Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 08-03-2017
Executado por Salma (administrador) em NB-SALMA (09-03-2017 09:01:04)
Executando a partir de C:\Users\Salma\Downloads
Perfis Carregados: Salma (Perfis Disponíveis: Salma)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
( ) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\wusa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [gmsd_br_113] => [X]
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-28] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe <====== ATENÇÃO
Winlogon\Notify\ GbPluginAbn: C:\Program Files (x86)\GbPlugin\gbiehAbn.dll [2012-05-23] (Banco Real)
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
SSODL-x32: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - Nenhum Arquivo
ShellExecuteHooks: Sem Nome - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> Nenhum Arquivo
ShellExecuteHooks-x32: Sem Nome - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll [631280 2012-05-23] (Banco Real)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-07-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * C:\Windows\PNB-SALMA32.exe
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
GroupPolicyScripts: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{1871D859-958C-4DC4-96E9-E0A67DC267E9}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{26317268-579C-41D8-9530-F715C823168B}: [NameServer] 201.10.128.2,201.10.120.3
Tcpip\..\Interfaces\{26317268-579C-41D8-9530-F715C823168B}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1400876631&from=bxk&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1400876631&from=bxk&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1400876631&from=bxk&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1400876631&from=bxk&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?ocid=iehp
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> DefaultScope {320589ED-D86C-4119-8693-C12E53BC4638} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&ts=1437767832&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&ts=1437767832&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> {320589ED-D86C-4119-8693-C12E53BC4638} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&ts=1437767832&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: Sem Nome -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> Nenhum Arquivo
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files (x86)\GbPlugin\gbiehabn.dll [2012-05-23] (Banco Real)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-20] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> Sem Nome - {D4027C7F-154A-4066-A1AD-4243D8127440} - Nenhum Arquivo
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Nenhum Arquivo]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Session Restore: Default -> está habilitado.
CHR Profile: C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Apresentações) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-27]
CHR Extension: (Google Docs) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-27]
CHR Extension: (Google Drive) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Search) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Planilhas do Google) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-27]
CHR Extension: (Documentos Google off-line) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (VideoDownloadConverter) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgjglmlehllifdekcggaapkaplbdpje [2016-09-29]
CHR Extension: (FilmFanatic) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojcggonafbneajjmkpkcigabaobmge [2017-02-11]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Allin1Convert) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\odhkadhmcmknhbdekepokcbnipebjdei [2016-09-29]
CHR Extension: (Gmail) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-06]
CHR HKU\S-1-5-21-1922545977-1366559221-686864483-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.6EUH3VK4FLEJ5RUNDM3IMA4JIU - C:\Users\Salma\AppData\Local\Google\Chrome\Application\chrome.exe
Opera:
=======
OPR Extension: (Sale Clipper) - C:\Users\Salma\AppData\Roaming\Opera Software\Opera Stable\Extensions\odlhikpaegeblidjhkeefjdjegganhpg [2015-07-24]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [215536 2012-05-23] ( )
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 HPSLPSVC; C:\Users\Salma\AppData\Local\Temp\7zS7DBF\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [Arquivo não assinado] <==== ATENÇÃO
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-02-02] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATENÇÃO
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATENÇÃO
S2 PSI_SVC_2; "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [X]
S2 scpVista; C:\Program Files (x86)\Scpad\scpVista.exe [X]
S2 SupraSavingsService64; C:\Program Files (x86)\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\SupraSavingsService64.exe [X]
S2 WindowsMangerProtect; C:\ProgramData\9WinManPro9\ProtectWindowsManager.exe -service [X] <==== ATENÇÃO
S2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=5B99CC8D-7BAF-430A-9C63-67C9980E3ED8 [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [47856 2012-05-23] (GAS Tecnologia)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
U4 eabfiltr; não ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Spring64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-09 08:58 - 2017-03-09 09:00 - 00053770 _____ C:\Users\Salma\Downloads\Addition.txt
2017-03-09 08:56 - 2017-03-09 09:01 - 00022334 _____ C:\Users\Salma\Downloads\FRST.txt
2017-03-09 08:56 - 2017-03-09 09:01 - 00000000 ____D C:\FRST
2017-03-09 08:55 - 2017-03-09 08:56 - 02423808 _____ (Farbar) C:\Users\Salma\Downloads\FRST64.exe
2017-03-09 08:45 - 2017-03-09 08:45 - 00000000 ____H C:\Windows\BIT30DF.tmp
2017-03-09 08:44 - 2017-03-09 08:44 - 309437397 _____ C:\Users\Salma\Downloads\Não confirmado 509348.crdownload
2017-03-09 08:39 - 2017-03-09 08:39 - 00000000 ___HT C:\Windows\wusa.lock
2017-03-09 08:39 - 2017-03-09 08:39 - 00000000 ____D C:\10fd855088d8710530
2017-03-08 18:55 - 2017-03-08 18:55 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-08 18:51 - 2017-03-08 18:51 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\Microsoft Help
2017-03-08 18:51 - 2017-03-08 18:51 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-03-08 18:51 - 2017-03-08 18:51 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-03-08 10:47 - 2017-03-08 10:47 - 00404821 _____ C:\Users\Salma\Downloads\PC_AGOSTO 2017_ Encontro Anual Agrológica_Salma Mega_FILE MI 1231.xlsx
2017-03-08 10:17 - 2017-03-08 10:17 - 00000000 ____H C:\Windows\BITC12C.tmp
2017-03-08 09:57 - 2017-03-08 09:57 - 00000000 ____D C:\Windows\system32\EventProviders
2017-03-08 09:57 - 2017-03-08 09:57 - 00000000 ____D C:\Windows\CheckSur
2017-03-08 09:46 - 2017-03-08 09:46 - 00000000 ____H C:\Windows\BITCB21.tmp
2017-03-08 09:41 - 2017-03-08 09:41 - 00000000 ____D C:\835a2626b0954012f1701726
2017-03-08 09:39 - 2016-08-10 12:01 - 00023232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-08 09:33 - 2017-03-08 09:33 - 00000000 ____H C:\Windows\BITFB3F.tmp
2017-03-08 09:33 - 2017-03-08 09:33 - 00000000 ____D C:\442475f920e2481d12480baebd
2017-03-08 09:32 - 2017-03-08 09:33 - 01034556 _____ C:\Users\Salma\Downloads\Windows6.1-KB2999226-x64.msu
2017-03-08 09:31 - 2016-08-10 12:01 - 00023232 _____ (Microsoft Corporation) C:\Windows\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-08 09:29 - 2017-03-08 09:29 - 00013193 _____ C:\Users\Salma\Downloads\api-ms-win-crt-runtime-l1-1-0.zip
2017-03-08 09:29 - 2017-03-08 09:29 - 00003630 _____ C:\Users\Salma\Downloads\api-ms-win-crt-runtime-l1-1-0 (1).zip
2017-03-08 09:20 - 2017-03-08 09:20 - 00000000 ____D C:\22b497f7ab4e2f9aa5f7c3
2017-03-08 09:10 - 2017-03-08 09:10 - 00000000 ____D C:\25f6275ab4ac173dc76f88575444
2017-03-08 09:09 - 2017-03-08 09:10 - 15302984 _____ (Microsoft Corporation) C:\Users\Salma\Downloads\vc_redist.x64 (1).exe
2017-03-08 09:06 - 2017-03-08 09:06 - 00000000 ____H C:\Windows\BITA9F6.tmp
2017-03-08 09:05 - 2017-03-08 09:07 - 14572000 _____ (Microsoft Corporation) C:\Users\Salma\Downloads\vc_redist.x64.exe
2017-03-08 08:49 - 2017-03-08 08:49 - 01631200 _____ (Skype Technologies S.A.) C:\Users\Salma\Downloads\SkypeSetup (2).exe
2017-03-08 08:47 - 2017-03-08 08:47 - 00000000 ____H C:\Windows\BITA814.tmp
2017-03-08 08:45 - 2017-03-08 08:45 - 00000000 ____D C:\8ade4551bd00b6a853129b
2017-03-08 08:39 - 2017-03-08 08:39 - 00000000 ____D C:\808d8c614305b806a2
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____H C:\Windows\BITC274.tmp
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\b581c8c3cc2ad5b2b50c34861516
2017-03-08 08:28 - 2017-03-03 10:17 - 01034556 _____ C:\Users\Salma\Desktop\Windows6.1-KB2999226-x64.msu
2017-03-07 13:54 - 2017-03-07 13:54 - 01654437 _____ C:\Users\Salma\Downloads\Desktop (1).rar
2017-03-07 09:44 - 2017-03-07 09:44 - 00000000 ____D C:\1744bd2f98a867f3c0d0a0b3a98e2e93
2017-03-07 09:41 - 2017-03-07 09:42 - 01654437 _____ C:\Users\Salma\Downloads\Desktop.rar
2017-03-07 09:20 - 2017-03-07 09:20 - 00000000 ____H C:\Windows\BITCF15.tmp
2017-03-06 13:54 - 2017-03-06 13:54 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-06 13:54 - 2017-03-06 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-06 13:49 - 2017-03-06 13:49 - 01631200 _____ (Skype Technologies S.A.) C:\Users\Salma\Downloads\SkypeSetup (1).exe
2017-03-06 13:37 - 2017-03-06 13:37 - 01631200 _____ (Skype Technologies S.A.) C:\Users\Salma\Downloads\SkypeSetup.exe
2017-03-06 13:35 - 2017-03-06 13:35 - 00002954 _____ C:\Windows\System32\Tasks\{F651963D-39C7-4671-A83F-0A75C12E6262}
2017-03-06 13:35 - 2017-03-06 13:35 - 00002954 _____ C:\Windows\System32\Tasks\{9FFFD7C5-D8CD-4181-8BB6-13493924F1E5}
2017-03-06 13:34 - 2017-03-06 13:34 - 00002954 _____ C:\Windows\System32\Tasks\{23F61E43-3ED2-46E3-B73F-D4066493F9D7}
2017-03-06 13:33 - 2017-03-06 13:33 - 00002954 _____ C:\Windows\System32\Tasks\{826E1AA3-3D66-4632-9C2F-06A4E7E4B4CA}
2017-03-06 13:27 - 2017-03-06 13:27 - 00000000 ____H C:\Windows\BITC967.tmp
2017-03-06 13:25 - 2017-03-08 09:19 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-03-06 13:25 - 2017-03-08 09:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-03 10:01 - 2017-03-03 10:01 - 00000000 ____H C:\Windows\BITAF9F.tmp
2017-03-01 15:53 - 2017-03-01 15:53 - 00000000 ____H C:\Windows\BITE3F8.tmp
2017-02-25 11:30 - 2017-02-25 11:30 - 00000000 ____H C:\Windows\BIT1718.tmp
2017-02-21 19:26 - 2017-02-21 19:26 - 00013599 _____ C:\Users\Salma\Documents\Grand Velas Antonio Daltro.pdf
2017-02-21 19:25 - 2017-02-21 19:25 - 00013690 _____ C:\Users\Salma\Documents\Transfer Alexandre Martins.pdf
2017-02-21 19:24 - 2017-02-21 19:24 - 00013686 _____ C:\Users\Salma\Documents\Transfer Antonio Daltro.pdf
2017-02-17 17:41 - 2017-02-17 17:41 - 00596879 _____ C:\Users\Salma\Documents\Premium Tower Mendoza.pdf
2017-02-17 17:39 - 2017-02-17 17:39 - 00607457 _____ C:\Users\Salma\Documents\Traslado Mendoza.pdf
2017-02-14 09:30 - 2017-02-14 09:30 - 00000000 ____H C:\Windows\BITB2BB.tmp
2017-02-13 08:50 - 2017-02-13 08:50 - 00000000 ____H C:\Windows\BIT9D69.tmp
2017-02-11 17:56 - 2017-02-11 17:56 - 00000000 ____H C:\Windows\BITB4CD.tmp
2017-02-11 10:30 - 2017-02-11 10:30 - 00000000 ____H C:\Windows\BITB24F.tmp
2017-02-09 14:02 - 2017-02-09 14:02 - 00033792 _____ C:\Users\Salma\Downloads\753675_27440_09022017040259.xls
2017-02-09 12:36 - 2017-02-09 12:36 - 00000000 ____H C:\Windows\BITA97E.tmp
2017-02-07 18:50 - 2017-02-07 18:50 - 01279291 _____ C:\Users\Salma\Downloads\report_account_review_20170207-17193-qzww8h.pdf
2017-02-07 18:33 - 2017-02-07 18:33 - 01099268 _____ C:\Users\Salma\Downloads\report_account_review_20170207-17196-1aqtfd3.pdf
2017-02-07 09:01 - 2017-02-07 09:01 - 00000000 ____H C:\Windows\BITA4D6.tmp
2017-02-06 15:26 - 2017-02-06 15:26 - 00052781 _____ C:\Users\Salma\Downloads\e_ticket_GOL_OMZGTN.pdf
2017-02-06 08:28 - 2017-02-06 08:28 - 00000000 ____H C:\Windows\BIT9BD4.tmp
2017-02-01 09:46 - 2017-02-01 09:46 - 00010519 _____ C:\Users\Salma\Downloads\chart(2)
2017-02-01 09:42 - 2017-02-01 09:42 - 00068406 _____ C:\Users\Salma\Documents\Tipos de Serviço e Centros de Custo - Easy Insight jan 2017.html
2017-02-01 09:42 - 2017-02-01 09:42 - 00000000 ____D C:\Users\Salma\Documents\Tipos de Serviço e Centros de Custo - Easy Insight jan 2017_files
2017-02-01 09:40 - 2017-02-01 09:40 - 00001220 _____ C:\Users\Salma\Downloads\Lista+-+Centros+de+Custo+por+Motivo+e+Tarifa.pdf
2017-02-01 09:38 - 2017-02-01 09:38 - 00046791 _____ C:\Users\Salma\Documents\Relatório de aderência jan 2017.html
2017-02-01 09:38 - 2017-02-01 09:38 - 00000000 ____D C:\Users\Salma\Documents\Relatório de aderência jan 2017_files
2017-02-01 09:36 - 2017-02-01 09:36 - 00039838 _____ C:\Users\Salma\Documents\Relatório - Analítico de Destinos jan2017.html
2017-02-01 09:36 - 2017-02-01 09:36 - 00000000 ____D C:\Users\Salma\Documents\Relatório - Analítico de Destinos jan2017_files
2017-02-01 09:26 - 2017-02-01 09:26 - 00066906 _____ C:\Users\Salma\Documents\Relatório de Desvio de Políticas jan2017.html
2017-02-01 09:26 - 2017-02-01 09:26 - 00000000 ____D C:\Users\Salma\Documents\Relatório de Desvio de Políticas jan2017_files
2017-02-01 08:34 - 2017-02-01 08:34 - 00008864 _____ C:\Users\Salma\Desktop\Diretoria de Operações jan2017.pdf
2017-02-01 08:33 - 2017-02-01 08:33 - 00009276 _____ C:\Users\Salma\Desktop\Diretoria de Engenharia jan2017.pdf
2017-02-01 08:32 - 2017-02-01 08:32 - 00015243 _____ C:\Users\Salma\Desktop\Diretoria Biogas jan2017.pdf
2017-02-01 08:31 - 2017-02-01 08:31 - 00011036 _____ C:\Users\Salma\Desktop\Diretoria Comercial jan2017.pdf
2017-02-01 08:29 - 2017-02-01 08:29 - 00008891 _____ C:\Users\Salma\Desktop\Diretoria Administratica - Jan2017.pdf
2017-02-01 08:27 - 2017-02-01 08:27 - 00000000 ____H C:\Windows\BIT9201.tmp
2017-01-31 08:56 - 2017-01-31 08:56 - 00000000 ____H C:\Windows\BITA820.tmp
2017-01-30 16:05 - 2017-01-30 16:58 - 00010734 _____ C:\Users\Salma\Documents\Grand Velas Riviera Maya - Bday Lucia.xlsx
2017-01-30 09:24 - 2017-01-30 09:24 - 00000000 ____H C:\Windows\BITA39F.tmp
2017-01-28 10:11 - 2017-01-28 10:11 - 00000000 ____H C:\Windows\BITAF70.tmp
2017-01-28 09:45 - 2017-01-28 09:45 - 00000000 ____H C:\Windows\BITDA09.tmp
2017-01-27 09:34 - 2017-01-27 09:34 - 00000000 ____H C:\Windows\BITA9F5.tmp
2017-01-26 10:55 - 2017-01-26 10:55 - 00360697 _____ C:\Users\Salma\Documents\1785468 SEGURO SANDRO VIANA.pdf
2017-01-26 10:54 - 2017-01-26 10:54 - 00360697 _____ C:\Users\Salma\Downloads\1785468.pdf
2017-01-26 07:55 - 2017-01-26 07:55 - 00000000 ____H C:\Windows\BITB77C.tmp
2017-01-25 08:48 - 2017-01-25 08:48 - 00000000 ____H C:\Windows\BITB135.tmp
2017-01-25 08:17 - 2017-01-25 08:17 - 00000000 ____H C:\Windows\BITA2E3.tmp
2017-01-24 19:14 - 2017-01-30 17:11 - 00015016 _____ C:\Users\Salma\Documents\BLOQUEIO GRAND VELAS.xlsx
2017-01-24 08:38 - 2017-01-24 08:38 - 00000000 ____H C:\Windows\BITAA52.tmp
2017-01-23 18:16 - 2017-01-23 18:16 - 02464371 _____ C:\Users\Salma\Documents\Apresentação Flytour.pptx
2017-01-23 15:08 - 2017-01-23 15:08 - 00000000 ____H C:\Windows\BITB654.tmp
2017-01-23 10:37 - 2017-01-23 10:38 - 12530957 _____ C:\Users\Salma\Downloads\8911___adesivo___box_de_vitrine_45x55_cm_final.zip
2017-01-23 08:39 - 2017-01-23 08:39 - 00000000 ____H C:\Windows\BIT95CE.tmp
2017-01-18 08:14 - 2017-01-18 08:14 - 00000000 ____H C:\Windows\BITA228.tmp
2017-01-17 15:21 - 2017-01-17 15:21 - 00000000 ____H C:\Windows\BITA40C.tmp
2017-01-16 13:40 - 2017-01-16 13:40 - 00627776 _____ C:\Users\Salma\Documents\VOUCHER FAMILIA MARODIN.pdf
2017-01-16 08:36 - 2017-01-16 08:36 - 00019456 _____ C:\Users\Salma\Downloads\753675_27440_16012017103642.xls
2017-01-16 07:57 - 2017-01-16 07:57 - 00000000 ____H C:\Windows\BITC246.tmp
2017-01-12 20:47 - 2017-01-12 20:47 - 00000000 ____H C:\Windows\BITC072.tmp
2017-01-12 18:40 - 2017-01-12 18:40 - 00000000 ____H C:\Windows\BITB5E7.tmp
2017-01-12 16:02 - 2017-01-12 16:02 - 00000000 ____H C:\Windows\BITA3A0.tmp
2017-01-10 15:31 - 2017-01-10 15:31 - 00312125 _____ C:\Users\Salma\Downloads\CONTRATO DE PRESTAÇÃO DE SERVIÇOS CHP BRASIL.PDF
2017-01-10 15:26 - 2017-01-10 15:26 - 00000000 ____H C:\Windows\BITB01C.tmp
2017-01-09 14:50 - 2017-01-09 14:50 - 00000000 ____H C:\Windows\BITAC17.tmp
2017-01-09 09:03 - 2017-01-09 09:03 - 00000000 ____H C:\Windows\BITA8EB.tmp
2017-01-09 08:32 - 2017-01-09 08:32 - 00000000 ____H C:\Windows\BITA3CD.tmp
2017-01-09 08:16 - 2017-01-09 08:16 - 00000000 ____H C:\Windows\BIT9C33.tmp
2017-01-06 16:50 - 2017-01-06 16:50 - 00000000 ____H C:\Windows\BITAC26.tmp
2017-01-05 21:32 - 2017-01-05 21:32 - 00000000 ____H C:\Windows\BITB619.tmp
2017-01-04 09:52 - 2017-01-04 09:52 - 00000000 ____H C:\Windows\BITB11A.tmp
2017-01-03 07:59 - 2017-01-10 16:03 - 00313318 _____ C:\Users\Salma\Documents\CONTRATO DE PRESTAÇÃO DE SERVIÇOS CHP BRASIL.pdf
2017-01-03 07:58 - 2017-01-03 07:58 - 00207351 _____ C:\Users\Salma\Documents\ANEXO III CHP BRASIL.pdf
2017-01-03 07:57 - 2017-01-03 07:57 - 00201301 _____ C:\Users\Salma\Documents\ANEXO I e II CHP BRASIL.pdf
2017-01-03 06:43 - 2017-01-03 06:43 - 00163782 _____ C:\Users\Salma\Downloads\Contrato Fundação MT.pdf
2017-01-03 06:21 - 2017-01-03 06:21 - 00000000 ____H C:\Windows\BITB7ED.tmp
2016-12-26 12:04 - 2016-12-26 12:04 - 00000345 _____ C:\Users\Salma\Downloads\alcanceprimavera_fee.txt
2016-12-26 12:03 - 2016-12-26 12:03 - 00028672 _____ C:\Users\Salma\Downloads\Fee-TxServico.xls
2016-12-26 09:46 - 2016-12-26 09:46 - 00014771 _____ C:\Users\Salma\Downloads\Cópia de QUADRO_CHP BRASIL.xlsx
2016-12-26 08:21 - 2016-12-26 08:21 - 00000000 ____H C:\Windows\BITC735.tmp
2016-12-22 08:49 - 2016-12-22 08:49 - 00000000 ____H C:\Windows\BITC256.tmp
2016-12-20 16:02 - 2016-12-20 16:02 - 00000165 ____H C:\Users\Salma\Downloads\~$Fee_CHP_Dez2016.xlsx
2016-12-20 16:01 - 2016-12-20 16:02 - 00095015 _____ C:\Users\Salma\Downloads\Fee_CHP_Dez2016.xlsx
2016-12-20 12:36 - 2016-12-20 12:46 - 00016900 _____ C:\Users\Salma\Downloads\Dados para Precificação Cliente Primavera do Leste.xlsx
2016-12-20 12:34 - 2016-12-20 12:34 - 00000000 ____H C:\Windows\BITC749.tmp
2016-12-17 09:01 - 2016-12-17 09:01 - 00218051 _____ C:\Users\Salma\Downloads\Imagem (2) (1).jpg
2016-12-16 16:00 - 2016-12-16 16:00 - 00071818 _____ C:\Users\Salma\Downloads\IMG_4324.JPG
2016-12-16 16:00 - 2016-12-16 16:00 - 00069027 _____ C:\Users\Salma\Downloads\IMG_4325.JPG
2016-12-16 16:00 - 2016-12-16 16:00 - 00065645 _____ C:\Users\Salma\Downloads\IMG_4326.JPG
2016-12-16 11:28 - 2016-12-16 11:28 - 21620061 _____ C:\Users\Salma\Documents\livro101receitasfit.pdf
2016-12-16 11:25 - 2016-12-16 11:26 - 05066332 _____ C:\Users\Salma\Documents\Ebooknatal.pdf
2016-12-16 11:25 - 2016-12-16 11:25 - 00884724 _____ C:\Users\Salma\Documents\ebookadeusretencao.pdf
2016-12-16 11:25 - 2016-12-16 11:25 - 00610649 _____ C:\Users\Salma\Documents\LivroSucosDetox.pdf
2016-12-16 09:11 - 2016-12-16 09:11 - 00000000 ____H C:\Windows\BITC071.tmp
2016-12-14 14:23 - 2016-12-14 14:23 - 00607927 _____ C:\Users\Salma\Documents\VOUCHER NATAL.pdf
2016-12-14 14:07 - 2016-12-14 14:07 - 00319186 _____ C:\Users\Salma\Documents\Proposta Comercial Flytour Servico de Viagens CHP BRASIL.pdf
2016-12-14 14:02 - 2016-12-14 14:02 - 00319186 _____ C:\Users\Salma\Downloads\Proposta Comercial Flytour Serviços de Viagens.pdf
2016-12-14 13:32 - 2016-12-22 09:43 - 00163840 _____ C:\Users\Salma\Downloads\Proposta Resumida Comercial Flytour Servico de Viagens CHP.doc
2016-12-14 09:59 - 2016-12-14 09:59 - 00317308 _____ C:\Users\Salma\Downloads\Proposta Resumida Comercial Flytour Servico de Viagens Olivideo.pdf
2016-12-14 09:43 - 2016-12-14 09:43 - 00327597 _____ C:\Users\Salma\Documents\Proposta Resumida Comercial Flytour Servico de Viagens.pdf
2016-12-14 09:36 - 2016-12-14 09:36 - 00937472 _____ C:\Users\Salma\Downloads\Prospecção - 1° Passo tecnicas de abordagem.ppt
2016-12-14 09:16 - 2016-12-14 09:16 - 00327597 _____ C:\Users\Salma\Downloads\Proposta Resumida Comercial Flytour Servico de Viagens O Telhar.pdf
2016-12-14 08:51 - 2016-12-14 08:51 - 00438231 _____ C:\Users\Salma\Documents\0000961911_199259VOUCHER_ASSIST.pdf
2016-12-14 08:44 - 2016-12-14 08:44 - 00438231 _____ C:\Users\Salma\Downloads\0000961911_199259VOUCHER_ASSIST.pdf
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-09 08:43 - 2010-05-19 21:09 - 00004310 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{61A03AFF-20DF-4DF2-A0F2-87434587410B}
2017-03-09 08:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2017-03-09 08:37 - 2015-01-19 15:01 - 00000952 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2017-03-09 08:36 - 2010-12-20 18:26 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-03-09 08:36 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-09 08:36 - 2009-07-14 00:45 - 00419336 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-09 08:35 - 2015-06-24 10:51 - 00000248 _____ C:\Windows\PNB-SALMA32.TXT
2017-03-09 08:35 - 2012-12-11 09:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-09 08:35 - 2012-12-11 09:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-08 18:59 - 2016-07-27 14:07 - 00000000 ____D C:\Windows\system32\MRT
2017-03-08 18:59 - 2010-05-19 21:22 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-03-08 18:59 - 2009-07-14 00:45 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-08 18:59 - 2009-07-14 00:45 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-08 18:56 - 2016-07-27 14:07 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-08 18:55 - 2016-08-10 10:39 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-03-08 18:55 - 2016-08-10 10:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-03-08 18:54 - 2016-08-10 10:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-03-08 18:53 - 2012-12-11 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-08 18:50 - 2009-07-13 22:34 - 00000513 _____ C:\Windows\win.ini
2017-03-08 18:24 - 2013-01-16 10:42 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-08 16:06 - 2015-01-19 15:01 - 00000956 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2017-03-08 09:35 - 2010-05-20 12:42 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-03-08 09:35 - 2010-05-20 12:42 - 00000000 ____D C:\ProgramData\Skype
2017-03-08 08:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-07 09:16 - 2009-07-18 01:15 - 00708172 _____ C:\Windows\system32\prfh0416.dat
2017-03-07 09:16 - 2009-07-18 01:15 - 00147952 _____ C:\Windows\system32\prfc0416.dat
2017-03-07 09:16 - 2009-07-14 01:13 - 01641426 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-07 09:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-06 13:54 - 2014-09-19 09:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-06 13:46 - 2010-08-08 16:25 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-06 13:25 - 2010-05-20 12:44 - 00000000 ____D C:\Users\Salma\AppData\Roaming\Skype
2017-03-03 10:03 - 2016-08-10 09:33 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-03 10:03 - 2016-08-10 09:33 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-03 10:02 - 2011-09-12 16:22 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-03 10:01 - 2016-08-10 10:21 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2017-03-03 10:01 - 2016-08-10 10:21 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2017-02-28 17:39 - 2010-05-18 09:32 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-25 11:34 - 2016-02-23 10:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-14 09:25 - 2013-01-16 10:42 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 09:25 - 2013-01-16 10:42 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 09:25 - 2013-01-16 10:42 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 09:25 - 2013-01-16 10:41 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 09:25 - 2010-05-20 14:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
==================== Arquivos na raiz de alguns diretórios =======
2013-02-01 14:48 - 2013-02-01 14:48 - 0032618 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2010-07-27 15:28 - 2014-10-20 15:17 - 0000088 __RSH () C:\ProgramData\2F1A0851C8.sys
2010-08-03 16:53 - 2016-08-10 09:59 - 0002036 _____ () C:\ProgramData\hpzinstall.log
2010-07-27 15:28 - 2014-10-20 15:17 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
Alguns arquivos em TEMP:
====================
2016-01-27 13:57 - 2015-07-07 02:49 - 0635128 _____ () C:\Users\Salma\AppData\Local\Temp\1453917431.exe
2016-03-28 11:27 - 2016-03-28 11:27 - 7765176 _____ (Digirotas Informática ) C:\Users\Salma\AppData\Local\Temp\Atualizacao_WintourInternet.exe
2012-09-19 21:15 - 2012-09-19 21:15 - 50352408 _____ (Microsoft Corporation) C:\Users\Salma\AppData\Local\Temp\NetFramework45.exe
2016-05-10 09:56 - 2016-11-29 15:21 - 43573720 _____ (Skype Technologies S.A.) C:\Users\Salma\AppData\Local\Temp\SkypeSetup.exe
2017-03-08 09:31 - 2017-03-08 09:32 - 14456872 _____ (Microsoft Corporation) C:\Users\Salma\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll
[2009-07-13 19:38] - [2010-05-20 13:07] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2009-07-13 19:24] - [2010-05-20 13:07] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-12-22 14:43
==================== Fim de FRST.txt ============================
Executado por Salma (administrador) em NB-SALMA (09-03-2017 09:01:04)
Executando a partir de C:\Users\Salma\Downloads
Perfis Carregados: Salma (Perfis Disponíveis: Salma)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
( ) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\wusa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\bitsadmin.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [gmsd_br_113] => [X]
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-08-28] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe <====== ATENÇÃO
Winlogon\Notify\ GbPluginAbn: C:\Program Files (x86)\GbPlugin\gbiehAbn.dll [2012-05-23] (Banco Real)
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
SSODL-x32: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - Nenhum Arquivo
ShellExecuteHooks: Sem Nome - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> Nenhum Arquivo
ShellExecuteHooks-x32: Sem Nome - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> Nenhum Arquivo
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll [631280 2012-05-23] (Banco Real)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-07-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * C:\Windows\PNB-SALMA32.exe
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
GroupPolicyScripts: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{1871D859-958C-4DC4-96E9-E0A67DC267E9}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{26317268-579C-41D8-9530-F715C823168B}: [NameServer] 201.10.128.2,201.10.120.3
Tcpip\..\Interfaces\{26317268-579C-41D8-9530-F715C823168B}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1400876631&from=bxk&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1400876631&from=bxk&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1400876631&from=bxk&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1400876631&from=bxk&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?ocid=iehp
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-1922545977-1366559221-686864483-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437767813&z=fe3692035e623e83f5ab125gdzbc9m8m1q6m3mcmae&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> DefaultScope {320589ED-D86C-4119-8693-C12E53BC4638} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&ts=1437767832&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&ts=1437767832&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> {320589ED-D86C-4119-8693-C12E53BC4638} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD5000BEVT-60ZAT1_WD-WX40A998448884488&ts=1437767832&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: Sem Nome -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> Nenhum Arquivo
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files (x86)\GbPlugin\gbiehabn.dll [2012-05-23] (Banco Real)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-20] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-1922545977-1366559221-686864483-1000 -> Sem Nome - {D4027C7F-154A-4066-A1AD-4243D8127440} - Nenhum Arquivo
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Nenhum Arquivo]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Session Restore: Default -> está habilitado.
CHR Profile: C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Apresentações) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-27]
CHR Extension: (Google Docs) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-27]
CHR Extension: (Google Drive) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Search) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-06]
CHR Extension: (Planilhas do Google) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-27]
CHR Extension: (Documentos Google off-line) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (VideoDownloadConverter) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgjglmlehllifdekcggaapkaplbdpje [2016-09-29]
CHR Extension: (FilmFanatic) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\niojcggonafbneajjmkpkcigabaobmge [2017-02-11]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Allin1Convert) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\odhkadhmcmknhbdekepokcbnipebjdei [2016-09-29]
CHR Extension: (Gmail) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\Salma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-06]
CHR HKU\S-1-5-21-1922545977-1366559221-686864483-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.6EUH3VK4FLEJ5RUNDM3IMA4JIU - C:\Users\Salma\AppData\Local\Google\Chrome\Application\chrome.exe
Opera:
=======
OPR Extension: (Sale Clipper) - C:\Users\Salma\AppData\Roaming\Opera Software\Opera Stable\Extensions\odlhikpaegeblidjhkeefjdjegganhpg [2015-07-24]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [215536 2012-05-23] ( )
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 HPSLPSVC; C:\Users\Salma\AppData\Local\Temp\7zS7DBF\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [Arquivo não assinado] <==== ATENÇÃO
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-02-02] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATENÇÃO
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATENÇÃO
S2 PSI_SVC_2; "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [X]
S2 scpVista; C:\Program Files (x86)\Scpad\scpVista.exe [X]
S2 SupraSavingsService64; C:\Program Files (x86)\5B99CC8D-7BAF-430A-9C63-67C9980E3ED8\SupraSavingsService64.exe [X]
S2 WindowsMangerProtect; C:\ProgramData\9WinManPro9\ProtectWindowsManager.exe -service [X] <==== ATENÇÃO
S2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=5B99CC8D-7BAF-430A-9C63-67C9980E3ED8 [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [47856 2012-05-23] (GAS Tecnologia)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
U4 eabfiltr; não ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Spring64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-09 08:58 - 2017-03-09 09:00 - 00053770 _____ C:\Users\Salma\Downloads\Addition.txt
2017-03-09 08:56 - 2017-03-09 09:01 - 00022334 _____ C:\Users\Salma\Downloads\FRST.txt
2017-03-09 08:56 - 2017-03-09 09:01 - 00000000 ____D C:\FRST
2017-03-09 08:55 - 2017-03-09 08:56 - 02423808 _____ (Farbar) C:\Users\Salma\Downloads\FRST64.exe
2017-03-09 08:45 - 2017-03-09 08:45 - 00000000 ____H C:\Windows\BIT30DF.tmp
2017-03-09 08:44 - 2017-03-09 08:44 - 309437397 _____ C:\Users\Salma\Downloads\Não confirmado 509348.crdownload
2017-03-09 08:39 - 2017-03-09 08:39 - 00000000 ___HT C:\Windows\wusa.lock
2017-03-09 08:39 - 2017-03-09 08:39 - 00000000 ____D C:\10fd855088d8710530
2017-03-08 18:55 - 2017-03-08 18:55 - 00001945 _____ C:\Windows\epplauncher.mif
2017-03-08 18:51 - 2017-03-08 18:51 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\Microsoft Help
2017-03-08 18:51 - 2017-03-08 18:51 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-03-08 18:51 - 2017-03-08 18:51 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-03-08 10:47 - 2017-03-08 10:47 - 00404821 _____ C:\Users\Salma\Downloads\PC_AGOSTO 2017_ Encontro Anual Agrológica_Salma Mega_FILE MI 1231.xlsx
2017-03-08 10:17 - 2017-03-08 10:17 - 00000000 ____H C:\Windows\BITC12C.tmp
2017-03-08 09:57 - 2017-03-08 09:57 - 00000000 ____D C:\Windows\system32\EventProviders
2017-03-08 09:57 - 2017-03-08 09:57 - 00000000 ____D C:\Windows\CheckSur
2017-03-08 09:46 - 2017-03-08 09:46 - 00000000 ____H C:\Windows\BITCB21.tmp
2017-03-08 09:41 - 2017-03-08 09:41 - 00000000 ____D C:\835a2626b0954012f1701726
2017-03-08 09:39 - 2016-08-10 12:01 - 00023232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-08 09:33 - 2017-03-08 09:33 - 00000000 ____H C:\Windows\BITFB3F.tmp
2017-03-08 09:33 - 2017-03-08 09:33 - 00000000 ____D C:\442475f920e2481d12480baebd
2017-03-08 09:32 - 2017-03-08 09:33 - 01034556 _____ C:\Users\Salma\Downloads\Windows6.1-KB2999226-x64.msu
2017-03-08 09:31 - 2016-08-10 12:01 - 00023232 _____ (Microsoft Corporation) C:\Windows\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-08 09:29 - 2017-03-08 09:29 - 00013193 _____ C:\Users\Salma\Downloads\api-ms-win-crt-runtime-l1-1-0.zip
2017-03-08 09:29 - 2017-03-08 09:29 - 00003630 _____ C:\Users\Salma\Downloads\api-ms-win-crt-runtime-l1-1-0 (1).zip
2017-03-08 09:20 - 2017-03-08 09:20 - 00000000 ____D C:\22b497f7ab4e2f9aa5f7c3
2017-03-08 09:10 - 2017-03-08 09:10 - 00000000 ____D C:\25f6275ab4ac173dc76f88575444
2017-03-08 09:09 - 2017-03-08 09:10 - 15302984 _____ (Microsoft Corporation) C:\Users\Salma\Downloads\vc_redist.x64 (1).exe
2017-03-08 09:06 - 2017-03-08 09:06 - 00000000 ____H C:\Windows\BITA9F6.tmp
2017-03-08 09:05 - 2017-03-08 09:07 - 14572000 _____ (Microsoft Corporation) C:\Users\Salma\Downloads\vc_redist.x64.exe
2017-03-08 08:49 - 2017-03-08 08:49 - 01631200 _____ (Skype Technologies S.A.) C:\Users\Salma\Downloads\SkypeSetup (2).exe
2017-03-08 08:47 - 2017-03-08 08:47 - 00000000 ____H C:\Windows\BITA814.tmp
2017-03-08 08:45 - 2017-03-08 08:45 - 00000000 ____D C:\8ade4551bd00b6a853129b
2017-03-08 08:39 - 2017-03-08 08:39 - 00000000 ____D C:\808d8c614305b806a2
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____H C:\Windows\BITC274.tmp
2017-03-08 08:30 - 2017-03-08 08:30 - 00000000 ____D C:\b581c8c3cc2ad5b2b50c34861516
2017-03-08 08:28 - 2017-03-03 10:17 - 01034556 _____ C:\Users\Salma\Desktop\Windows6.1-KB2999226-x64.msu
2017-03-07 13:54 - 2017-03-07 13:54 - 01654437 _____ C:\Users\Salma\Downloads\Desktop (1).rar
2017-03-07 09:44 - 2017-03-07 09:44 - 00000000 ____D C:\1744bd2f98a867f3c0d0a0b3a98e2e93
2017-03-07 09:41 - 2017-03-07 09:42 - 01654437 _____ C:\Users\Salma\Downloads\Desktop.rar
2017-03-07 09:20 - 2017-03-07 09:20 - 00000000 ____H C:\Windows\BITCF15.tmp
2017-03-06 13:54 - 2017-03-06 13:54 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-06 13:54 - 2017-03-06 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-06 13:49 - 2017-03-06 13:49 - 01631200 _____ (Skype Technologies S.A.) C:\Users\Salma\Downloads\SkypeSetup (1).exe
2017-03-06 13:37 - 2017-03-06 13:37 - 01631200 _____ (Skype Technologies S.A.) C:\Users\Salma\Downloads\SkypeSetup.exe
2017-03-06 13:35 - 2017-03-06 13:35 - 00002954 _____ C:\Windows\System32\Tasks\{F651963D-39C7-4671-A83F-0A75C12E6262}
2017-03-06 13:35 - 2017-03-06 13:35 - 00002954 _____ C:\Windows\System32\Tasks\{9FFFD7C5-D8CD-4181-8BB6-13493924F1E5}
2017-03-06 13:34 - 2017-03-06 13:34 - 00002954 _____ C:\Windows\System32\Tasks\{23F61E43-3ED2-46E3-B73F-D4066493F9D7}
2017-03-06 13:33 - 2017-03-06 13:33 - 00002954 _____ C:\Windows\System32\Tasks\{826E1AA3-3D66-4632-9C2F-06A4E7E4B4CA}
2017-03-06 13:27 - 2017-03-06 13:27 - 00000000 ____H C:\Windows\BITC967.tmp
2017-03-06 13:25 - 2017-03-08 09:19 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-03-06 13:25 - 2017-03-08 09:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-03 10:01 - 2017-03-03 10:01 - 00000000 ____H C:\Windows\BITAF9F.tmp
2017-03-01 15:53 - 2017-03-01 15:53 - 00000000 ____H C:\Windows\BITE3F8.tmp
2017-02-25 11:30 - 2017-02-25 11:30 - 00000000 ____H C:\Windows\BIT1718.tmp
2017-02-21 19:26 - 2017-02-21 19:26 - 00013599 _____ C:\Users\Salma\Documents\Grand Velas Antonio Daltro.pdf
2017-02-21 19:25 - 2017-02-21 19:25 - 00013690 _____ C:\Users\Salma\Documents\Transfer Alexandre Martins.pdf
2017-02-21 19:24 - 2017-02-21 19:24 - 00013686 _____ C:\Users\Salma\Documents\Transfer Antonio Daltro.pdf
2017-02-17 17:41 - 2017-02-17 17:41 - 00596879 _____ C:\Users\Salma\Documents\Premium Tower Mendoza.pdf
2017-02-17 17:39 - 2017-02-17 17:39 - 00607457 _____ C:\Users\Salma\Documents\Traslado Mendoza.pdf
2017-02-14 09:30 - 2017-02-14 09:30 - 00000000 ____H C:\Windows\BITB2BB.tmp
2017-02-13 08:50 - 2017-02-13 08:50 - 00000000 ____H C:\Windows\BIT9D69.tmp
2017-02-11 17:56 - 2017-02-11 17:56 - 00000000 ____H C:\Windows\BITB4CD.tmp
2017-02-11 10:30 - 2017-02-11 10:30 - 00000000 ____H C:\Windows\BITB24F.tmp
2017-02-09 14:02 - 2017-02-09 14:02 - 00033792 _____ C:\Users\Salma\Downloads\753675_27440_09022017040259.xls
2017-02-09 12:36 - 2017-02-09 12:36 - 00000000 ____H C:\Windows\BITA97E.tmp
2017-02-07 18:50 - 2017-02-07 18:50 - 01279291 _____ C:\Users\Salma\Downloads\report_account_review_20170207-17193-qzww8h.pdf
2017-02-07 18:33 - 2017-02-07 18:33 - 01099268 _____ C:\Users\Salma\Downloads\report_account_review_20170207-17196-1aqtfd3.pdf
2017-02-07 09:01 - 2017-02-07 09:01 - 00000000 ____H C:\Windows\BITA4D6.tmp
2017-02-06 15:26 - 2017-02-06 15:26 - 00052781 _____ C:\Users\Salma\Downloads\e_ticket_GOL_OMZGTN.pdf
2017-02-06 08:28 - 2017-02-06 08:28 - 00000000 ____H C:\Windows\BIT9BD4.tmp
2017-02-01 09:46 - 2017-02-01 09:46 - 00010519 _____ C:\Users\Salma\Downloads\chart(2)
2017-02-01 09:42 - 2017-02-01 09:42 - 00068406 _____ C:\Users\Salma\Documents\Tipos de Serviço e Centros de Custo - Easy Insight jan 2017.html
2017-02-01 09:42 - 2017-02-01 09:42 - 00000000 ____D C:\Users\Salma\Documents\Tipos de Serviço e Centros de Custo - Easy Insight jan 2017_files
2017-02-01 09:40 - 2017-02-01 09:40 - 00001220 _____ C:\Users\Salma\Downloads\Lista+-+Centros+de+Custo+por+Motivo+e+Tarifa.pdf
2017-02-01 09:38 - 2017-02-01 09:38 - 00046791 _____ C:\Users\Salma\Documents\Relatório de aderência jan 2017.html
2017-02-01 09:38 - 2017-02-01 09:38 - 00000000 ____D C:\Users\Salma\Documents\Relatório de aderência jan 2017_files
2017-02-01 09:36 - 2017-02-01 09:36 - 00039838 _____ C:\Users\Salma\Documents\Relatório - Analítico de Destinos jan2017.html
2017-02-01 09:36 - 2017-02-01 09:36 - 00000000 ____D C:\Users\Salma\Documents\Relatório - Analítico de Destinos jan2017_files
2017-02-01 09:26 - 2017-02-01 09:26 - 00066906 _____ C:\Users\Salma\Documents\Relatório de Desvio de Políticas jan2017.html
2017-02-01 09:26 - 2017-02-01 09:26 - 00000000 ____D C:\Users\Salma\Documents\Relatório de Desvio de Políticas jan2017_files
2017-02-01 08:34 - 2017-02-01 08:34 - 00008864 _____ C:\Users\Salma\Desktop\Diretoria de Operações jan2017.pdf
2017-02-01 08:33 - 2017-02-01 08:33 - 00009276 _____ C:\Users\Salma\Desktop\Diretoria de Engenharia jan2017.pdf
2017-02-01 08:32 - 2017-02-01 08:32 - 00015243 _____ C:\Users\Salma\Desktop\Diretoria Biogas jan2017.pdf
2017-02-01 08:31 - 2017-02-01 08:31 - 00011036 _____ C:\Users\Salma\Desktop\Diretoria Comercial jan2017.pdf
2017-02-01 08:29 - 2017-02-01 08:29 - 00008891 _____ C:\Users\Salma\Desktop\Diretoria Administratica - Jan2017.pdf
2017-02-01 08:27 - 2017-02-01 08:27 - 00000000 ____H C:\Windows\BIT9201.tmp
2017-01-31 08:56 - 2017-01-31 08:56 - 00000000 ____H C:\Windows\BITA820.tmp
2017-01-30 16:05 - 2017-01-30 16:58 - 00010734 _____ C:\Users\Salma\Documents\Grand Velas Riviera Maya - Bday Lucia.xlsx
2017-01-30 09:24 - 2017-01-30 09:24 - 00000000 ____H C:\Windows\BITA39F.tmp
2017-01-28 10:11 - 2017-01-28 10:11 - 00000000 ____H C:\Windows\BITAF70.tmp
2017-01-28 09:45 - 2017-01-28 09:45 - 00000000 ____H C:\Windows\BITDA09.tmp
2017-01-27 09:34 - 2017-01-27 09:34 - 00000000 ____H C:\Windows\BITA9F5.tmp
2017-01-26 10:55 - 2017-01-26 10:55 - 00360697 _____ C:\Users\Salma\Documents\1785468 SEGURO SANDRO VIANA.pdf
2017-01-26 10:54 - 2017-01-26 10:54 - 00360697 _____ C:\Users\Salma\Downloads\1785468.pdf
2017-01-26 07:55 - 2017-01-26 07:55 - 00000000 ____H C:\Windows\BITB77C.tmp
2017-01-25 08:48 - 2017-01-25 08:48 - 00000000 ____H C:\Windows\BITB135.tmp
2017-01-25 08:17 - 2017-01-25 08:17 - 00000000 ____H C:\Windows\BITA2E3.tmp
2017-01-24 19:14 - 2017-01-30 17:11 - 00015016 _____ C:\Users\Salma\Documents\BLOQUEIO GRAND VELAS.xlsx
2017-01-24 08:38 - 2017-01-24 08:38 - 00000000 ____H C:\Windows\BITAA52.tmp
2017-01-23 18:16 - 2017-01-23 18:16 - 02464371 _____ C:\Users\Salma\Documents\Apresentação Flytour.pptx
2017-01-23 15:08 - 2017-01-23 15:08 - 00000000 ____H C:\Windows\BITB654.tmp
2017-01-23 10:37 - 2017-01-23 10:38 - 12530957 _____ C:\Users\Salma\Downloads\8911___adesivo___box_de_vitrine_45x55_cm_final.zip
2017-01-23 08:39 - 2017-01-23 08:39 - 00000000 ____H C:\Windows\BIT95CE.tmp
2017-01-18 08:14 - 2017-01-18 08:14 - 00000000 ____H C:\Windows\BITA228.tmp
2017-01-17 15:21 - 2017-01-17 15:21 - 00000000 ____H C:\Windows\BITA40C.tmp
2017-01-16 13:40 - 2017-01-16 13:40 - 00627776 _____ C:\Users\Salma\Documents\VOUCHER FAMILIA MARODIN.pdf
2017-01-16 08:36 - 2017-01-16 08:36 - 00019456 _____ C:\Users\Salma\Downloads\753675_27440_16012017103642.xls
2017-01-16 07:57 - 2017-01-16 07:57 - 00000000 ____H C:\Windows\BITC246.tmp
2017-01-12 20:47 - 2017-01-12 20:47 - 00000000 ____H C:\Windows\BITC072.tmp
2017-01-12 18:40 - 2017-01-12 18:40 - 00000000 ____H C:\Windows\BITB5E7.tmp
2017-01-12 16:02 - 2017-01-12 16:02 - 00000000 ____H C:\Windows\BITA3A0.tmp
2017-01-10 15:31 - 2017-01-10 15:31 - 00312125 _____ C:\Users\Salma\Downloads\CONTRATO DE PRESTAÇÃO DE SERVIÇOS CHP BRASIL.PDF
2017-01-10 15:26 - 2017-01-10 15:26 - 00000000 ____H C:\Windows\BITB01C.tmp
2017-01-09 14:50 - 2017-01-09 14:50 - 00000000 ____H C:\Windows\BITAC17.tmp
2017-01-09 09:03 - 2017-01-09 09:03 - 00000000 ____H C:\Windows\BITA8EB.tmp
2017-01-09 08:32 - 2017-01-09 08:32 - 00000000 ____H C:\Windows\BITA3CD.tmp
2017-01-09 08:16 - 2017-01-09 08:16 - 00000000 ____H C:\Windows\BIT9C33.tmp
2017-01-06 16:50 - 2017-01-06 16:50 - 00000000 ____H C:\Windows\BITAC26.tmp
2017-01-05 21:32 - 2017-01-05 21:32 - 00000000 ____H C:\Windows\BITB619.tmp
2017-01-04 09:52 - 2017-01-04 09:52 - 00000000 ____H C:\Windows\BITB11A.tmp
2017-01-03 07:59 - 2017-01-10 16:03 - 00313318 _____ C:\Users\Salma\Documents\CONTRATO DE PRESTAÇÃO DE SERVIÇOS CHP BRASIL.pdf
2017-01-03 07:58 - 2017-01-03 07:58 - 00207351 _____ C:\Users\Salma\Documents\ANEXO III CHP BRASIL.pdf
2017-01-03 07:57 - 2017-01-03 07:57 - 00201301 _____ C:\Users\Salma\Documents\ANEXO I e II CHP BRASIL.pdf
2017-01-03 06:43 - 2017-01-03 06:43 - 00163782 _____ C:\Users\Salma\Downloads\Contrato Fundação MT.pdf
2017-01-03 06:21 - 2017-01-03 06:21 - 00000000 ____H C:\Windows\BITB7ED.tmp
2016-12-26 12:04 - 2016-12-26 12:04 - 00000345 _____ C:\Users\Salma\Downloads\alcanceprimavera_fee.txt
2016-12-26 12:03 - 2016-12-26 12:03 - 00028672 _____ C:\Users\Salma\Downloads\Fee-TxServico.xls
2016-12-26 09:46 - 2016-12-26 09:46 - 00014771 _____ C:\Users\Salma\Downloads\Cópia de QUADRO_CHP BRASIL.xlsx
2016-12-26 08:21 - 2016-12-26 08:21 - 00000000 ____H C:\Windows\BITC735.tmp
2016-12-22 08:49 - 2016-12-22 08:49 - 00000000 ____H C:\Windows\BITC256.tmp
2016-12-20 16:02 - 2016-12-20 16:02 - 00000165 ____H C:\Users\Salma\Downloads\~$Fee_CHP_Dez2016.xlsx
2016-12-20 16:01 - 2016-12-20 16:02 - 00095015 _____ C:\Users\Salma\Downloads\Fee_CHP_Dez2016.xlsx
2016-12-20 12:36 - 2016-12-20 12:46 - 00016900 _____ C:\Users\Salma\Downloads\Dados para Precificação Cliente Primavera do Leste.xlsx
2016-12-20 12:34 - 2016-12-20 12:34 - 00000000 ____H C:\Windows\BITC749.tmp
2016-12-17 09:01 - 2016-12-17 09:01 - 00218051 _____ C:\Users\Salma\Downloads\Imagem (2) (1).jpg
2016-12-16 16:00 - 2016-12-16 16:00 - 00071818 _____ C:\Users\Salma\Downloads\IMG_4324.JPG
2016-12-16 16:00 - 2016-12-16 16:00 - 00069027 _____ C:\Users\Salma\Downloads\IMG_4325.JPG
2016-12-16 16:00 - 2016-12-16 16:00 - 00065645 _____ C:\Users\Salma\Downloads\IMG_4326.JPG
2016-12-16 11:28 - 2016-12-16 11:28 - 21620061 _____ C:\Users\Salma\Documents\livro101receitasfit.pdf
2016-12-16 11:25 - 2016-12-16 11:26 - 05066332 _____ C:\Users\Salma\Documents\Ebooknatal.pdf
2016-12-16 11:25 - 2016-12-16 11:25 - 00884724 _____ C:\Users\Salma\Documents\ebookadeusretencao.pdf
2016-12-16 11:25 - 2016-12-16 11:25 - 00610649 _____ C:\Users\Salma\Documents\LivroSucosDetox.pdf
2016-12-16 09:11 - 2016-12-16 09:11 - 00000000 ____H C:\Windows\BITC071.tmp
2016-12-14 14:23 - 2016-12-14 14:23 - 00607927 _____ C:\Users\Salma\Documents\VOUCHER NATAL.pdf
2016-12-14 14:07 - 2016-12-14 14:07 - 00319186 _____ C:\Users\Salma\Documents\Proposta Comercial Flytour Servico de Viagens CHP BRASIL.pdf
2016-12-14 14:02 - 2016-12-14 14:02 - 00319186 _____ C:\Users\Salma\Downloads\Proposta Comercial Flytour Serviços de Viagens.pdf
2016-12-14 13:32 - 2016-12-22 09:43 - 00163840 _____ C:\Users\Salma\Downloads\Proposta Resumida Comercial Flytour Servico de Viagens CHP.doc
2016-12-14 09:59 - 2016-12-14 09:59 - 00317308 _____ C:\Users\Salma\Downloads\Proposta Resumida Comercial Flytour Servico de Viagens Olivideo.pdf
2016-12-14 09:43 - 2016-12-14 09:43 - 00327597 _____ C:\Users\Salma\Documents\Proposta Resumida Comercial Flytour Servico de Viagens.pdf
2016-12-14 09:36 - 2016-12-14 09:36 - 00937472 _____ C:\Users\Salma\Downloads\Prospecção - 1° Passo tecnicas de abordagem.ppt
2016-12-14 09:16 - 2016-12-14 09:16 - 00327597 _____ C:\Users\Salma\Downloads\Proposta Resumida Comercial Flytour Servico de Viagens O Telhar.pdf
2016-12-14 08:51 - 2016-12-14 08:51 - 00438231 _____ C:\Users\Salma\Documents\0000961911_199259VOUCHER_ASSIST.pdf
2016-12-14 08:44 - 2016-12-14 08:44 - 00438231 _____ C:\Users\Salma\Downloads\0000961911_199259VOUCHER_ASSIST.pdf
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-09 08:43 - 2010-05-19 21:09 - 00004310 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{61A03AFF-20DF-4DF2-A0F2-87434587410B}
2017-03-09 08:43 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2017-03-09 08:37 - 2015-01-19 15:01 - 00000952 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2017-03-09 08:36 - 2010-12-20 18:26 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-03-09 08:36 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-09 08:36 - 2009-07-14 00:45 - 00419336 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-09 08:35 - 2015-06-24 10:51 - 00000248 _____ C:\Windows\PNB-SALMA32.TXT
2017-03-09 08:35 - 2012-12-11 09:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-09 08:35 - 2012-12-11 09:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-08 18:59 - 2016-07-27 14:07 - 00000000 ____D C:\Windows\system32\MRT
2017-03-08 18:59 - 2010-05-19 21:22 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-03-08 18:59 - 2009-07-14 00:45 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-08 18:59 - 2009-07-14 00:45 - 00009776 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-08 18:56 - 2016-07-27 14:07 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-08 18:55 - 2016-08-10 10:39 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-03-08 18:55 - 2016-08-10 10:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-03-08 18:54 - 2016-08-10 10:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-03-08 18:53 - 2012-12-11 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-08 18:50 - 2009-07-13 22:34 - 00000513 _____ C:\Windows\win.ini
2017-03-08 18:24 - 2013-01-16 10:42 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-03-08 16:06 - 2015-01-19 15:01 - 00000956 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2017-03-08 09:35 - 2010-05-20 12:42 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-03-08 09:35 - 2010-05-20 12:42 - 00000000 ____D C:\ProgramData\Skype
2017-03-08 08:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-07 09:16 - 2009-07-18 01:15 - 00708172 _____ C:\Windows\system32\prfh0416.dat
2017-03-07 09:16 - 2009-07-18 01:15 - 00147952 _____ C:\Windows\system32\prfc0416.dat
2017-03-07 09:16 - 2009-07-14 01:13 - 01641426 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-07 09:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-03-06 13:54 - 2014-09-19 09:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-06 13:46 - 2010-08-08 16:25 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-06 13:25 - 2010-05-20 12:44 - 00000000 ____D C:\Users\Salma\AppData\Roaming\Skype
2017-03-03 10:03 - 2016-08-10 09:33 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-03 10:03 - 2016-08-10 09:33 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-03 10:02 - 2011-09-12 16:22 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-03 10:01 - 2016-08-10 10:21 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2017-03-03 10:01 - 2016-08-10 10:21 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2017-02-28 17:39 - 2010-05-18 09:32 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-25 11:34 - 2016-02-23 10:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-14 09:25 - 2013-01-16 10:42 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-14 09:25 - 2013-01-16 10:42 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-14 09:25 - 2013-01-16 10:42 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-14 09:25 - 2013-01-16 10:41 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-14 09:25 - 2010-05-20 14:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
==================== Arquivos na raiz de alguns diretórios =======
2013-02-01 14:48 - 2013-02-01 14:48 - 0032618 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2010-07-27 15:28 - 2014-10-20 15:17 - 0000088 __RSH () C:\ProgramData\2F1A0851C8.sys
2010-08-03 16:53 - 2016-08-10 09:59 - 0002036 _____ () C:\ProgramData\hpzinstall.log
2010-07-27 15:28 - 2014-10-20 15:17 - 0002828 ___SH () C:\ProgramData\KGyGaAvL.sys
Alguns arquivos em TEMP:
====================
2016-01-27 13:57 - 2015-07-07 02:49 - 0635128 _____ () C:\Users\Salma\AppData\Local\Temp\1453917431.exe
2016-03-28 11:27 - 2016-03-28 11:27 - 7765176 _____ (Digirotas Informática ) C:\Users\Salma\AppData\Local\Temp\Atualizacao_WintourInternet.exe
2012-09-19 21:15 - 2012-09-19 21:15 - 50352408 _____ (Microsoft Corporation) C:\Users\Salma\AppData\Local\Temp\NetFramework45.exe
2016-05-10 09:56 - 2016-11-29 15:21 - 43573720 _____ (Skype Technologies S.A.) C:\Users\Salma\AppData\Local\Temp\SkypeSetup.exe
2017-03-08 09:31 - 2017-03-08 09:32 - 14456872 _____ (Microsoft Corporation) C:\Users\Salma\AppData\Local\Temp\vc_redist.x86.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll
[2009-07-13 19:38] - [2010-05-20 13:07] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
C:\Windows\SysWOW64\User32.dll
[2009-07-13 19:24] - [2010-05-20 13:07] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-12-22 14:43
==================== Fim de FRST.txt ============================