Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 01-03-2017 01
Executado por Casper (administrador) em FABRICIO-PC (03-03-2017 14:28:25)
Executando a partir de C:\Users\Casper\Downloads
Perfis Carregados: Casper (Perfis Disponíveis: Casper)
Platform: Microsoft Windows 7 Professional (X86) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Banco Bradesco S.A.) C:\Program Files\Scpad\scpVista.exe
() C:\Program Files\pa_sys_config\yContentFilterService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2014-11-28] (Caixa Economica Federal)
Winlogon\Notify\ GbPluginScd: C:\Program Files\GbPlugin\gbiehScd.dll [2016-09-19] (Sicredi)
HKU\S-1-5-21-2963910342-1347175431-3989980402-1002\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-2963910342-1347175431-3989980402-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-2963910342-1347175431-3989980402-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2963910342-1347175431-3989980402-1002\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2963910342-1347175431-3989980402-1002\...\MountPoints2: {334cf0a5-2d4f-11e1-a4f0-7071bc39554f} - G:\AutoRun.exe
HKU\S-1-5-21-2963910342-1347175431-3989980402-1002\...\MountPoints2: {334cf0ab-2d4f-11e1-a4f0-7071bc39554f} - G:\AutoRun.exe
HKU\S-1-5-21-2963910342-1347175431-3989980402-1002\...\MountPoints2: {334cf0ba-2d4f-11e1-a4f0-7071bc39554f} - G:\AutoRun.exe
HKU\S-1-5-21-2963910342-1347175431-3989980402-1002\...\MountPoints2: {365fe36d-2e18-11e1-87c5-7071bc39554f} - G:\Windows/Install.exe
HKU\S-1-5-18\...\Run: [msnmsgr] => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Banco Bradesco S.A.)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files\GbPlugin\gbiehscd.dll [1915104 2016-09-19] (Sicredi)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1789792 2014-11-28] (Caixa Economica Federal)
Startup: C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2015-12-19]
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rede - Atalho.lnk [2015-12-19]
ShortcutTarget: rede - Atalho.lnk -> C:\usr\rede.bat ()
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\..\Interfaces\{709894E3-C300-48E2-AFC3-035941044145}: [NameServer] 192.168.2.1,8.8.8.8
Internet Explorer:
==================
HKU\S-1-5-21-2963910342-1347175431-3989980402-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-2963910342-1347175431-3989980402-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2963910342-1347175431-3989980402-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files\Scpad\scpsssh2.dll [2011-08-05] (Banco Bradesco S.A.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-05-07] (Oracle Corporation)
BHO: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\WINDOWS\SYSTEM32\mscoree.dll [2009-11-25] (Microsoft Corporation)
BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2014-11-28] (Caixa Economica Federal)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540011} -> C:\Program Files\GbPlugin\gbiehscd.dll [2016-09-19] (Sicredi)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-07] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox => não encontrado (a)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-12-02] (Nero AG)
FF Plugin: @Skype.com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-03-26] (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2963910342-1347175431-3989980402-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Casper\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2963910342-1347175431-3989980402-1002: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll [Nenhum Arquivo]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (Google Drive) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-18]
CHR Extension: (Adguard AdBlocker) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-22]
CHR Extension: (YouTube) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-18]
CHR Extension: (Adblock Plus) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google Search) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-18]
CHR Extension: (AdBlock) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-27]
CHR Extension: (Easy Search) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnadicfhkbpdafdildanpbjapjlmkab [2016-04-02]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-06]
CHR Extension: (Adblock Pro) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-13]
CHR Extension: (Gmail) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\Casper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [638968 2016-04-20] (AVG Technologies CZ, s.r.o.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-04-14] (Firebird Project) [Arquivo não assinado]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2719744 2008-04-14] (Firebird Project) [Arquivo não assinado]
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [631520 2016-09-19] (GAS Tecnologia)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S2 NetDNS; C:\Users\Casper\AppData\Roaming\NetTemp\SysDnsSvc.exe [185800 2015-09-29] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Arquivo não assinado]
R2 scpVista; C:\Program Files\Scpad\scpVista.exe [368544 2011-08-05] (Banco Bradesco S.A.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [Arquivo não assinado]
R2 sys_config; C:\Program Files\pa_sys_config\yContentFilterService.exe [215040 2015-02-20] () [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [61696 2016-04-18] (AVG Technologies CZ, s.r.o.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-10-06] (GAS Tecnologia)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2016-01-29] (GAS Tecnologia)
R1 pa_sys_config; C:\Windows\System32\drivers\pa_sys_config.sys [47488 2014-01-29] (NetFilterSDK.com) [Arquivo não assinado]
S3 smsbda; C:\Windows\System32\drivers\smsbda.sys [51872 2009-09-03] (Siano)
S3 ZTEusbdvbh; C:\Windows\System32\DRIVERS\ZTEusbdvbh.sys [105216 2009-03-09] (ZTE Incorporated)
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X]
S1 pa_sys_config"register; system32\drivers\pa_sys_config"register.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-03 14:28 - 2017-03-03 14:31 - 00017013 _____ C:\Users\Casper\Downloads\FRST.txt
2017-03-03 14:27 - 2017-03-03 14:28 - 00000000 ____D C:\FRST
2017-03-03 14:23 - 2017-03-03 14:26 - 01765888 _____ (Farbar) C:\Users\Casper\Downloads\FRST.exe
2017-03-03 12:03 - 2017-03-03 12:03 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-03 12:03 - 2017-03-03 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-03 12:03 - 2017-03-03 12:03 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-03-03 11:57 - 2017-03-03 11:58 - 01631200 _____ (Skype Technologies S.A.) C:\Users\Casper\Downloads\SkypeSetup.exe
2017-03-03 11:36 - 2017-03-03 11:36 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-03-03 11:36 - 2017-03-03 11:36 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-03 11:08 - 2017-03-03 11:04 - 00001132 _____ C:\Users\Casper\Desktop\SICREDI.ULT
2017-03-03 11:04 - 2017-03-03 11:04 - 00049670 ____N C:\Users\Casper\Desktop\BOLETO NF 359373.TIF
2017-03-01 16:09 - 2017-03-01 16:09 - 00024493 _____ C:\Users\Casper\Downloads\boleto (1).pdf
2017-03-01 16:05 - 2017-03-01 16:05 - 00024491 _____ C:\Users\Casper\Downloads\boleto.pdf
2017-03-01 10:50 - 2017-03-01 10:51 - 00060254 ____N C:\Users\Casper\Desktop\24 DE JANEIRO.TIF
2017-02-22 11:31 - 2017-02-22 11:32 - 00008544 _____ C:\Users\Casper\Downloads\43170294385523000228550000001807311783266654.xml
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-03 14:30 - 2009-07-14 01:34 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-03 14:30 - 2009-07-14 01:34 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-03 14:08 - 2012-03-30 08:15 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-03 12:03 - 2012-12-18 09:00 - 00000000 ___RD C:\Program Files\Skype
2017-03-03 12:03 - 2012-12-18 09:00 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-03-03 12:03 - 2012-12-18 09:00 - 00000000 ____D C:\ProgramData\Skype
2017-03-03 11:37 - 2012-12-18 09:00 - 00000000 ____D C:\Users\Casper\AppData\Roaming\Skype
2017-03-03 11:08 - 2016-03-03 09:57 - 00000000 ____D C:\Bloqueto
2017-03-03 08:18 - 2011-10-18 14:22 - 00000000 ____D C:\Users\Casper\AppData\LocalLow\Scpad
2017-03-03 08:18 - 2011-10-08 08:53 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-03-03 08:18 - 2011-10-08 08:53 - 00000000 ____D C:\ProgramData\GbPlugin
2017-03-03 08:16 - 2011-10-03 18:36 - 01636980 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-03 08:16 - 2009-07-21 20:21 - 00706502 _____ C:\Windows\system32\prfh0416.dat
2017-03-03 08:16 - 2009-07-21 20:21 - 00147228 _____ C:\Windows\system32\prfc0416.dat
2017-03-03 08:16 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2017-03-03 08:11 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-24 14:55 - 2017-01-02 13:30 - 00001702 _____ C:\Users\Casper\Desktop\FECHAMENTOS.lnk
2017-02-15 06:59 - 2009-07-14 01:53 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-13 11:00 - 2015-05-16 08:46 - 00000000 ____D C:\Program Files\pa_sys_config
2017-02-07 07:12 - 2016-02-18 13:36 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Arquivos na raiz de alguns diretórios =======
2012-04-10 15:27 - 2011-09-16 15:12 - 0143240 _____ (Ask.com) C:\Program Files\Common Files\ApnStub.exe
2012-04-10 15:27 - 2011-09-16 15:12 - 3623592 _____ (Ask) C:\Program Files\Common Files\ApnToolbarInstaller.exe
2013-12-19 08:00 - 2015-06-29 08:33 - 0000233 _____ () C:\Users\Casper\AppData\Roaming\WB.CFG
2012-08-29 16:26 - 2012-08-29 16:26 - 0003584 _____ () C:\Users\Casper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-12 07:30 - 2013-12-12 07:30 - 0004096 ____H () C:\Users\Casper\AppData\Local\keyfile3.drm
2015-03-30 14:18 - 2015-03-30 12:48 - 1047392 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\WeatherMini.exe
C:\Users\Casper\TeamViewer_Setup_pt.exe
C:\Users\Todos os Usuários\WeatherMini.exe
Alguns arquivos em TEMP:
====================
2017-03-03 11:58 - 2017-03-03 11:59 - 14456872 _____ (Microsoft Corporation) C:\Users\Casper\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-02-22 12:31
==================== Fim de FRST.txt ============================