Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 22-01-2017 Executado por Convidado (administrador) em LUDMILLA-PC (23-01-2017 12:11:56) Executando a partir de C:\Users\Convidado\Desktop Perfis Carregados: Convidado (Perfis Disponíveis: Ludmilla & Convidado) Platform: Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe (Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BHipsSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Baidu Inc.) C:\Program Files\baidu\Baidu Browser43.23.1000.467.1\sparkservice.exe () C:\Program Files\CalendarTool\2.0.0.11061\CalendarServ.exe (Yahoo Inc.) C:\Program Files\Yahoo!\yset\{A8BF9EA3-FB37-B04C-A23B-C2D34D2B9FB3}\YSearchUtilSVC.exe () C:\Program Files\CalendarTool\2.0.0.11061\calendar.exe (Safer Technologies LLC) C:\Program Files\Safer Technologies\Update\SaferUpdate.exe (Safer Technologies LLC) C:\Program Files\Safer Technologies\Update\1.3.193.9\SaferCrashHandler.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe (Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe (Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe (Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2006-11-01] (Avast Software s.r.o.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe [1997296 2006-11-01] (Baidu, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM\...\Run: [Baidu PC Faster 5.1.0.0] => C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe [2333152 2015-05-07] (Baidu, Inc.) HKLM\...\RunOnce: [Run_dregol] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Ludmilla\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat" HKLM\...\RunOnce: [SymInstallStub] => C:\Windows\System32\Adobe\Shockwave 12\SymInstallStub.exe [482104 2016-12-25] (Symantec Corporation) HKU\S-1-5-21-4217796398-667816934-1768120610-501\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-4217796398-667816934-1768120610-501\...\Run: [SecureBrowserAutoLaunch_CEEDB44BF361B7FAA6E33C5349BA3217] => C:\Program Files\Safer Technologies\Secure Browser\Application\secure.exe [879992 2017-01-01] (Safer Technologies LLC) HKU\S-1-5-21-4217796398-667816934-1768120610-501\...\MountPoints2: E - E:\Windows/AutoRun.exe HKU\S-1-5-18\...\RunOnce: [Run_dregol] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Ludmilla\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2006-11-01] (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavShx.dll [2006-11-01] (Baidu, Inc.) GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 187.64.0.122 187.64.0.34 Tcpip\..\Interfaces\{11EAECB9-497F-4840-86DF-1E403C8E3421}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{2554F3AD-8BE3-4DDC-95A2-AB41AC129935}: [DhcpNameServer] 187.64.0.122 187.64.0.34 Tcpip\..\Interfaces\{470B89AC-EE02-4663-AB51-D323652ED352}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{D6AE76F1-62F2-4949-8170-88B645CE729E}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4217796398-667816934-1768120610-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br HKU\S-1-5-21-4217796398-667816934-1768120610-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtA0B0D0Czzzz0DtGyBtAyDyBtG0AyDzz0BtGtC0ByB0EtG0BtAyDtBtD0CzzyEtD0Azy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutB%26cr%3D1711633002%26a%3Dwbf_bxinw_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtA0B0D0Czzzz0DtGyBtAyDyBtG0AyDzz0BtGtC0ByB0EtG0BtAyDtBtD0CzzyEtD0Azy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutB%26cr%3D1711633002%26a%3Dwbf_bxinw_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> DefaultScope {589CCA72-D902-4867-B4DF-AB37AAB7FF3B} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_51¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzztCzztN1L2XzutAtFtByDtFtCtFyBzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDtD0D0BtC0DyEyEtGtDzy0C0EtGtAtDzyyBtGtDyD0AyBtGyBtB0DtCtCyCtDyDyEyEtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByCyD%26cr%3D901935336%26a%3Dwbf_bxinw_16_51%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtA0B0D0Czzzz0DtGyBtAyDyBtG0AyDzz0BtGtC0ByB0EtG0BtAyDtBtD0CzzyEtD0Azy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutB%26cr%3D1711633002%26a%3Dwbf_bxinw_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {589CCA72-D902-4867-B4DF-AB37AAB7FF3B} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_51¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzztCzztN1L2XzutAtFtByDtFtCtFyBzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDtD0D0BtC0DyEyEtGtDzy0C0EtGtAtDzyyBtGtDyD0AyBtGyBtB0DtCtCyCtDyDyEyEtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByCyD%26cr%3D901935336%26a%3Dwbf_bxinw_16_51%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = hxxp://start.myplaycity.com/results.php?category=web&s={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2006-11-01] (Avast Software s.r.o.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-18] FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Ludmilla\AppData\Roaming\Mozilla\Firefox\Profiles\sbjdduki.default\extensions\faststartff@gmail.com FF Extension: (Fast Start) - C:\Users\Ludmilla\AppData\Roaming\Mozilla\Firefox\Profiles\sbjdduki.default\extensions\faststartff@gmail.com [2014-11-21] [não assinado] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-09] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-4217796398-667816934-1768120610-501: @nsroblox.roblox.com/launcher -> C:\Users\Convidado\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-4217796398-667816934-1768120610-501: @nsroblox.roblox.com/launcher64 -> C:\Users\Convidado\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://br.hao123.com/?tn=sdkb_inner_protection_04_hao123_br&guid=b3503dce53c05377789829850c361367","hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_43_wbf_bxinw_16_41¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyB0CyE0C0B0AtCtByEtC0C0A0CtN0D0Tzu0StCyByCtCtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0EyB0Azz0ByDyDtGtAyEzy0FtGtDzy0DyEtGtD0EyByEtG0E0B0AyBtB0FtD0BtA0AyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByDyEtA0FyByDyCtGyEyEtAzztGyEtAyDzytGzztA0FyCtGyDtD0FtA0AtCzzyD0C0A0E0B2QtN0A0LzuyE%26cr%3D1035550219%26a%3Dhdr_s_16_43_wbf_bxinw_16_41%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium","hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=c030ee0198f712d9f16eee887a3bb759","hxxp://www.bing.com/search?FORM=INCOH2&PC=IC06&PTAG=ICO-82378b19","hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_50_wbf_bxinw_16_41¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyB0CyE0C0B0AtCtByEtC0C0A0CtN0D0Tzu0StCzztDyBtN1L2XzutAtFtByEtFtBtDtFyDyEtN1L1Czu1M1Q1CtAtCtFzytFtDtN1L1G1B1V1N2Y1L1Qzu2StDtD0CyCyEtD0EyBtGyByByE0AtG0ByBtA0DtGtA0ByCtCtGyE0DyCtCyE0B0Dzz0Czz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByDyEtA0FyByDyCtGyEyEtAzztGyEtAyDzytGzztA0FyCtGyDtD0FtA0AtCzzyD0C0A0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtCtCyB%26cr%3D822272122%26a%3Dhdr_s_16_50_wbf_bxinw_16_41%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm","hxxps://www.bing.com/search?FORM=INCOH2&PC=IC06&PTAG=ICO-df48df09" CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default [2017-01-23] CHR Extension: (Google Docs) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-29] CHR Extension: (Google Drive) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2006-11-01] CHR Extension: (YouTube) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2006-11-01] CHR Extension: (Google Search) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2006-11-01] CHR Extension: (Documentos Google off-line) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2006-11-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22] CHR Extension: (Gmail) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29] CHR Extension: (Chrome Media Router) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2006-11-01] CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-08-16] CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-01-22] CHR Extension: (dregol New Tab) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2016-12-23] CHR Extension: (Skype) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-23] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-23] CHR Extension: (Search Manager) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-12-23] CHR Extension: (Gmail) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-23] CHR Extension: (Chrome Media Router) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23] CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-22] CHR HKLM\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2006-11-01] CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4217796398-667816934-1768120610-501\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4217796398-667816934-1768120610-501\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2006-11-01] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2006-11-01] (Avast Software) S4 BASSVC; C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.) R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe [2572928 2006-11-01] (Baidu, Inc.) S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdSandboxSrv.exe [391200 2015-03-05] (Baidu, Inc.) R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BHipsSvc.exe [531232 2006-11-01] (Baidu, Inc.) S3 BsrSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3464504 2015-05-22] (Baidu, Inc.) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [272136 2016-12-14] (McAfee, Inc.) R2 PCFasterSvc_{PCFaster_4.0.0.0}; C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe [793584 2014-09-25] (Baidu Inc.) [Arquivo não assinado] R2 PCFasterSvc_{PCFaster_5.1.0.0}; C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe [1714448 2015-05-07] (Baidu, Inc.) S2 safer; C:\Program Files\Safer Technologies\Update\SaferUpdate.exe [156064 2017-01-22] (Safer Technologies LLC) S3 saferm; C:\Program Files\Safer Technologies\Update\SaferUpdate.exe [156064 2017-01-22] (Safer Technologies LLC) R2 SparkSvc; C:\Program Files\baidu\Baidu Browser43.23.1000.467.1\sparkservice.exe [97080 2016-01-15] (Baidu Inc.) S3 SparkUpdater; C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe [1372472 2016-01-15] (Baidu.com, Inc.) R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 YSearchUtilSvc; C:\Program Files\Yahoo!\yset\{A8BF9EA3-FB37-B04C-A23B-C2D34D2B9FB3}\YSearchUtilSvc.exe [182736 2016-11-15] (Yahoo Inc.) S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X] ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2006-11-01] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2006-11-01] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2006-11-01] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2006-11-01] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2006-11-01] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2006-11-01] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2006-11-01] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2006-11-01] () S3 Baidu PC Faster FileShredder; C:\Program Files\PC Faster\5.1.0.0\FileKill_x86.sys [18880 2013-03-19] () R3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdApiUtil.sys [101448 2006-11-01] (Baidu, Inc.) R3 bdark; C:\Windows\system32\drivers\bdark.sys [82376 2015-05-15] () R3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdCameraProtect.sys [21384 2006-11-01] (Baidu, Inc.) S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [197624 2015-03-05] (Baidu, Inc.) R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [51144 2006-11-01] (Baidu, Inc.) R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [31176 2006-11-01] (Baidu, Inc.) R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [74888 2006-11-01] (Baidu, Inc.) S3 BHipsEx; C:\Windows\System32\drivers\BHipsEx.sys [138184 2006-11-01] (Baidu, Inc.) R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [75400 2006-11-01] (Baidu, Inc.) R1 Bndef; C:\Windows\System32\drivers\bndef.sys [461192 2006-11-01] (Baidu, Inc.) R3 Bnmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\Bnmon.sys [84936 2006-11-01] (Baidu, Inc.) R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [195528 2006-11-01] (Baidu, Inc.) R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [113992 2015-03-31] (Baidu, Inc.) S4 bsrbc; C:\Windows\System32\drivers\bsrbc.sys [54672 2006-11-01] () R2 msvesexpanded; C:\Windows\system32\drivers\msijhelper.sys [124088 2010-11-20] () R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [37408 2014-08-14] (NT Kernel Resources) R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-26] (CACE Technologies, Inc.) R3 PCFApiUtil; C:\Program Files\PC Faster\5.1.0.0\PCFApiUtil.sys [118152 2015-03-31] (Baidu, Inc.) R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation ) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2006-11-01] (Avast Software) S3 AppProtectEx; \??\C:\Windows\System32\drivers\AppProtectEx.sys [X] S3 UNDPX2A; \??\C:\Windows\system32\drivers\UNDPX2A.SYS [X] U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation) S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-01-23 12:04 - 2017-01-23 12:04 - 00000000 ____D C:\FRST 2017-01-23 10:44 - 2017-01-23 10:44 - 00000000 ____D C:\MSIcfcb8.tmp 2017-01-23 10:41 - 2017-01-23 10:41 - 00000000 ____D C:\Program Files\Common Files\Java 2017-01-23 10:41 - 2017-01-23 10:41 - 00000000 ____D C:\MSIcfcb3.tmp 2017-01-23 10:40 - 2017-01-23 10:40 - 00000000 ____D C:\MSIcfcab.tmp 2017-01-23 10:31 - 2017-01-23 10:31 - 00000000 ____D C:\MSIcfca6.tmp 2017-01-22 19:44 - 2017-01-22 19:44 - 00000000 ____D C:\MSI7879.tmp 2017-01-22 19:38 - 2017-01-23 10:46 - 00000908 _____ C:\Windows\Tasks\SaferUpdateTaskMachineUA.job 2017-01-22 19:38 - 2017-01-22 19:42 - 00000000 ____D C:\Program Files\Safer Technologies 2017-01-22 19:38 - 2006-11-01 00:01 - 00000904 _____ C:\Windows\Tasks\SaferUpdateTaskMachineCore.job 2017-01-10 14:07 - 2017-01-10 14:07 - 00000000 ____D C:\Program Files\Yahoo! 2017-01-10 14:05 - 2017-01-10 14:05 - 00000000 ____D C:\MSI8bcd3.tmp 2017-01-10 14:02 - 2017-01-23 10:33 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2017-01-10 13:57 - 2017-01-23 10:45 - 00000000 ____D C:\Program Files\Java 2017-01-10 13:56 - 2017-01-10 13:56 - 00000000 ____D C:\MSI8bccd.tmp 2017-01-10 13:53 - 2017-01-10 13:53 - 00000000 ____D C:\MSI8bcc5.tmp 2017-01-10 13:50 - 2017-01-10 13:50 - 00000000 ____D C:\MSI8bbfe.tmp 2016-12-31 18:02 - 2006-11-01 00:03 - 00000540 _____ C:\Windows\Tasks\Norton Product Installer.job 2016-12-31 18:01 - 2006-11-01 00:03 - 00000548 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job 2016-12-30 16:01 - 2016-12-30 16:01 - 00000000 ____D C:\Windows\system32\Drivers\NSS 2016-12-30 16:01 - 2016-12-30 16:01 - 00000000 ____D C:\Program Files\NortonInstaller 2016-12-30 16:01 - 2016-12-30 16:01 - 00000000 ____D C:\Program Files\Norton Security Scan 2016-12-30 14:00 - 2015-07-30 10:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2016-12-30 13:53 - 2016-07-22 11:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2016-12-27 23:28 - 2016-12-27 23:28 - 00010224 _____ C:\downlevel_2016_12_28_10_28_24_240.log 2016-12-27 21:19 - 2016-12-27 21:19 - 00034732 _____ C:\compatcheck_2016_12_28_08_19_25_378.log 2016-12-27 21:19 - 2016-12-27 21:19 - 00000000 ____D C:\$GetCurrent 2016-12-27 21:18 - 2006-11-01 00:25 - 00000000 ____D C:\Windows10Upgrade 2016-12-27 16:53 - 2016-12-27 16:54 - 00000000 ____D C:\Program Files\Booking.com 2016-12-27 16:51 - 2016-12-27 16:53 - 00000000 ____D C:\Program Files\AliExpress 2016-12-26 20:19 - 2016-12-26 20:19 - 00000000 ____D C:\MSId4714.tmp 2016-12-26 20:16 - 2016-12-26 20:19 - 00000000 ___RD C:\Program Files\Skype 2016-12-26 20:16 - 2016-12-26 20:16 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-12-26 20:16 - 2016-12-26 20:16 - 00000000 ____D C:\MSId470d.tmp 2016-12-25 22:17 - 2016-12-25 22:17 - 00000000 ____D C:\MSI22709.tmp 2016-12-24 01:15 - 2016-12-24 01:15 - 00000000 ____D C:\MSIfc01d.tmp 2016-12-24 01:14 - 2016-12-24 01:14 - 00000000 ____D C:\MSIfc013.tmp 2016-12-23 20:07 - 2016-12-23 20:07 - 00000000 ____D C:\SWDownload 2016-12-23 20:04 - 2006-11-01 00:00 - 00000000 ____D C:\Program Files\PC App Store 2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\MSI5f2d7.tmp 2016-12-23 19:51 - 2016-12-23 19:51 - 00000000 ____D C:\MSI5f2a6.tmp 2016-12-23 19:49 - 2016-12-23 19:49 - 00000000 ____D C:\MSI5f2a4.tmp 2016-12-23 19:23 - 2016-12-23 19:23 - 00000000 ____D C:\MSI17474.tmp 2016-12-23 18:48 - 2016-12-23 18:48 - 00000000 ____D C:\MSI1ac42.tmp 2016-12-23 18:48 - 2016-12-23 18:48 - 00000000 ____D C:\MSI1ac3a.tmp 2016-12-23 18:25 - 2016-09-30 10:50 - 00023232 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2016-12-23 16:26 - 2016-12-23 16:26 - 00000000 ____D C:\MSIe0dea.tmp 2016-12-23 16:24 - 2016-12-23 16:24 - 00000000 ____D C:\MSIe0de4.tmp 2016-12-23 15:01 - 2017-01-22 19:48 - 00000000 ____D C:\Program Files\ByteFence 2016-12-19 14:24 - 2016-12-19 14:24 - 00000000 ____D C:\MSId78f5.tmp 2016-12-19 14:24 - 2016-12-19 14:24 - 00000000 ____D C:\MSId78f3.tmp 2016-12-19 14:17 - 2016-12-19 14:17 - 00000000 ____D C:\MSId78e5.tmp 2016-12-19 14:15 - 2016-12-19 14:15 - 00000000 ____D C:\MSId78de.tmp 2016-12-17 21:20 - 2016-12-17 21:20 - 00000000 ____D C:\MSI3f51a.tmp 2016-12-13 16:09 - 2016-12-13 16:09 - 00000000 ____D C:\MSI70e26.tmp 2016-12-08 20:18 - 2016-12-08 20:18 - 00000000 ____D C:\MSI6347a.tmp 2016-12-08 20:16 - 2016-12-08 20:16 - 00000000 ____D C:\MSI63473.tmp 2016-12-08 19:45 - 2016-12-08 19:45 - 00000000 ____D C:\MSIefee0.tmp 2016-12-08 18:12 - 2016-12-08 18:12 - 00000000 ____D C:\MSIc08bf.tmp 2016-12-08 09:47 - 2016-12-08 09:47 - 00000000 ____D C:\AI_RecycleBin 2016-12-08 09:45 - 2016-12-08 09:45 - 00000000 ____D C:\MSIff09b.tmp 2016-12-08 08:24 - 2016-12-08 08:24 - 00000000 ____D C:\MSI5b61b.tmp 2016-12-07 20:01 - 2016-12-07 20:01 - 00000000 ____D C:\MSI5116e.tmp 2016-12-07 20:01 - 2016-12-07 20:01 - 00000000 ____D C:\MSI5116c.tmp 2016-12-07 19:54 - 2016-12-07 19:54 - 00000000 ____D C:\MSI51166.tmp 2016-12-07 19:50 - 2016-12-07 19:50 - 00000000 ____D C:\MSI51160.tmp 2016-11-26 10:20 - 2016-11-26 10:20 - 00000000 ____D C:\Program Files\MegaDownloader 2016-11-23 20:11 - 2016-11-23 20:11 - 00000000 ____D C:\MSI790f6.tmp 2016-11-23 20:09 - 2016-11-23 20:09 - 00000000 ____D C:\MSI790f1.tmp 2016-11-23 20:09 - 2016-11-23 20:09 - 00000000 ____D C:\MSI790e9.tmp 2016-11-23 20:05 - 2016-11-23 20:05 - 00000000 ____D C:\MSI790e4.tmp ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-01-23 12:06 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf 2017-01-23 12:05 - 2009-07-14 01:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-23 12:05 - 2009-07-14 01:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-09 14:01 - 2014-11-21 13:16 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-01-09 14:01 - 2014-11-21 13:16 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-01-09 14:01 - 2014-11-21 13:16 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-01 16:01 - 2011-04-12 01:47 - 00705268 _____ C:\Windows\system32\prfh0416.dat 2017-01-01 16:01 - 2011-04-12 01:47 - 00147108 _____ C:\Windows\system32\prfc0416.dat 2017-01-01 16:01 - 2010-11-20 18:01 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-30 15:55 - 2006-11-01 00:23 - 00000000 ____D C:\Windows\Prefetch 2016-12-30 15:07 - 2010-10-22 00:43 - 00000000 __SHD C:\System Volume Information 2016-12-30 14:05 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\winsxs 2016-12-25 22:16 - 2014-11-21 12:34 - 00000000 ____D C:\Program Files\WinRAR 2016-12-25 22:16 - 2006-11-01 00:04 - 00000000 ____D C:\Windows\system32\Adobe ==================== Arquivos na raiz de alguns diretórios ======= 2016-01-21 21:55 - 2016-01-22 13:13 - 27673724 _____ () C:\Users\Convidado\AppData\Roaming\.minecraft.rar 2006-11-01 01:24 - 2006-11-01 01:24 - 0000057 _____ () C:\ProgramData\Ament.ini 2017-01-22 20:15 - 2017-01-22 20:15 - 0004096 _____ () C:\ProgramData\dfnpcrng.nwi 2014-11-21 13:18 - 2017-01-23 12:02 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js 2017-01-22 20:15 - 2017-01-22 20:15 - 0000016 _____ () C:\ProgramData\mntemp ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-09-24 17:56 ==================== Fim de FRST.txt ============================