Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 30-07-2017
Executado por wandeco67 (administrador) em WANDECO67-PC (31-07-2017 12:00:57)
Executando a partir de C:\Users\wandeco67\Downloads
Perfis Carregados: wandeco67 (Perfis Disponíveis: wandeco67)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(eRmail Company, s. r. o.) C:\Users\wandeco67\AppData\Roaming\eRclient\eRclient.exe
(Akamai Technologies, Inc.) C:\Users\wandeco67\AppData\Local\Akamai\netsession_win.exe
(Facebook) C:\Users\wandeco67\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Akamai Technologies, Inc.) C:\Users\wandeco67\AppData\Local\Akamai\netsession_win.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CTEC_Update] => C:\CTEC\Update Service\Updservice.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
HKLM-x32\...\RunOnce: [Robena] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\WANDEC~1\AppData\Local\Lurerahu\Piligamele.dat"
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\...\Run: [eRclient] => C:\Users\wandeco67\AppData\Roaming\eRclient\eRclient.exe [1269248 2014-08-13] (eRmail Company, s. r. o.)
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\...\Run: [Chromium] => c:\users\wandeco67\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session --restore-last-session --restore-last-session --restore-las (a entrada de dados tem 32 mais caracteres).
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\...\Run: [Akamai NetSession Interface] => C:\Users\wandeco67\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc.)
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal)
Startup: C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-07-22]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\wandeco67\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2510 series.lnk [2017-07-31]
ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 201.75.168.34 201.75.168.88
Tcpip\..\Interfaces\{8383F9D6-78FC-42C7-9B94-39A4229B134E}: [DhcpNameServer] 201.75.168.34 201.75.168.88
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_30_wbf_medprog_17_11_ssg02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtBzz0DtD0FtDyCtDzytN0D0Tzu0StBtDtAyDtN1L2XzutAtFtAtBtFtCtFyDtAtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StA0CyD0D0EyCyByBtGyDtByB0BtGyEyEyEtDtGyB0AtCtCtGtA0Dzz0DtBtBzztAyC0B0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0CtD0BtAyB0BtGtDzy0CtBtGyEzyyE0DtGzy0EtDzytGtC0B0FyDtDzytAtByEtAyEyC2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtDtCtBzyzzyBtByB%26cr%3D815306565%26a%3Dhdr_s_17_30_wbf_medprog_17_11_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_30_wbf_medprog_17_11_ssg02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtBzz0DtD0FtDyCtDzytN0D0Tzu0StBtDtAyDtN1L2XzutAtFtAtBtFtCtFyDtAtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StA0CyD0D0EyCyByBtGyDtByB0BtGyEyEyEtDtGyB0AtCtCtGtA0Dzz0DtBtBzztAyC0B0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0CtD0BtAyB0BtGtDzy0CtBtGyEzyyE0DtGzy0EtDzytGtC0B0FyDtDzytAtByEtAyEyC2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtDtCtBzyzzyBtByB%26cr%3D815306565%26a%3Dhdr_s_17_30_wbf_medprog_17_11_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U207&ocid=U207DHP&osmkt=pt-br
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_30_wbf_medprog_17_11_ssg02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtBzz0DtD0FtDyCtDzytN0D0Tzu0StBtDtAyDtN1L2XzutAtFtAtBtFtCtFyDtAtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StA0CyD0D0EyCyByBtGyDtByB0BtGyEyEyEtDtGyB0AtCtCtGtA0Dzz0DtBtBzztAyC0B0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0CtD0BtAyB0BtGtDzy0CtBtGyEzyyE0DtGzy0EtDzytGtC0B0FyDtDzytAtByEtAyEyC2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtDtCtBzyzzyBtByB%26cr%3D815306565%26a%3Dhdr_s_17_30_wbf_medprog_17_11_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472F-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472F-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_medprog_17_11_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtBzz0DtD0FtDyCtDzytN0D0Tzu0StCzzzytCtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzzyCzyzy0D0BzytGyC0CtD0CtGyCyCtDtAtGtAyEtB0AtGyBtD0C0ByEzyyDzytBtC0Fzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0CtD0BtAyB0BtGtDzy0CtBtGyEzyyE0DtGzy0EtDzytGtC0B0FyDtDzytAtByEtAyEyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtAtDzy%26cr%3D2029848660%26a%3Dwbf_medprog_17_11_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_d874eeb0f46de08a38¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITQbQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8wVM9ISoXvmldISIXNVQ9Jmk3NVI9IWYTwVI4J6IVvmo9GqYVNUI3wGYGwVM3vCIWvFI9GqUNNos3wCIYwVA9Jmk3wVA4ICITvFI4ICILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVFdJGYYvFM4ICIYwVQ9I6IVNVM9IWYXwVw9IWYXNVI4ISISvFJdJCIVwVM9IaYYvFI9JmIWvFI4ICIYNVJdJ6IWNVU3vGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFM9JGYWwVJdJmIYvFRdJmISwVI3vGYWwVQ9I6oUvmo4IGYVwVw3vGYUwVI3vCISwVNdJqYTvFI9ISk4wVU9JmoUwVU4ICoWNoU9GqYYNVc3wCoUQGR7B6RoN9JcNqFdMaxcMGpaQGR7BHFaISopzU0aCaV6CaVaC6wrAo0gADIdxn0mCaV6CaVcC6MaAaZbQGR7y6MuwnEbQGMVMr5cQGR7y6NoN9ICzD4py6waQGQXMbFbJoEhwTogBCIo¶m2=NGBbLWJ4NGB6Md%3D%3D&p={searchTerms}
SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtBzz0DtD0FtDyCtDzytN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0A0AyD0DtAtCzztGtD0CyEyEtGtAyDyByCtGyE0E0AyBtGtBtDtB0EtB0FyDtA0D0C0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0CtD0BtAyB0BtGtDzy0CtBtGyEzyyE0DtGzy0EtDzytGtC0B0FyDtDzytAtByEtAyEyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBtCyD%26cr%3D66515011%26a%3Dwbf_fs_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3433950939-1694002894-1677387350-1001 -> DefaultScope {0633EE93-D776-472F-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433950939-1694002894-1677387350-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433950939-1694002894-1677387350-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKU\S-1-5-21-3433950939-1694002894-1677387350-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10300_FYD_170122__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3433950939-1694002894-1677387350-1001 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3433950939-1694002894-1677387350-1001: @nsroblox.roblox.com/launcher -> C:\Users\wandeco67\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3433950939-1694002894-1677387350-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\wandeco67\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://www.publipt.com/scripts/runner.php?SP=1f102987wandeco30"
CHR NewTab: Default -> Not-active:"chrome-extension://ppohlmkhhbbjgbmmcnmpnnhaogacmgop/root.html"
CHR DefaultSearchURL: Default -> hxxp://search.sodapdf.com/results.php?pr=vmn&id=webcompapdf&v=1_0&ent=ch_WCYID10178_chromeextension_unknown__yach&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default [2017-07-31]
CHR Extension: (Google Apresentações) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-26]
CHR Extension: (Google Docs) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-26]
CHR Extension: (Web Achivki) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecnlaajkholbodfocclpfoknljagal [2017-04-27]
CHR Extension: (Favicons of sender) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdcficbigghhppckommflkpchnpdlhf [2017-04-07]
CHR Extension: (Bing) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-07-31]
CHR Extension: (Planilhas do Google) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-26]
CHR Extension: (Documentos Google off-line) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-25]
CHR Extension: (Chrome Media Router) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]
CHR Extension: (Moviecorner v1.8) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppohlmkhhbbjgbmmcnmpnnhaogacmgop [2017-07-20]
CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [edlomhpkphiongfmegcmaamkbadecnkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] -
CHR HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] -
CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edlomhpkphiongfmegcmaamkbadecnkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] -
Opera:
=======
OPR Extension: (360 Internet Protection) - C:\Users\wandeco67\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-04-17]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
S3 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2017-05-12] (GAS Tecnologia)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-08-25] () [Arquivo não assinado]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-08-10] (GAS Tecnologia)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslac2b4b0e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{874D6966-0486-4027-8046-D798B906CCD9}\MpKslac2b4b0e.sys [44928 2017-07-31] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-08-10] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-07-31] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2017-04-19] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2017-04-19] (GAS Tecnologia)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-07-31 12:00 - 2017-07-31 12:01 - 000022081 _____ C:\Users\wandeco67\Downloads\FRST.txt
2017-07-31 12:00 - 2017-07-31 12:00 - 002381312 _____ (Farbar) C:\Users\wandeco67\Downloads\FRST64.exe
2017-07-31 11:40 - 2017-07-31 12:00 - 000000000 ____D C:\FRST
2017-07-31 11:29 - 2017-07-31 11:29 - 000000000 ____D C:\Users\wandeco67\Downloads\F9E964E9-4EC4-44FF-BF27-AE688647FD10
2017-07-29 22:07 - 2017-07-29 22:07 - 000522536 _____ C:\Windows\Minidump\072917-17128-01.dmp
2017-07-28 17:08 - 2017-07-28 17:08 - 001034556 _____ C:\Users\wandeco67\Downloads\Windows6.1-KB2999226-x64.msu
2017-07-28 17:06 - 2017-07-28 17:06 - 000002039 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
2017-07-28 16:49 - 2017-07-28 16:49 - 000002206 _____ C:\Users\Public\Desktop\Autodesk Content Migration Utility for AutoCAD Electrical.lnk
2017-07-28 16:48 - 2017-07-28 16:48 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-07-28 16:48 - 2017-07-28 16:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-07-28 16:48 - 2017-07-28 16:48 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-07-28 16:46 - 2017-07-28 16:46 - 000000915 _____ C:\Users\Public\Desktop\LMTOOLS Utility.lnk
2017-07-28 16:26 - 2017-07-28 17:06 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-07-28 16:25 - 2017-07-28 16:25 - 000001531 _____ C:\Users\Public\Desktop\Aplicativo da área de trabalho Autodesk.lnk
2017-07-28 16:24 - 2017-04-06 11:54 - 000002330 _____ C:\Users\wandeco67\Desktop\exemplo CLP
2017-07-28 16:24 - 2017-03-30 18:10 - 019849279 _____ () C:\Users\wandeco67\Desktop\CADe_SIMU.exe
2017-07-28 16:24 - 2011-02-28 02:15 - 000126976 _____ C:\Users\wandeco67\Desktop\libnodave.dll
2017-07-28 16:24 - 1998-06-18 00:00 - 000929844 ____R (Microsoft Corporation) C:\Users\wandeco67\Desktop\MFC42D.DLL
2017-07-28 16:24 - 1998-06-18 00:00 - 000798773 ____R (Microsoft Corporation) C:\Users\wandeco67\Desktop\MFCO42D.DLL
2017-07-28 16:24 - 1998-06-17 00:00 - 000385100 ____R (Microsoft Corporation) C:\Users\wandeco67\Desktop\MSVCRTD.DLL
2017-07-28 16:22 - 2017-07-28 16:22 - 000002003 _____ C:\Users\Public\Desktop\A360 Desktop.lnk
2017-07-28 13:53 - 2017-07-28 16:25 - 000000000 ____D C:\Program Files (x86)\Autodesk
2017-07-28 13:52 - 2017-07-28 13:52 - 000002174 _____ C:\Users\Public\Desktop\AutoCAD Electrical 2018 - English.lnk
2017-07-28 13:51 - 2017-07-28 16:51 - 000000000 ____D C:\Users\wandeco67\AppData\Local\Autodesk
2017-07-28 13:51 - 2017-07-28 13:51 - 000000000 ____D C:\Users\wandeco67\Documents\Acade 2018
2017-07-28 13:40 - 2017-07-28 17:02 - 000000000 ____D C:\Users\Public\Documents\Autodesk
2017-07-28 13:28 - 2017-07-28 16:26 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Autodesk
2017-07-28 13:28 - 2017-07-28 13:28 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-07-28 13:20 - 2017-07-28 17:05 - 000000000 ____D C:\Program Files\Autodesk
2017-07-28 13:20 - 2017-07-28 13:49 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-07-28 13:09 - 2017-07-28 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-07-28 13:05 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-07-28 13:05 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-07-28 13:05 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-07-28 13:05 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-07-28 13:05 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-07-28 13:05 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-07-28 13:04 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-07-28 13:04 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-07-28 13:04 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-07-28 13:04 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-07-28 13:04 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-07-28 13:04 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-07-28 13:04 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-07-28 13:04 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-07-28 13:04 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-07-28 13:04 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-07-28 13:04 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-07-28 13:04 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-07-28 13:01 - 2017-07-28 13:03 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-07-28 13:01 - 2017-07-28 13:03 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-28 12:39 - 2017-07-28 17:05 - 000000000 ____D C:\Users\Todos os Usuários\Autodesk
2017-07-28 12:39 - 2017-07-28 17:05 - 000000000 ____D C:\ProgramData\Autodesk
2017-07-28 12:34 - 2017-07-28 12:35 - 000000000 ____D C:\Users\wandeco67\AppData\Local\Akamai
2017-07-28 12:33 - 2017-07-28 16:46 - 000000000 ____D C:\Autodesk
2017-07-28 12:32 - 2017-07-28 12:33 - 014942536 _____ C:\Users\wandeco67\Downloads\AutoCAD_Electrical_2018_English_Win_32_64bit_wi_en-us_Setup.exe
2017-07-28 12:22 - 2017-07-28 12:22 - 000000000 ____D C:\Users\wandeco67\Desktop\Nova pasta (2)
2017-07-28 11:58 - 2017-07-28 11:58 - 006469305 _____ C:\Users\wandeco67\Downloads\NBR-5410-Sala-da-Elétrica.zip
2017-07-28 11:08 - 2017-07-28 11:08 - 000081625 _____ C:\Users\wandeco67\Desktop\ORÇAMENTO.pdf
2017-07-24 08:22 - 2017-07-24 08:23 - 083187472 _____ (WhatsApp) C:\Users\wandeco67\Downloads\WhatsAppSetup.exe
2017-07-22 15:14 - 2017-07-22 15:14 - 000009760 _____ C:\Users\wandeco67\Documents\Orça Juliana.xlsx
2017-07-22 15:01 - 2017-07-22 15:01 - 000174223 _____ C:\Users\wandeco67\Desktop\Orçamento Juliana .pdf
2017-07-22 14:09 - 2017-07-22 14:09 - 000000000 ____D C:\Users\wandeco67\AppData\LocalLow\Oracle
2017-07-06 21:51 - 2017-07-06 21:51 - 000891448 _____ (ROBLOX Corporation) C:\Users\wandeco67\Downloads\Não confirmado 965704.crdownload
2017-06-30 12:19 - 2017-06-30 12:19 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Google
2017-06-24 16:58 - 2017-06-24 16:59 - 094405461 _____ C:\Users\wandeco67\Downloads\super-smash-flash-2-en-win.zip
2017-06-23 08:12 - 2017-06-23 08:12 - 000436684 _____ C:\Users\wandeco67\Desktop\Scan.pdf
2017-06-22 13:03 - 2017-06-22 13:03 - 000006832 ____N C:\bootsqm.dat
2017-06-22 13:03 - 2017-06-22 13:03 - 000000000 __SHD C:\found.000
2017-06-19 11:14 - 2017-06-19 11:14 - 000712946 _____ C:\Users\wandeco67\Downloads\Material de Apoio V2_Versao2.pdf
2017-06-14 15:02 - 2017-06-14 15:02 - 000002236 _____ C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Angry Birds Friends.lnk
2017-06-14 09:43 - 2017-06-14 09:44 - 000828919 _____ C:\Users\wandeco67\Downloads\Material de Apoio V1.pdf
2017-06-02 14:40 - 2017-07-29 22:07 - 177635772 _____ C:\Windows\MEMORY.DMP
2017-06-02 14:40 - 2017-06-02 14:40 - 000507632 _____ C:\Windows\Minidump\060217-16270-01.dmp
2017-06-02 13:36 - 2017-06-02 13:36 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\MMFApplications
2017-06-02 13:34 - 2017-06-02 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer
2017-06-02 13:34 - 2017-06-02 13:34 - 000000000 ____D C:\Program Files (x86)\Tribo Gamer
2017-06-02 13:26 - 2017-06-02 13:26 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Steam
2017-06-02 13:24 - 2017-06-02 13:24 - 000000000 ____D C:\Users\wandeco67\Downloads\The Escapist
2017-06-02 13:21 - 2017-06-02 13:22 - 000834224 _____ (Tribo Gamer Brasil®) C:\Users\wandeco67\Downloads\the_escapists_br- [1].exe
2017-06-02 09:52 - 2017-06-02 09:52 - 008724722 _____ C:\Users\wandeco67\Downloads\desenhotecnicoeletronicofabiocurty-131124082604-phpapp01.pdf
2017-06-02 09:50 - 2017-06-02 09:51 - 021563159 _____ C:\Users\wandeco67\Downloads\cursoprticodeeletrnica-34projetos-cekit-150728105805-lva1-app6891.pdf
2017-06-02 09:11 - 2017-07-31 10:34 - 000028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-06-02 09:11 - 2017-04-19 17:52 - 000025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddprm.sys
2017-06-02 09:11 - 2017-04-19 17:52 - 000025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2017-05-31 20:59 - 2017-05-31 21:00 - 003812432 _____ C:\Users\wandeco67\Downloads\Ebook Guia LIDE 1.0.pdf
2017-05-31 18:25 - 2017-05-31 18:26 - 000000000 ____D C:\Users\wandeco67\AppData\Local\datasi
2017-05-31 18:25 - 2017-05-31 18:25 - 000697344 _____ C:\Users\wandeco67\AppData\Roaming\Bafukomi.exe
2017-05-30 19:50 - 2017-05-30 19:50 - 000000000 ____D C:\Windows\system32\appmgmt
2017-05-29 20:26 - 2017-05-29 20:26 - 000173154 _____ C:\Users\wandeco67\Downloads\Scan0001.pdf
2017-05-29 20:21 - 2017-05-29 20:21 - 000173154 _____ C:\Users\wandeco67\Desktop\Scan0001.pdf
2017-05-29 14:28 - 2017-05-29 14:28 - 000000000 ____D C:\Users\wandeco67\Desktop\Nova pasta
2017-05-29 09:55 - 2017-05-29 09:55 - 000258661 _____ C:\Users\wandeco67\Desktop\MH – MANUTENÇÃO ELÉTRICA.potx
2017-05-29 08:54 - 2017-05-29 08:54 - 000003918 _____ C:\Windows\System32\Tasks\BackupOmnium03
2017-05-29 08:54 - 2017-05-29 08:54 - 000003918 _____ C:\Windows\System32\Tasks\BackupOmnium02
2017-05-29 08:54 - 2017-05-29 08:54 - 000003918 _____ C:\Windows\System32\Tasks\BackupOmnium01
2017-05-29 08:53 - 2017-05-30 19:50 - 000000000 ____D C:\Users\Todos os Usuários\firebird
2017-05-29 08:53 - 2017-05-30 19:50 - 000000000 ____D C:\ProgramData\firebird
2017-05-29 08:48 - 2015-11-12 08:42 - 000548864 _____ (Firebird Project) C:\Windows\SysWOW64\GDS32.DLL
2017-05-29 08:46 - 2017-05-29 08:46 - 000000000 ____D C:\Program Files (x86)\Firebird
2017-05-23 19:34 - 2017-05-23 19:34 - 000001666 _____ C:\Users\wandeco67\Downloads\espirito-santo-repousa.txt
2017-05-19 11:46 - 2017-05-19 11:46 - 000115005 _____ C:\Users\wandeco67\Downloads\ESCALA DE ADORAÇÃO.pdf
2017-05-10 15:16 - 2017-05-10 15:16 - 000915966 _____ C:\Users\wandeco67\Downloads\MANUAL DE INSCRICaO DO MEI - V3.pdf
2017-05-10 15:02 - 2017-05-10 15:02 - 000002598 _____ C:\Users\wandeco67\Desktop\Emissor de Nota Fiscal Eletronica (NF-e) 3.10 - Versao de Teste.lnk
2017-05-10 15:02 - 2017-05-10 15:02 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas Secretaria da Fazenda
2017-05-10 15:02 - 2017-05-10 15:02 - 000000000 ____D C:\log
2017-05-10 15:02 - 2017-05-10 15:02 - 000000000 ____D C:\database
2017-05-10 14:47 - 2017-05-10 14:47 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Sun
2017-05-10 14:47 - 2017-05-10 14:47 - 000000000 ____D C:\Users\wandeco67\AppData\LocalLow\Sun
2017-05-10 14:46 - 2017-07-27 10:57 - 000000000 ____D C:\Users\Todos os Usuários\Oracle
2017-05-10 14:46 - 2017-07-27 10:57 - 000000000 ____D C:\ProgramData\Oracle
2017-05-10 14:46 - 2017-07-27 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-10 14:46 - 2017-07-27 10:53 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-05-10 14:46 - 2017-07-27 10:52 - 000000000 ____D C:\Program Files\Java
2017-05-10 14:42 - 2017-05-10 14:42 - 065659968 _____ (Oracle Corporation) C:\Users\wandeco67\Downloads\jre-8u131-windows-x64.exe
2017-05-10 14:39 - 2017-05-10 14:39 - 000005533 _____ C:\Users\wandeco67\Downloads\emissorNFe.jnlp
2017-05-10 12:19 - 2017-05-10 12:19 - 000013865 _____ C:\Users\wandeco67\Downloads\Extrato-2015.pdf
2017-05-10 11:59 - 2017-05-10 11:59 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\IsolatedStorage
2017-05-10 11:59 - 2017-05-10 11:59 - 000000000 ____D C:\Users\wandeco67\AppData\Local\FileViewPro
2017-05-10 11:59 - 2017-05-10 11:59 - 000000000 ____D C:\Users\Todos os Usuários\IsolatedStorage
2017-05-10 11:59 - 2017-05-10 11:59 - 000000000 ____D C:\ProgramData\IsolatedStorage
2017-05-10 11:57 - 2017-05-10 13:54 - 000000000 ____D C:\Users\wandeco67\AppData\Local\IIIQF
2017-05-10 11:56 - 2017-05-10 11:56 - 000000000 ____D C:\Spacekace
2017-05-10 11:24 - 2017-05-10 11:25 - 008905491 _____ C:\Users\wandeco67\Downloads\passo_a_passo_nfe.ppsx
2017-05-05 13:16 - 2017-05-05 13:16 - 005012885 _____ C:\Users\wandeco67\Downloads\CADe_SIMU_V3 Idioma_3.0 (1).zip
2017-05-05 13:16 - 2017-05-05 13:16 - 001015469 _____ C:\Users\wandeco67\Downloads\PC_SIMU_SALA-DA-ELÉTRICA.rar
2017-05-05 11:06 - 2017-05-05 11:06 - 000000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2017-05-05 11:06 - 2017-05-05 11:06 - 000000000 ___HD C:\Program Files (x86)\Diebold
2017-05-05 11:06 - 2017-05-05 11:06 - 000000000 ____D C:\Program Files\Diebold
2017-05-05 11:06 - 2016-06-16 18:43 - 000036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2017-05-05 11:06 - 2016-06-16 18:43 - 000008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2017-05-05 11:04 - 2017-05-14 15:34 - 000000000 ____D C:\Program Files (x86)\GbPlugin
2017-05-05 11:04 - 2017-05-05 11:04 - 003209776 _____ (CAIXA) C:\Users\wandeco67\Downloads\GBPCEF.exe
2017-05-05 11:04 - 2017-05-05 11:04 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-05-05 11:04 - 2017-05-05 11:04 - 000000000 ____D C:\ProgramData\GbPlugin
2017-05-05 09:11 - 2017-05-05 09:11 - 000000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistente de Atualização do Windows 10.lnk
2017-05-05 09:11 - 2017-05-05 09:11 - 000000682 _____ C:\Users\wandeco67\Desktop\Assistente de Atualização do Windows 10.lnk
2017-05-05 09:11 - 2017-05-05 09:11 - 000000000 ___HD C:\$GetCurrent
2017-05-05 09:11 - 2017-05-05 09:11 - 000000000 ____D C:\Windows10Upgrade
2017-05-05 09:02 - 2017-05-05 10:31 - 000000000 ____D C:\ESD
2017-05-05 09:00 - 2017-05-05 09:00 - 000000000 ___HD C:\$Windows.~WS
2017-05-05 08:55 - 2017-05-05 08:56 - 018357776 _____ (Microsoft Corporation) C:\Users\wandeco67\Downloads\MediaCreationTool.exe
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-07-31 11:24 - 2017-03-06 12:24 - 000000288 _____ C:\Windows\Tasks\{137E897F-D0B4-0C52-C154-0212F495424F}.job
2017-07-31 10:41 - 2009-07-14 01:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-31 10:41 - 2009-07-14 01:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-31 10:39 - 2017-04-09 19:30 - 000000000 ____D C:\Users\wandeco67\AppData\Local\{2660103C-02C8-7C84-6F50-596C4B38A5F4}
2017-07-31 10:33 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-29 22:07 - 2016-10-02 10:54 - 000000000 ____D C:\Windows\Minidump
2017-07-29 01:00 - 2016-08-25 14:33 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-07-29 00:59 - 2009-07-13 23:34 - 000000478 _____ C:\Windows\win.ini
2017-07-29 00:25 - 2017-04-19 12:25 - 000000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-07-29 00:25 - 2017-04-19 12:25 - 000000372 __RSH C:\ProgramData\ntuser.pol
2017-07-29 00:24 - 2017-03-08 08:24 - 000000342 _____ C:\Users\wandeco67\AppData\Roaming\WB.CFG
2017-07-28 16:42 - 2017-04-17 08:18 - 000144424 _____ C:\Users\wandeco67\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-28 16:40 - 2017-04-17 09:04 - 000487824 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-28 11:31 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
2017-07-28 11:25 - 2016-08-29 13:28 - 000000000 ____D C:\Users\wandeco67\AppData\Local\ElevatedDiagnostics
2017-07-28 11:04 - 2017-04-12 09:52 - 000000000 ____D C:\Users\wandeco67\Desktop\MH trampos
2017-07-24 07:29 - 2009-07-14 02:08 - 000032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-22 15:19 - 2017-02-23 10:20 - 000001174 _____ C:\Users\wandeco67\Desktop\Facebook Gameroom.lnk
2017-07-22 15:19 - 2017-02-23 10:20 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-07-22 15:19 - 2017-02-23 10:19 - 000000000 ____D C:\Users\wandeco67\AppData\Local\Facebook
2017-07-22 15:13 - 2016-08-25 14:34 - 000000000 ____D C:\Users\wandeco67\AppData\Local\Microsoft Help
2017-07-14 17:31 - 2017-03-23 14:55 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 12:30 - 2016-08-25 15:27 - 000000000 ____D C:\Windows\system32\MRT
2017-07-12 12:25 - 2016-08-25 15:26 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 12:14 - 2017-04-12 09:48 - 000000000 ____D C:\Users\wandeco67\Desktop\Elétrica
2017-07-08 16:13 - 2016-08-31 12:22 - 000000000 ____D C:\Users\wandeco67\Desktop\Receitas
==================== Arquivos na raiz de alguns diretórios =======
2017-05-31 18:25 - 2017-05-31 18:25 - 000697344 _____ () C:\Users\wandeco67\AppData\Roaming\Bafukomi.exe
2017-03-30 20:31 - 2017-03-30 20:31 - 000865792 _____ () C:\Users\wandeco67\AppData\Roaming\Fatininu.exe
2017-04-09 19:29 - 2017-04-09 19:29 - 000670720 _____ () C:\Users\wandeco67\AppData\Roaming\Gelase.exe
2017-03-21 19:26 - 2017-03-21 19:26 - 000614912 _____ () C:\Users\wandeco67\AppData\Roaming\Sepudami.exe
2017-03-08 08:24 - 2017-07-29 00:24 - 000000342 _____ () C:\Users\wandeco67\AppData\Roaming\WB.CFG
2016-08-29 13:34 - 2016-08-29 13:34 - 000000057 _____ () C:\ProgramData\Ament.ini
Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\{137E897F-D0B4-0C52-C154-0212F495424F}.job
Alguns arquivos em TEMP:
====================
2017-07-28 16:38 - 2017-01-18 02:50 - 000066472 _____ (Autodesk, Inc.) C:\Users\wandeco67\AppData\Local\Temp\AcDeltree.exe
2017-07-22 14:08 - 2017-07-22 14:08 - 000739904 _____ (Oracle Corporation) C:\Users\wandeco67\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-07-27 10:52 - 2017-07-27 10:52 - 000740416 _____ (Oracle Corporation) C:\Users\wandeco67\AppData\Local\Temp\jre-8u144-windows-au.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
Executado por wandeco67 (administrador) em WANDECO67-PC (31-07-2017 12:00:57)
Executando a partir de C:\Users\wandeco67\Downloads
Perfis Carregados: wandeco67 (Perfis Disponíveis: wandeco67)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(eRmail Company, s. r. o.) C:\Users\wandeco67\AppData\Roaming\eRclient\eRclient.exe
(Akamai Technologies, Inc.) C:\Users\wandeco67\AppData\Local\Akamai\netsession_win.exe
(Facebook) C:\Users\wandeco67\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(Akamai Technologies, Inc.) C:\Users\wandeco67\AppData\Local\Akamai\netsession_win.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CTEC_Update] => C:\CTEC\Update Service\Updservice.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
HKLM-x32\...\RunOnce: [Robena] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\WANDEC~1\AppData\Local\Lurerahu\Piligamele.dat"
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\...\Run: [eRclient] => C:\Users\wandeco67\AppData\Roaming\eRclient\eRclient.exe [1269248 2014-08-13] (eRmail Company, s. r. o.)
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\...\Run: [Chromium] => c:\users\wandeco67\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session --restore-last-session --restore-last-session --restore-las (a entrada de dados tem 32 mais caracteres).
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\...\Run: [Akamai NetSession Interface] => C:\Users\wandeco67\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc.)
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2007576 2017-02-03] (Autodesk, Inc.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-08-10] (Caixa Economica Federal)
Startup: C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-07-22]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\wandeco67\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
Startup: C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2510 series.lnk [2017-07-31]
ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 201.75.168.34 201.75.168.88
Tcpip\..\Interfaces\{8383F9D6-78FC-42C7-9B94-39A4229B134E}: [DhcpNameServer] 201.75.168.34 201.75.168.88
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_30_wbf_medprog_17_11_ssg02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtBzz0DtD0FtDyCtDzytN0D0Tzu0StBtDtAyDtN1L2XzutAtFtAtBtFtCtFyDtAtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StA0CyD0D0EyCyByBtGyDtByB0BtGyEyEyEtDtGyB0AtCtCtGtA0Dzz0DtBtBzztAyC0B0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0CtD0BtAyB0BtGtDzy0CtBtGyEzyyE0DtGzy0EtDzytGtC0B0FyDtDzytAtByEtAyEyC2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtDtCtBzyzzyBtByB%26cr%3D815306565%26a%3Dhdr_s_17_30_wbf_medprog_17_11_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_30_wbf_medprog_17_11_ssg02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtBzz0DtD0FtDyCtDzytN0D0Tzu0StBtDtAyDtN1L2XzutAtFtAtBtFtCtFyDtAtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StA0CyD0D0EyCyByBtGyDtByB0BtGyEyEyEtDtGyB0AtCtCtGtA0Dzz0DtBtBzztAyC0B0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0CtD0BtAyB0BtGtDzy0CtBtGyEzyyE0DtGzy0EtDzytGtC0B0FyDtDzytAtByEtAyEyC2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtDtCtBzyzzyBtByB%26cr%3D815306565%26a%3Dhdr_s_17_30_wbf_medprog_17_11_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U207&ocid=U207DHP&osmkt=pt-br
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_30_wbf_medprog_17_11_ssg02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtBzz0DtD0FtDyCtDzytN0D0Tzu0StBtDtAyDtN1L2XzutAtFtAtBtFtCtFyDtAtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StA0CyD0D0EyCyByBtGyDtByB0BtGyEyEyEtDtGyB0AtCtCtGtA0Dzz0DtBtBzztAyC0B0CyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0CtD0BtAyB0BtGtDzy0CtBtGyEzyyE0DtGzy0EtDzytGtC0B0FyDtDzytAtByEtAyEyC2QtN0A0LzuyEtN0D0T0S1P1RzutCyDtDtCtBzyzzyBtByB%26cr%3D815306565%26a%3Dhdr_s_17_30_wbf_medprog_17_11_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472F-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472F-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_medprog_17_11_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtBzz0DtD0FtDyCtDzytN0D0Tzu0StCzzzytCtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzzyCzyzy0D0BzytGyC0CtD0CtGyCyCtDtAtGtAyEtB0AtGyBtD0C0ByEzyyDzytBtC0Fzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0CtD0BtAyB0BtGtDzy0CtBtGyEzyyE0DtGzy0EtDzytGtC0B0FyDtDzytAtByEtAyEyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBtAtDzy%26cr%3D2029848660%26a%3Dwbf_medprog_17_11_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=arh&hsimp=yhs-001&type=zxy_d874eeb0f46de08a38¶m1=ArFaIWJoNqArQGMVHFFoNqAqBbFaITQbQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8wVM9ISoXvmldISIXNVQ9Jmk3NVI9IWYTwVI4J6IVvmo9GqYVNUI3wGYGwVM3vCIWvFI9GqUNNos3wCIYwVA9Jmk3wVA4ICITvFI4ICILNFdcJ6k8NoFcFGUMwVU9JmITwVU9ImoUwV5cGWUSNFRcEqULNopcGWUIvmFbF6oUNVFdJGYYvFM4ICIYwVQ9I6IVNVM9IWYXwVw9IWYXNVI4ISISvFJdJCIVwVM9IaYYvFI9JmIWvFI4ICIYNVJdJ6IWNVU3vGQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGvFM9JGYWwVJdJmIYvFRdJmISwVI3vGYWwVQ9I6oUvmo4IGYVwVw3vGYUwVI3vCISwVNdJqYTvFI9ISk4wVU9JmoUwVU4ICoWNoU9GqYYNVc3wCoUQGR7B6RoN9JcNqFdMaxcMGpaQGR7BHFaISopzU0aCaV6CaVaC6wrAo0gADIdxn0mCaV6CaVcC6MaAaZbQGR7y6MuwnEbQGMVMr5cQGR7y6NoN9ICzD4py6waQGQXMbFbJoEhwTogBCIo¶m2=NGBbLWJ4NGB6Md%3D%3D&p={searchTerms}
SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtBzz0DtD0FtDyCtDzytN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0A0AyD0DtAtCzztGtD0CyEyEtGtAyDyByCtGyE0E0AyBtGtBtDtB0EtB0FyDtA0D0C0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0CtD0BtAyB0BtGtDzy0CtBtGyEzyyE0DtGzy0EtDzytGtC0B0FyDtDzytAtByEtAyEyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyBtCyD%26cr%3D66515011%26a%3Dwbf_fs_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3433950939-1694002894-1677387350-1001 -> DefaultScope {0633EE93-D776-472F-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433950939-1694002894-1677387350-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fc65dbbb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3433950939-1694002894-1677387350-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL =
SearchScopes: HKU\S-1-5-21-3433950939-1694002894-1677387350-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10300_FYD_170122__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3433950939-1694002894-1677387350-1001 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-08-10] (Caixa Economica Federal)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3433950939-1694002894-1677387350-1001: @nsroblox.roblox.com/launcher -> C:\Users\wandeco67\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3433950939-1694002894-1677387350-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\wandeco67\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://www.publipt.com/scripts/runner.php?SP=1f102987wandeco30"
CHR NewTab: Default -> Not-active:"chrome-extension://ppohlmkhhbbjgbmmcnmpnnhaogacmgop/root.html"
CHR DefaultSearchURL: Default -> hxxp://search.sodapdf.com/results.php?pr=vmn&id=webcompapdf&v=1_0&ent=ch_WCYID10178_chromeextension_unknown__yach&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default [2017-07-31]
CHR Extension: (Google Apresentações) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-26]
CHR Extension: (Google Docs) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-26]
CHR Extension: (Web Achivki) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecnlaajkholbodfocclpfoknljagal [2017-04-27]
CHR Extension: (Favicons of sender) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdcficbigghhppckommflkpchnpdlhf [2017-04-07]
CHR Extension: (Bing) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-07-31]
CHR Extension: (Planilhas do Google) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-26]
CHR Extension: (Documentos Google off-line) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-25]
CHR Extension: (Chrome Media Router) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17]
CHR Extension: (Moviecorner v1.8) - C:\Users\wandeco67\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppohlmkhhbbjgbmmcnmpnnhaogacmgop [2017-07-20]
CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [edlomhpkphiongfmegcmaamkbadecnkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] -
CHR HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3433950939-1694002894-1677387350-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] -
CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edlomhpkphiongfmegcmaamkbadecnkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] -
Opera:
=======
OPR Extension: (360 Internet Protection) - C:\Users\wandeco67\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-04-17]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
S3 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2017-05-12] (GAS Tecnologia)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2016-08-25] () [Arquivo não assinado]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-08-10] (GAS Tecnologia)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslac2b4b0e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{874D6966-0486-4027-8046-D798B906CCD9}\MpKslac2b4b0e.sys [44928 2017-07-31] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-08-10] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-07-31] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-06-16] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2017-04-19] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2017-04-19] (GAS Tecnologia)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-07-31 12:00 - 2017-07-31 12:01 - 000022081 _____ C:\Users\wandeco67\Downloads\FRST.txt
2017-07-31 12:00 - 2017-07-31 12:00 - 002381312 _____ (Farbar) C:\Users\wandeco67\Downloads\FRST64.exe
2017-07-31 11:40 - 2017-07-31 12:00 - 000000000 ____D C:\FRST
2017-07-31 11:29 - 2017-07-31 11:29 - 000000000 ____D C:\Users\wandeco67\Downloads\F9E964E9-4EC4-44FF-BF27-AE688647FD10
2017-07-29 22:07 - 2017-07-29 22:07 - 000522536 _____ C:\Windows\Minidump\072917-17128-01.dmp
2017-07-28 17:08 - 2017-07-28 17:08 - 001034556 _____ C:\Users\wandeco67\Downloads\Windows6.1-KB2999226-x64.msu
2017-07-28 17:06 - 2017-07-28 17:06 - 000002039 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk
2017-07-28 16:49 - 2017-07-28 16:49 - 000002206 _____ C:\Users\Public\Desktop\Autodesk Content Migration Utility for AutoCAD Electrical.lnk
2017-07-28 16:48 - 2017-07-28 16:48 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-07-28 16:48 - 2017-07-28 16:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-07-28 16:48 - 2017-07-28 16:48 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-07-28 16:46 - 2017-07-28 16:46 - 000000915 _____ C:\Users\Public\Desktop\LMTOOLS Utility.lnk
2017-07-28 16:26 - 2017-07-28 17:06 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-07-28 16:25 - 2017-07-28 16:25 - 000001531 _____ C:\Users\Public\Desktop\Aplicativo da área de trabalho Autodesk.lnk
2017-07-28 16:24 - 2017-04-06 11:54 - 000002330 _____ C:\Users\wandeco67\Desktop\exemplo CLP
2017-07-28 16:24 - 2017-03-30 18:10 - 019849279 _____ () C:\Users\wandeco67\Desktop\CADe_SIMU.exe
2017-07-28 16:24 - 2011-02-28 02:15 - 000126976 _____ C:\Users\wandeco67\Desktop\libnodave.dll
2017-07-28 16:24 - 1998-06-18 00:00 - 000929844 ____R (Microsoft Corporation) C:\Users\wandeco67\Desktop\MFC42D.DLL
2017-07-28 16:24 - 1998-06-18 00:00 - 000798773 ____R (Microsoft Corporation) C:\Users\wandeco67\Desktop\MFCO42D.DLL
2017-07-28 16:24 - 1998-06-17 00:00 - 000385100 ____R (Microsoft Corporation) C:\Users\wandeco67\Desktop\MSVCRTD.DLL
2017-07-28 16:22 - 2017-07-28 16:22 - 000002003 _____ C:\Users\Public\Desktop\A360 Desktop.lnk
2017-07-28 13:53 - 2017-07-28 16:25 - 000000000 ____D C:\Program Files (x86)\Autodesk
2017-07-28 13:52 - 2017-07-28 13:52 - 000002174 _____ C:\Users\Public\Desktop\AutoCAD Electrical 2018 - English.lnk
2017-07-28 13:51 - 2017-07-28 16:51 - 000000000 ____D C:\Users\wandeco67\AppData\Local\Autodesk
2017-07-28 13:51 - 2017-07-28 13:51 - 000000000 ____D C:\Users\wandeco67\Documents\Acade 2018
2017-07-28 13:40 - 2017-07-28 17:02 - 000000000 ____D C:\Users\Public\Documents\Autodesk
2017-07-28 13:28 - 2017-07-28 16:26 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Autodesk
2017-07-28 13:28 - 2017-07-28 13:28 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-07-28 13:20 - 2017-07-28 17:05 - 000000000 ____D C:\Program Files\Autodesk
2017-07-28 13:20 - 2017-07-28 13:49 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-07-28 13:09 - 2017-07-28 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-07-28 13:05 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-07-28 13:05 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-07-28 13:05 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-07-28 13:05 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-07-28 13:05 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-07-28 13:05 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-07-28 13:05 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-07-28 13:04 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-07-28 13:04 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-07-28 13:04 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-07-28 13:04 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-07-28 13:04 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-07-28 13:04 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-07-28 13:04 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-07-28 13:04 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-07-28 13:04 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-07-28 13:04 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-07-28 13:04 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-07-28 13:04 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-07-28 13:01 - 2017-07-28 13:03 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-07-28 13:01 - 2017-07-28 13:03 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-28 12:39 - 2017-07-28 17:05 - 000000000 ____D C:\Users\Todos os Usuários\Autodesk
2017-07-28 12:39 - 2017-07-28 17:05 - 000000000 ____D C:\ProgramData\Autodesk
2017-07-28 12:34 - 2017-07-28 12:35 - 000000000 ____D C:\Users\wandeco67\AppData\Local\Akamai
2017-07-28 12:33 - 2017-07-28 16:46 - 000000000 ____D C:\Autodesk
2017-07-28 12:32 - 2017-07-28 12:33 - 014942536 _____ C:\Users\wandeco67\Downloads\AutoCAD_Electrical_2018_English_Win_32_64bit_wi_en-us_Setup.exe
2017-07-28 12:22 - 2017-07-28 12:22 - 000000000 ____D C:\Users\wandeco67\Desktop\Nova pasta (2)
2017-07-28 11:58 - 2017-07-28 11:58 - 006469305 _____ C:\Users\wandeco67\Downloads\NBR-5410-Sala-da-Elétrica.zip
2017-07-28 11:08 - 2017-07-28 11:08 - 000081625 _____ C:\Users\wandeco67\Desktop\ORÇAMENTO.pdf
2017-07-24 08:22 - 2017-07-24 08:23 - 083187472 _____ (WhatsApp) C:\Users\wandeco67\Downloads\WhatsAppSetup.exe
2017-07-22 15:14 - 2017-07-22 15:14 - 000009760 _____ C:\Users\wandeco67\Documents\Orça Juliana.xlsx
2017-07-22 15:01 - 2017-07-22 15:01 - 000174223 _____ C:\Users\wandeco67\Desktop\Orçamento Juliana .pdf
2017-07-22 14:09 - 2017-07-22 14:09 - 000000000 ____D C:\Users\wandeco67\AppData\LocalLow\Oracle
2017-07-06 21:51 - 2017-07-06 21:51 - 000891448 _____ (ROBLOX Corporation) C:\Users\wandeco67\Downloads\Não confirmado 965704.crdownload
2017-06-30 12:19 - 2017-06-30 12:19 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Google
2017-06-24 16:58 - 2017-06-24 16:59 - 094405461 _____ C:\Users\wandeco67\Downloads\super-smash-flash-2-en-win.zip
2017-06-23 08:12 - 2017-06-23 08:12 - 000436684 _____ C:\Users\wandeco67\Desktop\Scan.pdf
2017-06-22 13:03 - 2017-06-22 13:03 - 000006832 ____N C:\bootsqm.dat
2017-06-22 13:03 - 2017-06-22 13:03 - 000000000 __SHD C:\found.000
2017-06-19 11:14 - 2017-06-19 11:14 - 000712946 _____ C:\Users\wandeco67\Downloads\Material de Apoio V2_Versao2.pdf
2017-06-14 15:02 - 2017-06-14 15:02 - 000002236 _____ C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Angry Birds Friends.lnk
2017-06-14 09:43 - 2017-06-14 09:44 - 000828919 _____ C:\Users\wandeco67\Downloads\Material de Apoio V1.pdf
2017-06-02 14:40 - 2017-07-29 22:07 - 177635772 _____ C:\Windows\MEMORY.DMP
2017-06-02 14:40 - 2017-06-02 14:40 - 000507632 _____ C:\Windows\Minidump\060217-16270-01.dmp
2017-06-02 13:36 - 2017-06-02 13:36 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\MMFApplications
2017-06-02 13:34 - 2017-06-02 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer
2017-06-02 13:34 - 2017-06-02 13:34 - 000000000 ____D C:\Program Files (x86)\Tribo Gamer
2017-06-02 13:26 - 2017-06-02 13:26 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Steam
2017-06-02 13:24 - 2017-06-02 13:24 - 000000000 ____D C:\Users\wandeco67\Downloads\The Escapist
2017-06-02 13:21 - 2017-06-02 13:22 - 000834224 _____ (Tribo Gamer Brasil®) C:\Users\wandeco67\Downloads\the_escapists_br- [1].exe
2017-06-02 09:52 - 2017-06-02 09:52 - 008724722 _____ C:\Users\wandeco67\Downloads\desenhotecnicoeletronicofabiocurty-131124082604-phpapp01.pdf
2017-06-02 09:50 - 2017-06-02 09:51 - 021563159 _____ C:\Users\wandeco67\Downloads\cursoprticodeeletrnica-34projetos-cekit-150728105805-lva1-app6891.pdf
2017-06-02 09:11 - 2017-07-31 10:34 - 000028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-06-02 09:11 - 2017-04-19 17:52 - 000025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddprm.sys
2017-06-02 09:11 - 2017-04-19 17:52 - 000025184 ____N (GAS Tecnologia) C:\Windows\system32\Drivers\wsddpp.sys
2017-05-31 20:59 - 2017-05-31 21:00 - 003812432 _____ C:\Users\wandeco67\Downloads\Ebook Guia LIDE 1.0.pdf
2017-05-31 18:25 - 2017-05-31 18:26 - 000000000 ____D C:\Users\wandeco67\AppData\Local\datasi
2017-05-31 18:25 - 2017-05-31 18:25 - 000697344 _____ C:\Users\wandeco67\AppData\Roaming\Bafukomi.exe
2017-05-30 19:50 - 2017-05-30 19:50 - 000000000 ____D C:\Windows\system32\appmgmt
2017-05-29 20:26 - 2017-05-29 20:26 - 000173154 _____ C:\Users\wandeco67\Downloads\Scan0001.pdf
2017-05-29 20:21 - 2017-05-29 20:21 - 000173154 _____ C:\Users\wandeco67\Desktop\Scan0001.pdf
2017-05-29 14:28 - 2017-05-29 14:28 - 000000000 ____D C:\Users\wandeco67\Desktop\Nova pasta
2017-05-29 09:55 - 2017-05-29 09:55 - 000258661 _____ C:\Users\wandeco67\Desktop\MH – MANUTENÇÃO ELÉTRICA.potx
2017-05-29 08:54 - 2017-05-29 08:54 - 000003918 _____ C:\Windows\System32\Tasks\BackupOmnium03
2017-05-29 08:54 - 2017-05-29 08:54 - 000003918 _____ C:\Windows\System32\Tasks\BackupOmnium02
2017-05-29 08:54 - 2017-05-29 08:54 - 000003918 _____ C:\Windows\System32\Tasks\BackupOmnium01
2017-05-29 08:53 - 2017-05-30 19:50 - 000000000 ____D C:\Users\Todos os Usuários\firebird
2017-05-29 08:53 - 2017-05-30 19:50 - 000000000 ____D C:\ProgramData\firebird
2017-05-29 08:48 - 2015-11-12 08:42 - 000548864 _____ (Firebird Project) C:\Windows\SysWOW64\GDS32.DLL
2017-05-29 08:46 - 2017-05-29 08:46 - 000000000 ____D C:\Program Files (x86)\Firebird
2017-05-23 19:34 - 2017-05-23 19:34 - 000001666 _____ C:\Users\wandeco67\Downloads\espirito-santo-repousa.txt
2017-05-19 11:46 - 2017-05-19 11:46 - 000115005 _____ C:\Users\wandeco67\Downloads\ESCALA DE ADORAÇÃO.pdf
2017-05-10 15:16 - 2017-05-10 15:16 - 000915966 _____ C:\Users\wandeco67\Downloads\MANUAL DE INSCRICaO DO MEI - V3.pdf
2017-05-10 15:02 - 2017-05-10 15:02 - 000002598 _____ C:\Users\wandeco67\Desktop\Emissor de Nota Fiscal Eletronica (NF-e) 3.10 - Versao de Teste.lnk
2017-05-10 15:02 - 2017-05-10 15:02 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas Secretaria da Fazenda
2017-05-10 15:02 - 2017-05-10 15:02 - 000000000 ____D C:\log
2017-05-10 15:02 - 2017-05-10 15:02 - 000000000 ____D C:\database
2017-05-10 14:47 - 2017-05-10 14:47 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Sun
2017-05-10 14:47 - 2017-05-10 14:47 - 000000000 ____D C:\Users\wandeco67\AppData\LocalLow\Sun
2017-05-10 14:46 - 2017-07-27 10:57 - 000000000 ____D C:\Users\Todos os Usuários\Oracle
2017-05-10 14:46 - 2017-07-27 10:57 - 000000000 ____D C:\ProgramData\Oracle
2017-05-10 14:46 - 2017-07-27 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-10 14:46 - 2017-07-27 10:53 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-05-10 14:46 - 2017-07-27 10:52 - 000000000 ____D C:\Program Files\Java
2017-05-10 14:42 - 2017-05-10 14:42 - 065659968 _____ (Oracle Corporation) C:\Users\wandeco67\Downloads\jre-8u131-windows-x64.exe
2017-05-10 14:39 - 2017-05-10 14:39 - 000005533 _____ C:\Users\wandeco67\Downloads\emissorNFe.jnlp
2017-05-10 12:19 - 2017-05-10 12:19 - 000013865 _____ C:\Users\wandeco67\Downloads\Extrato-2015.pdf
2017-05-10 11:59 - 2017-05-10 11:59 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\IsolatedStorage
2017-05-10 11:59 - 2017-05-10 11:59 - 000000000 ____D C:\Users\wandeco67\AppData\Local\FileViewPro
2017-05-10 11:59 - 2017-05-10 11:59 - 000000000 ____D C:\Users\Todos os Usuários\IsolatedStorage
2017-05-10 11:59 - 2017-05-10 11:59 - 000000000 ____D C:\ProgramData\IsolatedStorage
2017-05-10 11:57 - 2017-05-10 13:54 - 000000000 ____D C:\Users\wandeco67\AppData\Local\IIIQF
2017-05-10 11:56 - 2017-05-10 11:56 - 000000000 ____D C:\Spacekace
2017-05-10 11:24 - 2017-05-10 11:25 - 008905491 _____ C:\Users\wandeco67\Downloads\passo_a_passo_nfe.ppsx
2017-05-05 13:16 - 2017-05-05 13:16 - 005012885 _____ C:\Users\wandeco67\Downloads\CADe_SIMU_V3 Idioma_3.0 (1).zip
2017-05-05 13:16 - 2017-05-05 13:16 - 001015469 _____ C:\Users\wandeco67\Downloads\PC_SIMU_SALA-DA-ELÉTRICA.rar
2017-05-05 11:06 - 2017-05-05 11:06 - 000000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2017-05-05 11:06 - 2017-05-05 11:06 - 000000000 ___HD C:\Program Files (x86)\Diebold
2017-05-05 11:06 - 2017-05-05 11:06 - 000000000 ____D C:\Program Files\Diebold
2017-05-05 11:06 - 2016-06-16 18:43 - 000036984 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddntf.sys
2017-05-05 11:06 - 2016-06-16 18:43 - 000008811 _____ C:\Windows\system32\Drivers\wsddntf.cat
2017-05-05 11:04 - 2017-05-14 15:34 - 000000000 ____D C:\Program Files (x86)\GbPlugin
2017-05-05 11:04 - 2017-05-05 11:04 - 003209776 _____ (CAIXA) C:\Users\wandeco67\Downloads\GBPCEF.exe
2017-05-05 11:04 - 2017-05-05 11:04 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-05-05 11:04 - 2017-05-05 11:04 - 000000000 ____D C:\ProgramData\GbPlugin
2017-05-05 09:11 - 2017-05-05 09:11 - 000000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistente de Atualização do Windows 10.lnk
2017-05-05 09:11 - 2017-05-05 09:11 - 000000682 _____ C:\Users\wandeco67\Desktop\Assistente de Atualização do Windows 10.lnk
2017-05-05 09:11 - 2017-05-05 09:11 - 000000000 ___HD C:\$GetCurrent
2017-05-05 09:11 - 2017-05-05 09:11 - 000000000 ____D C:\Windows10Upgrade
2017-05-05 09:02 - 2017-05-05 10:31 - 000000000 ____D C:\ESD
2017-05-05 09:00 - 2017-05-05 09:00 - 000000000 ___HD C:\$Windows.~WS
2017-05-05 08:55 - 2017-05-05 08:56 - 018357776 _____ (Microsoft Corporation) C:\Users\wandeco67\Downloads\MediaCreationTool.exe
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-07-31 11:24 - 2017-03-06 12:24 - 000000288 _____ C:\Windows\Tasks\{137E897F-D0B4-0C52-C154-0212F495424F}.job
2017-07-31 10:41 - 2009-07-14 01:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-31 10:41 - 2009-07-14 01:45 - 000016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-31 10:39 - 2017-04-09 19:30 - 000000000 ____D C:\Users\wandeco67\AppData\Local\{2660103C-02C8-7C84-6F50-596C4B38A5F4}
2017-07-31 10:33 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-29 22:07 - 2016-10-02 10:54 - 000000000 ____D C:\Windows\Minidump
2017-07-29 01:00 - 2016-08-25 14:33 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-07-29 00:59 - 2009-07-13 23:34 - 000000478 _____ C:\Windows\win.ini
2017-07-29 00:25 - 2017-04-19 12:25 - 000000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-07-29 00:25 - 2017-04-19 12:25 - 000000372 __RSH C:\ProgramData\ntuser.pol
2017-07-29 00:24 - 2017-03-08 08:24 - 000000342 _____ C:\Users\wandeco67\AppData\Roaming\WB.CFG
2017-07-28 16:42 - 2017-04-17 08:18 - 000144424 _____ C:\Users\wandeco67\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-28 16:40 - 2017-04-17 09:04 - 000487824 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-28 11:31 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
2017-07-28 11:25 - 2016-08-29 13:28 - 000000000 ____D C:\Users\wandeco67\AppData\Local\ElevatedDiagnostics
2017-07-28 11:04 - 2017-04-12 09:52 - 000000000 ____D C:\Users\wandeco67\Desktop\MH trampos
2017-07-24 07:29 - 2009-07-14 02:08 - 000032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-22 15:19 - 2017-02-23 10:20 - 000001174 _____ C:\Users\wandeco67\Desktop\Facebook Gameroom.lnk
2017-07-22 15:19 - 2017-02-23 10:20 - 000000000 ____D C:\Users\wandeco67\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-07-22 15:19 - 2017-02-23 10:19 - 000000000 ____D C:\Users\wandeco67\AppData\Local\Facebook
2017-07-22 15:13 - 2016-08-25 14:34 - 000000000 ____D C:\Users\wandeco67\AppData\Local\Microsoft Help
2017-07-14 17:31 - 2017-03-23 14:55 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 12:30 - 2016-08-25 15:27 - 000000000 ____D C:\Windows\system32\MRT
2017-07-12 12:25 - 2016-08-25 15:26 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-12 12:14 - 2017-04-12 09:48 - 000000000 ____D C:\Users\wandeco67\Desktop\Elétrica
2017-07-08 16:13 - 2016-08-31 12:22 - 000000000 ____D C:\Users\wandeco67\Desktop\Receitas
==================== Arquivos na raiz de alguns diretórios =======
2017-05-31 18:25 - 2017-05-31 18:25 - 000697344 _____ () C:\Users\wandeco67\AppData\Roaming\Bafukomi.exe
2017-03-30 20:31 - 2017-03-30 20:31 - 000865792 _____ () C:\Users\wandeco67\AppData\Roaming\Fatininu.exe
2017-04-09 19:29 - 2017-04-09 19:29 - 000670720 _____ () C:\Users\wandeco67\AppData\Roaming\Gelase.exe
2017-03-21 19:26 - 2017-03-21 19:26 - 000614912 _____ () C:\Users\wandeco67\AppData\Roaming\Sepudami.exe
2017-03-08 08:24 - 2017-07-29 00:24 - 000000342 _____ () C:\Users\wandeco67\AppData\Roaming\WB.CFG
2016-08-29 13:34 - 2016-08-29 13:34 - 000000057 _____ () C:\ProgramData\Ament.ini
Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\{137E897F-D0B4-0C52-C154-0212F495424F}.job
Alguns arquivos em TEMP:
====================
2017-07-28 16:38 - 2017-01-18 02:50 - 000066472 _____ (Autodesk, Inc.) C:\Users\wandeco67\AppData\Local\Temp\AcDeltree.exe
2017-07-22 14:08 - 2017-07-22 14:08 - 000739904 _____ (Oracle Corporation) C:\Users\wandeco67\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-07-27 10:52 - 2017-07-27 10:52 - 000740416 _____ (Oracle Corporation) C:\Users\wandeco67\AppData\Local\Temp\jre-8u144-windows-au.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente