Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 07-12-2016
Executado por MD1 (administrador) em WP-MEGA (16-12-2016 16:41:07)
Executando a partir de C:\Users\MD1\Downloads
Perfis Carregados: WP & MD1 & Administrador (Perfis Disponíveis: WP & Caroline Pinho & MD1 & Administrador)
Platform: Windows 7 Professional (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
() C:\Windows\SysWOW64\srts\wmipr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\System32\wnba\csrss.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
() C:\Windows\System32\resmon\csvc.exe
() C:\Windows\System32\systsk\age.exe
() C:\Windows\SysWOW64\cksvc\apwrk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\WP\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Windows\System32\resmon\csvc.exe
() C:\Windows\SysWOW64\cksvc\apwrk.exe
() C:\Windows\System32\systsk\age.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
() C:\Windows\System32\resmon\csvc.exe
() C:\Windows\SysWOW64\cksvc\apwrk.exe
() C:\Windows\System32\systsk\age.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(XBMC-Foundation) C:\Program Files (x86)\Kodi\kodi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-09-13] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2016-11-18] (Banco Itaú Unibanco)
HKU\S-1-5-21-3812218261-3367438231-1600833196-1000\...\MountPoints2: {1cb630c7-fc30-11e5-a1a7-806e6f6e6963} - D:\Autorun.EXE
HKU\S-1-5-21-3812218261-3367438231-1600833196-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3812218261-3367438231-1600833196-1002\...\Run: [GoogleChromeAutoLaunch_818BE4756B9A8669E27ACCBA1B0D00E4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\...\Run: [Spotify Web Helper] => C:\Users\WP\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-12] (Spotify Ltd)
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\...\Run: [Spotify] => C:\Users\WP\AppData\Roaming\Spotify\Spotify.exe [7095408 2016-12-12] (Spotify Ltd)
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2009-07-13] (Microsoft Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1951968 2016-11-18] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-09-13] (Caixa Economica Federal)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 177.38.102.33 8.8.8.8
Tcpip\..\Interfaces\{23788FD9-4916-45E8-B579-C09DF1EDC6D5}: [DhcpNameServer] 177.38.102.33 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-3812218261-3367438231-1600833196-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3812218261-3367438231-1600833196-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-3812218261-3367438231-1600833196-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-3812218261-3367438231-1600833196-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
SearchScopes: HKLM -> DefaultScope {73287954-7A0E-4A69-BAE4-4DC9D9024D2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {73287954-7A0E-4A69-BAE4-4DC9D9024D2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {F736E0A5-8C5C-4F8A-B414-95554C6892B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F736E0A5-8C5C-4F8A-B414-95554C6892B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3812218261-3367438231-1600833196-1000 -> DefaultScope {F736E0A5-8C5C-4F8A-B414-95554C6892B1} URL =
SearchScopes: HKU\S-1-5-21-3812218261-3367438231-1600833196-1002 -> DefaultScope {F736E0A5-8C5C-4F8A-B414-95554C6892B1} URL =
SearchScopes: HKU\S-1-5-21-3812218261-3367438231-1600833196-500 -> DefaultScope {F736E0A5-8C5C-4F8A-B414-95554C6892B1} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Sem Nome -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Nenhum Arquivo
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-09-13] (Caixa Economica Federal)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2016-11-18] (Banco Itaú Unibanco)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3812218261-3367438231-1600833196-1000 -> Sem Nome - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-3812218261-3367438231-1600833196-1002 -> Sem Nome - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-3812218261-3367438231-1600833196-500 -> Sem Nome - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Nenhum Arquivo
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-04-19] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-04-19] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-04-19] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-04-19] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 431lvk0s.default
FF ProfilePath: C:\Users\MD1\AppData\Roaming\Mozilla\Firefox\Profiles\431lvk0s.default [2016-12-16]
FF Homepage: Mozilla\Firefox\Profiles\431lvk0s.default -> hxxp://10.9.181.200/UPA24H/Login.aspx
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.br/
CHR Profile: C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default [2016-12-16]
CHR Extension: (Google Tradutor) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-12-16]
CHR Extension: (Google Apresentações) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-06]
CHR Extension: (Asus Download Master) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\akidbpofokakpmmabjlpcgplfmbmcemj [2016-12-16]
CHR Extension: (Conexão Mega) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpnbbiimmmmibiefgnhmekkgpnflghn [2016-12-16]
CHR Extension: (Google Docs) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-06]
CHR Extension: (Google Drive) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-06]
CHR Extension: (MEGA) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-12-16]
CHR Extension: (YouTube) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-06]
CHR Extension: () - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-12-16]
CHR Extension: (Adblock Plus) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-16]
CHR Extension: (Telegram) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2016-12-16]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-12-16]
CHR Extension: (Spotify - Music for every moment) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2016-12-16]
CHR Extension: (WifiTransfer - Instant wireless file transfer) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmnhcblgohjilfjffdkfikgpakhgajc [2016-12-16]
CHR Extension: (Spotifinder, Spotify and Youtube launcher.) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihejbblncmfbklmoadloifongaomcaa [2016-12-16]
CHR Extension: (Asus Download Master Link Handler) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijljffkkhjjmoikgcepbiodfloejcfm [2016-12-16]
CHR Extension: (Cloud Storage Direct Links) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbkkphfailagfnjpgmddfmghblmggbja [2016-12-16]
CHR Extension: (Planilhas do Google) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-06]
CHR Extension: (retroLink) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fialekndleeclflilkpdcgdbboiibdab [2016-12-16]
CHR Extension: (Favoritos do iCloud) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-12-16]
CHR Extension: (Radios do Brasil) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\foloenejobmljmemkomjcofkdjdnkggn [2016-12-16]
CHR Extension: (Área de trabalho remota do Google Chrome) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-12-16]
CHR Extension: (Documentos Google off-line) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-06]
CHR Extension: (Google Keep - notas e listas) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-12-16]
CHR Extension: (NEnhancer) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2016-12-16]
CHR Extension: (Ajustes do iCloud) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpghekcaoihmcekncnhmckmlnppnifp [2016-12-16]
CHR Extension: (SoundCloud) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2016-12-16]
CHR Extension: (ASUS Download Master Plugin) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjahdcjadampelfmhkbceiledefjfnga [2016-12-16]
CHR Extension: (Awesome Facebook Widget [ANTP]) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\klpmobilbpcccgegofocnlfmallakegc [2016-12-16]
CHR Extension: (Google Play) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-12-16]
CHR Extension: (Evernote Web) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-12-16]
CHR Extension: (Google Maps) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-12-16]
CHR Extension: (Extensão do Google Keep para o Chrome) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-12-16]
CHR Extension: (AppleTV AirPlay Remote) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkpajhmkokbofklfighdhlbkmjimaekg [2016-12-16]
CHR Extension: (Baixou Agora) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfjpmeddmamejnmmppjlfglfhcjbbai [2016-12-16]
CHR Extension: (LocalChromecast Player) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2016-12-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-06]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-12-16]
CHR Extension: (Spotify instant music) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifnoknfhgjfalmklpdakkjjonpnkpkd [2016-12-16]
CHR Extension: (Gmail) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 DpsiBSvc; c:\windows\syswow64\srts\wmipr.exe [2841920 2016-12-06] ()
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-11-26] (GAS Tecnologia)
S2 InstallerWrapperService; C:\Program Files\TrueKey\InstallerWrapperService.exe [47688 2016-07-19] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe [329480 2016-12-02] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3899696 2016-03-16] (INCA Internet Co., Ltd.)
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [1926616 2016-08-29] (Scopus Soluções em TI Ltda)
R2 SL2Svc; c:\windows\system32\wnba\csrss.exe [9678656 2016-12-06] ()
R2 SL2Svc; c:\windows\SysWOW64\wnba\csrss.exe [9678656 2016-12-06] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-12-16] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-12-15] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-07-09] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-22] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-12-15] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
R4 WinDivert1.1; \??\C:\Program Files\Diebold\Warsaw\WinDivert64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-12-16 16:41 - 2016-12-16 16:41 - 00024703 _____ C:\Users\MD1\Downloads\FRST.txt
2016-12-16 16:41 - 2016-12-16 16:41 - 00000000 ____D C:\FRST
2016-12-16 16:40 - 2016-12-16 16:40 - 02420224 _____ (Farbar) C:\Users\MD1\Downloads\FRST64.exe
2016-12-16 16:40 - 2016-12-16 16:40 - 02420224 _____ (Farbar) C:\Users\MD1\Downloads\FRST64 (1).exe
2016-12-16 16:37 - 2016-12-16 16:38 - 02729024 _____ (DLL-Files.com Client ) C:\Users\MD1\Downloads\clientsetup_d-0.exe
2016-12-16 16:12 - 2016-12-16 16:12 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-12-16 16:09 - 2016-12-16 16:09 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-12-16 16:09 - 2016-12-16 16:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-16 16:00 - 2016-12-16 16:12 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-12-16 15:43 - 2016-12-16 15:43 - 191926000 _____ C:\Users\MD1\Downloads\Não confirmado 198693.crdownload
2016-12-16 15:32 - 2016-12-16 15:58 - 85176103 _____ (XBMC-Foundation) C:\Users\MD1\Downloads\kodi-17.0-Krypton_beta6.exe
2016-12-16 11:21 - 2016-12-16 11:25 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2016-12-16 11:16 - 2016-12-06 14:46 - 16042222 _____ C:\Users\MD1\blok_free_64bit.rar
2016-12-16 11:13 - 2016-12-16 11:16 - 02206940 _____ C:\Users\MD1\PLANTÃO UPA - FAVOR NÃO MEXER NA PASTA.rar
2016-12-15 23:49 - 2016-12-15 23:59 - 39335125 _____ C:\Users\Administrador\Downloads\wetransfer-ea2d52.zip
2016-12-15 20:32 - 2016-12-15 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-12-15 20:32 - 2016-12-15 20:32 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-15 19:21 - 2016-12-15 19:21 - 00000000 ____D C:\Users\Todos os Usuários\McAfee Security Scan
2016-12-15 19:21 - 2016-12-15 19:21 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2016-12-15 19:21 - 2016-12-15 19:21 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-12-15 19:21 - 2016-12-15 19:21 - 00000000 ____D C:\ProgramData\McAfee
2016-12-15 19:21 - 2016-12-15 19:21 - 00000000 ____D C:\Program Files\TrueKey
2016-12-15 06:50 - 2016-06-16 19:43 - 00036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2016-12-15 06:50 - 2016-06-16 19:43 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2016-12-15 06:50 - 2016-06-08 19:43 - 00097376 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2016-12-15 02:21 - 2016-12-15 02:21 - 00062847 _____ C:\Users\WP\Downloads\RptView(2).aspx
2016-12-15 02:21 - 2016-12-15 02:21 - 00062173 _____ C:\Users\WP\Downloads\RptView.aspx
2016-12-15 02:21 - 2016-12-15 02:21 - 00055008 _____ C:\Users\WP\Downloads\RptView(1).aspx
2016-12-15 01:31 - 2016-12-15 01:32 - 00224209 _____ C:\Users\WP\Downloads\AVALIAÇÃO_ALUNO_GERENCIA_2016.pdf
2016-12-14 22:41 - 2016-12-14 22:41 - 00234250 _____ C:\Users\WP\Downloads\320100416113458.pdf
2016-12-13 14:58 - 2016-12-16 14:04 - 00000000 ___SD C:\Users\MD1\AppData\LocalLow\Temp
2016-12-13 14:57 - 2016-12-16 10:58 - 00000000 ____D C:\Users\MD1\AppData\Roaming\SoftGrid Client
2016-12-13 14:57 - 2016-12-13 14:57 - 00000000 ____D C:\Users\MD1\AppData\Local\SoftGrid Client
2016-12-13 09:49 - 2016-12-13 09:49 - 00038211 _____ C:\Users\WP\Downloads\boleto3927374.pdf
2016-12-11 05:39 - 2016-12-11 05:39 - 00133343 _____ C:\Users\WP\Downloads\Esquema para realizar a análise sintática de uma frase.pdf
2016-12-11 05:38 - 2016-12-11 05:38 - 00426047 _____ C:\Users\WP\Desktop\analise_sintatica_2ed.pdf
2016-12-10 14:58 - 2016-12-10 14:58 - 00000000 ____D C:\Users\WP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2016-12-07 19:27 - 2016-12-07 19:27 - 00038708 _____ C:\Users\Administrador\Downloads\408
2016-12-07 19:26 - 2016-12-07 19:26 - 00940116 _____ C:\Users\Administrador\Downloads\APOSTILA_LOGICA-PROPOSICOES-CONECTIVOS-TABELA-VERDADE.pdf
2016-12-07 18:39 - 2016-12-07 18:39 - 00969000 _____ C:\Users\Administrador\Downloads\UNIDADE_4.pdf
2016-12-07 17:05 - 2016-12-07 17:05 - 488152865 _____ C:\Windows\MEMORY.DMP
2016-12-07 17:05 - 2016-12-07 17:05 - 00280472 _____ C:\Windows\Minidump\120716-14695-01.dmp
2016-12-07 17:05 - 2016-12-07 17:05 - 00000000 ____D C:\Windows\Minidump
2016-12-06 19:07 - 2016-12-06 19:07 - 00000000 ____D C:\Users\MD1\AppData\Local\ElevatedDiagnostics
2016-12-06 19:05 - 2016-12-06 19:05 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Samsung
2016-12-06 16:40 - 2016-12-06 16:40 - 00232067 _____ C:\Users\MD1\Downloads\tubos_qua.zip
2016-12-06 14:55 - 2016-12-06 15:04 - 00000019 _____ C:\Users\Todos os Usuários\nb1_c.ini
2016-12-06 14:55 - 2016-12-06 15:04 - 00000019 _____ C:\ProgramData\nb1_c.ini
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ___HD C:\Program Files\tnba
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ___HD C:\CRSYS
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\SysWOW64\wnba
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\SysWOW64\srts
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\SysWOW64\cksvc
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\system32\wnba
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\system32\systsk
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\system32\resmon
2016-12-06 14:48 - 2016-12-06 14:48 - 00000000 ____D C:\Users\MD1\AppData\Roaming\WinRAR
2016-12-06 14:38 - 2016-12-06 14:38 - 00058352 _____ C:\Users\MD1\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-06 14:23 - 2016-12-06 14:23 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Adobe
2016-12-06 14:23 - 2016-12-06 14:23 - 00000000 ____D C:\Users\MD1\AppData\Local\Adobe
2016-12-06 14:20 - 2016-12-06 14:23 - 00000000 ____D C:\Users\MD1\Nova pasta
2016-12-06 14:18 - 2016-12-06 14:18 - 00000037 _____ C:\Users\MD1\klinicos.txt
2016-12-06 14:14 - 2016-12-16 16:14 - 00000000 ____D C:\Users\MD1\PLANTÃO UPA - FAVOR NÃO MEXER NA PASTA
2016-12-06 13:55 - 2016-12-16 16:16 - 00000000 ____D C:\Users\MD1\AppData\LocalLow\Mozilla
2016-12-06 13:55 - 2016-12-16 11:17 - 00000000 ____D C:\Users\MD1
2016-12-06 13:55 - 2016-12-06 14:37 - 00000000 ____D C:\Users\MD1\AppData\Local\Google
2016-12-06 13:55 - 2016-12-06 14:03 - 00000000 ____D C:\Users\MD1\AppData\Local\Mozilla
2016-12-06 13:55 - 2016-12-06 13:55 - 00001427 _____ C:\Users\MD1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-06 13:55 - 2016-12-06 13:55 - 00001393 _____ C:\Users\MD1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-12-06 13:55 - 2016-12-06 13:55 - 00000020 ___SH C:\Users\MD1\ntuser.ini
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Modelos
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Meus documentos
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Menu Iniciar
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Documents\Minhas músicas
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Documents\Minhas imagens
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Documents\Meus vídeos
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Dados de aplicativos
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Configurações locais
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\AppData\Local\Histórico
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\AppData\Local\Dados de aplicativos
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Ambiente de rede
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Ambiente de impressão
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Mozilla
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 ____D C:\Users\MD1\AppData\Local\VirtualStore
2016-12-06 13:55 - 2009-07-14 16:12 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Media Center Programs
2016-12-06 08:56 - 2016-12-06 08:57 - 00257996 _____ C:\Users\WP\Downloads\folhas 1 e 27.pdf
2016-12-05 03:32 - 2016-12-05 03:32 - 00025490 _____ C:\Users\WP\Downloads\GERENCIA - ESCALA DE ENFERMAGEM.xlsx
2016-12-05 03:32 - 2016-12-05 03:32 - 00025490 _____ C:\Users\WP\Downloads\GERENCIA - ESCALA DE ENFERMAGEM (1).xlsx
2016-12-03 07:07 - 2016-12-03 07:07 - 00008236 _____ C:\Users\WP\Downloads\Contracheque (1).pdf
2016-12-02 19:06 - 2016-12-02 19:06 - 00752589 _____ C:\Users\WP\Downloads\Fatura (7).pdf
2016-12-02 19:06 - 2016-12-02 19:06 - 00752589 _____ C:\Users\WP\Downloads\Fatura (6).pdf
2016-12-02 18:59 - 2016-12-02 18:59 - 00752589 _____ C:\Users\WP\Downloads\Fatura (5).pdf
2016-12-02 18:58 - 2016-12-02 18:59 - 00708841 _____ C:\Users\WP\Downloads\Fatura (4).pdf
2016-12-02 18:56 - 2016-12-02 18:56 - 00708841 _____ C:\Users\WP\Downloads\Fatura (3).pdf
2016-12-02 18:50 - 2016-12-02 18:50 - 00678565 _____ C:\Users\WP\Downloads\Fatura (2).pdf
2016-12-02 18:48 - 2016-12-02 18:48 - 00707559 _____ C:\Users\WP\Downloads\Fatura (1).pdf
2016-12-02 18:48 - 2016-12-02 18:48 - 00549095 _____ C:\Users\WP\Downloads\Fatura.pdf
2016-11-29 13:03 - 2016-11-29 13:03 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2016-11-29 12:47 - 2016-11-29 12:52 - 138340521 _____ C:\Users\Administrador\Downloads\The Elements of Pizza.epub
2016-11-29 12:17 - 2016-11-29 13:10 - 00000000 ____D C:\Users\Administrador\Desktop\Apaga 1, Aparece Outro
2016-11-28 10:37 - 2016-12-16 09:58 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\Spotify
2016-11-28 10:36 - 2016-12-16 10:57 - 00000000 ____D C:\Users\Administrador\AppData\Local\Spotify
2016-11-28 00:03 - 2016-11-28 00:03 - 00021402 _____ C:\Users\Administrador\Downloads\Curriculum_vitæ_Marcela_Nª2163715354_.zip
2016-11-28 00:02 - 2016-11-28 00:02 - 00063222 _____ C:\Users\Administrador\Downloads\Curriculun Vitae.zip
2016-11-28 00:02 - 2016-11-28 00:02 - 00063222 _____ C:\Users\Administrador\Downloads\Curriculun Vitae (1).zip
2016-11-28 00:02 - 2016-11-28 00:02 - 00000520 _____ C:\Users\Administrador\Downloads\Curriculun Vitae 641885 .html
2016-11-27 18:00 - 2016-12-16 10:39 - 00000000 ____D C:\Users\Administrador\AppData\LocalLow\Mozilla
2016-11-24 10:02 - 2016-11-24 10:02 - 00012935 _____ C:\Users\WP\Downloads\400208529149.pdf
2016-11-24 09:51 - 2016-11-24 09:51 - 00048939 _____ C:\Users\WP\Downloads\contraCheque.pdf
2016-11-23 22:04 - 2016-11-23 22:05 - 05795914 _____ C:\Users\WP\Downloads\gab_preliminar_todos_cargos.pdf
2016-11-19 17:40 - 2016-11-19 17:40 - 00187925 _____ C:\Users\WP\Downloads\1317-2204-1-PB.pdf
2016-11-19 00:18 - 2016-12-15 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-18 19:50 - 2016-12-15 01:25 - 00000000 ____D C:\Users\WP\AppData\LocalLow\Mozilla
2016-11-18 08:05 - 2016-11-18 08:05 - 00453146 _____ C:\Users\WP\Downloads\prova_301_24.pdf
2016-11-18 08:05 - 2016-11-18 08:05 - 00208880 _____ C:\Users\WP\Downloads\gabarito_definitivo.pdf
2016-11-18 07:55 - 2016-11-18 07:55 - 01005205 _____ C:\Users\WP\Downloads\ebserh_117.pdf
2016-11-18 00:19 - 2016-12-05 19:14 - 00000000 ____D C:\Users\WP\AppData\Local\Mozilla Firefox
2016-11-16 17:09 - 2016-11-16 17:09 - 03071465 _____ C:\Users\WP\Downloads\Guidelines for the Provision and Assessment of Nutrition Support Therapy in the Adult Critically Ill (1) (1).pdf
2016-11-16 17:06 - 2016-11-16 17:06 - 03071465 _____ C:\Users\WP\Downloads\Guidelines for the Provision and Assessment of Nutrition Support Therapy in the Adult Critically Ill (1).pdf
2016-11-16 16:12 - 2016-11-16 16:13 - 04492760 _____ C:\Users\WP\Downloads\DSTs fotos.zip
2016-11-16 07:40 - 2016-11-16 07:40 - 00248552 _____ C:\Users\WP\Downloads\enfermeiro.pdf
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-12-16 16:41 - 2016-05-06 07:53 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-12-16 15:53 - 2016-04-06 18:32 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-16 11:22 - 2016-04-06 18:32 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-15 22:04 - 2016-05-05 17:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 19:21 - 2016-11-03 17:01 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-15 19:21 - 2016-11-03 17:01 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-15 19:21 - 2016-11-03 17:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-15 19:21 - 2016-11-03 17:01 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-15 19:21 - 2016-09-25 12:24 - 00000000 ____D C:\Users\Administrador\AppData\Local\Adobe
2016-12-15 10:08 - 2016-05-05 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-15 07:47 - 2016-05-06 07:53 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-12-15 07:47 - 2016-05-06 07:53 - 00000000 ____D C:\ProgramData\GbPlugin
2016-12-15 06:54 - 2009-07-14 02:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-15 06:54 - 2009-07-14 02:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-15 06:52 - 2009-07-14 15:55 - 00654716 _____ C:\Windows\system32\prfh0416.dat
2016-12-15 06:52 - 2009-07-14 15:55 - 00124910 _____ C:\Windows\system32\prfc0416.dat
2016-12-15 06:52 - 2009-07-14 03:13 - 01493444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-15 06:52 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-12-15 06:51 - 2016-05-06 07:55 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-12-15 06:47 - 2016-05-12 21:27 - 00000216 _____ C:\Windows\Tasks\AutoKMS.job
2016-12-15 06:46 - 2016-05-06 07:53 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2016-12-15 06:46 - 2016-05-06 07:53 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-12-15 06:46 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-15 02:21 - 2016-09-07 04:39 - 00000000 ____D C:\Users\WP\AppData\Local\Spotify
2016-12-15 02:11 - 2016-09-07 04:32 - 00000000 ____D C:\Users\WP\AppData\Roaming\Spotify
2016-12-14 23:47 - 2016-05-05 14:42 - 00000000 ____D C:\Users\WP\AppData\LocalLow\Temp
2016-12-14 21:57 - 2016-04-06 18:32 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 16:26 - 2016-08-29 17:47 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\SoftGrid Client
2016-12-13 01:06 - 2016-05-12 21:18 - 00000000 ____D C:\Users\WP\AppData\Roaming\SoftGrid Client
2016-12-10 14:58 - 2016-09-13 09:39 - 00002159 _____ C:\Users\WP\Desktop\Itaú.lnk
2016-12-10 14:58 - 2016-09-13 09:39 - 00000000 ____D C:\Users\WP\AppData\Local\Aplicativo Itau
2016-12-09 10:59 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-12-08 22:40 - 2016-08-29 17:48 - 00000000 ___SD C:\Users\Administrador\AppData\LocalLow\Temp
2016-12-08 19:51 - 2016-05-19 17:00 - 00000000 ____D C:\Users\Administrador\Desktop\Seap EDA
2016-12-07 10:43 - 2016-08-15 15:26 - 00000000 ____D C:\Users\Administrador\Desktop\UPA - SUELLEN
2016-12-06 11:01 - 2016-10-11 22:48 - 00000000 ____D C:\Users\WP\Desktop\PLANTÃO UPA - FAVOR NÃO MEXER NA PASTA
2016-12-03 22:42 - 2009-07-14 03:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-01 20:11 - 2016-08-11 20:50 - 00000000 ____D C:\Users\WP\Desktop\UPA - POR FAVOR, NÃO APAGAR!!!!
2016-11-29 15:33 - 2016-05-05 18:02 - 00000000 ____D C:\Users\Administrador\AppData\Local\ElevatedDiagnostics
2016-11-28 10:36 - 2016-09-07 04:39 - 00002074 _____ C:\Users\WP\Desktop\Spotify.lnk
==================== Arquivos na raiz de alguns diretórios =======
2016-12-16 13:33 - 2016-12-16 13:33 - 0077744 _____ () C:\Users\MD1\AppData\Local\bsdw.jpg
2016-12-06 14:55 - 2016-12-06 15:04 - 0000019 _____ () C:\ProgramData\nb1_c.ini
Alguns arquivos em TEMP:
====================
C:\Users\WP\AppData\Local\Temp\aplicativoitau.exe
C:\Users\WP\AppData\Local\Temp\SpotifyUninstall.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-12-14 04:56
==================== Fim de FRST.txt ============================
Executado por MD1 (administrador) em WP-MEGA (16-12-2016 16:41:07)
Executando a partir de C:\Users\MD1\Downloads
Perfis Carregados: WP & MD1 & Administrador (Perfis Disponíveis: WP & Caroline Pinho & MD1 & Administrador)
Platform: Windows 7 Professional (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
() C:\Windows\SysWOW64\srts\wmipr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\System32\wnba\csrss.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
() C:\Windows\System32\resmon\csvc.exe
() C:\Windows\System32\systsk\age.exe
() C:\Windows\SysWOW64\cksvc\apwrk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\WP\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Windows\System32\resmon\csvc.exe
() C:\Windows\SysWOW64\cksvc\apwrk.exe
() C:\Windows\System32\systsk\age.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
() C:\Windows\System32\resmon\csvc.exe
() C:\Windows\SysWOW64\cksvc\apwrk.exe
() C:\Windows\System32\systsk\age.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(XBMC-Foundation) C:\Program Files (x86)\Kodi\kodi.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-09-13] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2016-11-18] (Banco Itaú Unibanco)
HKU\S-1-5-21-3812218261-3367438231-1600833196-1000\...\MountPoints2: {1cb630c7-fc30-11e5-a1a7-806e6f6e6963} - D:\Autorun.EXE
HKU\S-1-5-21-3812218261-3367438231-1600833196-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3812218261-3367438231-1600833196-1002\...\Run: [GoogleChromeAutoLaunch_818BE4756B9A8669E27ACCBA1B0D00E4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\...\Run: [Spotify Web Helper] => C:\Users\WP\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-12] (Spotify Ltd)
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\...\Run: [Spotify] => C:\Users\WP\AppData\Roaming\Spotify\Spotify.exe [7095408 2016-12-12] (Spotify Ltd)
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2009-07-13] (Microsoft Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1951968 2016-11-18] (Banco Itaú Unibanco)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-09-13] (Caixa Economica Federal)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 177.38.102.33 8.8.8.8
Tcpip\..\Interfaces\{23788FD9-4916-45E8-B579-C09DF1EDC6D5}: [DhcpNameServer] 177.38.102.33 8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-3812218261-3367438231-1600833196-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3812218261-3367438231-1600833196-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-3812218261-3367438231-1600833196-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-3812218261-3367438231-1600833196-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com
HKU\S-1-5-21-3812218261-3367438231-1600833196-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com
SearchScopes: HKLM -> DefaultScope {73287954-7A0E-4A69-BAE4-4DC9D9024D2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {73287954-7A0E-4A69-BAE4-4DC9D9024D2A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {F736E0A5-8C5C-4F8A-B414-95554C6892B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {F736E0A5-8C5C-4F8A-B414-95554C6892B1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3812218261-3367438231-1600833196-1000 -> DefaultScope {F736E0A5-8C5C-4F8A-B414-95554C6892B1} URL =
SearchScopes: HKU\S-1-5-21-3812218261-3367438231-1600833196-1002 -> DefaultScope {F736E0A5-8C5C-4F8A-B414-95554C6892B1} URL =
SearchScopes: HKU\S-1-5-21-3812218261-3367438231-1600833196-500 -> DefaultScope {F736E0A5-8C5C-4F8A-B414-95554C6892B1} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Sem Nome -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Nenhum Arquivo
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO-x32: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-09-13] (Caixa Economica Federal)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2016-11-18] (Banco Itaú Unibanco)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3812218261-3367438231-1600833196-1000 -> Sem Nome - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-3812218261-3367438231-1600833196-1002 -> Sem Nome - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-3812218261-3367438231-1600833196-500 -> Sem Nome - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Nenhum Arquivo
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-04-19] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-04-19] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-04-19] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-04-19] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 431lvk0s.default
FF ProfilePath: C:\Users\MD1\AppData\Roaming\Mozilla\Firefox\Profiles\431lvk0s.default [2016-12-16]
FF Homepage: Mozilla\Firefox\Profiles\431lvk0s.default -> hxxp://10.9.181.200/UPA24H/Login.aspx
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.br/
CHR Profile: C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default [2016-12-16]
CHR Extension: (Google Tradutor) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-12-16]
CHR Extension: (Google Apresentações) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-06]
CHR Extension: (Asus Download Master) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\akidbpofokakpmmabjlpcgplfmbmcemj [2016-12-16]
CHR Extension: (Conexão Mega) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpnbbiimmmmibiefgnhmekkgpnflghn [2016-12-16]
CHR Extension: (Google Docs) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-06]
CHR Extension: (Google Drive) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-06]
CHR Extension: (MEGA) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2016-12-16]
CHR Extension: (YouTube) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-06]
CHR Extension: () - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-12-16]
CHR Extension: (Adblock Plus) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-12-16]
CHR Extension: (Telegram) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\clhhggbfdinjmjhajaheehoeibfljjno [2016-12-16]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-12-16]
CHR Extension: (Spotify - Music for every moment) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2016-12-16]
CHR Extension: (WifiTransfer - Instant wireless file transfer) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmnhcblgohjilfjffdkfikgpakhgajc [2016-12-16]
CHR Extension: (Spotifinder, Spotify and Youtube launcher.) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihejbblncmfbklmoadloifongaomcaa [2016-12-16]
CHR Extension: (Asus Download Master Link Handler) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijljffkkhjjmoikgcepbiodfloejcfm [2016-12-16]
CHR Extension: (Cloud Storage Direct Links) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbkkphfailagfnjpgmddfmghblmggbja [2016-12-16]
CHR Extension: (Planilhas do Google) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-06]
CHR Extension: (retroLink) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fialekndleeclflilkpdcgdbboiibdab [2016-12-16]
CHR Extension: (Favoritos do iCloud) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-12-16]
CHR Extension: (Radios do Brasil) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\foloenejobmljmemkomjcofkdjdnkggn [2016-12-16]
CHR Extension: (Área de trabalho remota do Google Chrome) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-12-16]
CHR Extension: (Documentos Google off-line) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-06]
CHR Extension: (Google Keep - notas e listas) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-12-16]
CHR Extension: (NEnhancer) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgcapepbm [2016-12-16]
CHR Extension: (Ajustes do iCloud) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilpghekcaoihmcekncnhmckmlnppnifp [2016-12-16]
CHR Extension: (SoundCloud) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2016-12-16]
CHR Extension: (ASUS Download Master Plugin) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjahdcjadampelfmhkbceiledefjfnga [2016-12-16]
CHR Extension: (Awesome Facebook Widget [ANTP]) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\klpmobilbpcccgegofocnlfmallakegc [2016-12-16]
CHR Extension: (Google Play) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-12-16]
CHR Extension: (Evernote Web) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-12-16]
CHR Extension: (Google Maps) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-12-16]
CHR Extension: (Extensão do Google Keep para o Chrome) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2016-12-16]
CHR Extension: (AppleTV AirPlay Remote) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkpajhmkokbofklfighdhlbkmjimaekg [2016-12-16]
CHR Extension: (Baixou Agora) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfjpmeddmamejnmmppjlfglfhcjbbai [2016-12-16]
CHR Extension: (LocalChromecast Player) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2016-12-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-06]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-12-16]
CHR Extension: (Spotify instant music) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifnoknfhgjfalmklpdakkjjonpnkpkd [2016-12-16]
CHR Extension: (Gmail) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\MD1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 DpsiBSvc; c:\windows\syswow64\srts\wmipr.exe [2841920 2016-12-06] ()
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-11-26] (GAS Tecnologia)
S2 InstallerWrapperService; C:\Program Files\TrueKey\InstallerWrapperService.exe [47688 2016-07-19] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe [329480 2016-12-02] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3899696 2016-03-16] (INCA Internet Co., Ltd.)
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [1926616 2016-08-29] (Scopus Soluções em TI Ltda)
R2 SL2Svc; c:\windows\system32\wnba\csrss.exe [9678656 2016-12-06] ()
R2 SL2Svc; c:\windows\SysWOW64\wnba\csrss.exe [9678656 2016-12-06] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [925744 2016-06-23] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-12-16] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-12-15] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-07-09] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-22] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-12-15] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [97376 2016-06-08] (GAS Tecnologia)
R4 WinDivert1.1; \??\C:\Program Files\Diebold\Warsaw\WinDivert64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-12-16 16:41 - 2016-12-16 16:41 - 00024703 _____ C:\Users\MD1\Downloads\FRST.txt
2016-12-16 16:41 - 2016-12-16 16:41 - 00000000 ____D C:\FRST
2016-12-16 16:40 - 2016-12-16 16:40 - 02420224 _____ (Farbar) C:\Users\MD1\Downloads\FRST64.exe
2016-12-16 16:40 - 2016-12-16 16:40 - 02420224 _____ (Farbar) C:\Users\MD1\Downloads\FRST64 (1).exe
2016-12-16 16:37 - 2016-12-16 16:38 - 02729024 _____ (DLL-Files.com Client ) C:\Users\MD1\Downloads\clientsetup_d-0.exe
2016-12-16 16:12 - 2016-12-16 16:12 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-12-16 16:09 - 2016-12-16 16:09 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-12-16 16:09 - 2016-12-16 16:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-16 16:00 - 2016-12-16 16:12 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-12-16 15:43 - 2016-12-16 15:43 - 191926000 _____ C:\Users\MD1\Downloads\Não confirmado 198693.crdownload
2016-12-16 15:32 - 2016-12-16 15:58 - 85176103 _____ (XBMC-Foundation) C:\Users\MD1\Downloads\kodi-17.0-Krypton_beta6.exe
2016-12-16 11:21 - 2016-12-16 11:25 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2016-12-16 11:16 - 2016-12-06 14:46 - 16042222 _____ C:\Users\MD1\blok_free_64bit.rar
2016-12-16 11:13 - 2016-12-16 11:16 - 02206940 _____ C:\Users\MD1\PLANTÃO UPA - FAVOR NÃO MEXER NA PASTA.rar
2016-12-15 23:49 - 2016-12-15 23:59 - 39335125 _____ C:\Users\Administrador\Downloads\wetransfer-ea2d52.zip
2016-12-15 20:32 - 2016-12-15 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-12-15 20:32 - 2016-12-15 20:32 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-15 19:21 - 2016-12-15 19:21 - 00000000 ____D C:\Users\Todos os Usuários\McAfee Security Scan
2016-12-15 19:21 - 2016-12-15 19:21 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2016-12-15 19:21 - 2016-12-15 19:21 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-12-15 19:21 - 2016-12-15 19:21 - 00000000 ____D C:\ProgramData\McAfee
2016-12-15 19:21 - 2016-12-15 19:21 - 00000000 ____D C:\Program Files\TrueKey
2016-12-15 06:50 - 2016-06-16 19:43 - 00036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2016-12-15 06:50 - 2016-06-16 19:43 - 00008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2016-12-15 06:50 - 2016-06-08 19:43 - 00097376 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2016-12-15 02:21 - 2016-12-15 02:21 - 00062847 _____ C:\Users\WP\Downloads\RptView(2).aspx
2016-12-15 02:21 - 2016-12-15 02:21 - 00062173 _____ C:\Users\WP\Downloads\RptView.aspx
2016-12-15 02:21 - 2016-12-15 02:21 - 00055008 _____ C:\Users\WP\Downloads\RptView(1).aspx
2016-12-15 01:31 - 2016-12-15 01:32 - 00224209 _____ C:\Users\WP\Downloads\AVALIAÇÃO_ALUNO_GERENCIA_2016.pdf
2016-12-14 22:41 - 2016-12-14 22:41 - 00234250 _____ C:\Users\WP\Downloads\320100416113458.pdf
2016-12-13 14:58 - 2016-12-16 14:04 - 00000000 ___SD C:\Users\MD1\AppData\LocalLow\Temp
2016-12-13 14:57 - 2016-12-16 10:58 - 00000000 ____D C:\Users\MD1\AppData\Roaming\SoftGrid Client
2016-12-13 14:57 - 2016-12-13 14:57 - 00000000 ____D C:\Users\MD1\AppData\Local\SoftGrid Client
2016-12-13 09:49 - 2016-12-13 09:49 - 00038211 _____ C:\Users\WP\Downloads\boleto3927374.pdf
2016-12-11 05:39 - 2016-12-11 05:39 - 00133343 _____ C:\Users\WP\Downloads\Esquema para realizar a análise sintática de uma frase.pdf
2016-12-11 05:38 - 2016-12-11 05:38 - 00426047 _____ C:\Users\WP\Desktop\analise_sintatica_2ed.pdf
2016-12-10 14:58 - 2016-12-10 14:58 - 00000000 ____D C:\Users\WP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2016-12-07 19:27 - 2016-12-07 19:27 - 00038708 _____ C:\Users\Administrador\Downloads\408
2016-12-07 19:26 - 2016-12-07 19:26 - 00940116 _____ C:\Users\Administrador\Downloads\APOSTILA_LOGICA-PROPOSICOES-CONECTIVOS-TABELA-VERDADE.pdf
2016-12-07 18:39 - 2016-12-07 18:39 - 00969000 _____ C:\Users\Administrador\Downloads\UNIDADE_4.pdf
2016-12-07 17:05 - 2016-12-07 17:05 - 488152865 _____ C:\Windows\MEMORY.DMP
2016-12-07 17:05 - 2016-12-07 17:05 - 00280472 _____ C:\Windows\Minidump\120716-14695-01.dmp
2016-12-07 17:05 - 2016-12-07 17:05 - 00000000 ____D C:\Windows\Minidump
2016-12-06 19:07 - 2016-12-06 19:07 - 00000000 ____D C:\Users\MD1\AppData\Local\ElevatedDiagnostics
2016-12-06 19:05 - 2016-12-06 19:05 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Samsung
2016-12-06 16:40 - 2016-12-06 16:40 - 00232067 _____ C:\Users\MD1\Downloads\tubos_qua.zip
2016-12-06 14:55 - 2016-12-06 15:04 - 00000019 _____ C:\Users\Todos os Usuários\nb1_c.ini
2016-12-06 14:55 - 2016-12-06 15:04 - 00000019 _____ C:\ProgramData\nb1_c.ini
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ___HD C:\Program Files\tnba
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ___HD C:\CRSYS
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\SysWOW64\wnba
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\SysWOW64\srts
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\SysWOW64\cksvc
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\system32\wnba
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\system32\systsk
2016-12-06 14:49 - 2016-12-06 14:49 - 00000000 ____D C:\Windows\system32\resmon
2016-12-06 14:48 - 2016-12-06 14:48 - 00000000 ____D C:\Users\MD1\AppData\Roaming\WinRAR
2016-12-06 14:38 - 2016-12-06 14:38 - 00058352 _____ C:\Users\MD1\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-06 14:23 - 2016-12-06 14:23 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Adobe
2016-12-06 14:23 - 2016-12-06 14:23 - 00000000 ____D C:\Users\MD1\AppData\Local\Adobe
2016-12-06 14:20 - 2016-12-06 14:23 - 00000000 ____D C:\Users\MD1\Nova pasta
2016-12-06 14:18 - 2016-12-06 14:18 - 00000037 _____ C:\Users\MD1\klinicos.txt
2016-12-06 14:14 - 2016-12-16 16:14 - 00000000 ____D C:\Users\MD1\PLANTÃO UPA - FAVOR NÃO MEXER NA PASTA
2016-12-06 13:55 - 2016-12-16 16:16 - 00000000 ____D C:\Users\MD1\AppData\LocalLow\Mozilla
2016-12-06 13:55 - 2016-12-16 11:17 - 00000000 ____D C:\Users\MD1
2016-12-06 13:55 - 2016-12-06 14:37 - 00000000 ____D C:\Users\MD1\AppData\Local\Google
2016-12-06 13:55 - 2016-12-06 14:03 - 00000000 ____D C:\Users\MD1\AppData\Local\Mozilla
2016-12-06 13:55 - 2016-12-06 13:55 - 00001427 _____ C:\Users\MD1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-06 13:55 - 2016-12-06 13:55 - 00001393 _____ C:\Users\MD1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-12-06 13:55 - 2016-12-06 13:55 - 00000020 ___SH C:\Users\MD1\ntuser.ini
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Modelos
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Meus documentos
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Menu Iniciar
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Documents\Minhas músicas
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Documents\Minhas imagens
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Documents\Meus vídeos
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Dados de aplicativos
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Configurações locais
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\AppData\Local\Histórico
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\AppData\Local\Dados de aplicativos
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Ambiente de rede
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 _SHDL C:\Users\MD1\Ambiente de impressão
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Mozilla
2016-12-06 13:55 - 2016-12-06 13:55 - 00000000 ____D C:\Users\MD1\AppData\Local\VirtualStore
2016-12-06 13:55 - 2009-07-14 16:12 - 00000000 ____D C:\Users\MD1\AppData\Roaming\Media Center Programs
2016-12-06 08:56 - 2016-12-06 08:57 - 00257996 _____ C:\Users\WP\Downloads\folhas 1 e 27.pdf
2016-12-05 03:32 - 2016-12-05 03:32 - 00025490 _____ C:\Users\WP\Downloads\GERENCIA - ESCALA DE ENFERMAGEM.xlsx
2016-12-05 03:32 - 2016-12-05 03:32 - 00025490 _____ C:\Users\WP\Downloads\GERENCIA - ESCALA DE ENFERMAGEM (1).xlsx
2016-12-03 07:07 - 2016-12-03 07:07 - 00008236 _____ C:\Users\WP\Downloads\Contracheque (1).pdf
2016-12-02 19:06 - 2016-12-02 19:06 - 00752589 _____ C:\Users\WP\Downloads\Fatura (7).pdf
2016-12-02 19:06 - 2016-12-02 19:06 - 00752589 _____ C:\Users\WP\Downloads\Fatura (6).pdf
2016-12-02 18:59 - 2016-12-02 18:59 - 00752589 _____ C:\Users\WP\Downloads\Fatura (5).pdf
2016-12-02 18:58 - 2016-12-02 18:59 - 00708841 _____ C:\Users\WP\Downloads\Fatura (4).pdf
2016-12-02 18:56 - 2016-12-02 18:56 - 00708841 _____ C:\Users\WP\Downloads\Fatura (3).pdf
2016-12-02 18:50 - 2016-12-02 18:50 - 00678565 _____ C:\Users\WP\Downloads\Fatura (2).pdf
2016-12-02 18:48 - 2016-12-02 18:48 - 00707559 _____ C:\Users\WP\Downloads\Fatura (1).pdf
2016-12-02 18:48 - 2016-12-02 18:48 - 00549095 _____ C:\Users\WP\Downloads\Fatura.pdf
2016-11-29 13:03 - 2016-11-29 13:03 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2016-11-29 12:47 - 2016-11-29 12:52 - 138340521 _____ C:\Users\Administrador\Downloads\The Elements of Pizza.epub
2016-11-29 12:17 - 2016-11-29 13:10 - 00000000 ____D C:\Users\Administrador\Desktop\Apaga 1, Aparece Outro
2016-11-28 10:37 - 2016-12-16 09:58 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\Spotify
2016-11-28 10:36 - 2016-12-16 10:57 - 00000000 ____D C:\Users\Administrador\AppData\Local\Spotify
2016-11-28 00:03 - 2016-11-28 00:03 - 00021402 _____ C:\Users\Administrador\Downloads\Curriculum_vitæ_Marcela_Nª2163715354_.zip
2016-11-28 00:02 - 2016-11-28 00:02 - 00063222 _____ C:\Users\Administrador\Downloads\Curriculun Vitae.zip
2016-11-28 00:02 - 2016-11-28 00:02 - 00063222 _____ C:\Users\Administrador\Downloads\Curriculun Vitae (1).zip
2016-11-28 00:02 - 2016-11-28 00:02 - 00000520 _____ C:\Users\Administrador\Downloads\Curriculun Vitae 641885 .html
2016-11-27 18:00 - 2016-12-16 10:39 - 00000000 ____D C:\Users\Administrador\AppData\LocalLow\Mozilla
2016-11-24 10:02 - 2016-11-24 10:02 - 00012935 _____ C:\Users\WP\Downloads\400208529149.pdf
2016-11-24 09:51 - 2016-11-24 09:51 - 00048939 _____ C:\Users\WP\Downloads\contraCheque.pdf
2016-11-23 22:04 - 2016-11-23 22:05 - 05795914 _____ C:\Users\WP\Downloads\gab_preliminar_todos_cargos.pdf
2016-11-19 17:40 - 2016-11-19 17:40 - 00187925 _____ C:\Users\WP\Downloads\1317-2204-1-PB.pdf
2016-11-19 00:18 - 2016-12-15 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-18 19:50 - 2016-12-15 01:25 - 00000000 ____D C:\Users\WP\AppData\LocalLow\Mozilla
2016-11-18 08:05 - 2016-11-18 08:05 - 00453146 _____ C:\Users\WP\Downloads\prova_301_24.pdf
2016-11-18 08:05 - 2016-11-18 08:05 - 00208880 _____ C:\Users\WP\Downloads\gabarito_definitivo.pdf
2016-11-18 07:55 - 2016-11-18 07:55 - 01005205 _____ C:\Users\WP\Downloads\ebserh_117.pdf
2016-11-18 00:19 - 2016-12-05 19:14 - 00000000 ____D C:\Users\WP\AppData\Local\Mozilla Firefox
2016-11-16 17:09 - 2016-11-16 17:09 - 03071465 _____ C:\Users\WP\Downloads\Guidelines for the Provision and Assessment of Nutrition Support Therapy in the Adult Critically Ill (1) (1).pdf
2016-11-16 17:06 - 2016-11-16 17:06 - 03071465 _____ C:\Users\WP\Downloads\Guidelines for the Provision and Assessment of Nutrition Support Therapy in the Adult Critically Ill (1).pdf
2016-11-16 16:12 - 2016-11-16 16:13 - 04492760 _____ C:\Users\WP\Downloads\DSTs fotos.zip
2016-11-16 07:40 - 2016-11-16 07:40 - 00248552 _____ C:\Users\WP\Downloads\enfermeiro.pdf
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-12-16 16:41 - 2016-05-06 07:53 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-12-16 15:53 - 2016-04-06 18:32 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-16 11:22 - 2016-04-06 18:32 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-15 22:04 - 2016-05-05 17:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 19:21 - 2016-11-03 17:01 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-15 19:21 - 2016-11-03 17:01 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-15 19:21 - 2016-11-03 17:01 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-15 19:21 - 2016-11-03 17:01 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-15 19:21 - 2016-09-25 12:24 - 00000000 ____D C:\Users\Administrador\AppData\Local\Adobe
2016-12-15 10:08 - 2016-05-05 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-15 07:47 - 2016-05-06 07:53 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-12-15 07:47 - 2016-05-06 07:53 - 00000000 ____D C:\ProgramData\GbPlugin
2016-12-15 06:54 - 2009-07-14 02:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-15 06:54 - 2009-07-14 02:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-15 06:52 - 2009-07-14 15:55 - 00654716 _____ C:\Windows\system32\prfh0416.dat
2016-12-15 06:52 - 2009-07-14 15:55 - 00124910 _____ C:\Windows\system32\prfc0416.dat
2016-12-15 06:52 - 2009-07-14 03:13 - 01493444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-15 06:52 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-12-15 06:51 - 2016-05-06 07:55 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-12-15 06:47 - 2016-05-12 21:27 - 00000216 _____ C:\Windows\Tasks\AutoKMS.job
2016-12-15 06:46 - 2016-05-06 07:53 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2016-12-15 06:46 - 2016-05-06 07:53 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-12-15 06:46 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-15 02:21 - 2016-09-07 04:39 - 00000000 ____D C:\Users\WP\AppData\Local\Spotify
2016-12-15 02:11 - 2016-09-07 04:32 - 00000000 ____D C:\Users\WP\AppData\Roaming\Spotify
2016-12-14 23:47 - 2016-05-05 14:42 - 00000000 ____D C:\Users\WP\AppData\LocalLow\Temp
2016-12-14 21:57 - 2016-04-06 18:32 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 16:26 - 2016-08-29 17:47 - 00000000 ____D C:\Users\Administrador\AppData\Roaming\SoftGrid Client
2016-12-13 01:06 - 2016-05-12 21:18 - 00000000 ____D C:\Users\WP\AppData\Roaming\SoftGrid Client
2016-12-10 14:58 - 2016-09-13 09:39 - 00002159 _____ C:\Users\WP\Desktop\Itaú.lnk
2016-12-10 14:58 - 2016-09-13 09:39 - 00000000 ____D C:\Users\WP\AppData\Local\Aplicativo Itau
2016-12-09 10:59 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-12-08 22:40 - 2016-08-29 17:48 - 00000000 ___SD C:\Users\Administrador\AppData\LocalLow\Temp
2016-12-08 19:51 - 2016-05-19 17:00 - 00000000 ____D C:\Users\Administrador\Desktop\Seap EDA
2016-12-07 10:43 - 2016-08-15 15:26 - 00000000 ____D C:\Users\Administrador\Desktop\UPA - SUELLEN
2016-12-06 11:01 - 2016-10-11 22:48 - 00000000 ____D C:\Users\WP\Desktop\PLANTÃO UPA - FAVOR NÃO MEXER NA PASTA
2016-12-03 22:42 - 2009-07-14 03:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-01 20:11 - 2016-08-11 20:50 - 00000000 ____D C:\Users\WP\Desktop\UPA - POR FAVOR, NÃO APAGAR!!!!
2016-11-29 15:33 - 2016-05-05 18:02 - 00000000 ____D C:\Users\Administrador\AppData\Local\ElevatedDiagnostics
2016-11-28 10:36 - 2016-09-07 04:39 - 00002074 _____ C:\Users\WP\Desktop\Spotify.lnk
==================== Arquivos na raiz de alguns diretórios =======
2016-12-16 13:33 - 2016-12-16 13:33 - 0077744 _____ () C:\Users\MD1\AppData\Local\bsdw.jpg
2016-12-06 14:55 - 2016-12-06 15:04 - 0000019 _____ () C:\ProgramData\nb1_c.ini
Alguns arquivos em TEMP:
====================
C:\Users\WP\AppData\Local\Temp\aplicativoitau.exe
C:\Users\WP\AppData\Local\Temp\SpotifyUninstall.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-12-14 04:56
==================== Fim de FRST.txt ============================