Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14-05-2017
Executado por SM-MCLI01 (administrador) em SM-MCLI01 (16-05-2017 15:53:01)
Executando a partir de C:\Users\SM-MCLI01\Desktop\Scan
Perfis Carregados: SM-MCLI01 (Perfis Disponíveis: SM-MCLI01)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epag.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epintegrationservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epsecurityservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epupdateservice.exe
(Firebird Project) C:\BancoBrasil\Firebird\bin\fbserver.exe
() C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
( Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Samsung Electronics) C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller\LUMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_131\bin\javaw.exe
(TeamViewer GmbH) C:\Users\SM-MCL~1\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe
(TeamViewer GmbH) C:\Users\SM-MCL~1\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Users\SM-MCL~1\AppData\Local\Temp\TeamViewer\Version6\tv_w32.exe
(TeamViewer GmbH) C:\Users\SM-MCL~1\AppData\Local\Temp\TeamViewer\Version6\tv_x64.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [25600 2013-03-04] (A.E.T. Europe B.V.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [wdbraz_certm] => C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe [57488 2011-03-29] ( Beijing WatchData System Co., Ltd.)
HKLM-x32\...\Run: [Firebird] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
Winlogon\Notify\ GbPluginBnb: C:\Program Files (x86)\GbPlugin\gbiehBnb.dll [2017-02-21] (Banco do Nordeste do Brasil S.A.)
HKU\S-1-5-21-2764129781-2997685346-950478798-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27793880 2017-04-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2764129781-2997685346-950478798-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_ActiveX.exe [1277016 2017-05-02] (Adobe Systems Incorporated)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399014} - C:\Program Files (x86)\GbPlugin\gbiehbnb.dll [1911520 2017-02-21] (Banco do Nordeste do Brasil S.A.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil)
Startup: C:\Users\SM-MCLI01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCefMteU.LNK [2017-05-11]
ShortcutTarget: TCefMteU.LNK -> C:\Users\SM-MCLI01\AppData\Roaming/Microsoft/Windows/sCBwI/jJ.pdf ()
GroupPolicyScripts: Restrição <======= ATENÇÃO
GroupPolicyScripts\User: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{1C58334D-DA06-4504-B21B-9560E41633DF}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{6A5D2B26-8ADA-4522-A298-1158577401BF}: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{E251CEB2-23C2-47D2-A121-B01970E74236}: [NameServer] 200.175.182.139,200.175.5.139
Tcpip\..\Interfaces\{E251CEB2-23C2-47D2-A121-B01970E74236}: [DhcpNameServer] 192.168.20.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2764129781-2997685346-950478798-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com.br/
HKU\S-1-5-21-2764129781-2997685346-950478798-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-08-24] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540014} -> C:\Program Files (x86)\GbPlugin\gbiehbnb.dll [2017-02-21] (Banco do Nordeste do Brasil S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-27] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: f15bapcj.default-1493733674934
FF ProfilePath: C:\Users\SM-MCLI01\AppData\Roaming\Mozilla\Firefox\Profiles\f15bapcj.default-1493733674934 [2017-05-13]
FF HKLM\...\Firefox\Extensions: [bbassdigital@bb.com.br] - C:\Program Files\Banco do Brasil\Assinatura Digital\ext
FF Extension: (Banco do Brasil - Assinatura Digital) - C:\Program Files\Banco do Brasil\Assinatura Digital\ext [2017-05-02]
FF HKLM-x32\...\Firefox\Extensions: [bbassdigital@bb.com.br] - C:\Program Files\Banco do Brasil\Assinatura Digital\ext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-05-02] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-05-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default [2017-05-16]
CHR Extension: (Google Apresentações) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-22]
CHR Extension: (Banco do Brasil - Assinatura Digital) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\adllellfifhkdgekblogkphpalcbfooh [2017-05-02]
CHR Extension: (Google Docs) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-22]
CHR Extension: (Google Drive) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-26]
CHR Extension: (Google Search) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-10]
CHR Extension: (Planilhas do Google) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-22]
CHR Extension: (Documentos Google off-line) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM\...\Chrome\Extension: [adllellfifhkdgekblogkphpalcbfooh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [adllellfifhkdgekblogkphpalcbfooh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 epag; C:\Program Files\Bitdefender\Endpoint Security\epag.exe [3468744 2017-01-30] (Bitdefender)
R2 EPIntegrationService; C:\Program Files\Bitdefender\Endpoint Security\EPIntegrationService.exe [100392 2017-01-30] (Bitdefender)
R2 EPSecurityService; C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe [100392 2017-01-30] (Bitdefender)
R2 EPUpdateService; C:\Program Files\Bitdefender\Endpoint Security\EPUpdateService.exe [100392 2017-01-30] (Bitdefender)
R2 FirebirdServerDefaultInstance; C:\BancoBrasil\Firebird\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project) [Arquivo não assinado]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-24] (IObit)
R2 NetExpress Updater; C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe [18936 2016-07-22] ()
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [1926672 2016-10-26] (Scopus Soluções em TI Ltda)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA)
R2 WDBrazMonitor34; C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680 2011-03-24] (Beijing WatchData System Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-11-01] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-11-01] (BitDefender)
R3 bddevflt; C:\Program Files\Bitdefender\Endpoint Security\bddevflt.sys [109272 2017-02-20] (BitDefender LLC)
R1 Bdfndisf; c:\windows\system32\drivers\bdfndisf6.sys [114840 2017-01-30] (BitDefender LLC)
R1 Bdfwfpf; C:\Program Files\Bitdefender\Endpoint Security\bdfwfpf.sys [131520 2017-01-30] ()
R0 bdupflt; C:\Windows\System32\DRIVERS\bdupflt.sys [57544 2015-10-06] (Bitdefender)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-08-22] (Disc Soft Ltd)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-05-16] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto) [Arquivo não assinado]
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [178384 2017-01-30] (BitDefender LLC)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-01-05] (Highresolution Enterprises [www.highrez.co.uk])
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [442848 2017-01-30] (BitDefender S.R.L.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-04-29] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-05-13] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-06-08] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-07] (GAS Tecnologia)
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-05-16 15:52 - 2017-05-16 15:53 - 00000000 ____D C:\FRST
2017-05-16 15:50 - 2017-05-16 15:53 - 00000000 ____D C:\Users\SM-MCLI01\Desktop\Scan
2017-05-16 09:38 - 2017-05-16 09:39 - 00046834 _____ C:\Users\SM-MCLI01\Desktop\MACOM-FSQ-30 02-3.pdf
2017-05-13 09:14 - 2017-05-16 09:14 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS
2017-05-12 09:06 - 2017-05-12 09:06 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2017-05-12 09:06 - 2017-05-12 09:06 - 00000000 ____D C:\Users\SM-MCLI01\AppData\Roaming\ProductData
2017-05-12 09:06 - 2017-05-12 09:06 - 00000000 ____D C:\ProgramData\ProductData
2017-05-11 18:18 - 2017-05-11 18:18 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1494537484
2017-05-11 18:18 - 2017-05-11 18:18 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-05-11 18:17 - 2017-05-11 18:18 - 00000000 ____D C:\Program Files\Opera
2017-05-11 18:16 - 2017-05-11 18:16 - 01164640 _____ (Opera Software) C:\Users\SM-MCLI01\Downloads\OperaSetup.exe
2017-05-11 16:26 - 2017-05-11 16:26 - 01663672 _____ (Malwarebytes) C:\Users\SM-MCLI01\Downloads\JRT.exe
2017-05-11 15:26 - 2017-05-11 15:27 - 00000000 ____D C:\Users\SM-MCLI01\Downloads\backups
2017-05-11 15:21 - 2017-05-11 15:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\SM-MCLI01\Downloads\HijackThis.exe
2017-05-11 13:28 - 2017-05-11 14:22 - 00000000 ____D C:\AdwCleaner
2017-05-11 13:27 - 2017-05-11 13:27 - 04102600 _____ C:\Users\SM-MCLI01\Downloads\adwcleaner_6.046.exe
2017-05-11 09:03 - 2017-05-11 09:03 - 02016663 _____ C:\Users\SM-MCLI01\AppData\Roaming\9oR
2017-05-11 09:03 - 2017-05-11 09:03 - 00361944 _____ C:\Users\SM-MCLI01\AppData\Roaming\E7XLTnQB
2017-05-11 09:02 - 2017-05-11 09:03 - 02358910 _____ C:\Users\SM-MCLI01\AppData\Roaming\Ikq
2017-05-11 09:02 - 2017-05-11 09:02 - 02540917 _____ C:\Users\SM-MCLI01\AppData\Roaming\dyafRXyEJQ
2017-05-08 15:30 - 2017-05-08 17:26 - 00036864 _____ C:\Users\SM-MCLI01\Desktop\EQUIPAMENTO.xls
2017-05-08 15:20 - 2017-05-08 15:29 - 00064000 _____ C:\Users\SM-MCLI01\Desktop\INSTRUMENTAL.xls
2017-05-06 11:06 - 2017-05-08 17:11 - 00084992 _____ C:\Users\SM-MCLI01\Desktop\estoque5.xls
2017-05-02 11:38 - 2017-05-02 11:38 - 00000000 ____D C:\Program Files\Banco do Brasil
2017-05-02 11:09 - 2017-05-02 11:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-02 11:09 - 2017-05-02 11:12 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-02 10:56 - 2017-05-12 09:10 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-02 10:55 - 2017-05-02 11:02 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-02 10:55 - 2017-05-02 11:02 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-02 10:54 - 2017-05-09 08:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-02 10:54 - 2017-05-02 10:54 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-27 12:03 - 2017-04-27 12:03 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-27 12:03 - 2017-04-27 12:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-27 12:03 - 2017-04-27 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-27 12:00 - 2015-07-18 10:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-27 11:57 - 2017-04-27 11:57 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-04-27 11:56 - 2017-04-27 11:56 - 00000000 ____D C:\Program Files\Java
2017-04-27 11:55 - 2017-04-27 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-27 11:55 - 2017-04-27 11:55 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-27 11:54 - 2017-04-27 11:54 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-20 16:32 - 2017-04-20 16:32 - 00000000 ____D C:\Users\SM-MCLI01\AppData\Roaming\AnyDesk
2017-04-17 18:30 - 2017-04-17 18:30 - 00008928 _____ C:\Users\SM-MCLI01\Documents\cc_20170417_183032.reg
2017-04-17 18:27 - 2017-04-17 18:27 - 00000000 ____D C:\ESales - bkp
2017-04-17 09:00 - 2017-05-03 14:11 - 00000000 ____D C:\Users\Todos os Usuários\SupremoRemoteDesktop
2017-04-17 09:00 - 2017-05-03 14:11 - 00000000 ____D C:\ProgramData\SupremoRemoteDesktop
2017-03-17 10:59 - 2017-03-17 11:01 - 00000000 ____D C:\BancoBrasil
2017-03-17 10:59 - 2017-03-17 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banco do Brasil
2017-03-10 14:16 - 2017-04-13 10:16 - 00000000 ____D C:\Users\Todos os Usuários\firebird
2017-03-10 14:16 - 2017-04-13 10:16 - 00000000 ____D C:\ProgramData\firebird
2017-03-10 14:16 - 2017-03-10 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32)
2017-03-10 14:16 - 2011-10-03 08:28 - 00548864 _____ (Firebird Project) C:\Windows\SysWOW64\GDS32.DLL
2017-03-10 14:15 - 2017-03-10 14:15 - 00000000 ____D C:\Program Files (x86)\Firebird
2017-03-06 11:30 - 2017-03-06 11:30 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2017-03-06 11:30 - 2017-03-06 11:30 - 00000000 ___HD C:\Program Files (x86)\Diebold
2017-03-06 11:30 - 2017-03-06 11:30 - 00000000 ____D C:\Program Files\Diebold
2017-02-20 15:03 - 2017-02-20 15:03 - 00000718 _____ C:\Users\SM-MCLI01\Documents\cc_20170220_150349.reg
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-05-16 15:54 - 2015-08-27 10:09 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2017-05-16 15:45 - 2015-08-22 21:47 - 00000000 ____D C:\Users\SM-MCLI01\Documents\Arquivos do Outlook
2017-05-16 15:43 - 2015-08-22 16:01 - 00000000 ____D C:\Users\SM-MCLI01\AppData\Roaming\Skype
2017-05-16 15:42 - 2017-01-10 11:46 - 00000000 ____D C:\Users\SM-MCLI01\AppData\Local\CutePDF Writer
2017-05-16 15:11 - 2015-08-24 09:14 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-05-16 15:11 - 2015-08-24 09:14 - 00000000 ____D C:\ProgramData\GbPlugin
2017-05-16 11:32 - 2015-08-22 15:37 - 00000000 ____D C:\Users\SM-MCLI01\Desktop\BELIZETE-DOC
2017-05-16 09:19 - 2009-07-14 01:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-16 09:19 - 2009-07-14 01:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-15 11:43 - 2016-02-18 15:01 - 00002771 _____ C:\Users\SM-MCLI01\Desktop\FORMULARIO PARA EMISSAO NF CANCELAMENTO ECF.xlsx - Atalho.lnk
2017-05-15 11:43 - 2015-08-24 18:56 - 00002656 _____ C:\Users\SM-MCLI01\Desktop\RELAÇÃO NCM - Atalho.lnk
2017-05-15 11:43 - 2015-08-24 18:56 - 00002179 _____ C:\Users\SM-MCLI01\Desktop\Temp - Atalho.lnk
2017-05-14 09:53 - 2015-08-22 15:41 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-14 01:00 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-05-13 09:12 - 2015-08-24 09:14 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-05-13 09:11 - 2016-12-27 10:11 - 00028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-05-13 09:11 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-12 10:00 - 2016-12-23 10:58 - 00000000 ____D C:\Users\SM-MCLI01\Desktop\BANCO BRASIL
2017-05-12 09:46 - 2016-11-23 14:50 - 00000000 ____D C:\Users\SM-MCLI01\AppData\LocalLow\Mozilla
2017-05-11 16:46 - 2016-07-29 17:42 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-11 16:46 - 2015-08-22 15:27 - 00001389 _____ C:\Users\SM-MCLI01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-11 14:00 - 2015-08-24 16:44 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2017-05-11 14:00 - 2015-08-24 16:44 - 00000000 ____D C:\ProgramData\IObit
2017-05-10 13:55 - 2015-08-24 09:51 - 00000000 ____D C:\Users\SM-MCLI01\AppData\LocalLow\Scpad
2017-05-09 08:36 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-08 10:32 - 2016-11-23 12:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-05 17:41 - 2015-08-22 15:38 - 00000000 ____D C:\Users\SM-MCLI01\Desktop\TRABALHO Sinergia medica
2017-05-05 09:07 - 2015-08-22 15:46 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 10:14 - 2015-06-26 10:24 - 00000000 ____D C:\Users\SM-MCLI01\Desktop\doc SInergia
2017-05-02 11:13 - 2015-08-24 13:28 - 00000000 ____D C:\Users\SM-MCLI01\AppData\Local\Adobe
2017-05-02 11:12 - 2015-08-24 18:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-02 11:12 - 2015-08-24 18:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-02 10:56 - 2015-08-22 15:34 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-27 12:02 - 2015-08-22 15:42 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-04-27 12:02 - 2015-08-22 15:42 - 00000000 ____D C:\ProgramData\Skype
2017-04-27 11:58 - 2015-09-11 18:21 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-04-27 11:58 - 2015-09-11 18:21 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-19 08:27 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Arquivos na raiz de alguns diretórios =======
2017-05-11 09:03 - 2017-05-11 09:03 - 2016663 _____ () C:\Users\SM-MCLI01\AppData\Roaming\9oR
2017-05-11 09:02 - 2017-05-11 09:02 - 2540917 _____ () C:\Users\SM-MCLI01\AppData\Roaming\dyafRXyEJQ
2017-05-11 09:03 - 2017-05-11 09:03 - 0361944 _____ () C:\Users\SM-MCLI01\AppData\Roaming\E7XLTnQB
2017-05-11 09:02 - 2017-05-11 09:03 - 2358910 _____ () C:\Users\SM-MCLI01\AppData\Roaming\Ikq
2015-08-24 08:55 - 2015-08-24 08:56 - 0038386 _____ () C:\Users\SM-MCLI01\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-06-02 16:48 - 2016-06-02 16:48 - 0000160 _____ () C:\ProgramData\45.install.log
2016-04-27 16:30 - 2016-04-27 16:30 - 0000597 _____ () C:\ProgramData\45.rollback.log
2015-08-24 17:16 - 2015-08-24 17:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-26 11:03 - 2015-12-16 10:10 - 0000059 _____ () C:\ProgramData\emissor.log
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-05-13 09:40
==================== Fim de FRST.txt ============================
Executado por SM-MCLI01 (administrador) em SM-MCLI01 (16-05-2017 15:53:01)
Executando a partir de C:\Users\SM-MCLI01\Desktop\Scan
Perfis Carregados: SM-MCLI01 (Perfis Disponíveis: SM-MCLI01)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epag.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epintegrationservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epsecurityservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epupdateservice.exe
(Firebird Project) C:\BancoBrasil\Firebird\bin\fbserver.exe
() C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
(Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
( Beijing WatchData System Co., Ltd.) C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Bitdefender) C:\Program Files\Bitdefender\Endpoint Security\epconsole.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Samsung Electronics) C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller\LUMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_131\bin\javaw.exe
(TeamViewer GmbH) C:\Users\SM-MCL~1\AppData\Local\Temp\TeamViewer\Version6\TeamViewer.exe
(TeamViewer GmbH) C:\Users\SM-MCL~1\AppData\Local\Temp\TeamViewer\Version6\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Users\SM-MCL~1\AppData\Local\Temp\TeamViewer\Version6\tv_w32.exe
(TeamViewer GmbH) C:\Users\SM-MCL~1\AppData\Local\Temp\TeamViewer\Version6\tv_x64.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [25600 2013-03-04] (A.E.T. Europe B.V.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [wdbraz_certm] => C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe [57488 2011-03-29] ( Beijing WatchData System Co., Ltd.)
HKLM-x32\...\Run: [Firebird] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
Winlogon\Notify\ GbPluginBnb: C:\Program Files (x86)\GbPlugin\gbiehBnb.dll [2017-02-21] (Banco do Nordeste do Brasil S.A.)
HKU\S-1-5-21-2764129781-2997685346-950478798-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27793880 2017-04-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2764129781-2997685346-950478798-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_ActiveX.exe [1277016 2017-05-02] (Adobe Systems Incorporated)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399014} - C:\Program Files (x86)\GbPlugin\gbiehbnb.dll [1911520 2017-02-21] (Banco do Nordeste do Brasil S.A.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil)
Startup: C:\Users\SM-MCLI01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCefMteU.LNK [2017-05-11]
ShortcutTarget: TCefMteU.LNK -> C:\Users\SM-MCLI01\AppData\Roaming/Microsoft/Windows/sCBwI/jJ.pdf ()
GroupPolicyScripts: Restrição <======= ATENÇÃO
GroupPolicyScripts\User: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{1C58334D-DA06-4504-B21B-9560E41633DF}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{6A5D2B26-8ADA-4522-A298-1158577401BF}: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{E251CEB2-23C2-47D2-A121-B01970E74236}: [NameServer] 200.175.182.139,200.175.5.139
Tcpip\..\Interfaces\{E251CEB2-23C2-47D2-A121-B01970E74236}: [DhcpNameServer] 192.168.20.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2764129781-2997685346-950478798-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com.br/
HKU\S-1-5-21-2764129781-2997685346-950478798-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-08-24] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-27] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540014} -> C:\Program Files (x86)\GbPlugin\gbiehbnb.dll [2017-02-21] (Banco do Nordeste do Brasil S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-27] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: f15bapcj.default-1493733674934
FF ProfilePath: C:\Users\SM-MCLI01\AppData\Roaming\Mozilla\Firefox\Profiles\f15bapcj.default-1493733674934 [2017-05-13]
FF HKLM\...\Firefox\Extensions: [bbassdigital@bb.com.br] - C:\Program Files\Banco do Brasil\Assinatura Digital\ext
FF Extension: (Banco do Brasil - Assinatura Digital) - C:\Program Files\Banco do Brasil\Assinatura Digital\ext [2017-05-02]
FF HKLM-x32\...\Firefox\Extensions: [bbassdigital@bb.com.br] - C:\Program Files\Banco do Brasil\Assinatura Digital\ext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-05-02] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-05-02] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default [2017-05-16]
CHR Extension: (Google Apresentações) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-22]
CHR Extension: (Banco do Brasil - Assinatura Digital) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\adllellfifhkdgekblogkphpalcbfooh [2017-05-02]
CHR Extension: (Google Docs) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-22]
CHR Extension: (Google Drive) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-26]
CHR Extension: (Google Search) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-10]
CHR Extension: (Planilhas do Google) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-22]
CHR Extension: (Documentos Google off-line) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-04]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\SM-MCLI01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM\...\Chrome\Extension: [adllellfifhkdgekblogkphpalcbfooh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [adllellfifhkdgekblogkphpalcbfooh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 epag; C:\Program Files\Bitdefender\Endpoint Security\epag.exe [3468744 2017-01-30] (Bitdefender)
R2 EPIntegrationService; C:\Program Files\Bitdefender\Endpoint Security\EPIntegrationService.exe [100392 2017-01-30] (Bitdefender)
R2 EPSecurityService; C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe [100392 2017-01-30] (Bitdefender)
R2 EPUpdateService; C:\Program Files\Bitdefender\Endpoint Security\EPUpdateService.exe [100392 2017-01-30] (Bitdefender)
R2 FirebirdServerDefaultInstance; C:\BancoBrasil\Firebird\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project) [Arquivo não assinado]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-24] (IObit)
R2 NetExpress Updater; C:\Program Files (x86)\AppBrad\NetExpressUpdater.exe [18936 2016-07-22] ()
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [1926672 2016-10-26] (Scopus Soluções em TI Ltda)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA)
R2 WDBrazMonitor34; C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680 2011-03-24] (Beijing WatchData System Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-11-01] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-11-01] (BitDefender)
R3 bddevflt; C:\Program Files\Bitdefender\Endpoint Security\bddevflt.sys [109272 2017-02-20] (BitDefender LLC)
R1 Bdfndisf; c:\windows\system32\drivers\bdfndisf6.sys [114840 2017-01-30] (BitDefender LLC)
R1 Bdfwfpf; C:\Program Files\Bitdefender\Endpoint Security\bdfwfpf.sys [131520 2017-01-30] ()
R0 bdupflt; C:\Windows\System32\DRIVERS\bdupflt.sys [57544 2015-10-06] (Bitdefender)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-08-22] (Disc Soft Ltd)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-05-16] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto) [Arquivo não assinado]
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [178384 2017-01-30] (BitDefender LLC)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-01-05] (Highresolution Enterprises [www.highrez.co.uk])
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [442848 2017-01-30] (BitDefender S.R.L.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-04-29] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-05-13] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-06-08] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-07] (GAS Tecnologia)
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-05-16 15:52 - 2017-05-16 15:53 - 00000000 ____D C:\FRST
2017-05-16 15:50 - 2017-05-16 15:53 - 00000000 ____D C:\Users\SM-MCLI01\Desktop\Scan
2017-05-16 09:38 - 2017-05-16 09:39 - 00046834 _____ C:\Users\SM-MCLI01\Desktop\MACOM-FSQ-30 02-3.pdf
2017-05-13 09:14 - 2017-05-16 09:14 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS
2017-05-12 09:06 - 2017-05-12 09:06 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2017-05-12 09:06 - 2017-05-12 09:06 - 00000000 ____D C:\Users\SM-MCLI01\AppData\Roaming\ProductData
2017-05-12 09:06 - 2017-05-12 09:06 - 00000000 ____D C:\ProgramData\ProductData
2017-05-11 18:18 - 2017-05-11 18:18 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1494537484
2017-05-11 18:18 - 2017-05-11 18:18 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-05-11 18:17 - 2017-05-11 18:18 - 00000000 ____D C:\Program Files\Opera
2017-05-11 18:16 - 2017-05-11 18:16 - 01164640 _____ (Opera Software) C:\Users\SM-MCLI01\Downloads\OperaSetup.exe
2017-05-11 16:26 - 2017-05-11 16:26 - 01663672 _____ (Malwarebytes) C:\Users\SM-MCLI01\Downloads\JRT.exe
2017-05-11 15:26 - 2017-05-11 15:27 - 00000000 ____D C:\Users\SM-MCLI01\Downloads\backups
2017-05-11 15:21 - 2017-05-11 15:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\SM-MCLI01\Downloads\HijackThis.exe
2017-05-11 13:28 - 2017-05-11 14:22 - 00000000 ____D C:\AdwCleaner
2017-05-11 13:27 - 2017-05-11 13:27 - 04102600 _____ C:\Users\SM-MCLI01\Downloads\adwcleaner_6.046.exe
2017-05-11 09:03 - 2017-05-11 09:03 - 02016663 _____ C:\Users\SM-MCLI01\AppData\Roaming\9oR
2017-05-11 09:03 - 2017-05-11 09:03 - 00361944 _____ C:\Users\SM-MCLI01\AppData\Roaming\E7XLTnQB
2017-05-11 09:02 - 2017-05-11 09:03 - 02358910 _____ C:\Users\SM-MCLI01\AppData\Roaming\Ikq
2017-05-11 09:02 - 2017-05-11 09:02 - 02540917 _____ C:\Users\SM-MCLI01\AppData\Roaming\dyafRXyEJQ
2017-05-08 15:30 - 2017-05-08 17:26 - 00036864 _____ C:\Users\SM-MCLI01\Desktop\EQUIPAMENTO.xls
2017-05-08 15:20 - 2017-05-08 15:29 - 00064000 _____ C:\Users\SM-MCLI01\Desktop\INSTRUMENTAL.xls
2017-05-06 11:06 - 2017-05-08 17:11 - 00084992 _____ C:\Users\SM-MCLI01\Desktop\estoque5.xls
2017-05-02 11:38 - 2017-05-02 11:38 - 00000000 ____D C:\Program Files\Banco do Brasil
2017-05-02 11:09 - 2017-05-02 11:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-02 11:09 - 2017-05-02 11:12 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-02 10:56 - 2017-05-12 09:10 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-02 10:55 - 2017-05-02 11:02 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-02 10:55 - 2017-05-02 11:02 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-02 10:54 - 2017-05-09 08:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-02 10:54 - 2017-05-02 10:54 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-27 12:03 - 2017-04-27 12:03 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-27 12:03 - 2017-04-27 12:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-27 12:03 - 2017-04-27 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-27 12:00 - 2015-07-18 10:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-27 12:00 - 2015-07-18 10:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-27 11:57 - 2017-04-27 11:57 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-04-27 11:56 - 2017-04-27 11:56 - 00000000 ____D C:\Program Files\Java
2017-04-27 11:55 - 2017-04-27 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-27 11:55 - 2017-04-27 11:55 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-27 11:54 - 2017-04-27 11:54 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-20 16:32 - 2017-04-20 16:32 - 00000000 ____D C:\Users\SM-MCLI01\AppData\Roaming\AnyDesk
2017-04-17 18:30 - 2017-04-17 18:30 - 00008928 _____ C:\Users\SM-MCLI01\Documents\cc_20170417_183032.reg
2017-04-17 18:27 - 2017-04-17 18:27 - 00000000 ____D C:\ESales - bkp
2017-04-17 09:00 - 2017-05-03 14:11 - 00000000 ____D C:\Users\Todos os Usuários\SupremoRemoteDesktop
2017-04-17 09:00 - 2017-05-03 14:11 - 00000000 ____D C:\ProgramData\SupremoRemoteDesktop
2017-03-17 10:59 - 2017-03-17 11:01 - 00000000 ____D C:\BancoBrasil
2017-03-17 10:59 - 2017-03-17 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banco do Brasil
2017-03-10 14:16 - 2017-04-13 10:16 - 00000000 ____D C:\Users\Todos os Usuários\firebird
2017-03-10 14:16 - 2017-04-13 10:16 - 00000000 ____D C:\ProgramData\firebird
2017-03-10 14:16 - 2017-03-10 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32)
2017-03-10 14:16 - 2011-10-03 08:28 - 00548864 _____ (Firebird Project) C:\Windows\SysWOW64\GDS32.DLL
2017-03-10 14:15 - 2017-03-10 14:15 - 00000000 ____D C:\Program Files (x86)\Firebird
2017-03-06 11:30 - 2017-03-06 11:30 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2017-03-06 11:30 - 2017-03-06 11:30 - 00000000 ___HD C:\Program Files (x86)\Diebold
2017-03-06 11:30 - 2017-03-06 11:30 - 00000000 ____D C:\Program Files\Diebold
2017-02-20 15:03 - 2017-02-20 15:03 - 00000718 _____ C:\Users\SM-MCLI01\Documents\cc_20170220_150349.reg
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-05-16 15:54 - 2015-08-27 10:09 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2017-05-16 15:45 - 2015-08-22 21:47 - 00000000 ____D C:\Users\SM-MCLI01\Documents\Arquivos do Outlook
2017-05-16 15:43 - 2015-08-22 16:01 - 00000000 ____D C:\Users\SM-MCLI01\AppData\Roaming\Skype
2017-05-16 15:42 - 2017-01-10 11:46 - 00000000 ____D C:\Users\SM-MCLI01\AppData\Local\CutePDF Writer
2017-05-16 15:11 - 2015-08-24 09:14 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-05-16 15:11 - 2015-08-24 09:14 - 00000000 ____D C:\ProgramData\GbPlugin
2017-05-16 11:32 - 2015-08-22 15:37 - 00000000 ____D C:\Users\SM-MCLI01\Desktop\BELIZETE-DOC
2017-05-16 09:19 - 2009-07-14 01:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-16 09:19 - 2009-07-14 01:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-15 11:43 - 2016-02-18 15:01 - 00002771 _____ C:\Users\SM-MCLI01\Desktop\FORMULARIO PARA EMISSAO NF CANCELAMENTO ECF.xlsx - Atalho.lnk
2017-05-15 11:43 - 2015-08-24 18:56 - 00002656 _____ C:\Users\SM-MCLI01\Desktop\RELAÇÃO NCM - Atalho.lnk
2017-05-15 11:43 - 2015-08-24 18:56 - 00002179 _____ C:\Users\SM-MCLI01\Desktop\Temp - Atalho.lnk
2017-05-14 09:53 - 2015-08-22 15:41 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-14 01:00 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-05-13 09:12 - 2015-08-24 09:14 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-05-13 09:11 - 2016-12-27 10:11 - 00028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-05-13 09:11 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-12 10:00 - 2016-12-23 10:58 - 00000000 ____D C:\Users\SM-MCLI01\Desktop\BANCO BRASIL
2017-05-12 09:46 - 2016-11-23 14:50 - 00000000 ____D C:\Users\SM-MCLI01\AppData\LocalLow\Mozilla
2017-05-11 16:46 - 2016-07-29 17:42 - 00000000 ____D C:\Program Files (x86)\Opera
2017-05-11 16:46 - 2015-08-22 15:27 - 00001389 _____ C:\Users\SM-MCLI01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-11 14:00 - 2015-08-24 16:44 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2017-05-11 14:00 - 2015-08-24 16:44 - 00000000 ____D C:\ProgramData\IObit
2017-05-10 13:55 - 2015-08-24 09:51 - 00000000 ____D C:\Users\SM-MCLI01\AppData\LocalLow\Scpad
2017-05-09 08:36 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-08 10:32 - 2016-11-23 12:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-05 17:41 - 2015-08-22 15:38 - 00000000 ____D C:\Users\SM-MCLI01\Desktop\TRABALHO Sinergia medica
2017-05-05 09:07 - 2015-08-22 15:46 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-04 10:14 - 2015-06-26 10:24 - 00000000 ____D C:\Users\SM-MCLI01\Desktop\doc SInergia
2017-05-02 11:13 - 2015-08-24 13:28 - 00000000 ____D C:\Users\SM-MCLI01\AppData\Local\Adobe
2017-05-02 11:12 - 2015-08-24 18:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-02 11:12 - 2015-08-24 18:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-02 10:56 - 2015-08-22 15:34 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-27 12:02 - 2015-08-22 15:42 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-04-27 12:02 - 2015-08-22 15:42 - 00000000 ____D C:\ProgramData\Skype
2017-04-27 11:58 - 2015-09-11 18:21 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-04-27 11:58 - 2015-09-11 18:21 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-19 08:27 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Arquivos na raiz de alguns diretórios =======
2017-05-11 09:03 - 2017-05-11 09:03 - 2016663 _____ () C:\Users\SM-MCLI01\AppData\Roaming\9oR
2017-05-11 09:02 - 2017-05-11 09:02 - 2540917 _____ () C:\Users\SM-MCLI01\AppData\Roaming\dyafRXyEJQ
2017-05-11 09:03 - 2017-05-11 09:03 - 0361944 _____ () C:\Users\SM-MCLI01\AppData\Roaming\E7XLTnQB
2017-05-11 09:02 - 2017-05-11 09:03 - 2358910 _____ () C:\Users\SM-MCLI01\AppData\Roaming\Ikq
2015-08-24 08:55 - 2015-08-24 08:56 - 0038386 _____ () C:\Users\SM-MCLI01\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-06-02 16:48 - 2016-06-02 16:48 - 0000160 _____ () C:\ProgramData\45.install.log
2016-04-27 16:30 - 2016-04-27 16:30 - 0000597 _____ () C:\ProgramData\45.rollback.log
2015-08-24 17:16 - 2015-08-24 17:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-26 11:03 - 2015-12-16 10:10 - 0000059 _____ () C:\ProgramData\emissor.log
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-05-13 09:40
==================== Fim de FRST.txt ============================