Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 07-01-2017
Executado por sarah (administrador) em SARAH-PC (08-01-2017 12:01:35)
Executando a partir de C:\Users\sarah\Downloads
Perfis Carregados: sarah (Perfis Disponíveis: sarah)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKU\S-1-5-21-1977951524-2321422518-832991282-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3777728 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-1977951524-2321422518-832991282-1000\...\MountPoints2: {6e9a6c57-341c-11e1-a007-f426e9b1c882} - F:\CorelLauncher.exe
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4EF2BE8B-A8F0-4C61-82FE-CF3F71AF085C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{92C8F7A4-D7B1-42C5-894F-16B6DC000DA8}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1977951524-2321422518-832991282-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/?type=502468&fr=spigot-yhp-ie
HKU\S-1-5-21-1977951524-2321422518-832991282-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1977951524-2321422518-832991282-1000 -> {C0759D4E-7A1E-4ED0-B4AC-463AB6B85B20} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: tja9rdba.default
FF ProfilePath: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\tja9rdba.default [2017-01-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\tja9rdba.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\tja9rdba.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\tja9rdba.default -> hxxps://www.google.com.br/?gfe_rd=cr&ei=ZzpmWJ_6OYiF8Qft9ZGwCQ
FF Keyword.URL: Mozilla\Firefox\Profiles\tja9rdba.default -> hxxps://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=502468&p=
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-12-02] (Intel Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2016-12-22] (Disc Soft Ltd)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-12-30] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-12-30] (Disc Soft Ltd)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [3368448 2013-11-26] (Intel Corporation) [Arquivo não assinado]
R3 RtlWlanu; C:\Windows\System32\DRIVERS\DRTWlanU.sys [2911960 2014-07-30] (Realtek Semiconductor Corporation )
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2011-06-15] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [49808 2012-07-03] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27792 2012-08-31] (Realtek Corporation)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-08 11:51 - 2017-01-08 11:52 - 00027961 _____ C:\Users\sarah\Downloads\Addition.txt
2017-01-08 11:50 - 2017-01-08 12:01 - 00008028 _____ C:\Users\sarah\Downloads\FRST.txt
2017-01-08 11:50 - 2017-01-08 12:01 - 00000000 ____D C:\FRST
2017-01-08 11:49 - 2017-01-08 11:50 - 01760768 _____ (Farbar) C:\Users\sarah\Downloads\FRST.exe
2017-01-08 11:45 - 2017-01-08 11:43 - 00002819 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X8.lnk
2017-01-08 11:45 - 2017-01-08 11:43 - 00002816 _____ C:\Users\Public\Desktop\Corel CAPTURE X8.lnk
2017-01-08 11:45 - 2017-01-08 11:43 - 00002318 _____ C:\Users\Public\Desktop\Corel CONNECT X8.lnk
2017-01-08 11:45 - 2017-01-08 11:43 - 00002237 _____ C:\Users\Public\Desktop\Corel Font Manager X8.lnk
2017-01-08 11:45 - 2017-01-08 11:42 - 00002771 _____ C:\Users\Public\Desktop\CorelDRAW X8.lnk
2017-01-08 11:42 - 2017-01-08 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8
2017-01-08 03:50 - 2017-01-08 03:50 - 00000000 ____D C:\Users\sarah\Documents\My Palettes
2017-01-08 03:39 - 2017-01-08 03:53 - 00000000 ____D C:\Users\sarah\Documents\Corel
2017-01-08 03:39 - 2017-01-08 03:39 - 00000000 ____D C:\Users\Todos os Usuários\Protexis
2017-01-08 03:39 - 2017-01-08 03:39 - 00000000 ____D C:\ProgramData\Protexis
2017-01-08 02:42 - 2017-01-08 02:40 - 00002418 _____ C:\Users\Public\Desktop\Bitstream Font Navigator.lnk
2017-01-08 02:42 - 2017-01-08 02:39 - 00002819 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X7.lnk
2017-01-08 02:42 - 2017-01-08 02:39 - 00002816 _____ C:\Users\Public\Desktop\Corel CAPTURE X7.lnk
2017-01-08 02:42 - 2017-01-08 02:39 - 00002318 _____ C:\Users\Public\Desktop\Corel CONNECT X7.lnk
2017-01-08 02:42 - 2017-01-08 02:38 - 00002771 _____ C:\Users\Public\Desktop\CorelDRAW X7.lnk
2017-01-08 02:40 - 2017-01-08 02:40 - 00000000 ____D C:\Program Files\Common Files\Protexis
2017-01-08 02:39 - 2017-01-08 11:43 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-01-08 02:38 - 2017-01-08 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7
2017-01-08 02:36 - 2017-01-08 03:38 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X7
2017-01-08 02:36 - 2017-01-08 03:38 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7
2017-01-08 01:26 - 2017-01-08 02:34 - 00000000 ____D C:\Users\sarah\Downloads\CORELDRAW GRAPHICS SUITE X7 1 (32 bit + 64 bit)
2017-01-08 00:51 - 2017-01-08 03:39 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Corel
2017-01-08 00:51 - 2017-01-08 00:51 - 00000000 ____D C:\Program Files\gs
2017-01-08 00:49 - 2017-01-08 00:49 - 00000000 ____D C:\Users\Todos os Usuários\VsTelemetry
2017-01-08 00:49 - 2017-01-08 00:49 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-01-08 00:49 - 2017-01-08 00:49 - 00000000 ____D C:\Program Files\Common Files\Corel
2017-01-08 00:43 - 2017-01-08 11:45 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2017-01-08 00:43 - 2017-01-08 11:45 - 00000000 ____D C:\ProgramData\Corel
2017-01-08 00:42 - 2017-01-08 11:45 - 00000000 ____D C:\Program Files\Corel
2017-01-07 17:23 - 2017-01-07 17:23 - 00385024 _____ C:\Users\sarah\Downloads\CrackCorelDRAWX8_TutoDRAW.exe
2017-01-07 17:21 - 2017-01-07 18:03 - 1971255235 ____R C:\Users\sarah\Downloads\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen [SadeemPC].zip
2017-01-07 17:13 - 2017-01-07 17:13 - 02787020 _____ C:\Users\sarah\Desktop\guia_normalizacao_trabalhos_ufc_2013.pdf
2017-01-07 17:12 - 2017-01-07 17:13 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Foxit Software
2017-01-07 17:07 - 2017-01-08 02:41 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-01-07 17:07 - 2017-01-08 02:41 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-07 17:07 - 2017-01-07 17:07 - 00001028 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-01-07 17:07 - 2017-01-07 17:07 - 00000000 ____D C:\Users\Public\Foxit Software
2017-01-07 17:07 - 2017-01-07 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-01-07 17:07 - 2017-01-07 17:07 - 00000000 ____D C:\Program Files\Foxit Software
2017-01-07 17:07 - 2012-01-01 00:00 - 00000000 ____D C:\Users\Todos os Usuários\Foxit Software
2017-01-07 17:07 - 2012-01-01 00:00 - 00000000 ____D C:\ProgramData\Foxit Software
2017-01-02 21:52 - 2017-01-02 21:52 - 00000000 ____D C:\Users\sarah\Documents\Modelos Personalizados do Office
2017-01-01 22:56 - 2017-01-01 22:56 - 00000000 ____D C:\Users\sarah\AppData\Roaming\MPC-HC
2017-01-01 22:55 - 2017-01-01 22:55 - 00001832 _____ C:\Users\sarah\Desktop\MPC-HC.lnk
2017-01-01 22:55 - 2017-01-01 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2017-01-01 22:55 - 2017-01-01 22:55 - 00000000 ____D C:\Program Files\MPC-HC
2017-01-01 22:54 - 2017-01-01 22:55 - 12530872 _____ (MPC-HC Team ) C:\Users\sarah\Documents\media-player-classic-home-cinema-1-7-10-32-bit.exe
2017-01-01 22:51 - 2017-01-01 22:51 - 00000000 __RSH C:\MSDOS.SYS
2017-01-01 22:51 - 2017-01-01 22:51 - 00000000 __RSH C:\IO.SYS
2017-01-01 20:11 - 2017-01-01 20:35 - 00000000 ____D C:\Users\sarah\Downloads\Os Aventureiros do Bairro Proibido [1986] - BluRay 720p Dublado
2017-01-01 20:07 - 2017-01-01 20:35 - 00000000 ____D C:\Users\sarah\Downloads\Esquadrão Suicida 2016 Versão de Cinema WWW.BLUDV.COM
2017-01-01 18:18 - 2017-01-01 18:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-12-31 21:35 - 2016-12-31 21:35 - 00000000 ____D C:\Users\sarah\.QtWebEngineProcess
2016-12-31 21:35 - 2016-12-31 21:35 - 00000000 ____D C:\Users\sarah\.Mendeley Desktop
2016-12-31 21:34 - 2016-12-31 21:34 - 00001065 _____ C:\Users\Public\Desktop\Mendeley Desktop.lnk
2016-12-31 21:34 - 2016-12-31 21:34 - 00000000 ____D C:\Users\sarah\AppData\Local\Mendeley Ltd
2016-12-31 21:34 - 2016-12-31 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mendeley Desktop
2016-12-31 21:34 - 2016-12-31 21:34 - 00000000 ____D C:\Program Files\Mendeley Desktop
2016-12-31 21:32 - 2016-12-31 21:32 - 00000000 ____D C:\Users\sarah\Downloads\O Homem nas Trevas 2016 Bluray 1080p Dublado - TPF
2016-12-31 21:17 - 2016-12-31 21:17 - 00001908 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-12-31 21:17 - 2016-12-31 21:17 - 00001854 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-12-31 21:17 - 2016-12-31 21:17 - 00000000 ____D C:\Users\Todos os Usuários\Canneverbe Limited
2016-12-31 21:17 - 2016-12-31 21:17 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Canneverbe Limited
2016-12-31 21:17 - 2016-12-31 21:17 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2016-12-31 21:17 - 2016-12-31 21:17 - 00000000 ____D C:\Program Files\CDBurnerXP
2016-12-31 21:16 - 2016-12-31 21:16 - 06234192 _____ (Canneverbe Limited ) C:\Users\sarah\Documents\Baixaki_cdburnerxp [1].exe
2016-12-31 20:47 - 2016-12-31 20:47 - 00000000 ____D C:\Users\sarah\AppData\Local\Intel_Corporation
2016-12-30 21:06 - 2016-12-30 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-12-30 21:06 - 2016-12-30 21:06 - 00000000 ____D C:\Program Files\KMSpico
2016-12-30 21:06 - 2010-12-06 00:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2016-12-30 20:23 - 2016-12-30 20:23 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-12-30 20:23 - 2016-12-30 20:23 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-30 20:23 - 2016-12-30 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-30 20:23 - 2016-12-30 20:23 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-12-30 20:22 - 2016-12-30 20:23 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-12-30 20:22 - 2016-12-30 20:22 - 00000000 ____D C:\Windows\PCHEALTH
2016-12-30 20:19 - 2016-12-30 20:23 - 00000000 ____D C:\Windows\SHELLNEW
2016-12-30 20:19 - 2016-12-30 20:22 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-30 20:19 - 2016-12-30 20:19 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-12-30 20:18 - 2016-12-30 20:18 - 00000000 __RHD C:\MSOCache
2016-12-30 20:05 - 2016-12-30 20:05 - 00000000 ____D C:\Users\sarah\AppData\Local\Disc_Soft_Ltd
2016-12-30 19:59 - 2016-12-30 19:59 - 00040504 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-12-30 19:57 - 2016-12-30 20:17 - 00000000 ____D C:\Users\sarah\AppData\Roaming\DAEMON Tools Lite
2016-12-30 19:57 - 2016-12-30 19:59 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-12-30 19:57 - 2016-12-30 19:58 - 00026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-12-30 19:57 - 2016-12-30 19:57 - 00001935 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-12-30 19:57 - 2016-12-30 19:57 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-12-30 19:57 - 2016-12-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-12-30 19:56 - 2016-12-30 19:56 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2016-12-30 19:56 - 2016-12-30 19:56 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-12-30 19:49 - 2016-12-30 20:23 - 00000000 ____D C:\Program Files\Microsoft.NET
2016-12-30 18:51 - 2016-12-30 19:02 - 681619456 _____ C:\Users\sarah\Documents\pt_office_professional_plus_2013_x86_dvd_1134007.iso
2016-12-30 18:34 - 2016-12-30 20:26 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-12-30 18:34 - 2016-12-30 20:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-30 18:34 - 2016-12-30 18:34 - 00000000 ____D C:\Users\sarah\AppData\Local\Microsoft Help
2016-12-30 14:13 - 1996-12-24 23:32 - 33554432 ____N C:\Users\sarah\Downloads\Legend of Zelda, The - Ocarina of Time (USA).n64
2016-12-30 14:04 - 2017-01-01 17:23 - 00000000 ____D C:\Program Files\Project64 2.2
2016-12-30 14:04 - 2016-12-30 14:04 - 02583689 _____ (Project64 ) C:\Users\sarah\Downloads\project64-2-2-0-3.exe
2016-12-30 14:04 - 2016-12-30 14:04 - 00001016 _____ C:\Users\Public\Desktop\Project64 2.2.lnk
2016-12-30 14:04 - 2016-12-30 14:04 - 00000000 ____D C:\Users\sarah\AppData\Local\Programs
2016-12-30 14:02 - 2016-12-30 14:02 - 03342040 _____ C:\Users\sarah\Documents\Baixaki_winrar [1].exe
2016-12-30 14:02 - 2016-12-30 14:02 - 00000000 ____D C:\Users\sarah\AppData\Roaming\WinRAR
2016-12-30 14:02 - 2016-12-30 14:02 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-30 14:02 - 2016-12-30 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-30 14:02 - 2016-12-30 14:02 - 00000000 ____D C:\Program Files\WinRAR
2016-12-30 10:50 - 2017-01-08 01:25 - 00000000 ____D C:\Users\sarah\AppData\LocalLow\BitTorrent
2016-12-30 09:14 - 2016-12-30 09:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-12-30 08:35 - 2017-01-07 20:30 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{47a736c7-3459-11e1-ba98-909dd6933287}.TMContainer00000000000000000001.regtrans-ms
2016-12-30 08:35 - 2017-01-07 20:30 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{47a736c7-3459-11e1-ba98-909dd6933287}.TM.blf
2016-12-30 08:35 - 2016-12-30 08:48 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{47a736c7-3459-11e1-ba98-909dd6933287}.TMContainer00000000000000000002.regtrans-ms
2016-12-30 08:35 - 2014-05-14 14:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-12-30 08:35 - 2014-05-14 14:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-12-30 08:35 - 2014-05-14 14:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-12-30 08:35 - 2014-05-14 14:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-12-30 08:35 - 2014-05-14 14:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-12-30 08:35 - 2014-05-14 14:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-12-30 08:35 - 2014-05-14 14:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-12-30 08:35 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-12-30 08:35 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-12-30 08:34 - 2016-12-30 10:45 - 04483072 _____ C:\Users\sarah\Documents\Windows_7_todas.as.versoes_x86_ou_x64_pt-BR.iso
2016-12-30 08:34 - 2016-12-30 08:34 - 00000000 ____D C:\Users\sarah\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2016-12-30 08:33 - 2017-01-08 03:55 - 00000000 ____D C:\Users\sarah\AppData\Roaming\BitTorrent
2016-12-30 08:33 - 2016-12-30 08:33 - 00002650 _____ C:\Users\sarah\Desktop\BitTorrent.lnk
2016-12-30 08:33 - 2016-12-30 08:33 - 00002650 _____ C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-12-30 08:33 - 2016-12-30 08:33 - 00000000 ___SD C:\Users\sarah\AppData\LocalLow\Temp
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-08 11:48 - 2012-01-01 07:26 - 00000000 ____D C:\Users\sarah\AppData\LocalLow\Mozilla
2017-01-08 11:48 - 2009-07-14 02:34 - 00019088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-08 11:48 - 2009-07-14 02:34 - 00019088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-08 11:37 - 2011-04-12 02:47 - 00705070 _____ C:\Windows\system32\prfh0416.dat
2017-01-08 11:37 - 2011-04-12 02:47 - 00146910 _____ C:\Windows\system32\prfc0416.dat
2017-01-08 11:37 - 2010-11-20 19:01 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-08 11:37 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\inf
2017-01-08 00:43 - 2012-01-01 07:21 - 00136152 _____ C:\Users\sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-08 00:38 - 2009-07-14 02:33 - 00503848 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-08 00:08 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-31 21:35 - 2012-01-01 06:57 - 00000000 ____D C:\Users\sarah
2016-12-31 21:34 - 2012-01-01 06:57 - 00000000 ____D C:\Users\sarah\AppData\Local
2016-12-31 21:32 - 2012-01-01 06:57 - 00000000 ___RD C:\Users\sarah\Videos
2016-12-30 23:42 - 2012-01-01 06:57 - 00000000 ___RD C:\Users\sarah\Music
2016-12-30 20:37 - 2010-11-20 19:48 - 00010060 _____ C:\Windows\PFRO.log
2016-12-30 20:25 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-30 20:22 - 2012-01-01 07:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-30 20:20 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-30 20:20 - 2009-07-14 00:04 - 00000478 _____ C:\Windows\win.ini
2016-12-30 19:59 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\catroot
2016-12-30 19:54 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\pt-BR
2016-12-30 19:53 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\LogFiles
2016-12-30 19:49 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\en-US
2016-12-30 14:02 - 2012-01-01 06:57 - 00000000 ___RD C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-30 11:12 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\rescache
2016-12-30 11:12 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\Logs
2016-12-30 11:06 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-30 10:50 - 2012-01-01 06:57 - 00000000 ____D C:\Users\sarah\AppData\LocalLow
2016-12-30 08:26 - 2012-01-01 07:26 - 00000000 ____D C:\Users\sarah\AppData\Local\Mozilla
==================== Arquivos na raiz de alguns diretórios =======
2012-01-01 07:10 - 2012-01-01 07:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Alguns arquivos em TEMP:
====================
C:\Users\sarah\AppData\Local\Temp\ose00000.exe
C:\Users\sarah\AppData\Local\Temp\ose00001.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-12-30 11:05
==================== Fim de FRST.txt ============================
Executado por sarah (administrador) em SARAH-PC (08-01-2017 12:01:35)
Executando a partir de C:\Users\sarah\Downloads
Perfis Carregados: sarah (Perfis Disponíveis: sarah)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKU\S-1-5-21-1977951524-2321422518-832991282-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3777728 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-1977951524-2321422518-832991282-1000\...\MountPoints2: {6e9a6c57-341c-11e1-a007-f426e9b1c882} - F:\CorelLauncher.exe
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4EF2BE8B-A8F0-4C61-82FE-CF3F71AF085C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{92C8F7A4-D7B1-42C5-894F-16B6DC000DA8}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1977951524-2321422518-832991282-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/?type=502468&fr=spigot-yhp-ie
HKU\S-1-5-21-1977951524-2321422518-832991282-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1977951524-2321422518-832991282-1000 -> {C0759D4E-7A1E-4ED0-B4AC-463AB6B85B20} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: tja9rdba.default
FF ProfilePath: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\tja9rdba.default [2017-01-08]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\tja9rdba.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\tja9rdba.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\tja9rdba.default -> hxxps://www.google.com.br/?gfe_rd=cr&ei=ZzpmWJ_6OYiF8Qft9ZGwCQ
FF Keyword.URL: Mozilla\Firefox\Profiles\tja9rdba.default -> hxxps://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=502468&p=
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-04] (Foxit Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-12-02] (Intel Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2016-12-22] (Disc Soft Ltd)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-12-30] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-12-30] (Disc Soft Ltd)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [3368448 2013-11-26] (Intel Corporation) [Arquivo não assinado]
R3 RtlWlanu; C:\Windows\System32\DRIVERS\DRTWlanU.sys [2911960 2014-07-30] (Realtek Semiconductor Corporation )
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2011-06-15] (Realtek )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [49808 2012-07-03] (Realtek Corporation)
S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27792 2012-08-31] (Realtek Corporation)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-08 11:51 - 2017-01-08 11:52 - 00027961 _____ C:\Users\sarah\Downloads\Addition.txt
2017-01-08 11:50 - 2017-01-08 12:01 - 00008028 _____ C:\Users\sarah\Downloads\FRST.txt
2017-01-08 11:50 - 2017-01-08 12:01 - 00000000 ____D C:\FRST
2017-01-08 11:49 - 2017-01-08 11:50 - 01760768 _____ (Farbar) C:\Users\sarah\Downloads\FRST.exe
2017-01-08 11:45 - 2017-01-08 11:43 - 00002819 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X8.lnk
2017-01-08 11:45 - 2017-01-08 11:43 - 00002816 _____ C:\Users\Public\Desktop\Corel CAPTURE X8.lnk
2017-01-08 11:45 - 2017-01-08 11:43 - 00002318 _____ C:\Users\Public\Desktop\Corel CONNECT X8.lnk
2017-01-08 11:45 - 2017-01-08 11:43 - 00002237 _____ C:\Users\Public\Desktop\Corel Font Manager X8.lnk
2017-01-08 11:45 - 2017-01-08 11:42 - 00002771 _____ C:\Users\Public\Desktop\CorelDRAW X8.lnk
2017-01-08 11:42 - 2017-01-08 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8
2017-01-08 03:50 - 2017-01-08 03:50 - 00000000 ____D C:\Users\sarah\Documents\My Palettes
2017-01-08 03:39 - 2017-01-08 03:53 - 00000000 ____D C:\Users\sarah\Documents\Corel
2017-01-08 03:39 - 2017-01-08 03:39 - 00000000 ____D C:\Users\Todos os Usuários\Protexis
2017-01-08 03:39 - 2017-01-08 03:39 - 00000000 ____D C:\ProgramData\Protexis
2017-01-08 02:42 - 2017-01-08 02:40 - 00002418 _____ C:\Users\Public\Desktop\Bitstream Font Navigator.lnk
2017-01-08 02:42 - 2017-01-08 02:39 - 00002819 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X7.lnk
2017-01-08 02:42 - 2017-01-08 02:39 - 00002816 _____ C:\Users\Public\Desktop\Corel CAPTURE X7.lnk
2017-01-08 02:42 - 2017-01-08 02:39 - 00002318 _____ C:\Users\Public\Desktop\Corel CONNECT X7.lnk
2017-01-08 02:42 - 2017-01-08 02:38 - 00002771 _____ C:\Users\Public\Desktop\CorelDRAW X7.lnk
2017-01-08 02:40 - 2017-01-08 02:40 - 00000000 ____D C:\Program Files\Common Files\Protexis
2017-01-08 02:39 - 2017-01-08 11:43 - 00000000 ____D C:\Users\Public\Documents\Corel
2017-01-08 02:38 - 2017-01-08 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7
2017-01-08 02:36 - 2017-01-08 03:38 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X7
2017-01-08 02:36 - 2017-01-08 03:38 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7
2017-01-08 01:26 - 2017-01-08 02:34 - 00000000 ____D C:\Users\sarah\Downloads\CORELDRAW GRAPHICS SUITE X7 1 (32 bit + 64 bit)
2017-01-08 00:51 - 2017-01-08 03:39 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Corel
2017-01-08 00:51 - 2017-01-08 00:51 - 00000000 ____D C:\Program Files\gs
2017-01-08 00:49 - 2017-01-08 00:49 - 00000000 ____D C:\Users\Todos os Usuários\VsTelemetry
2017-01-08 00:49 - 2017-01-08 00:49 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-01-08 00:49 - 2017-01-08 00:49 - 00000000 ____D C:\Program Files\Common Files\Corel
2017-01-08 00:43 - 2017-01-08 11:45 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2017-01-08 00:43 - 2017-01-08 11:45 - 00000000 ____D C:\ProgramData\Corel
2017-01-08 00:42 - 2017-01-08 11:45 - 00000000 ____D C:\Program Files\Corel
2017-01-07 17:23 - 2017-01-07 17:23 - 00385024 _____ C:\Users\sarah\Downloads\CrackCorelDRAWX8_TutoDRAW.exe
2017-01-07 17:21 - 2017-01-07 18:03 - 1971255235 ____R C:\Users\sarah\Downloads\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen [SadeemPC].zip
2017-01-07 17:13 - 2017-01-07 17:13 - 02787020 _____ C:\Users\sarah\Desktop\guia_normalizacao_trabalhos_ufc_2013.pdf
2017-01-07 17:12 - 2017-01-07 17:13 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Foxit Software
2017-01-07 17:07 - 2017-01-08 02:41 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-01-07 17:07 - 2017-01-08 02:41 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-07 17:07 - 2017-01-07 17:07 - 00001028 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-01-07 17:07 - 2017-01-07 17:07 - 00000000 ____D C:\Users\Public\Foxit Software
2017-01-07 17:07 - 2017-01-07 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-01-07 17:07 - 2017-01-07 17:07 - 00000000 ____D C:\Program Files\Foxit Software
2017-01-07 17:07 - 2012-01-01 00:00 - 00000000 ____D C:\Users\Todos os Usuários\Foxit Software
2017-01-07 17:07 - 2012-01-01 00:00 - 00000000 ____D C:\ProgramData\Foxit Software
2017-01-02 21:52 - 2017-01-02 21:52 - 00000000 ____D C:\Users\sarah\Documents\Modelos Personalizados do Office
2017-01-01 22:56 - 2017-01-01 22:56 - 00000000 ____D C:\Users\sarah\AppData\Roaming\MPC-HC
2017-01-01 22:55 - 2017-01-01 22:55 - 00001832 _____ C:\Users\sarah\Desktop\MPC-HC.lnk
2017-01-01 22:55 - 2017-01-01 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2017-01-01 22:55 - 2017-01-01 22:55 - 00000000 ____D C:\Program Files\MPC-HC
2017-01-01 22:54 - 2017-01-01 22:55 - 12530872 _____ (MPC-HC Team ) C:\Users\sarah\Documents\media-player-classic-home-cinema-1-7-10-32-bit.exe
2017-01-01 22:51 - 2017-01-01 22:51 - 00000000 __RSH C:\MSDOS.SYS
2017-01-01 22:51 - 2017-01-01 22:51 - 00000000 __RSH C:\IO.SYS
2017-01-01 20:11 - 2017-01-01 20:35 - 00000000 ____D C:\Users\sarah\Downloads\Os Aventureiros do Bairro Proibido [1986] - BluRay 720p Dublado
2017-01-01 20:07 - 2017-01-01 20:35 - 00000000 ____D C:\Users\sarah\Downloads\Esquadrão Suicida 2016 Versão de Cinema WWW.BLUDV.COM
2017-01-01 18:18 - 2017-01-01 18:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-12-31 21:35 - 2016-12-31 21:35 - 00000000 ____D C:\Users\sarah\.QtWebEngineProcess
2016-12-31 21:35 - 2016-12-31 21:35 - 00000000 ____D C:\Users\sarah\.Mendeley Desktop
2016-12-31 21:34 - 2016-12-31 21:34 - 00001065 _____ C:\Users\Public\Desktop\Mendeley Desktop.lnk
2016-12-31 21:34 - 2016-12-31 21:34 - 00000000 ____D C:\Users\sarah\AppData\Local\Mendeley Ltd
2016-12-31 21:34 - 2016-12-31 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mendeley Desktop
2016-12-31 21:34 - 2016-12-31 21:34 - 00000000 ____D C:\Program Files\Mendeley Desktop
2016-12-31 21:32 - 2016-12-31 21:32 - 00000000 ____D C:\Users\sarah\Downloads\O Homem nas Trevas 2016 Bluray 1080p Dublado - TPF
2016-12-31 21:17 - 2016-12-31 21:17 - 00001908 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2016-12-31 21:17 - 2016-12-31 21:17 - 00001854 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-12-31 21:17 - 2016-12-31 21:17 - 00000000 ____D C:\Users\Todos os Usuários\Canneverbe Limited
2016-12-31 21:17 - 2016-12-31 21:17 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Canneverbe Limited
2016-12-31 21:17 - 2016-12-31 21:17 - 00000000 ____D C:\ProgramData\Canneverbe Limited
2016-12-31 21:17 - 2016-12-31 21:17 - 00000000 ____D C:\Program Files\CDBurnerXP
2016-12-31 21:16 - 2016-12-31 21:16 - 06234192 _____ (Canneverbe Limited ) C:\Users\sarah\Documents\Baixaki_cdburnerxp [1].exe
2016-12-31 20:47 - 2016-12-31 20:47 - 00000000 ____D C:\Users\sarah\AppData\Local\Intel_Corporation
2016-12-30 21:06 - 2016-12-30 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-12-30 21:06 - 2016-12-30 21:06 - 00000000 ____D C:\Program Files\KMSpico
2016-12-30 21:06 - 2010-12-06 00:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2016-12-30 20:23 - 2016-12-30 20:23 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-12-30 20:23 - 2016-12-30 20:23 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-30 20:23 - 2016-12-30 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-12-30 20:23 - 2016-12-30 20:23 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-12-30 20:22 - 2016-12-30 20:23 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-12-30 20:22 - 2016-12-30 20:22 - 00000000 ____D C:\Windows\PCHEALTH
2016-12-30 20:19 - 2016-12-30 20:23 - 00000000 ____D C:\Windows\SHELLNEW
2016-12-30 20:19 - 2016-12-30 20:22 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-30 20:19 - 2016-12-30 20:19 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-12-30 20:18 - 2016-12-30 20:18 - 00000000 __RHD C:\MSOCache
2016-12-30 20:05 - 2016-12-30 20:05 - 00000000 ____D C:\Users\sarah\AppData\Local\Disc_Soft_Ltd
2016-12-30 19:59 - 2016-12-30 19:59 - 00040504 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-12-30 19:57 - 2016-12-30 20:17 - 00000000 ____D C:\Users\sarah\AppData\Roaming\DAEMON Tools Lite
2016-12-30 19:57 - 2016-12-30 19:59 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-12-30 19:57 - 2016-12-30 19:58 - 00026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-12-30 19:57 - 2016-12-30 19:57 - 00001935 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-12-30 19:57 - 2016-12-30 19:57 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-12-30 19:57 - 2016-12-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-12-30 19:56 - 2016-12-30 19:56 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2016-12-30 19:56 - 2016-12-30 19:56 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-12-30 19:49 - 2016-12-30 20:23 - 00000000 ____D C:\Program Files\Microsoft.NET
2016-12-30 18:51 - 2016-12-30 19:02 - 681619456 _____ C:\Users\sarah\Documents\pt_office_professional_plus_2013_x86_dvd_1134007.iso
2016-12-30 18:34 - 2016-12-30 20:26 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-12-30 18:34 - 2016-12-30 20:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-30 18:34 - 2016-12-30 18:34 - 00000000 ____D C:\Users\sarah\AppData\Local\Microsoft Help
2016-12-30 14:13 - 1996-12-24 23:32 - 33554432 ____N C:\Users\sarah\Downloads\Legend of Zelda, The - Ocarina of Time (USA).n64
2016-12-30 14:04 - 2017-01-01 17:23 - 00000000 ____D C:\Program Files\Project64 2.2
2016-12-30 14:04 - 2016-12-30 14:04 - 02583689 _____ (Project64 ) C:\Users\sarah\Downloads\project64-2-2-0-3.exe
2016-12-30 14:04 - 2016-12-30 14:04 - 00001016 _____ C:\Users\Public\Desktop\Project64 2.2.lnk
2016-12-30 14:04 - 2016-12-30 14:04 - 00000000 ____D C:\Users\sarah\AppData\Local\Programs
2016-12-30 14:02 - 2016-12-30 14:02 - 03342040 _____ C:\Users\sarah\Documents\Baixaki_winrar [1].exe
2016-12-30 14:02 - 2016-12-30 14:02 - 00000000 ____D C:\Users\sarah\AppData\Roaming\WinRAR
2016-12-30 14:02 - 2016-12-30 14:02 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-30 14:02 - 2016-12-30 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-30 14:02 - 2016-12-30 14:02 - 00000000 ____D C:\Program Files\WinRAR
2016-12-30 10:50 - 2017-01-08 01:25 - 00000000 ____D C:\Users\sarah\AppData\LocalLow\BitTorrent
2016-12-30 09:14 - 2016-12-30 09:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-12-30 08:35 - 2017-01-07 20:30 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{47a736c7-3459-11e1-ba98-909dd6933287}.TMContainer00000000000000000001.regtrans-ms
2016-12-30 08:35 - 2017-01-07 20:30 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{47a736c7-3459-11e1-ba98-909dd6933287}.TM.blf
2016-12-30 08:35 - 2016-12-30 08:48 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{47a736c7-3459-11e1-ba98-909dd6933287}.TMContainer00000000000000000002.regtrans-ms
2016-12-30 08:35 - 2014-05-14 14:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-12-30 08:35 - 2014-05-14 14:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-12-30 08:35 - 2014-05-14 14:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-12-30 08:35 - 2014-05-14 14:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-12-30 08:35 - 2014-05-14 14:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-12-30 08:35 - 2014-05-14 14:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-12-30 08:35 - 2014-05-14 14:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-12-30 08:35 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-12-30 08:35 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-12-30 08:34 - 2016-12-30 10:45 - 04483072 _____ C:\Users\sarah\Documents\Windows_7_todas.as.versoes_x86_ou_x64_pt-BR.iso
2016-12-30 08:34 - 2016-12-30 08:34 - 00000000 ____D C:\Users\sarah\AppData\Local\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
2016-12-30 08:33 - 2017-01-08 03:55 - 00000000 ____D C:\Users\sarah\AppData\Roaming\BitTorrent
2016-12-30 08:33 - 2016-12-30 08:33 - 00002650 _____ C:\Users\sarah\Desktop\BitTorrent.lnk
2016-12-30 08:33 - 2016-12-30 08:33 - 00002650 _____ C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-12-30 08:33 - 2016-12-30 08:33 - 00000000 ___SD C:\Users\sarah\AppData\LocalLow\Temp
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-08 11:48 - 2012-01-01 07:26 - 00000000 ____D C:\Users\sarah\AppData\LocalLow\Mozilla
2017-01-08 11:48 - 2009-07-14 02:34 - 00019088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-08 11:48 - 2009-07-14 02:34 - 00019088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-08 11:37 - 2011-04-12 02:47 - 00705070 _____ C:\Windows\system32\prfh0416.dat
2017-01-08 11:37 - 2011-04-12 02:47 - 00146910 _____ C:\Windows\system32\prfc0416.dat
2017-01-08 11:37 - 2010-11-20 19:01 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-08 11:37 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\inf
2017-01-08 00:43 - 2012-01-01 07:21 - 00136152 _____ C:\Users\sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-08 00:38 - 2009-07-14 02:33 - 00503848 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-08 00:08 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-31 21:35 - 2012-01-01 06:57 - 00000000 ____D C:\Users\sarah
2016-12-31 21:34 - 2012-01-01 06:57 - 00000000 ____D C:\Users\sarah\AppData\Local
2016-12-31 21:32 - 2012-01-01 06:57 - 00000000 ___RD C:\Users\sarah\Videos
2016-12-30 23:42 - 2012-01-01 06:57 - 00000000 ___RD C:\Users\sarah\Music
2016-12-30 20:37 - 2010-11-20 19:48 - 00010060 _____ C:\Windows\PFRO.log
2016-12-30 20:25 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\DriverStore
2016-12-30 20:22 - 2012-01-01 07:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-30 20:20 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\System
2016-12-30 20:20 - 2009-07-14 00:04 - 00000478 _____ C:\Windows\win.ini
2016-12-30 19:59 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\catroot
2016-12-30 19:54 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\pt-BR
2016-12-30 19:53 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\LogFiles
2016-12-30 19:49 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\en-US
2016-12-30 14:02 - 2012-01-01 06:57 - 00000000 ___RD C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-30 11:12 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\rescache
2016-12-30 11:12 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\Logs
2016-12-30 11:06 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-30 10:50 - 2012-01-01 06:57 - 00000000 ____D C:\Users\sarah\AppData\LocalLow
2016-12-30 08:26 - 2012-01-01 07:26 - 00000000 ____D C:\Users\sarah\AppData\Local\Mozilla
==================== Arquivos na raiz de alguns diretórios =======
2012-01-01 07:10 - 2012-01-01 07:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Alguns arquivos em TEMP:
====================
C:\Users\sarah\AppData\Local\Temp\ose00000.exe
C:\Users\sarah\AppData\Local\Temp\ose00001.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-12-30 11:05
==================== Fim de FRST.txt ============================