2016-09-19 15:58 - 2016-09-19 15:58 - 00156316 _____ C:\Users\Convidado\Downloads\A4_GRANITO_04.pdf
2016-09-19 15:58 - 2016-09-19 15:58 - 00152608 _____ C:\Users\Convidado\Downloads\A4_GRANITO_05.pdf
2016-09-19 15:55 - 2016-09-19 15:55 - 00148840 _____ C:\Users\Convidado\Downloads\A3_GESSO_03.pdf
2016-09-19 15:46 - 2016-09-19 15:46 - 00204046 _____ C:\Users\Convidado\Downloads\A3_GESSO_01.pdf
2016-09-19 15:46 - 2016-09-19 15:46 - 00161589 _____ C:\Users\Convidado\Downloads\A3_GESSO_09 (1).pdf
2016-09-19 15:46 - 2016-09-19 15:46 - 00146587 _____ C:\Users\Convidado\Downloads\A3_GESSO_02.pdf
2016-09-19 15:46 - 2016-09-19 15:46 - 00142185 _____ C:\Users\Convidado\Downloads\A3_GESSO_05.pdf
2016-09-19 15:46 - 2016-09-19 15:46 - 00141708 _____ C:\Users\Convidado\Downloads\A3_GESSO_06.pdf
2016-09-19 15:45 - 2016-09-19 15:45 - 00180827 _____ C:\Users\Convidado\Downloads\A3_GESSO_08.pdf
2016-09-19 15:45 - 2016-09-19 15:45 - 00161589 _____ C:\Users\Convidado\Downloads\A3_GESSO_09.pdf
2016-09-19 15:38 - 2016-09-19 15:38 - 00140554 _____ C:\Users\Convidado\Downloads\A3_GESSO_04 (1).pdf
2016-09-19 15:36 - 2016-09-19 15:36 - 00147638 _____ C:\Users\Convidado\Downloads\A3_GESSO_07 (2).pdf
2016-09-19 15:36 - 2016-09-19 15:36 - 00140554 _____ C:\Users\Convidado\Downloads\A3_GESSO_04.pdf
2016-09-19 15:35 - 2016-09-19 15:35 - 00147638 _____ C:\Users\Convidado\Downloads\A3_GESSO_07 (1).pdf
2016-09-19 15:28 - 2016-09-19 15:28 - 00147638 _____ C:\Users\Convidado\Downloads\A3_GESSO_07.pdf
2016-09-16 19:54 - 2016-09-16 19:54 - 00135033 _____ C:\Users\Vivi\Downloads\bolmail carro.pdf
2016-09-16 19:30 - 2016-09-16 19:30 - 00021979 _____ C:\Users\Vivi\Downloads\boletoClaro_225619810.pdf
2016-09-16 17:59 - 2016-09-16 17:59 - 00064996 _____ C:\Users\Vivi\Downloads\10K PATRICK COMP.pdf
2016-09-16 08:56 - 2016-09-16 08:56 - 00431237 _____ C:\Users\Vivi\Downloads\ARTES_I9.cdr
2016-09-14 19:32 - 2016-09-14 19:32 - 00110801 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-14 at 7.28.04 PM.jpeg
2016-09-14 19:32 - 2016-09-14 19:32 - 00059308 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-09-14 at 7.28.03 PM.jpeg
2016-09-09 19:42 - 2016-09-09 19:45 - 03643427 _____ C:\Users\Convidado\Downloads\Livro-lan.pptx
2016-09-08 14:27 - 2016-09-08 14:27 - 00014432 _____ C:\Users\Vivi\Downloads\ceb81f9d-87bf-4f0b-b819-ab7fec197507.pdf
2016-09-02 08:49 - 2016-09-02 08:49 - 00535891 _____ C:\Users\Vivi\Downloads\AGENTE DE PESQUISAS E M.pdf
2016-09-02 08:48 - 2016-09-02 08:48 - 00508923 _____ C:\Users\Vivi\Downloads\prova_agente_de_pesquisas_e_mapeamento_gabarito_1 2014.pdf
2016-09-02 08:48 - 2016-09-02 08:48 - 00035324 _____ C:\Users\Vivi\Downloads\gab 2007.pdf
2016-09-02 08:47 - 2016-09-02 08:47 - 00409264 _____ C:\Users\Vivi\Downloads\PROVA AGENTE DE PESQUISAS E MAPEAMENTO - GABARITO 2.pdf
2016-09-02 08:45 - 2016-09-02 08:45 - 00741320 _____ C:\Users\Vivi\Downloads\IBGE 01_2007.pdf
2016-09-02 08:43 - 2016-09-02 08:43 - 00173109 _____ C:\Users\Vivi\Downloads\gabarito_prova_agente_de_pesquisas_e_mapeamento_gabarito_12014.pdf
2016-09-02 08:42 - 2016-09-02 08:42 - 00019237 _____ C:\Users\Vivi\Downloads\GABARITO OFICIAL - CONCURSO PBLICO.pdf
2016-09-01 11:29 - 2016-09-01 11:29 - 00375343 _____ C:\Users\Vivi\Downloads\CV Luciana Carlini.pdf 3.pdf
2016-08-31 19:30 - 2016-08-31 19:56 - 00001456 _____ C:\Users\Vivi\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-08-30 20:26 - 2016-08-30 20:26 - 07640369 _____ C:\Users\Vivi\Downloads\ap-ibge-geogr COMPLETO.pdf
2016-08-30 14:15 - 2016-08-30 14:15 - 05076013 _____ C:\Users\Vivi\Downloads\LAMINA 60.15.2.pdf
2016-08-29 21:48 - 2016-08-29 21:48 - 00000000 ____D C:\Users\Vivi\AppData\Local\Foxit Reader
2016-08-29 14:12 - 2016-08-29 14:12 - 00016864 _____ C:\Users\Vivi\Downloads\custo consumiveis C452-552-652-genericos.xlsx
2016-08-26 15:40 - 2016-08-26 15:40 - 00478818 _____ C:\Users\Vivi\Downloads\CONTRATO SOCIAL - ARTE PLENNA 01.pdf
2016-08-26 15:40 - 2016-08-26 15:40 - 00339237 _____ C:\Users\Vivi\Downloads\CONTRATO SOCIAL - ARTE PLENNA 03.pdf
2016-08-26 15:39 - 2016-08-26 15:39 - 00456403 _____ C:\Users\Vivi\Downloads\CONTRATO SOCIAL - ARTE PLENNA 02 (1).pdf
2016-08-26 15:35 - 2016-08-26 15:35 - 00456403 _____ C:\Users\Vivi\Downloads\CONTRATO SOCIAL - ARTE PLENNA 02.pdf
2016-08-25 18:01 - 2016-08-25 18:01 - 00008226 _____ C:\Recibo LR.pdf
2016-08-25 17:55 - 2016-08-25 17:55 - 00008226 _____ C:\Users\Vivi\Downloads\Recibo LR.pdf
2016-08-25 17:13 - 2016-08-25 17:13 - 00346751 _____ C:\Users\Vivi\Downloads\portugues_2016.pdf
2016-08-25 15:57 - 2016-08-25 15:57 - 00000027 _____ C:\Users\Vivi\Downloads\ATT00001.txt
2016-08-23 21:31 - 2016-08-23 21:31 - 00000000 ____D C:\Nova pasta
2016-08-23 15:53 - 2016-08-23 15:53 - 03804398 _____ C:\Users\Vivi\Downloads\artes.zip
2016-08-23 08:37 - 2016-08-23 08:40 - 31969613 _____ C:\Users\Vivi\Downloads\OUTDOOR.zip
2016-08-18 10:58 - 2016-08-18 09:06 - 00258586 _____ C:\alexei.pdf
2016-08-17 12:40 - 2016-08-17 12:40 - 00558192 _____ C:\Users\Vivi\Downloads\details (1).htm
2016-08-17 12:38 - 2016-08-17 12:38 - 00558192 _____ C:\Users\Vivi\Downloads\details.htm
2016-08-16 15:19 - 2016-08-16 15:19 - 00341504 _____ C:\Users\Vivi\AppData\Roaming\wsrv_f6e7f0a5.dat
2016-08-16 15:18 - 2016-08-16 15:18 - 00161792 ___SH (Ticketracker) C:\Users\Vivi\bqabwtwi.exe
2016-08-13 18:00 - 2016-08-13 18:00 - 00143964 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-08-13 at 5.59.28 PM.jpeg
2016-08-13 18:00 - 2016-08-13 18:00 - 00143964 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-08-13 at 5.59.28 PM (1).jpeg
2016-08-13 11:22 - 2000-07-15 00:00 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfc42.dl_
2016-08-13 11:21 - 2016-08-14 07:40 - 00000000 ____D C:\Program Files (x86)\HiTi
2016-08-13 11:15 - 2016-08-13 11:15 - 00000000 ____D C:\V 2.1.36.74_20080221
2016-08-13 11:09 - 2016-08-13 11:10 - 14437427 _____ C:\IDesireeV2.1.36.74.exe
2016-08-12 19:56 - 2016-08-12 19:56 - 00054331 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-08-10 at 23.18.40.jpeg
2016-08-12 19:51 - 2016-08-12 19:51 - 00057124 _____ C:\Users\Vivi\Downloads\WhatsApp Image 2016-08-10 at 23.18.48.jpeg
2016-08-12 13:59 - 2016-08-12 13:59 - 00407299 _____ C:\Users\Vivi\Downloads\SKMBT_C65216081211160.pdf
2016-08-11 11:24 - 2016-08-11 11:24 - 00247177 _____ C:\Users\Vivi\Downloads\SKMBT_C65216080311140.pdf
2016-08-11 11:23 - 2016-08-11 11:23 - 00280149 _____ C:\Users\Vivi\Downloads\SKMBT_C65216080311130.pdf
2016-08-11 11:23 - 2016-08-11 11:23 - 00105856 _____ C:\Users\Vivi\Downloads\SKMBT_C65216080311131.pdf
2016-08-11 11:23 - 2016-08-11 11:23 - 00010164 _____ C:\Users\Vivi\Downloads\06.pdf
2016-08-11 11:22 - 2016-08-11 11:22 - 00010202 _____ C:\Users\Vivi\Downloads\04.pdf
2016-08-11 11:22 - 2016-08-11 11:22 - 00009526 _____ C:\Users\Vivi\Downloads\03.pdf
2016-08-11 11:22 - 2016-08-11 11:22 - 00009518 _____ C:\Users\Vivi\Downloads\02.pdf
2016-08-11 11:22 - 2016-08-11 11:22 - 00009508 _____ C:\Users\Vivi\Downloads\05.pdf
2016-08-11 11:21 - 2016-08-11 11:21 - 00011002 _____ C:\Users\Vivi\Downloads\01.pdf
2016-08-08 21:36 - 2016-08-08 21:37 - 00140732 _____ C:\Users\Vivi\Downloads\carrancaurbana-voucher-05-08-2016.pdf
2016-08-05 14:56 - 2016-08-05 14:56 - 00595434 _____ C:\Users\Vivi\Downloads\CLIP CDR (2).cdr
2016-08-05 14:54 - 2016-08-05 14:54 - 00595434 _____ C:\Users\Vivi\Downloads\CLIP CDR.cdr
2016-08-05 14:54 - 2016-08-05 14:54 - 00595434 _____ C:\Users\Vivi\Downloads\CLIP CDR (1).cdr
2016-08-03 21:06 - 2016-08-03 21:06 - 00155514 _____ C:\Users\Vivi\Downloads\Vânia currículo.pdf
2016-08-01 17:24 - 2016-08-01 17:24 - 00000000 ____D C:\Users\Todos os Usuários\gbas
2016-08-01 17:24 - 2016-08-01 17:24 - 00000000 ____D C:\ProgramData\gbas
2016-08-01 17:22 - 2016-09-27 17:30 - 00002128 _____ C:\Users\Vivi\Desktop\Itaú.lnk
2016-08-01 17:22 - 2016-09-27 17:30 - 00000000 ____D C:\Users\Vivi\AppData\Local\Aplicativo Itau
2016-07-28 18:04 - 2016-07-28 18:04 - 11077877 _____ C:\Users\Vivi\Downloads\Outlook.com.zip
2016-07-28 16:05 - 2016-07-28 16:05 - 00569174 _____ C:\Users\Vivi\Downloads\5760.zip
2016-07-28 16:00 - 2016-07-28 16:00 - 01164466 _____ C:\Users\Vivi\Downloads\13936.zip
2016-07-28 15:55 - 2016-07-28 15:55 - 00965359 _____ C:\Users\Vivi\Downloads\4220.zip
2016-07-28 10:58 - 2016-07-28 11:09 - 42994508 _____ C:\Users\Vivi\Downloads\outdoor (1).rar
2016-07-28 10:57 - 2016-07-28 11:09 - 42994508 _____ C:\Users\Vivi\Downloads\outdoor.rar
2016-07-26 16:59 - 2016-07-26 16:59 - 00191611 _____ C:\Users\Vivi\Downloads\ORC1 (2).PDF
2016-07-26 16:48 - 2016-07-26 16:48 - 00191611 _____ C:\Users\Vivi\Downloads\ORC1 (1).PDF
2016-07-25 18:29 - 2016-07-25 18:29 - 00000040 ____H C:\BE119EF36688
2016-07-22 18:31 - 2016-07-22 18:31 - 00547016 _____ C:\Users\Vivi\Downloads\BATMAN.cdr
2016-07-22 18:21 - 2016-09-22 20:23 - 00000000 ____D C:\Users\Vivi\AppData\Local\ElevatedDiagnostics
2016-07-20 17:21 - 2016-07-20 17:21 - 00024720 _____ C:\Users\Convidado\Downloads\Revistas_8_Paginas_148x210_4x4_221.cdr
2016-07-20 17:15 - 2016-07-20 17:15 - 00028426 _____ C:\Users\Convidado\Downloads\Folders_297x420_4x4_211.cdr
2016-07-18 19:50 - 2016-07-18 19:50 - 00000000 ____D C:\Users\Convidado\Desktop\01
2016-07-15 18:04 - 2016-07-15 18:04 - 89046926 _____ C:\Users\Vivi\Documents\EMAIL VIVI.rar
2016-07-15 16:51 - 2016-07-15 16:51 - 00108515 _____ C:\Users\Vivi\Documents\https___mup.comercioeletronico.com.br_paymethods_boleto_model5_prepara_pagto.pdf
2016-07-15 15:44 - 2016-07-15 15:44 - 00229713 _____ C:\Users\Vivi\Documents\original_59c33016884a62116be975a9bb8257e3.jpeg
2016-07-15 15:40 - 2016-07-15 15:40 - 00220563 _____ C:\Users\Vivi\Documents\original_755ca991519a414e5163ba545c5ae81c.jpeg
2016-07-15 15:39 - 2016-07-15 15:39 - 00402205 _____ C:\Users\Vivi\Documents\original_09d87d5398bb0c2e2731323614b7a079.jpeg
2016-07-15 15:39 - 2016-07-15 15:39 - 00344259 _____ C:\Users\Vivi\Documents\original_daa8324f5eb38da4cfa70005b3ea67c7.jpeg
2016-07-15 15:38 - 2016-07-15 15:38 - 00225670 _____ C:\Users\Vivi\Documents\original_b018b23fa2be002ab28fcdeafcca43b2.jpeg
2016-07-14 20:28 - 2016-07-14 20:29 - 00203773 _____ C:\Users\Vivi\Downloads\Exames resultados.pdf
2016-07-14 20:22 - 2016-07-14 20:22 - 00447350 _____ C:\Users\Vivi\Downloads\Certificado Regina Sampaio001.pdf
2016-07-14 17:05 - 2016-07-14 17:07 - 49638727 _____ C:\Users\Vivi\Downloads\file_d9d2863175.pdf
2016-07-14 17:05 - 2016-07-14 17:05 - 02164728 _____ C:\Users\Vivi\Downloads\file_85cbf618fa.pdf
2016-07-14 16:59 - 2016-07-14 17:05 - 88533633 _____ C:\Users\Vivi\Downloads\file_716b64b2c1.pdf
2016-07-13 21:39 - 2016-07-13 21:39 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\AVAST Software
2016-07-11 15:57 - 2016-07-11 16:06 - 01053320 _____ C:\Users\Vivi\Downloads\cupomChurrasco.cdr
2016-07-08 21:27 - 2016-07-08 21:27 - 00102448 _____ C:\Users\Vivi\Downloads\WhatsApp-Image-20160708.jpeg
2016-07-08 12:56 - 2016-07-08 12:56 - 00137182 _____ C:\Users\Vivi\Downloads\Boletos.pdf
2016-07-07 22:02 - 2016-07-07 22:02 - 05969730 _____ C:\Users\Vivi\Downloads\IMG-20160707-WA0040.jpg.psd
2016-07-07 14:41 - 2015-03-08 23:51 - 00000000 ____D C:\Users\Vivi\Documents\Clementine
2016-07-07 13:54 - 2016-07-07 13:55 - 05851646 _____ C:\Users\Vivi\Downloads\Creps_PapeisDeParede.zip
2016-07-07 13:45 - 2016-07-07 13:51 - 18396177 _____ C:\Users\Vivi\Downloads\Creps_470x220cm.pdf
2016-07-07 10:43 - 2016-07-07 10:56 - 00000000 ____D C:\KVRT_Data
2016-07-07 10:43 - 2016-07-07 10:43 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\507FA612.sys
2016-07-07 09:04 - 2016-06-20 09:59 - 05358823 _____ C:\Users\Vivi\Documents\O928ZP1.eps
2016-07-06 17:57 - 2016-07-06 17:57 - 00921927 _____ C:\Users\Vivi\Documents\fotos pra cracha como sera.psd
2016-07-06 12:46 - 2016-07-06 13:05 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\ImgBurn
2016-07-06 12:40 - 2016-07-06 12:40 - 00001881 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-07-06 12:40 - 2016-07-06 12:40 - 00001869 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2016-07-06 12:40 - 2016-07-06 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2016-07-06 12:40 - 2016-07-06 12:40 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2016-07-06 12:39 - 2016-07-06 12:39 - 03101913 _____ (LIGHTNING UK!) C:\Users\Vivi\Downloads\Setup_ImgBurn_2.5.8.0.exe
2016-07-06 12:29 - 2016-07-06 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2016-07-06 12:19 - 2016-07-07 10:57 - 00000000 ____D C:\Users\Todos os Usuários\{C74D022E-4D0F-88E8-CBC9-16AA518B9D64}
2016-07-06 12:19 - 2016-07-07 10:57 - 00000000 ____D C:\ProgramData\{C74D022E-4D0F-88E8-CBC9-16AA518B9D64}
2016-07-06 12:19 - 2016-07-06 12:19 - 00002397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-07-06 12:19 - 2016-07-06 12:19 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-07-06 12:19 - 2016-07-06 12:19 - 00000372 __RSH C:\ProgramData\ntuser.pol
2016-07-06 12:18 - 2016-07-06 12:18 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-06 12:12 - 2016-07-06 12:12 - 02496000 _____ C:\Users\Vivi\Downloads\PCWinISOBurn.msi
2016-07-06 11:57 - 2016-07-06 11:57 - 01994466 _____ C:\Users\Vivi\Downloads\tabelaprecos.xls
2016-07-06 11:11 - 2016-07-06 11:11 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\NCH Software
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-10-04 15:23 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-10-04 15:07 - 2009-07-14 01:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-04 15:07 - 2009-07-14 01:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-04 14:57 - 2016-03-15 11:39 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-04 09:15 - 2016-04-06 10:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-10-04 09:14 - 2016-03-15 09:24 - 00000000 ____D C:\Windows\Panther
2016-10-04 09:12 - 2016-03-15 11:38 - 00000000 ____D C:\Users\Vivi\AppData\Local\Google
2016-10-04 09:11 - 2016-03-15 11:39 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-04 09:01 - 2016-03-15 09:49 - 00001423 _____ C:\Users\Vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-04 09:01 - 2016-03-15 09:49 - 00001389 _____ C:\Users\Vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-10-04 09:00 - 2016-06-29 18:29 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-10-04 09:00 - 2016-06-29 18:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-04 08:57 - 2016-06-22 12:38 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-10-04 08:57 - 2016-06-22 12:38 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-04 08:11 - 2011-04-12 10:40 - 00708230 _____ C:\Windows\system32\prfh0416.dat
2016-10-04 08:11 - 2011-04-12 10:40 - 00148010 _____ C:\Windows\system32\prfc0416.dat
2016-10-04 08:11 - 2009-07-14 02:13 - 01641362 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-04 08:07 - 2016-03-15 11:39 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-04 08:07 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-03 20:58 - 2016-03-15 11:40 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-03 20:58 - 2016-03-15 11:40 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-03 16:27 - 2016-03-15 12:01 - 00000000 ____D C:\Users\Vivi\AppData\Roaming\Corel
2016-10-03 16:25 - 2016-03-15 09:54 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-10-03 16:25 - 2016-03-15 09:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-03 16:08 - 2016-03-15 11:51 - 01598992 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-03 15:59 - 2016-03-21 18:16 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Corel
2016-09-26 18:49 - 2016-03-16 09:10 - 00000132 _____ C:\Users\Vivi\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2016-09-23 17:34 - 2009-07-14 02:32 - 00000000 ____D C:\Windows\system32\FxsTmp
==================== Arquivos na raiz de alguns diretórios =======
2016-06-03 08:44 - 2016-06-03 09:09 - 0000132 _____ () C:\Users\Vivi\AppData\Roaming\Preferências do Formato BMP do Adobe CS6
2016-03-16 09:10 - 2016-09-26 18:49 - 0000132 _____ () C:\Users\Vivi\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2016-10-04 09:17 - 2016-10-04 09:17 - 0621568 _____ () C:\Users\Vivi\AppData\Roaming\repair.exe
2016-08-16 15:19 - 2016-08-16 15:19 - 0341504 _____ () C:\Users\Vivi\AppData\Roaming\wsrv_f6e7f0a5.dat
2016-04-09 15:31 - 2016-08-19 20:48 - 0001456 _____ () C:\Users\Vivi\AppData\Local\Adobe Salvar para Web 13.0 Prefs
2016-08-31 19:30 - 2016-08-31 19:56 - 0001456 _____ () C:\Users\Vivi\AppData\Local\Adobe Save for Web 13.0 Prefs
Arquivos para serem movidos ou deletados:
====================
C:\Users\Vivi\bqabwtwi.exe
Alguns arquivos em TEMP:
====================
C:\Users\Convidado\AppData\Local\Temp\avgnt.exe
C:\Users\Vivi\AppData\Local\Temp\AVG.exe
C:\Users\Vivi\AppData\Local\Temp\avguidx.dll
C:\Users\Vivi\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Vivi\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Vivi\AppData\Local\Temp\Keygen1.exe
C:\Users\Vivi\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Vivi\AppData\Local\Temp\Opera_installer_2016104149964.dll
C:\Users\Vivi\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Vivi\AppData\Local\Temp\UNINSTALL.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-09-26 15:34
==================== Fim de FRST.txt ============================