Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 01-03-2017 01 Executado por Tiago (administrador) em TIAGO-PC (03-03-2017 07:48:30) Executando a partir de C:\Users\Tiago\Desktop Perfis Carregados: Tiago (Perfis Disponíveis: Tiago & Tiago02 & postgres) Platform: Microsoft Windows 7 Ultimate (X86) Idioma: Português (Brasil) Internet Explorer Versão 9 (Navegador padrão: IE) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe () C:\Program Files\AnyDesk\AnyDesk.exe () C:\Program Files\AppBrad\NetExpressUpdater.exe (Banco Bradesco S.A.) C:\Program Files\Scpad\scpVista.exe (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe (Crawler.com) C:\Program Files\Spyware Terminator\sp_rsser.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\System32\vmnat.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (RealVNC Ltd.) C:\Program Files\RealVNC\VNC4\winvnc4.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe (VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe (Google Inc.) C:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe () C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (CompSoft) C:\Program Files\DoroPDFWriter\DoroServer.exe (A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe (VMware, Inc.) C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7858720 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [] => [X] HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask) HKLM\...\Run: [DoroServer] => C:\Program Files\DoroPDFWriter\DoroServer.exe [172032 2012-05-29] (CompSoft) HKLM\...\Run: [VDownloader] => C:\Program Files\VDownloader\VDownloader4.exe [1753600 2015-02-26] (Vitzo) HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [18944 2013-03-05] (A.E.T. Europe B.V.) HKLM\...\Run: [vmware-tray.exe] => C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [111696 2013-08-27] (VMware, Inc.) HKLM\...\Run: [ConsultaNF-e_SEFAZ_RS] => [X] HKLM\...\Run: [WebServicePortalFederal] => [X] HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [792112 2016-06-23] (GAS Tecnologia LTDA) Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2016-06-20] (Banco do Brasil) Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2016-07-11] (Caixa Economica Federal) HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2614784 2011-02-26] (Microsoft Corporation) <==== ATENÇÃO HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2614784 2011-02-26] (Microsoft Corporation) <==== ATENÇÃO HKU\S-1-5-21-3089339955-3706307662-206936842-1000\...\Run: [Facebook Update] => C:\Users\Tiago\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-15] (Facebook Inc.) HKU\S-1-5-21-3089339955-3706307662-206936842-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.) HKU\S-1-5-21-3089339955-3706307662-206936842-1000\...\MountPoints2: {bb1d4592-d14a-11e4-a250-003018c3f138} - D:\LGAutoRun.exe HKU\S-1-5-21-3089339955-3706307662-206936842-1000\...\MountPoints2: {e475e4b8-67b1-11e2-8bc4-806e6f6e6963} - D:\DriverPackSolution.exe HKU\S-1-5-21-3089339955-3706307662-206936842-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2614784 2011-02-26] (Microsoft Corporation) <==== ATENÇÃO ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GbPlugin\gbieh.dll [1947872 2016-06-20] (Banco do Brasil) ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1903328 2016-07-11] (Caixa Economica Federal) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Tiago\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-31] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Tiago\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-31] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Tiago\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-31] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2016-01-14] ShortcutTarget: AnyDesk.lnk -> C:\Program Files\AnyDesk\AnyDesk.exe () BootExecute: autocheck autochk * CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 177.38.244.69 8.8.8.8 Tcpip\..\Interfaces\{FD5FE724-5570-4544-923C-ED8419377EE8}: [DhcpNameServer] 177.38.244.69 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=4b4b6181f1ee61d720a64ac2d7a5253e HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp HKU\S-1-5-21-3089339955-3706307662-206936842-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3089339955-3706307662-206936842-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1359374020&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1046&id=64855&mkt=pt-br&cbcxt=mai&snsc=1 HKU\S-1-5-21-3089339955-3706307662-206936842-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie URLSearchHook: HKU\S-1-5-21-3089339955-3706307662-206936842-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchboxes.info/?l=1&q={searchTerms}&pid=1091&r=2013/07/26&hid=3853312277&lg=EN&cc=BR&unqvl=28 SearchScopes: HKU\S-1-5-21-3089339955-3706307662-206936842-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2A81003018C3F138&affID=121225&tsp=5003 SearchScopes: HKU\S-1-5-21-3089339955-3706307662-206936842-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3089339955-3706307662-206936842-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2A81003018C3F138&affID=121225&tsp=5003 SearchScopes: HKU\S-1-5-21-3089339955-3706307662-206936842-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-3089339955-3706307662-206936842-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B382F143-18F6-43F3-B40B-7022BF966DBE}&mid=008d39000dbf47d3ab2fd1795e2718cb-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116wt&pr=sa&d=2016-01-07 07:47:16&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3089339955-3706307662-206936842-1000 -> {AD6E35EA-C027-4086-8E0D-DEBF60D59B47} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3089339955-3706307662-206936842-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKU\S-1-5-21-3089339955-3706307662-206936842-1000 -> {BC8F2471-2D25-4C22-B819-F1421DCFD930} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^BR&gct=&itbv=12.24.1.51&apn_uid=04533422-0412-485A-B831-FC95A8D6C0B4&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^BR&apn_dbr=ie_9.0.8112.16421&doi=2015-03-02&trgb=IE&q={searchTerms}&psv=&pt=tb BHO: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files\Scpad\scpsssh2.dll [2014-07-23] (Banco Bradesco S.A.) BHO: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL [2012-11-03] (Symantec Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-05-10] (Oracle Corporation) BHO: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\Windows\system32\mscoree.dll [2009-11-25] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES\GBPLUGIN\gbieh.dll [2016-06-20] (Banco do Brasil) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2016-07-11] (Caixa Economica Federal) BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-04-25] (Ask) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-05-10] (Oracle Corporation) Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-04-25] (Ask) Toolbar: HKU\S-1-5-21-3089339955-3706307662-206936842-1000 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-04-25] (Ask) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll Nenhum Arquivo Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll Nenhum Arquivo Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Tiago\AppData\Roaming\Mozilla\Firefox\Profiles\7lb3lipt.default [2017-03-03] FF user.js: detected! => C:\Users\Tiago\AppData\Roaming\Mozilla\Firefox\Profiles\7lb3lipt.default\user.js [2014-11-13] FF Homepage: Mozilla\Firefox\Profiles\7lb3lipt.default -> hxxp://www.globo.com/ FF Extension: (Search and New Tab by Yahoo) - C:\Users\Tiago\AppData\Roaming\Mozilla\Firefox\Profiles\7lb3lipt.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-11-18] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Tiago\AppData\Roaming\Mozilla\Firefox\Profiles\7lb3lipt.default\features\{7d269518-0d80-45e2-9ab4-dd371a233bfd}\disableSHA1rollout@mozilla.org.xpi [2017-02-25] FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox FF Extension: (VDownloader) - C:\Program Files\VDownloader\Addons\FireFox [2013-09-12] [não assinado] FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Tiago\AppData\Roaming\Mozilla\Firefox\Profiles\7lb3lipt.default\extensions\deskCutv2@gmail.com => não encontrado (a) FF HKU\S-1-5-21-3089339955-3706307662-206936842-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Tiago\AppData\Local\GAS Tecnologia\GBBD\bb\xpi => não encontrado (a) FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-07-23] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-05-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-05-10] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG) FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2009-10-13] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2009-10-13] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3089339955-3706307662-206936842-1000: facebook.com/fbDesktopPlugin -> C:\Users\Tiago\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.) FF Plugin HKU\S-1-5-21-3089339955-3706307662-206936842-1000: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll [2013-03-21] (Vitzo Limited) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.uol.com.br/ CHR StartupUrls: Default -> "hxxp://www.uol.com.br/" CHR DefaultSearchURL: Default -> hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default [2017-03-03] CHR Extension: (Google Apresentações) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-24] CHR Extension: (Flash Video Downloader) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-03-01] CHR Extension: (Google Docs) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-24] CHR Extension: (Google Drive) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24] CHR Extension: (YouTube) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24] CHR Extension: (Google Search) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24] CHR Extension: (Planilhas do Google) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-24] CHR Extension: (Documentos Google off-line) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Gmail) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-24] CHR Extension: (Chrome Media Router) - C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09] CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Tiago\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2013-04-25] CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [2013-09-12] CHR HKLM\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [mphpbdjcljebbcnfopfngmfdackbbdgf] - C:\Program Files\DealPly\DealPly.crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) "Warsaw Technology" => serviço foi desbloqueado. <===== ATENÇÃO S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320 2014-07-23] () [Arquivo não assinado] R2 AnyDesk; C:\Program Files\AnyDesk\AnyDesk.exe [1428640 2016-01-14] () R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [631520 2016-06-20] (GAS Tecnologia) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG) R2 NetExpress Updater; C:\Program Files\AppBrad\NetExpressUpdater.exe [20568 2015-08-21] () S2 postgresql-9.0; C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe [94720 2012-08-15] (PostgreSQL Global Development Group) [Arquivo não assinado] R2 scpVista; C:\Program Files\Scpad\scpVista.exe [360624 2012-10-24] (Banco Bradesco S.A.) R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation) S3 ServicoAgendador; C:\Contabil\Utilitários\ServicoAgendador.exe [12288 2013-10-31] () [Arquivo não assinado] S3 ServicoDominioAtendimento; C:\Contabil\Agente de Comunicação com o Domínio Atendimento\Servico\ServicoDominioAtendimento.exe [182272 2016-05-23] () [Arquivo não assinado] S3 ServicoGerenciadorAtualizacao; C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe [6656 2013-10-31] () [Arquivo não assinado] S3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe [1785792 2012-11-03] (Symantec Corporation) S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\snac.exe [288208 2012-11-03] (Symantec Corporation) R2 sp_rssrv; C:\Program Files\Spyware Terminator\sp_rsser.exe [496128 2016-04-20] (Crawler.com) [Arquivo não assinado] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 VMAuthdService; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [86096 2013-08-27] (VMware, Inc.) R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [358480 2013-08-27] (VMware, Inc.) R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [719416 2013-08-26] (VMware, Inc.) R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [437328 2013-08-27] (VMware, Inc.) R2 VMwareHostd; C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe [14401104 2013-08-27] () R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [792112 2016-06-23] (GAS Tecnologia LTDA) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) R2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439248 2006-05-12] (RealVNC Ltd.) S2 PSafeSVC; C:\Program Files\PSafe\PSafesvc.exe [X] ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R0 360HookOem; C:\Windows\System32\drivers\360HookOem.sys [54912 2012-05-31] (360安全中心) [Arquivo não assinado] S1 BHDrvx86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20170224.002\BHDrvx86.sys [1378520 2016-11-07] (Symantec Corporation) R1 ccSettings_{D458BD6F-8DF5-406D-9D2A-C8B75C61951F}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x86\ccSetx86.sys [134304 2012-11-03] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388768 2017-01-26] (Symantec Corporation) U3 EraserUtilDrvI29; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI29.sys [124576 2017-01-26] (Symantec Corporation) R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-08-26] (GAS Tecnologia) S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto) S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [43192 2013-08-26] (VMware, Inc.) S1 IDSvix86; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20170301.011\IDSvix86.sys [768728 2017-02-03] (Symantec Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41216 2011-09-22] (Intel Corporation) S3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [3328 2012-12-18] (Famatech International Corp.) S3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20170302.001\NAVENG.SYS [104864 2017-02-01] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20170302.001\NAVEX15.SYS [1649824 2017-02-01] (Symantec Corporation) R1 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-03-05] (GAS Tecnologia) R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-26] (CACE Technologies, Inc.) R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [142592 2013-07-26] () [Arquivo não assinado] S3 SyDvCtrl; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SyDvCtrl32.sys [28136 2012-11-03] (Symantec Corporation) R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [111584 2014-11-07] (Symantec Corporation) R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [75528 2012-11-03] (Symantec Corporation) R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [17104 2013-08-27] (VMware, Inc.) R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37456 2013-08-27] (VMware, Inc.) R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-08-27] (VMware, Inc.) R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [65488 2013-08-27] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [63824 2013-08-15] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys [23632 2013-02-22] (VMware, Inc.) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [80728 2017-03-03] (GAS Tecnologia) R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [31864 2016-06-16] (GAS Tecnologia) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [76384 2016-06-08] (GAS Tecnologia) S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X] S0 gbpddreg; system32\drivers\gbpddreg32.sys [X] S3 NdisrdMP; system32\DRIVERS\gbpndisrd.sys [X] S1 pa_sys_config; system32\drivers\pa_sys_config.sys [X] S1 pa_sys_config"register; system32\drivers\pa_sys_config"register.sys [X] S1 pa_sys_config"unregister; system32\drivers\pa_sys_config"unregister.sys [X] U5 SymEvent; C:\Windows\System32\Drivers\SymEvent.sys [142496 2014-11-07] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-03-03 07:48 - 2017-03-03 07:49 - 00027903 _____ C:\Users\Tiago\Desktop\FRST.txt 2017-03-03 07:48 - 2017-03-03 07:48 - 00000000 ____D C:\FRST 2017-03-03 07:47 - 2017-03-03 07:47 - 01765888 _____ (Farbar) C:\Users\Tiago\Desktop\FRST.exe 2017-03-03 07:43 - 2017-03-03 07:43 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk 2017-03-03 07:43 - 2017-03-03 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-03-03 07:43 - 2017-03-03 07:43 - 00000000 ____D C:\Program Files\Common Files\Skype 2017-03-03 07:32 - 2017-03-03 07:32 - 01631200 _____ (Skype Technologies S.A.) C:\Users\Tiago\Desktop\SkypeSetup.exe 2017-02-27 11:57 - 2017-02-27 11:57 - 02895486 _____ C:\Users\Tiago\Downloads\teste.xps 2017-02-12 07:36 - 2017-02-12 07:36 - 00002102 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-12 07:36 - 2017-02-12 07:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-02-06 08:02 - 2017-02-06 08:03 - 00149474 _____ C:\Users\Tiago\Desktop\Boleto.pdf 2017-02-02 08:17 - 2017-02-02 09:48 - 00002041 _____ C:\Users\Public\Desktop\EFD ICMS IPI.lnk ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-03-03 07:47 - 2013-04-17 08:42 - 00000000 ____D C:\Users\Tiago\AppData\LocalLow\Scpad 2017-03-03 07:43 - 2014-02-28 07:49 - 00000000 ___RD C:\Program Files\Skype 2017-03-03 07:43 - 2013-01-26 11:10 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2017-03-03 07:43 - 2013-01-26 11:10 - 00000000 ____D C:\ProgramData\Skype 2017-03-03 07:40 - 2013-06-04 08:09 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2017-03-03 07:40 - 2013-06-04 08:09 - 00000000 ____D C:\ProgramData\GbPlugin 2017-03-03 07:36 - 2009-07-14 01:34 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-03 07:36 - 2009-07-14 01:34 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-03 07:31 - 2016-11-22 07:53 - 00000000 ____D C:\Users\Tiago\AppData\LocalLow\Mozilla 2017-03-03 07:28 - 2016-11-07 15:55 - 00080728 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2017-03-03 07:28 - 2016-05-20 15:30 - 00000000 ____D C:\Users\Todos os Usuários\VMware 2017-03-03 07:28 - 2016-05-20 15:30 - 00000000 ____D C:\ProgramData\VMware 2017-03-03 07:28 - 2013-04-11 09:21 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2017-03-03 07:28 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-03 07:25 - 2015-03-16 14:25 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-03-03 07:25 - 2015-03-16 14:25 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-03 07:25 - 2013-01-26 11:10 - 00000000 ____D C:\Users\Tiago\AppData\Roaming\Skype 2017-03-02 17:53 - 2013-08-02 08:08 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-03-02 17:35 - 2014-07-24 13:36 - 00000000 ____D C:\Program Files\TeamViewer 2017-03-02 17:09 - 2013-04-15 08:04 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3089339955-3706307662-206936842-1000UA.job 2017-03-02 16:07 - 2013-01-26 16:31 - 00000000 ____D C:\Users\Todos os Usuários\Symantec 2017-03-02 16:07 - 2013-01-26 16:31 - 00000000 ____D C:\ProgramData\Symantec 2017-03-02 16:04 - 2013-01-28 09:09 - 00002048 ____H C:\Users\Tiago\Documents\Default.rdp 2017-03-02 08:09 - 2013-04-15 08:04 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3089339955-3706307662-206936842-1000Core.job 2017-03-01 13:59 - 2009-07-14 01:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2017-02-28 10:22 - 2016-04-06 07:40 - 00011483 _____ C:\Users\Tiago\Desktop\CÁLCULO MÊS 02-2017oK.xlsx 2017-02-27 09:56 - 2016-05-21 07:33 - 00000000 ____D C:\Users\Tiago\AppData\Roaming\VMware 2017-02-27 09:56 - 2016-05-21 07:33 - 00000000 ____D C:\Users\Tiago\AppData\Local\VMware 2017-02-23 11:14 - 2016-10-11 07:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-20 15:19 - 2013-01-28 09:05 - 00000000 ____D C:\Arquivos Fiscais 2017-02-19 10:47 - 2017-01-03 08:25 - 00000000 ____D C:\Users\Tiago\Documents\Fotos Lucas 2017-02-18 08:44 - 2013-01-26 10:32 - 00937570 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-18 08:44 - 2009-07-17 15:48 - 00086436 _____ C:\Windows\system32\prfh0416.dat 2017-02-18 08:44 - 2009-07-17 15:48 - 00034900 _____ C:\Windows\system32\prfc0416.dat 2017-02-18 08:44 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf 2017-02-14 16:50 - 2013-10-21 10:52 - 00000000 ____D C:\Consórcio Rodobens 2017-02-12 07:36 - 2013-01-26 11:05 - 00000000 ____D C:\Program Files\Google 2017-02-09 08:54 - 2013-01-26 11:28 - 00115664 _____ C:\Users\Tiago\AppData\Local\GDIPFONTCACHEV1.DAT 2017-02-07 16:59 - 2013-07-29 10:15 - 00000000 ____D C:\SefaNet 2017-02-07 16:35 - 2013-03-05 10:40 - 00000000 ____D C:\temp 2017-02-07 08:14 - 2016-10-06 16:02 - 00084637 _____ C:\Users\Tiago\Desktop\Infoemail_Bradesco.pdf 2017-02-07 07:56 - 2013-04-11 09:32 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-07 07:56 - 2013-04-11 09:24 - 00002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-03 07:33 - 2009-07-14 01:53 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-02-02 09:49 - 2013-01-26 10:25 - 00000000 ____D C:\Users\Tiago 2017-02-02 09:36 - 2013-01-28 09:32 - 00000000 ____D C:\Instalador Sped 2017-02-02 08:17 - 2013-06-12 10:58 - 00000000 ____D C:\Users\Tiago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas_SPED 2017-02-02 08:16 - 2013-03-15 08:44 - 00000000 ____D C:\Program Files\Programas_SPED ==================== Arquivos na raiz de alguns diretórios ======= 2007-09-28 09:33 - 2007-09-28 09:33 - 1579008 _____ () C:\Program Files\Office2007GroupPolicyAndOCTSettings.xls 2013-09-12 09:11 - 2010-01-26 11:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe 2014-04-10 15:13 - 2014-04-10 15:14 - 5541145 _____ () C:\Users\Tiago\AppData\Local\amor1.zip 2013-05-21 08:37 - 2016-12-29 09:59 - 0007598 _____ () C:\Users\Tiago\AppData\Local\Resmon.ResmonCfg 2014-11-28 15:16 - 2014-11-28 15:16 - 0000227 _____ () C:\ProgramData\bc.ini Alguns arquivos em TEMP: ==================== 2015-03-02 08:26 - 2015-03-02 08:26 - 0663448 _____ (Ask Partner Network) C:\Users\Tiago\AppData\Local\Temp\APNSetup.exe 2014-11-29 15:34 - 2014-11-29 15:34 - 21768400 _____ (Baidu, Inc.) C:\Users\Tiago\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.4.87531.exe 2016-01-05 08:15 - 2016-01-05 08:16 - 4476744 _____ (Google) C:\Users\Tiago\AppData\Local\Temp\D1F2.exe 2014-09-17 07:51 - 2016-05-10 07:51 - 45198968 _____ (Skype Technologies S.A.) C:\Users\Tiago\AppData\Local\Temp\SkypeSetup.exe 2014-11-28 14:27 - 2014-11-28 14:27 - 42317256 _____ () C:\Users\Tiago\AppData\Local\Temp\spark_install.exe 2016-01-07 08:04 - 2016-01-07 07:46 - 3000208 _____ (AVG Technologies) C:\Users\Tiago\AppData\Local\Temp\UNINSTALL.EXE 2017-03-03 07:24 - 2017-03-03 07:41 - 14456872 _____ (Microsoft Corporation) C:\Users\Tiago\AppData\Local\Temp\vc_redist.x86.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-02-17 15:47 ==================== Fim de FRST.txt ============================