Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Felipe_Ino

Instalei sem querer o the desktop weather

Recommended Posts

Inadvertidamente instalei o The Desktop Weather, depois ele instalou diversos programas no meu PC que ficou bastante lento, gostaria de remove-lo completamente.

 

Segue log do ZA-Scan

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Felipe_Ino

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

 

  1. Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  2. O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  3. Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  4. Sempre coloque suas respostas neste tópico... Não abra outro!
  5. Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  6. Respeite a ordem das instruções passadas.

 

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Grato pela ajuda. Seguem os logs.

     

    1 - AdwCleaner

     

    # AdwCleaner v5.036 - Logfile created 24/02/2016 at 19:39:34
    # Updated 22/02/2016 by Xplode
    # Database : 2016-02-24.1 [Server]
    # Operating system : Windows 8.1  (x64)
    # Username : felip_000 - DANI-NOTE
    # Running from : C:\Users\felip_000\Downloads\adwcleaner_5.036.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service Deleted : sbmntr
    [-] Service Deleted : SPBIUpdd
    [-] Service Deleted : rtop
    [-] Service Deleted : SPDRIVER_1.42.1.10644

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files\ByteFence
    [-] Folder Deleted : C:\Program Files\WajaNetEn
    [-] Folder Deleted : C:\Program Files (x86)\OLBPre
    [-] Folder Deleted : C:\Program Files (x86)\RinoReader
    [-] Folder Deleted : C:\Program Files (x86)\ShopperPro3
    [-] Folder Deleted : C:\Program Files (x86)\Uniblue
    [-] Folder Deleted : C:\Program Files (x86)\YTDownloader
    [-] Folder Deleted : C:\Program Files (x86)\AnyFlix
    [-] Folder Deleted : C:\Program Files (x86)\92191770-1455322821-A04B-A743-5C21D9D45F5E
    [-] Folder Deleted : C:\Program Files (x86)\SunnyDay7
    [-] Folder Deleted : C:\Program Files\Common Files\ShopperPro3
    [-] Folder Deleted : C:\ProgramData\ByteFence
    [-] Folder Deleted : C:\ProgramData\ShopperPro3
    [-] Folder Deleted : C:\ProgramData\Uniblue
    [-] Folder Deleted : C:\ProgramData\WebShield
    [-] Folder Deleted : C:\ProgramData\c54dd8a2-26a5-1
    [-] Folder Deleted : C:\ProgramData\c54dd8a2-4d03-0
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNetEn
    [-] Folder Deleted : C:\Users\felip_000\AppData\Local\BrowserHelper
    [-] Folder Deleted : C:\Users\felip_000\AppData\Local\WebShield
    [-] Folder Deleted : C:\Users\felip_000\AppData\Local\SunnyDay7
    [-] Folder Deleted : C:\Users\felip_000\AppData\Local\Installer\Install_21425
    [-] Folder Deleted : C:\Users\felip_000\AppData\Local\Installer\Install_3863
    [-] Folder Deleted : C:\Users\felip_000\AppData\Roaming\Gameo
    [-] Folder Deleted : C:\Users\felip_000\AppData\Roaming\Uniblue
    [-] Folder Deleted : C:\Users\felip_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RinoReader
    [-] Folder Deleted : C:\Users\felip_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
    [-] Folder Deleted : C:\Users\Public\Documents\ShopperPro3
    [#] Folder Deleted : C:\Windows\SysNative\Tasks\ByteFence

    ***** [ Files ] *****

    [-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
    [-] File Deleted : C:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\qe0ay8nr.default\searchplugins\Search Provided by Yahoo.xml
    [-] File Deleted : C:\Users\felip_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
    [-] File Deleted : C:\Users\felip_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    [-] File Deleted : C:\Users\felip_000\AppData\Roaming\Mozilla\Firefox\Profiles\2cg5exf2.default\searchplugins\Search Provided by Yahoo.xml
    [-] File Deleted : C:\Users\felip_000\Desktop\MyPC Backup.lnk
    [-] File Deleted : C:\Users\felip_000\Desktop\YTDownloader.lnk
    [-] File Deleted : C:\Users\Public\Desktop\driverscanner.lnk

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : driverscanner
    [-] Task Deleted : Inst_Rep
    [-] Task Deleted : ShopperProJSUpd
    [-] Task Deleted : SPDriver
    [-] Task Deleted : YTDownloaderUpd
    [-] Task Deleted : updateTask
    [-] Task Deleted : ByteFence
    [-] Task Deleted : DNS Monitoring
    [-] Task Deleted : DNS Monitoring
    [-] Task Deleted : SPBIW_UpdateTask_Time_323736303333383233332d575b323478415a45375a456c

    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\MixVideoPlayer.exe
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RinoReader.exe
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro3.exe
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
    [-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
    [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [BrowserWeb.exe]
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351A01B5-849A-ECA5-2760-EE9665E223C3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{593D67B9-3A50-EBAA-17BE-61A5EC986A22}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
    [-] Key Deleted : HKCU\Software\ByteFence
    [-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
    [-] Key Deleted : HKCU\Software\PRODUCTSETUP
    [-] Key Deleted : HKCU\Software\RinoReader
    [-] Key Deleted : HKCU\Software\Tutorials
    [-] Key Deleted : HKCU\Software\WajIEnhance
    [-] Key Deleted : HKCU\Software\YTDownloader
    [-] Key Deleted : HKLM\SOFTWARE\ByteFence
    [-] Key Deleted : HKLM\SOFTWARE\MPC
    [-] Key Deleted : HKLM\SOFTWARE\ShopperPro3
    [-] Key Deleted : HKLM\SOFTWARE\SUNNYDAY
    [-] Key Deleted : HKLM\SOFTWARE\Tutorials
    [-] Key Deleted : HKLM\SOFTWARE\Uniblue
    [!] Key Not Deleted : HKLM\SOFTWARE\Uniblue\DriverScanner
    [-] Key Deleted : HKLM\SOFTWARE\WajaNetEn
    [-] Key Deleted : HKLM\SOFTWARE\YTDownloader
    [-] Key Deleted : HKLM\SOFTWARE\AnyFlix
    [-] Key Deleted : HKLM\SOFTWARE\1832BFF4F2BF43989682B0AF5ECB8F68
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RinoReader
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro3
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajaNetEn
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebShield
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyFlix.ns
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B81759E6-5669-4DB3-A3A7-6CD76555DE1D}_is1
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SunnyDay7_is1
    [-] Key Deleted : [x64] HKLM\SOFTWARE\ByteFence
    [-] Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro3
    [-] Key Deleted : [x64] HKLM\SOFTWARE\WajaNetEn
    [-] Key Deleted : [x64] HKLM\SOFTWARE\1832BFF4F2BF43989682B0AF5ECB8F68
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B81759E6-5669-4DB3-A3A7-6CD76555DE1D}_is1
    [-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3BDACA4F-2B9B-45B7-BF65-4A98A0708C58} [NameServer]
    [-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{3BDACA4F-2B9B-45B7-BF65-4A98A0708C58} [NameServer]
    [!] Value Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SPDriver]
    [!] Value Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared
    :: Chrome policies deleted

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [21211 bytes] - [15/02/2016 20:08:40]
    C:\AdwCleaner\AdwCleaner[C2].txt - [8592 bytes] - [15/02/2016 21:52:29]
    C:\AdwCleaner\AdwCleaner[C3].txt - [9800 bytes] - [24/02/2016 19:39:34]
    C:\AdwCleaner\AdwCleaner[S1].txt - [19567 bytes] - [15/02/2016 20:02:47]
    C:\AdwCleaner\AdwCleaner[S2].txt - [8060 bytes] - [15/02/2016 21:43:27]
    C:\AdwCleaner\AdwCleaner[S3].txt - [9327 bytes] - [24/02/2016 19:33:23]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [10093 bytes] ##########
     

    2 - JRT

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 8.1 x64 
    Ran by felip_000 (Administrator) on 24/02/2016 at 19:46:16,74
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    File System: 4 

    Successfully deleted: C:\Users\felip_000\AppData\Local\installer (Folder) 
    Successfully deleted: C:\Program Files (x86)\mixvideoplayer (Folder) 
    Successfully deleted: C:\Windows\prefetch\AVAST_FREE_ANTIVIRUS_SETUP.EX-B5024B01.pf (File) 
    Successfully deleted: C:\Windows\prefetch\DRIVERSCANNER.EXE-27E91572.pf (File) 

    Registry: 0 

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 24/02/2016 at 20:39:16,64
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

     

    3 - ZHPCleaner

     

    ~ ZHPCleaner v2016.2.22.34 by Nicolas Coolman (2016/02/22)
    ~ Run by felip_000 (Administrator)  (24/02/2016 20:54:57)
    ~ Site : http://www.nicolascoolman.com
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Type : Reparo
    ~ Report : C:\Users\felip_000\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\felip_000\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
    ~ UAC : Activate
    ~ Boot Mode : Normal (Normal boot)
    Windows 8.1, 64-bit  (Build 9600)


    ---\\  Serviços (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Navegadores de Internet (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Arquivo hosts (1)
    ~ O arquivo hosts é legítimo (67)


    ---\\  Tarefas automáticas agendadas. (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Explorer ( Arquivos, Pastas) (13)
    MOVIDO pasta: C:\Users\felip_000\Desktop\Play CrossFire.lnk  [Bad : C:\Users\felip_000\AppData\Roaming\Gameo\gameo.exe]  =>PUP.Optional.Gameo
    MOVIDO pasta: C:\Windows\Prefetch\MBOT_EN_037050236 - UNINSTALL-F324A503.pf    =>PUP.Optional.CrossRider
    MOVIDO pasta: C:\Windows\Prefetch\OLBPRE.EXE-93065896.pf    =>PUP.Optional.MyPCBackup
    MOVIDO pasta: C:\Windows\Prefetch\PREDM.TMP-1B241834.pf    =>PUP.Optional.Downware
    MOVIDO pasta: C:\Windows\Prefetch\PRIMARYCOLOR.PURBROWSE64.EXE-3AA9BA5A.pf    =>PUP.Optional.PrimaryColor
    MOVIDO pasta: C:\Windows\Prefetch\REC_EN_77 - UNINSTALL.EXE-6859D48B.pf    =>.Superfluous.Tuto4PC
    MOVIDO pasta: C:\Windows\Prefetch\YTDOWNLOADER.EXE-7954D736.pf    =>PUP.Optional.YTDownloader
    MOVIDO pasta: C:\ProgramData\wFNnYZgoU\dat\EPliLJqOf.exe [Irrational Number Applications - WebShield]  =>PUP.Optional.WebShield
    MOVIDO pasta: C:\ProgramData\wFNnYZgoU\dat\IgTkjg.exe [Irrational Number Applications - WebShield]  =>PUP.Optional.WebShield
    MOVIDO pasta: C:\Documents and Settings\Dani\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage    =>PUP.Optional.Generic
    MOVIDO pasta: C:\Documents and Settings\Dani\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal    =>PUP.Optional.Generic
    MOVIDO arquivo: C:\Windows\Installer\MSIAC26.tmp-  =>Empty
    MOVIDO arquivo: C:\Windows\Installer\MSIB908.tmp-  =>Empty


    ---\\  Registro ( Chaves, Valores, Dados ) (21)
    SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2807476041-2843535405-863638596-1004\SOFTWARE\ICSW1.18 []  =>Adware.InstallCore
    SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2807476041-2843535405-863638596-1004\SOFTWARE\systweak []  =>.Superfluous.Systweak
    SUPRIMIDO chave: HKCU\Software\ICSW1.18 []  =>Adware.InstallCore
    SUPRIMIDO chave: HKCU\Software\systweak []  =>.Superfluous.Systweak
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\api.getmyprimarycolor.com [80090]  =>PUP.Optional.PrimaryColor
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\getmyprimarycolor.com []  =>PUP.Optional.PrimaryColor
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net [8]  =>PUP.Optional.Browser
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mixvideoplayer.com []  =>PUP.Optional.MixVideoPlayer
    SUPRIMIDO chave*: HKCU\Software\undefined []  =>.Superfluous.Downloader
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\SpeedUpMyPC [URL:SpeedUpMyPC Protocol]  =>PUP.Optional.SpeedUpMyPC
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\protector_dll.protectorbho [Google Toolbar Notifier BHO]  =>PUP.Optional.BProtector
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 [Google Toolbar Notifier BHO]  =>PUP.Optional.BProtector
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} [OCComSDK 1.0 Type Library]  =>PUP.Optional.OpenCandy
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\driverscanner [URL:DriverScanner Protocol]  =>PUP.Optional.DriverScanner
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO [Shopper Pro]  =>PUP.Optional.ShopperPro
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1 [Shopper Pro]  =>PUP.Optional.ShopperPro
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\DtsEncodeTools []  =>PUP.Optional.WeatherTool
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 []  =>.Superfluous.ByteTechnologies
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS []  =>.Superfluous.ByteTechnologies
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Systweak []  =>.Superfluous.Systweak
    SUPRIMIDO chave: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} [OCComSDK 1.0 Type Library]  =>PUP.Optional.OpenCandy


    ---\\  Resumo dos elementos encontrados na sua estação de trabalho (21)
    http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Gameo
    http://www.nicolascoolman.fr/?p=180  =>PUP.Optional.CrossRider
    http://www.nicolascoolman.fr/?p=316  =>PUP.Optional.MyPCBackup
    http://www.nicolascoolman.fr/?p=401  =>PUP.Optional.Downware
    http://www.nicolascoolman.fr/pup-optional-primarycolor/  =>PUP.Optional.PrimaryColor
    http://www.nicolascoolman.fr/pup-optional-tuto4pc/  =>.Superfluous.Tuto4PC
    http://www.nicolascoolman.fr/?p=1780  =>PUP.Optional.YTDownloader
    http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.WebShield
    http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Generic
    http://www.nicolascoolman.fr/?p=279  =>Adware.InstallCore
    http://www.nicolascoolman.fr/pup-systweak/  =>.Superfluous.Systweak
    http://www.nicolascoolman.fr/?p=546  =>PUP.Optional.Browser
    http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.MixVideoPlayer
    http://www.nicolascoolman.fr/?p=5145  =>.Superfluous.Downloader
    http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.SpeedUpMyPC
    http://www.nicolascoolman.fr/?p=533  =>PUP.Optional.BProtector
    http://www.nicolascoolman.fr/?p=197  =>PUP.Optional.OpenCandy
    http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.DriverScanner
    http://www.nicolascoolman.fr/pup-shopperpro/  =>PUP.Optional.ShopperPro
    http://www.nicolascoolman.fr/pup-optional-weathertool  =>PUP.Optional.WeatherTool
    http://www.nicolascoolman.fr/?p=5145  =>.Superfluous.ByteTechnologies


    ---\\  Dodatkowe oczyszczenie. (30)
    ~ Chave de registro Tracing Supprimido (30)
    ~ Remover os relatórios antigos ZHPCleaner. (0)


    ---\\ Resultado de reparação
    Reparação efectuada com sucesso
    ~ Este navegador está faltando ! (Opera Software)


    ---\\ Estatísticas
    ~ Items scan : 4489
    ~ Items encontrado : 0
    ~ items cancelados : 0
    ~ Items réparo : 34


    ~ End of clean in 00h00mn44s
    ===================
    ZHPCleaner-[R]-24022016-20_55_41.txt
    ZHPCleaner--24022016-20_54_09.txt
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @Felipe_Ino

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


    32 bit (x86) ou 64 bit (x64)

     

    • Clique duas vezes para executar a ferramenta.
      • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
    • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
    • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
    • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
    • Anexe o log Addition.txt

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Caro @diego_moicano segue o log e arquivo:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
    Ran by felip_000 (administrator) on DANI-NOTE (26-02-2016 23:19:43)
    Running from C:\Users\felip_000\Downloads
    Loaded Profiles: felip_000 (Available Profiles: Dani & felip_000)
    Platform: Windows 8.1 (X64) Language: Inglês (Estados Unidos)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
    (TorrentsTime) C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (Huawei Technologies Co., Ltd.) C:\Users\felip_000\AppData\Roaming\VIVO INTERNET\ouc.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.12.424\AsusWSPanel.exe
    (Farbar) C:\Users\felip_000\Downloads\FRST64 (1).exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [70656 2014-03-27] (Intel Corporation)
    HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe [5672960 2014-06-20] (Realtek Semiconductor)
    HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-24] (GAS Tecnologia LTDA)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-16] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.12.424\ASUSWSLoader.exe [63296 2014-10-23] ()
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-29] (Skype Technologies S.A.)
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] => C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\Run: [Chromium] => c:\users\felip_000\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {4044893f-cace-11e5-828d-7824afc65b72} - "E:\.\StartModem.exe" 
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {434ab848-c3ba-11e5-828b-7824afc65b72} - "E:\AutoRun.exe" 
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {434ab8c7-c3ba-11e5-828b-7824afc65b72} - "E:\AutoRun.exe" 
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {7d92a6fd-c541-11e5-828c-7824afc65b72} - "E:\AutoRun.exe" 
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
    ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll [2014-09-03] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll [2014-09-03] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll [2014-09-03] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{3BDACA4F-2B9B-45B7-BF65-4A98A0708C58}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{E169CA59-E397-4538-B6D9-1BD5B28D6AB7}: [DhcpNameServer] 192.168.5.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2807476041-2843535405-863638596-1004 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2807476041-2843535405-863638596-1004 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => No File
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-06] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\felip_000\AppData\Roaming\Mozilla\Firefox\Profiles\2cg5exf2.default
    FF DefaultSearchEngine: Search Provided by Yahoo
    FF SelectedSearchEngine: Search Provided by Yahoo
    FF Homepage: hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-06] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-05] ()
    FF Plugin HKU\S-1-5-21-2807476041-2843535405-863638596-1004: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [2016-02-15] (Torrents Time)
    FF Extension: Primary Color 1.0.1 - C:\Users\felip_000\AppData\Roaming\Mozilla\Firefox\Profiles\2cg5exf2.default\extensions\{d0caac53-e081-4c51-935a-8bc76f5a3ed8}.xpi [2016-02-12] [not signed]
    FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
    FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon [2015-12-02] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome: 
    =======
    CHR HomePage: Profile 1 -> hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_06&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDtAtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDzztDzz0F0DtDzztGyByEzzzytGzy0CtC0EtGyCzz0B0AtG0F0AyCyBtD0CtDzz0CyCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D1775980447%26a%3Dwbf_nwmeddnld_16_06%26os_ver%3D6.3%26os%3DWindows%2B8.1
    CHR StartupUrls: Profile 1 -> "hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_06&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDtAtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDzztDzz0F0DtDzztGyByEzzzytGzy0CtC0EtGyCzz0B0AtG0F0AyCyBtD0CtDzz0CyCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D1775980447%26a%3Dwbf_nwmeddnld_16_06%26os_ver%3D6.3%26os%3DWindows%2B8.1","search.mpc.am"
    CHR Profile: C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-29]
    CHR Extension: (Google Drive) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
    CHR Extension: (YouTube) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
    CHR Extension: (Google Search) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
    CHR Extension: (Google Docs Offline) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28]
    CHR Extension: (Norton Identity Safe) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-10-28]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-28]
    CHR Extension: (Red Livros) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnecgimhifkakdfbjbndjkckjddbjngl [2015-10-30]
    CHR Extension: (Gmail) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-29]
    CHR Profile: C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Apresentações) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-30]
    CHR Extension: (Google Docs) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01]
    CHR Extension: (Google Drive) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
    CHR Extension: (YouTube) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
    CHR Extension: (Google Search) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
    CHR Extension: (Planilhas do Google) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-30]
    CHR Extension: (Documentos Google off-line) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
    CHR Extension: (Gmail) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2014-05-14] (ASUSTek Computer Inc.)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2014-09-05] (Broadcom Corporation.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [80384 2014-03-27] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [92672 2014-03-27] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [88064 2014-03-27] (Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-11-09] (WildTangent)
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-07-04] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
    R2 TTService; C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3543576 2016-02-16] (TorrentsTime)
    S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] () [File not signed]
    R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-24] (GAS Tecnologia LTDA)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ar0543; C:\Windows\System32\drivers\ar0543.sys [65536 2014-07-07] (Intel Corporation)
    R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [79128 2014-03-31] (ASUS Corporation)
    R3 BcmGnssBus; C:\Windows\System32\drivers\BcmGnssBus.sys [111688 2014-03-04] (Broadcom Corporation)
    R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [372992 2014-09-05] (Broadcom Corp)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20151102.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
    R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [31744 2014-10-28] (Microsoft Corporation)
    R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [153304 2014-09-05] (Broadcom Corporation.)
    R3 camera; C:\Windows\system32\DRIVERS\camera.sys [574976 2014-07-07] (Intel Corporation)
    R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
    R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [26864 2014-03-27] (Intel Corporation)
    R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [29424 2014-03-27] (Intel Corporation)
    R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [42224 2014-03-27] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [94960 2014-03-27] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [234736 2014-03-27] (Intel Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
    R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-02-24] (GAS Tecnologia)
    R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
    R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-03-27] (Intel Corporation)
    R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [21504 2014-03-27] (Intel Corporation)
    R3 hm2056; C:\Windows\System32\drivers\hm2056.sys [52224 2014-07-07] (Intel Corporation)
    R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-03-27] (Intel Corporation)
    R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [101376 2014-03-27] (Intel Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20151126.001\IDSvia64.sys [767224 2015-10-29] (Symantec Corporation)
    R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [321536 2014-07-09] (Intel(R) Corporation)
    R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2016-02-15] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [27600 2014-03-27] (Intel Corporation)
    S3 mtkmbim; C:\Windows\system32\DRIVERS\mtkmbim7_x64.sys [208896 2012-12-12] (MediaTek Inc.)
    S3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20151130.003\ENG64.SYS [138488 2015-10-28] (Symantec Corporation)
    S3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20151130.003\EX64.SYS [2148080 2015-10-28] (Symantec Corporation)
    R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [57344 2014-03-27] (Intel Corporation)
    R3 rtii2sac64; C:\Windows\system32\DRIVERS\rtii2sac.sys [226520 2014-06-26] (Realtek Semiconductor Corp.)
    R3 RTLUE8023-W8-64; C:\Windows\system32\DRIVERS\rtu64w8.sys [100056 2014-01-06] (Realtek                                            )
    R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
    S4 SymELAM; C:\Windows\system32\drivers\NSx64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-09-02] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88080 2014-01-09] (Intel Corporation)
    R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2014-10-10] (MediaTek Inc.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
    S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
    U0 msahci; system32\drivers\msahci.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Three Months Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-26 23:08 - 2016-02-26 23:09 - 02371072 _____ (Farbar) C:\Users\felip_000\Downloads\FRST64 (1).exe
    2016-02-24 21:32 - 2016-02-24 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TorrentsTime Media Player
    2016-02-24 21:32 - 2016-02-24 21:32 - 00000000 ____D C:\Program Files (x86)\TorrentsTime Media Player
    2016-02-24 20:55 - 2016-02-24 20:55 - 00006825 _____ C:\Users\felip_000\Desktop\ZHPCleaner.txt
    2016-02-24 20:44 - 2016-02-24 20:55 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\ZHP
    2016-02-24 20:44 - 2016-02-24 20:44 - 00000885 _____ C:\Users\felip_000\Desktop\ZHPCleaner.lnk
    2016-02-24 20:39 - 2016-02-24 20:39 - 00000868 _____ C:\Users\felip_000\Desktop\JRT.txt
    2016-02-24 20:14 - 2016-02-24 20:14 - 02064896 _____ C:\Users\felip_000\Downloads\ZHPCleaner.exe
    2016-02-24 19:45 - 2016-02-24 19:45 - 00010221 _____ C:\Users\felip_000\Desktop\AdwCleaner[C3].txt
    2016-02-24 19:35 - 2016-02-24 19:35 - 01609216 _____ (Malwarebytes) C:\Users\felip_000\Downloads\JRT.exe
    2016-02-24 19:31 - 2016-02-24 19:31 - 01511936 _____ C:\Users\felip_000\Downloads\adwcleaner_5.036.exe
    2016-02-24 19:31 - 2016-02-24 19:31 - 01511936 _____ C:\Users\felip_000\Downloads\adwcleaner_5.036 (1).exe
    2016-02-23 22:40 - 2016-02-23 22:59 - 00000433 _____ C:\runcheck.txt
    2016-02-23 22:29 - 2016-02-23 22:29 - 00000000 ____D C:\zoek_backup
    2016-02-23 22:28 - 2016-02-23 22:28 - 01370112 _____ C:\Users\felip_000\Downloads\ZA-Scan.exe
    2016-02-20 21:53 - 2016-02-20 21:54 - 00631808 _____ C:\Windows\uvi.dat
    2016-02-15 22:45 - 2016-02-23 22:46 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-15 22:45 - 2016-02-23 22:46 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-15 22:43 - 2016-02-15 22:43 - 00987728 _____ (Google Inc.) C:\Users\felip_000\Downloads\ChromeSetup.exe
    2016-02-15 22:33 - 2016-02-15 22:33 - 00047776 _____ C:\Users\felip_000\Downloads\Addition.txt
    2016-02-15 22:31 - 2016-02-26 23:19 - 00033861 _____ C:\Users\felip_000\Downloads\FRST.txt
    2016-02-15 22:31 - 2016-02-26 23:19 - 00000000 ____D C:\FRST
    2016-02-15 22:28 - 2016-02-15 22:29 - 02370560 _____ (Farbar) C:\Users\felip_000\Downloads\FRST64.exe
    2016-02-15 22:13 - 2016-02-15 22:13 - 00000000 ____D C:\Users\felip_000\AppData\Local\Macromedia
    2016-02-15 22:10 - 2016-02-23 22:46 - 00002538 _____ C:\Users\felip_000\Desktop\Chromium.lnk
    2016-02-15 22:10 - 2016-02-15 22:10 - 00002332 _____ C:\Users\felip_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
    2016-02-15 22:09 - 2016-02-20 21:52 - 00000000 ____D C:\Users\felip_000\AppData\Local\Chromium
    2016-02-15 21:12 - 2016-02-15 21:12 - 00631808 _____ C:\Windows\gyr.dat
    2016-02-15 20:17 - 2016-02-24 19:42 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
    2016-02-15 20:17 - 2016-02-15 21:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-02-15 20:16 - 2016-02-15 20:16 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-02-15 20:16 - 2016-02-15 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-02-15 20:15 - 2016-02-15 20:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-02-15 20:15 - 2016-02-15 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-02-15 20:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-02-15 20:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-02-15 20:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-02-15 20:02 - 2016-02-24 19:39 - 00000000 ____D C:\AdwCleaner
    2016-02-13 07:16 - 2016-02-13 07:16 - 00000016 _____ C:\InjectIntoProcess crash
    2016-02-12 22:43 - 2016-02-12 22:43 - 00000000 ____D C:\Users\felip_000\AppData\Local\Setup2214203
    2016-02-12 22:33 - 2016-02-24 19:39 - 00000008 __RSH C:\ProgramData\ntuser.pol
    2016-02-12 22:30 - 2016-02-24 19:36 - 00000000 ____D C:\ProgramData\wFNnYZgoU
    2016-02-12 22:26 - 2016-02-12 22:26 - 00002031 _____ C:\Users\felip_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aliexpress .lnk
    2016-02-12 22:25 - 2016-02-15 22:08 - 00000000 ____D C:\Users\felip_000\AppData\Local\{59D96F85-7D71-033D-10E9-26D53481DA4D}
    2016-02-12 22:25 - 2016-02-15 22:07 - 00003508 _____ C:\Windows\System32\Tasks\Varredura ByteFence
    2016-02-12 22:25 - 2016-02-12 22:25 - 00000302 _____ C:\Users\felip_000\Desktop\Aliexpress.URL
    2016-02-12 22:13 - 2016-02-23 22:12 - 00000000 ____D C:\Users\felip_000\AppData\Local\Setup Wizard
    2016-02-12 22:13 - 2016-02-12 22:13 - 00022424 _____ C:\Windows\System32\Tasks\{0C0A0A47-0C09-080F-0F11-0505780F1104}
    2016-02-12 22:12 - 2016-02-23 22:18 - 00000000 ____D C:\ProgramData\WindowsMsg
    2016-02-12 22:12 - 2016-02-12 22:12 - 00003028 _____ C:\Windows\System32\Tasks\ttwifi
    2016-02-12 22:05 - 2016-02-12 22:05 - 00000000 ____D C:\Users\Public\Documents\Baidu
    2016-02-12 22:04 - 2016-02-20 21:51 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\Baidu
    2016-02-12 22:04 - 2016-02-20 21:51 - 00000000 ____D C:\ProgramData\baidu
    2016-02-12 21:58 - 2016-02-12 21:58 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\gplyra
    2016-02-12 21:21 - 2016-02-12 21:16 - 00000965 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2016-02-12 21:04 - 2016-02-12 21:05 - 06740514 _____ ( ) C:\Users\felip_000\Downloads\mkv-player-2-1-17-en-win.exe
    2016-02-12 19:54 - 2016-02-12 19:54 - 02807296 _____ (TorrentsTime ) C:\Users\felip_000\Downloads\torrentsTime-download.exe
    2016-02-11 19:49 - 2016-02-11 19:50 - 00017920 ___SH C:\Users\felip_000\Downloads\Thumbs.db
    2016-02-11 19:31 - 2016-02-06 07:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-02-11 19:31 - 2016-02-06 07:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-02-11 19:31 - 2016-02-06 07:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-02-11 19:31 - 2016-02-06 06:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-02-11 19:31 - 2016-02-06 06:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-02-11 19:31 - 2016-02-06 06:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-02-11 19:31 - 2016-02-06 06:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-02-11 19:31 - 2016-02-06 05:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-02-11 19:29 - 2016-01-22 05:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-02-11 19:29 - 2016-01-22 04:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-02-11 19:29 - 2016-01-22 02:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2016-02-11 19:29 - 2016-01-22 02:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2016-02-11 19:29 - 2016-01-22 02:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-02-11 19:29 - 2016-01-22 01:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-02-11 19:29 - 2016-01-10 14:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
    2016-02-11 19:29 - 2016-01-10 14:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
    2016-02-11 19:29 - 2016-01-10 14:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
    2016-02-11 19:29 - 2016-01-10 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
    2016-02-11 19:29 - 2016-01-10 14:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2016-02-11 19:29 - 2016-01-10 13:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2016-02-11 19:29 - 2016-01-10 13:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
    2016-02-11 19:29 - 2016-01-10 13:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2016-02-11 19:29 - 2016-01-10 13:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
    2016-02-11 19:29 - 2015-12-29 12:45 - 07783936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2016-02-11 19:29 - 2015-12-29 12:45 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
    2016-02-11 19:29 - 2015-12-29 12:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
    2016-02-11 19:29 - 2015-12-29 12:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2016-02-11 19:27 - 2016-01-14 22:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-02-11 19:27 - 2016-01-14 17:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-02-11 19:27 - 2016-01-14 17:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-02-11 19:27 - 2016-01-14 17:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-02-11 19:27 - 2016-01-14 17:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-02-11 19:27 - 2016-01-14 17:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-02-11 19:27 - 2016-01-14 17:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-02-11 19:26 - 2016-01-22 03:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-02-11 19:26 - 2016-01-22 03:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-02-11 19:26 - 2016-01-22 03:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2016-02-11 19:26 - 2016-01-22 03:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-02-11 19:26 - 2016-01-22 03:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-02-11 19:26 - 2016-01-22 02:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-02-11 19:26 - 2016-01-22 02:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2016-02-11 19:26 - 2016-01-22 02:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-02-11 19:26 - 2016-01-22 02:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-02-11 19:26 - 2016-01-22 02:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-02-11 19:26 - 2016-01-22 02:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-02-11 19:26 - 2016-01-22 02:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-02-11 19:26 - 2016-01-22 02:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-02-11 19:26 - 2016-01-22 02:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-02-11 19:26 - 2016-01-22 02:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-02-11 19:26 - 2016-01-22 02:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-02-11 19:26 - 2016-01-22 02:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2016-02-11 19:26 - 2016-01-22 02:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-02-11 19:26 - 2016-01-22 02:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-02-11 19:26 - 2016-01-22 02:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-02-11 19:26 - 2016-01-22 02:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-02-11 19:26 - 2016-01-22 02:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-02-11 19:26 - 2016-01-22 02:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-02-11 19:26 - 2016-01-22 02:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-02-11 19:26 - 2016-01-19 16:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-02-11 19:26 - 2016-01-19 16:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
    2016-02-11 19:26 - 2016-01-19 16:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
    2016-02-11 19:26 - 2016-01-19 16:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-02-11 19:26 - 2016-01-19 16:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-02-11 19:26 - 2016-01-19 15:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
    2016-02-11 19:26 - 2016-01-19 15:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-02-11 19:26 - 2016-01-19 15:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
    2016-02-11 19:26 - 2016-01-19 15:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
    2016-02-11 19:26 - 2016-01-19 14:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-02-11 19:26 - 2016-01-19 13:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
    2016-02-11 19:26 - 2016-01-10 16:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-02-11 19:26 - 2016-01-10 16:37 - 00136912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-02-11 19:26 - 2016-01-10 15:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-02-11 19:26 - 2016-01-10 15:15 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-02-11 19:26 - 2016-01-10 15:15 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-02-11 19:26 - 2016-01-10 14:43 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-02-11 19:26 - 2016-01-10 14:09 - 01442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-02-11 19:26 - 2016-01-10 14:09 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-02-11 19:26 - 2016-01-10 14:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-02-11 19:26 - 2016-01-10 13:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
    2016-02-11 19:26 - 2016-01-10 13:51 - 03707392 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-02-11 19:26 - 2016-01-10 13:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-02-11 19:26 - 2016-01-10 13:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-02-11 19:26 - 2016-01-10 13:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-02-11 19:26 - 2016-01-10 13:36 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2016-02-11 19:26 - 2016-01-10 13:36 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-02-11 19:26 - 2016-01-10 13:35 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-02-11 19:26 - 2016-01-10 13:35 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-02-11 19:26 - 2016-01-10 13:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-02-11 19:26 - 2016-01-10 13:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-02-11 19:26 - 2016-01-10 13:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-02-11 19:26 - 2016-01-10 13:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-02-11 19:26 - 2016-01-07 15:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-02-11 19:26 - 2016-01-06 15:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-02-11 19:26 - 2015-12-28 18:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
    2016-02-11 19:26 - 2015-12-28 17:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
    2016-02-11 19:25 - 2015-12-17 15:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2016-02-11 19:25 - 2015-12-17 13:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2016-02-10 21:07 - 2016-02-10 21:07 - 00000000 ____D C:\Users\felip_000\AppData\LocalLow\uTorrent
    2016-02-10 20:45 - 2016-02-10 21:35 - 00000000 ____D C:\Users\felip_000\Downloads\The Last Witch Hunter (2015) [1080p] [YTS.AG]
    2016-02-10 20:43 - 2016-02-10 20:43 - 00059284 _____ C:\Users\felip_000\Downloads\THLSTWTCHHNTR-1080p.rar
    2016-02-10 20:43 - 2016-01-21 23:16 - 00033938 _____ C:\Users\felip_000\Downloads\The.Last.Witch.Hunter.2015.1080p.BluRay.x264-[YTS.AG].torrent
    2016-02-10 20:43 - 2016-01-20 13:42 - 00066912 _____ C:\Users\felip_000\Downloads\The.Last.Witch.Hunter.2015.1080p.BluRay.x264-[YTS.AG].srt
    2016-02-06 13:59 - 2016-02-06 13:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_usb2ser_01005.Wdf
    2016-02-06 13:58 - 2016-02-06 13:58 - 00001125 _____ C:\Users\Public\Desktop\D-Link Connection Manager.lnk
    2016-02-06 13:58 - 2016-02-06 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link Connection Manager
    2016-02-06 13:58 - 2016-02-06 13:58 - 00000000 ____D C:\Program Files (x86)\D-Link Connection Manager
    2016-02-06 13:58 - 2014-10-10 19:39 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01005.dll
    2016-02-06 13:58 - 2014-10-10 19:39 - 00081408 _____ (MediaTek Inc.) C:\Windows\system32\Drivers\usb2ser.sys
    2016-02-06 13:58 - 2014-10-10 19:25 - 00103424 _____ (Thesycon GmbH) C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll
    2016-01-28 18:12 - 2016-02-06 09:45 - 00024576 ___SH C:\Users\felip_000\Desktop\Thumbs.db
    2016-01-27 20:34 - 2016-01-27 20:34 - 00000000 ____D C:\Users\felip_000\AppData\Local\ElevatedDiagnostics
    2016-01-27 19:12 - 2016-01-27 19:12 - 00001186 _____ C:\Users\Public\Desktop\Kantoo English.lnk
    2016-01-27 19:12 - 2016-01-27 19:12 - 00001041 _____ C:\Users\Public\Desktop\VIVO INTERNET.lnk
    2016-01-27 19:12 - 2016-01-27 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVO INTERNET
    2016-01-27 19:12 - 2011-01-30 18:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
    2016-01-27 19:12 - 2011-01-30 18:19 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
    2016-01-27 19:12 - 2011-01-30 18:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
    2016-01-27 19:12 - 2011-01-30 18:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
    2016-01-27 19:12 - 2011-01-30 18:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
    2016-01-27 19:12 - 2010-12-24 11:48 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
    2016-01-27 19:12 - 2010-12-23 09:48 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
    2016-01-27 19:12 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
    2016-01-27 19:12 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
    2016-01-27 19:12 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
    2016-01-27 19:12 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
    2016-01-27 19:12 - 2010-03-20 12:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
    2016-01-27 18:56 - 2016-01-27 19:07 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\VIVO INTERNET
    2016-01-27 18:56 - 2016-01-27 18:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
    2016-01-27 18:55 - 2016-01-27 19:13 - 00002357 _____ C:\Users\Public\Desktop\Guia Vivo Internet.lnk
    2016-01-27 18:55 - 2016-01-27 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivo
    2016-01-27 18:55 - 2016-01-27 18:55 - 00000000 ____D C:\Program Files (x86)\Vivo
    2016-01-27 18:54 - 2016-01-27 19:13 - 00000000 ____D C:\Program Files (x86)\VIVO INTERNET
    2016-01-27 18:54 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
    2016-01-27 18:54 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
    2016-01-27 18:52 - 2016-01-27 19:12 - 00000000 ____D C:\ProgramData\DatacardService
    2016-01-25 09:17 - 2016-01-25 09:17 - 04750212 _____ C:\Users\felip_000\Downloads\DOCUMENTOS PARA HABILITAÇÃO RADAR.pdf
    2016-01-19 19:55 - 2016-01-19 19:55 - 00062606 _____ C:\Users\felip_000\Downloads\SHHD.rar
    2016-01-19 19:55 - 2015-08-16 11:13 - 00021033 _____ C:\Users\felip_000\Downloads\Shahid (2013) DVDRip 720p x264 ESub MaNuDiL SilverRG.torrent
    2016-01-15 18:49 - 2016-01-15 19:28 - 00000000 ____D C:\Users\felip_000\Downloads\The Martian (2015)
    2016-01-15 18:47 - 2016-01-15 18:47 - 00065349 _____ C:\Users\felip_000\Downloads\THMRTN-720p-YTS.rar
    2016-01-15 18:47 - 2016-01-03 14:11 - 00021693 _____ C:\Users\felip_000\Downloads\The.Martian.2015.720p.BluRay.x264.[YTS.AG].torrent
    2016-01-15 18:47 - 2015-12-31 18:41 - 00123661 _____ C:\Users\felip_000\Downloads\The.Martian.2015.720p.BluRay.x264.[YTS.AG].srt
    2016-01-15 16:50 - 2016-01-25 09:19 - 00000000 ____D C:\Users\felip_000\Downloads\The 100 S02E04 HDTV x264-KILLERS[ettv]
    2016-01-15 16:49 - 2016-01-25 09:19 - 00000000 ____D C:\Users\felip_000\Downloads\The 100 S02E05 HDTV x264-KILLERS[ettv]
    2016-01-15 16:48 - 2014-12-05 00:03 - 00039358 _____ C:\Users\felip_000\Downloads\The.100.S02E06.HDTV.x264-KILLERS.srt
    2016-01-15 16:47 - 2016-01-15 16:43 - 379867289 ____R C:\Users\felip_000\Downloads\The.100.S02E06.HDTV.x264-KILLERS.mp4
    2016-01-13 21:13 - 2015-11-17 18:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-01-13 20:59 - 2015-12-11 00:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
    2016-01-13 20:59 - 2015-12-03 15:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-01-13 20:59 - 2015-12-03 15:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2016-01-13 20:59 - 2015-12-03 15:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
    2016-01-13 20:59 - 2015-12-03 15:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
    2016-01-13 20:59 - 2015-12-03 15:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
    2016-01-13 20:59 - 2015-12-03 14:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-01-13 20:59 - 2015-12-03 14:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
    2016-01-13 20:59 - 2015-12-03 14:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2016-01-13 20:59 - 2015-12-03 14:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
    2016-01-13 20:59 - 2015-12-03 14:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
    2016-01-13 20:59 - 2015-12-03 14:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
    2016-01-13 20:59 - 2015-12-03 14:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
    2016-01-13 20:59 - 2015-12-03 14:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2016-01-13 20:59 - 2015-12-03 14:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
    2016-01-13 20:59 - 2015-12-03 13:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
    2016-01-13 20:59 - 2015-12-03 13:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
    2016-01-13 20:59 - 2015-12-02 12:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2016-01-13 20:59 - 2015-12-02 12:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2016-01-13 20:58 - 2015-12-08 16:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-01-13 20:58 - 2015-12-08 16:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-01-13 20:58 - 2015-12-07 07:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-01-13 20:58 - 2015-12-04 12:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-01-13 20:58 - 2015-12-03 16:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2016-01-13 20:58 - 2015-12-03 16:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-01-13 20:58 - 2015-12-03 16:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
    2016-01-13 20:58 - 2015-12-03 15:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2016-01-13 20:58 - 2015-12-03 15:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-01-13 20:58 - 2015-12-03 15:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2016-01-13 20:58 - 2015-12-03 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-01-13 20:58 - 2015-12-03 13:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-01-10 15:58 - 2016-01-10 15:58 - 00000000 ____D C:\Users\felip_000\Tracing
    2016-01-10 15:57 - 2016-02-26 23:04 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\Skype
    2016-01-10 15:57 - 2016-01-25 20:21 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-01-10 15:57 - 2016-01-10 15:57 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-01-10 15:57 - 2016-01-10 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-01-10 15:56 - 2016-01-10 15:57 - 00000000 ____D C:\ProgramData\Skype
    2016-01-10 15:55 - 2016-01-10 15:55 - 01503872 _____ (Skype Technologies S.A.) C:\Users\felip_000\Desktop\SkypeSetup.exe
    2016-01-08 19:46 - 2016-01-08 19:47 - 00000000 ____D C:\ProgramData\TuneUp Software
    2016-01-08 19:46 - 2016-01-08 19:46 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\TuneUp Software
    2016-01-08 19:46 - 2016-01-08 19:46 - 00000000 ____D C:\Users\felip_000\AppData\Local\TuneUp Software
    2016-01-08 19:45 - 2016-01-08 19:59 - 00000000 ____D C:\ProgramData\Freemake
    2016-01-08 19:45 - 2016-01-08 19:59 - 00000000 ____D C:\Program Files (x86)\Freemake
    2016-01-08 19:45 - 2016-01-08 19:46 - 00000000 ____D C:\Users\felip_000\Documents\Freemake
    2016-01-08 19:29 - 2016-01-08 19:29 - 00000000 ____D C:\Users\felip_000\AppData\Local\TempTaskUpdateDetectionF9D98D51-72BE-4976-826A-C1B540A0E87F
    2016-01-08 18:18 - 2016-01-07 17:55 - 08779666 ____R C:\Users\felip_000\Downloads\Event20160107185023020_roubo.avi
    2015-12-27 20:29 - 2015-12-27 20:35 - 153627562 _____ C:\Users\felip_000\Downloads\Z.S01E05.Leg.[www.theseriesdubladas.com].rar
    2015-12-27 20:29 - 2015-12-27 20:32 - 161973919 _____ C:\Users\felip_000\Downloads\Z.S01E04.Leg.[www.theseriesdubladas.com].rar
    2015-12-25 23:09 - 2015-07-16 12:27 - 155901086 _____ C:\Users\felip_000\Downloads\Zoo.S01E03.Leg.[www.theseriesdubladas.com].mp4
    2015-12-25 22:51 - 2015-07-11 03:23 - 155085775 _____ C:\Users\felip_000\Downloads\Zoo.S01E02.Leg.[www.theseriesdubladas.com].mp4
    2015-12-25 22:44 - 2015-12-25 23:09 - 155901191 _____ C:\Users\felip_000\Downloads\Z.S01E03.Leg.[www.theseriesdubladas.com].rar
    2015-12-25 22:42 - 2015-12-25 22:45 - 155085880 _____ C:\Users\felip_000\Downloads\Z.S01E02.Leg.[www.theseriesdubladas.com].rar
    2015-12-21 20:00 - 2015-07-02 13:48 - 154038460 _____ C:\Users\felip_000\Downloads\Zoo.S01E01.Leg.[www.theseriesdubladas.com].mp4
    2015-12-21 19:53 - 2015-12-21 19:58 - 154038567 _____ C:\Users\felip_000\Downloads\Z.S01E01.Leg.[www.theseriesdubladas.com].rar
    2015-12-20 20:02 - 2015-12-20 20:02 - 00524288 _____ C:\mem_dump
    2015-12-20 18:22 - 2015-10-05 15:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
    2015-12-20 18:22 - 2015-10-05 15:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2015-12-20 17:43 - 2015-10-11 03:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
    2015-12-20 17:43 - 2015-10-11 03:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2015-12-20 17:43 - 2015-10-11 03:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2015-12-20 17:43 - 2015-10-11 03:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2015-12-20 17:43 - 2015-10-11 03:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2015-12-20 17:43 - 2015-10-10 15:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2015-12-20 17:43 - 2015-10-10 15:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2015-12-20 17:43 - 2015-10-10 15:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
    2015-12-20 17:43 - 2015-10-03 16:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-12-20 17:43 - 2015-10-03 16:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-12-20 17:41 - 2015-10-08 13:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
    2015-12-20 17:41 - 2015-10-08 12:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
    2015-12-20 17:16 - 2016-02-12 21:21 - 00000000 ____D C:\Users\felip_000\Downloads\PopcornTime
    2015-12-20 17:15 - 2015-12-20 21:14 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
    2015-12-20 17:15 - 2015-12-20 17:15 - 00001211 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
    2015-12-20 17:15 - 2015-12-20 17:15 - 00000000 ____D C:\Users\felip_000\AppData\Local\PopcornTimeDesktop
    2015-12-20 17:15 - 2015-12-20 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
    2015-12-20 17:12 - 2015-12-20 17:13 - 48359224 _____ (Popcorn Time ) C:\Users\felip_000\Downloads\PopcornTime-latest.exe
    2015-12-17 20:41 - 2015-12-17 20:41 - 00000000 ____D C:\Users\felip_000\AppData\Local\TempTaskUpdateDetection2DF53862-6AFB-4E94-9A0E-144A365EE83E
    2015-12-16 11:34 - 2016-02-23 22:39 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2015-12-16 11:33 - 2015-12-16 11:33 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-12-14 19:17 - 2015-12-16 11:27 - 00000000 ____D C:\2d3e9d22cd8c044ea2f431f4f295
    2015-12-12 19:18 - 2015-11-11 12:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-12-12 19:18 - 2015-11-11 12:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-12-12 19:18 - 2015-11-09 21:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-12-12 19:18 - 2015-11-09 21:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-12-12 19:18 - 2015-11-09 20:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2015-12-12 19:18 - 2015-11-08 19:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-12-12 19:18 - 2015-11-08 18:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-12-12 19:18 - 2015-11-08 18:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-12-12 19:17 - 2015-11-22 03:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-12-12 19:17 - 2015-11-22 03:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-12-12 19:17 - 2015-11-22 03:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-12-12 19:17 - 2015-11-22 03:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-12-12 19:17 - 2015-11-21 15:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-12-12 19:17 - 2015-11-21 14:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-12-12 19:17 - 2015-11-21 13:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2015-12-12 19:17 - 2015-11-21 13:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2015-12-12 19:17 - 2015-11-21 13:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
    2015-12-12 19:17 - 2015-11-21 13:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
    2015-12-12 19:17 - 2015-11-20 15:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-12-12 19:17 - 2015-11-08 21:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2015-12-12 19:17 - 2015-11-08 18:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-12-12 19:17 - 2015-11-08 18:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-12-12 19:17 - 2015-11-08 18:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
    2015-12-12 19:17 - 2015-11-08 17:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-12-12 19:17 - 2015-11-08 17:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2015-12-12 19:17 - 2015-11-08 17:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2015-12-12 19:17 - 2015-11-05 05:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
    2015-12-02 19:39 - 2015-12-02 19:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
    2015-12-02 19:34 - 2015-12-02 19:34 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
    2015-11-30 18:34 - 2015-11-30 18:37 - 00000000 ____D C:\Users\felip_000\Downloads\Ash.vs.Evil.Dead.S01E02.HDTV.x264-KILLERS[ettv]
    2015-11-30 18:33 - 2015-11-30 18:33 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\Macromedia
    2015-11-30 18:33 - 2015-11-22 20:35 - 00058744 _____ C:\Users\felip_000\Downloads\Ash.vs.Evil.Dead.S01E02.720p.HDTV.x264-KILLERS.torrent
    2015-11-30 18:33 - 2015-11-22 20:35 - 00003229 _____ C:\Users\felip_000\Downloads\Ash.vs.Evil.Dead.S01E02.HDTV.x264-KILLER.torrent
    2015-11-30 18:33 - 2015-11-08 19:44 - 00027051 _____ C:\Users\felip_000\Downloads\Ash.vs.Evil.Dead.S01E02.HDTV.x264-KILLER.srt
    2015-11-30 18:33 - 2015-11-08 12:29 - 00027656 _____ C:\Users\felip_000\Downloads\Ash.vs.Evil.Dead.S01E02.720p.HDTV.x264-KILLERS.srt
    2015-11-30 18:32 - 2015-11-30 18:32 - 00083074 _____ C:\Users\felip_000\Downloads\SHVSVLDD-102.rar
    2015-11-30 18:22 - 2015-11-30 18:22 - 00000000 ____D C:\Users\felip_000\Desktop\LIVROS

    ==================== Three Months Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-26 23:05 - 2015-10-09 00:09 - 00000000 ____D C:\Users\felip_000\OneDrive
    2016-02-26 23:03 - 2014-11-01 08:42 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-26 23:02 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-02-24 21:51 - 2015-10-09 00:07 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2807476041-2843535405-863638596-1004
    2016-02-24 21:31 - 2014-11-01 08:42 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-24 21:26 - 2014-11-01 19:41 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-02-24 19:46 - 2014-10-25 01:03 - 00776448 _____ C:\Windows\system32\prfh0416.dat
    2016-02-24 19:46 - 2014-10-25 01:03 - 00159344 _____ C:\Windows\system32\prfc0416.dat
    2016-02-24 19:46 - 2014-03-18 07:03 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-02-24 19:46 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Inf
    2016-02-24 19:45 - 2015-10-09 00:10 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F105407-6600-4B3B-9DCD-A116106D2DB1}
    2016-02-24 19:41 - 2014-11-19 23:16 - 00000000 ____D C:\Program Files (x86)\GbPlugin
    2016-02-24 19:41 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-02-24 19:41 - 2013-08-22 10:25 - 00524288 ___SH C:\Windows\system32\config\BBI
    2016-02-23 22:59 - 2015-10-28 20:16 - 00000000 ____D C:\Users\felip_000\AppData\Local\CrashDumps
    2016-02-23 22:46 - 2015-10-30 17:35 - 00002457 _____ C:\Users\felip_000\Desktop\Pessoa 1 - Chrome.lnk
    2016-02-23 22:39 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
    2016-02-23 22:36 - 2014-11-19 23:16 - 00000000 ____D C:\ProgramData\GbPlugin
    2016-02-23 22:27 - 2013-08-22 12:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-02-23 22:25 - 2015-04-06 23:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-02-20 21:51 - 2013-08-22 12:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-15 22:47 - 2014-11-01 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-15 22:45 - 2014-11-01 08:42 - 00000000 ____D C:\Program Files (x86)\Google
    2016-02-15 20:02 - 2013-08-22 10:25 - 00000194 _____ C:\Windows\win.ini
    2016-02-15 19:56 - 2015-10-08 23:59 - 00000000 ____D C:\Users\felip_000
    2016-02-14 06:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
    2016-02-12 19:30 - 2013-08-22 11:44 - 00483848 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-02-11 23:19 - 2014-12-18 02:08 - 00000000 ____D C:\Windows\system32\appraiser
    2016-02-11 23:19 - 2014-03-18 06:45 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-11 23:19 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\ToastData
    2016-02-11 19:56 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-02-11 19:44 - 2014-11-06 02:59 - 00000000 ____D C:\Windows\system32\MRT
    2016-02-11 19:35 - 2014-11-06 02:59 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-02-11 19:25 - 2015-11-10 21:59 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-02-11 19:25 - 2015-11-10 21:59 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-02-10 23:32 - 2015-11-03 19:58 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\uTorrent
    2016-02-10 19:27 - 2014-11-01 19:41 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-02-01 23:37 - 2013-08-22 12:38 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-02-01 23:37 - 2013-08-22 12:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-01 21:26 - 2014-11-01 08:42 - 00004068 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-01 21:26 - 2014-11-01 08:42 - 00003832 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    ==================== Files in the root of some directories =======

    2014-09-05 21:19 - 2014-03-25 22:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
    2014-05-16 17:02 - 2014-03-26 17:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
    2014-05-16 17:02 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2014-05-16 17:02 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

    Files to move or delete:
    ====================
    C:\ProgramData\RefreshReg.vbs


    Some files in TEMP:
    ====================
    C:\Users\felip_000\AppData\Local\Temp\0CRGJD50O2.exe
    C:\Users\felip_000\AppData\Local\Temp\1456015903.exe
    C:\Users\felip_000\AppData\Local\Temp\16C1.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\2669.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\3A78.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\49C3.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\6CCE.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\7za.exe
    C:\Users\felip_000\AppData\Local\Temp\8913.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\A894.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\B84C.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\CB90.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\DAEB.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\felip_000\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\felip_000\AppData\Local\Temp\FE73.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\hijackthis.exe
    C:\Users\felip_000\AppData\Local\Temp\MHVA9DBNOS.exe
    C:\Users\felip_000\AppData\Local\Temp\NirCmd.exe
    C:\Users\felip_000\AppData\Local\Temp\PEVZ.EXE
    C:\Users\felip_000\AppData\Local\Temp\remove.exe
    C:\Users\felip_000\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\felip_000\AppData\Local\Temp\SDShelEx-x64.dll
    C:\Users\felip_000\AppData\Local\Temp\sed.exe
    C:\Users\felip_000\AppData\Local\Temp\setup_1D88.exe
    C:\Users\felip_000\AppData\Local\Temp\shortcut.exe
    C:\Users\felip_000\AppData\Local\Temp\sqlite3.dll
    C:\Users\felip_000\AppData\Local\Temp\swreg.exe
    C:\Users\felip_000\AppData\Local\Temp\swxcacls.exe
    C:\Users\felip_000\AppData\Local\Temp\VoluminousTercentenaries.dll
    C:\Users\felip_000\AppData\Local\Temp\wget.exe
    C:\Users\felip_000\AppData\Local\Temp\ZAScan.exe
    C:\Users\felip_000\AppData\Local\Temp\zoek-delete.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-10 20:10

    ==================== End of FRST.txt ============================

    Addition_26-02-2016_23-23-50.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @Felipe_Ino

     

    O FRST deve ser executado da Área de Trabalho (Desktop), no entanto você executou da pasta:

     

    Running from C:\Users\felip_000\Downloads

     

    Delete-o daí, baixe um novo para o Desktop, execute o FRST, marque a opção Addition e clique no botão Examinar. Poste os logs.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Foi mal, segue.

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
    Ran by felip_000 (administrator) on DANI-NOTE (28-02-2016 16:24:36)
    Running from C:\Users\felip_000\Desktop
    Loaded Profiles: felip_000 (Available Profiles: Dani & felip_000)
    Platform: Windows 8.1 (X64) Language: Inglês (Estados Unidos)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    () C:\ProgramData\DatacardService\HWDeviceService64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
    (TorrentsTime) C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\ns.exe
    (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Huawei Technologies Co., Ltd.) C:\Users\felip_000\AppData\Roaming\VIVO INTERNET\ouc.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.12.424\AsusWSPanel.exe
    (BitTorrent Inc.) C:\Users\felip_000\AppData\Roaming\uTorrent\uTorrent.exe
    (BitTorrent Inc.) C:\Users\felip_000\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
    (BitTorrent Inc.) C:\Users\felip_000\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\felip_000\Desktop\FRST64 (1).exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [70656 2014-03-27] (Intel Corporation)
    HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI64.exe [5672960 2014-06-20] (Realtek Semiconductor)
    HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-24] (GAS Tecnologia LTDA)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-16] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.12.424\ASUSWSLoader.exe [63296 2014-10-23] ()
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-29] (Skype Technologies S.A.)
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] => C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\Run: [Chromium] => "c:\users\felip_000\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\RunOnce: [UpdateTask] => [X]
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {4044893f-cace-11e5-828d-7824afc65b72} - "E:\.\StartModem.exe" 
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {434ab848-c3ba-11e5-828b-7824afc65b72} - "E:\AutoRun.exe" 
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {434ab8c7-c3ba-11e5-828b-7824afc65b72} - "E:\AutoRun.exe" 
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {7d92a6fd-c541-11e5-828c-7824afc65b72} - "E:\AutoRun.exe" 
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
    ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll [2014-09-03] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll [2014-09-03] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.12.424\ASUSWSShellExt64.dll [2014-09-03] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3BDACA4F-2B9B-45B7-BF65-4A98A0708C58}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{E169CA59-E397-4538-B6D9-1BD5B28D6AB7}: [DhcpNameServer] 192.168.5.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2807476041-2843535405-863638596-1004 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2807476041-2843535405-863638596-1004 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => No File
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-06] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\felip_000\AppData\Roaming\Mozilla\Firefox\Profiles\2cg5exf2.default
    FF DefaultSearchEngine: Search Provided by Yahoo
    FF SelectedSearchEngine: Search Provided by Yahoo
    FF Homepage: hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-06] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-05] ()
    FF Plugin HKU\S-1-5-21-2807476041-2843535405-863638596-1004: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [2016-02-15] (Torrents Time)
    FF Extension: Primary Color 1.0.1 - C:\Users\felip_000\AppData\Roaming\Mozilla\Firefox\Profiles\2cg5exf2.default\extensions\{d0caac53-e081-4c51-935a-8bc76f5a3ed8}.xpi [2016-02-12] [not signed]
    FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
    FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon [2015-12-02] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.0.2.17\coFFAddon
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome: 
    =======
    CHR HomePage: Profile 1 -> hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_06&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDtAtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDzztDzz0F0DtDzztGyByEzzzytGzy0CtC0EtGyCzz0B0AtG0F0AyCyBtD0CtDzz0CyCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D1775980447%26a%3Dwbf_nwmeddnld_16_06%26os_ver%3D6.3%26os%3DWindows%2B8.1
    CHR StartupUrls: Profile 1 -> "hxxps://www.google.com.br/"
    CHR Profile: C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-29]
    CHR Extension: (Google Drive) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
    CHR Extension: (YouTube) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
    CHR Extension: (Google Search) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
    CHR Extension: (Google Docs Offline) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28]
    CHR Extension: (Norton Identity Safe) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-10-28]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-28]
    CHR Extension: (Red Livros) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnecgimhifkakdfbjbndjkckjddbjngl [2015-10-30]
    CHR Extension: (Gmail) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-29]
    CHR Profile: C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Apresentações) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-30]
    CHR Extension: (Google Docs) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-01]
    CHR Extension: (Google Drive) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
    CHR Extension: (YouTube) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
    CHR Extension: (Google Search) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
    CHR Extension: (Planilhas do Google) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-30]
    CHR Extension: (Documentos Google off-line) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
    CHR Extension: (Gmail) - C:\Users\felip_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2014-05-14] (ASUSTek Computer Inc.)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2014-09-05] (Broadcom Corporation.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [80384 2014-03-27] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [92672 2014-03-27] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [88064 2014-03-27] (Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-11-09] (WildTangent)
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
    R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-07-04] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
    R2 TTService; C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3543576 2016-02-16] (TorrentsTime)
    S2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] () [File not signed]
    R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-24] (GAS Tecnologia LTDA)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ar0543; C:\Windows\System32\drivers\ar0543.sys [65536 2014-07-07] (Intel Corporation)
    R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [79128 2014-03-31] (ASUS Corporation)
    R3 BcmGnssBus; C:\Windows\System32\drivers\BcmGnssBus.sys [111688 2014-03-04] (Broadcom Corporation)
    R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [372992 2014-09-05] (Broadcom Corp)
    R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\BASHDefs\20151102.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
    R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [31744 2014-10-28] (Microsoft Corporation)
    R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [153304 2014-09-05] (Broadcom Corporation.)
    R3 camera; C:\Windows\system32\DRIVERS\camera.sys [574976 2014-07-07] (Intel Corporation)
    R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
    R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [26864 2014-03-27] (Intel Corporation)
    R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [29424 2014-03-27] (Intel Corporation)
    R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [42224 2014-03-27] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [94960 2014-03-27] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [234736 2014-03-27] (Intel Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
    R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-02-24] (GAS Tecnologia)
    R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
    R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-03-27] (Intel Corporation)
    R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [21504 2014-03-27] (Intel Corporation)
    R3 hm2056; C:\Windows\System32\drivers\hm2056.sys [52224 2014-07-07] (Intel Corporation)
    R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-03-27] (Intel Corporation)
    R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [101376 2014-03-27] (Intel Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\IPSDefs\20151126.001\IDSvia64.sys [767224 2015-10-29] (Symantec Corporation)
    R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [321536 2014-07-09] (Intel(R) Corporation)
    R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2016-02-15] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [27600 2014-03-27] (Intel Corporation)
    S3 mtkmbim; C:\Windows\system32\DRIVERS\mtkmbim7_x64.sys [208896 2012-12-12] (MediaTek Inc.)
    S3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20151130.003\ENG64.SYS [138488 2015-10-28] (Symantec Corporation)
    S3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20151130.003\EX64.SYS [2148080 2015-10-28] (Symantec Corporation)
    R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [57344 2014-03-27] (Intel Corporation)
    R3 rtii2sac64; C:\Windows\system32\DRIVERS\rtii2sac.sys [226520 2014-06-26] (Realtek Semiconductor Corp.)
    R3 RTLUE8023-W8-64; C:\Windows\system32\DRIVERS\rtu64w8.sys [100056 2014-01-06] (Realtek                                            )
    R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
    S4 SymELAM; C:\Windows\system32\drivers\NSx64\1605050.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-09-02] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88080 2014-01-09] (Intel Corporation)
    R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2014-10-10] (MediaTek Inc.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
    S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
    U0 msahci; system32\drivers\msahci.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Three Months Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-28 16:24 - 2016-02-28 16:24 - 00033723 _____ C:\Users\felip_000\Desktop\FRST.txt
    2016-02-28 16:24 - 2016-02-26 23:09 - 02371072 _____ (Farbar) C:\Users\felip_000\Desktop\FRST64 (1).exe
    2016-02-27 19:15 - 2016-02-27 20:46 - 00000000 ____D C:\Users\felip_000\Downloads\The.Visit.2015.720p.BluRay.H264.AAC-RARBG
    2016-02-27 19:15 - 2016-02-27 19:15 - 00055606 _____ C:\Users\felip_000\Downloads\THVST-720p.rar
    2016-02-27 19:15 - 2015-12-18 20:43 - 00024674 _____ C:\Users\felip_000\Downloads\The.Visit.2015.720p.BluRay.H264.AAC-RARBG.torrent
    2016-02-27 19:15 - 2015-12-16 16:02 - 00082710 _____ C:\Users\felip_000\Downloads\The.Visit.2015.720p.BluRay.H264.AAC-RARBG.srt
    2016-02-26 23:08 - 2016-02-26 23:09 - 02371072 _____ (Farbar) C:\Users\felip_000\Downloads\FRST64 (1).exe
    2016-02-24 21:32 - 2016-02-24 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TorrentsTime Media Player
    2016-02-24 21:32 - 2016-02-24 21:32 - 00000000 ____D C:\Program Files (x86)\TorrentsTime Media Player
    2016-02-24 20:55 - 2016-02-24 20:55 - 00006825 _____ C:\Users\felip_000\Desktop\ZHPCleaner.txt
    2016-02-24 20:44 - 2016-02-24 20:55 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\ZHP
    2016-02-24 20:44 - 2016-02-24 20:44 - 00000885 _____ C:\Users\felip_000\Desktop\ZHPCleaner.lnk
    2016-02-24 20:39 - 2016-02-24 20:39 - 00000868 _____ C:\Users\felip_000\Desktop\JRT.txt
    2016-02-24 20:14 - 2016-02-24 20:14 - 02064896 _____ C:\Users\felip_000\Downloads\ZHPCleaner.exe
    2016-02-24 19:45 - 2016-02-24 19:45 - 00010221 _____ C:\Users\felip_000\Desktop\AdwCleaner[C3].txt
    2016-02-24 19:35 - 2016-02-24 19:35 - 01609216 _____ (Malwarebytes) C:\Users\felip_000\Downloads\JRT.exe
    2016-02-24 19:31 - 2016-02-24 19:31 - 01511936 _____ C:\Users\felip_000\Downloads\adwcleaner_5.036.exe
    2016-02-24 19:31 - 2016-02-24 19:31 - 01511936 _____ C:\Users\felip_000\Downloads\adwcleaner_5.036 (1).exe
    2016-02-23 22:40 - 2016-02-23 22:59 - 00000433 _____ C:\runcheck.txt
    2016-02-23 22:29 - 2016-02-23 22:29 - 00000000 ____D C:\zoek_backup
    2016-02-23 22:28 - 2016-02-23 22:28 - 01370112 _____ C:\Users\felip_000\Downloads\ZA-Scan.exe
    2016-02-20 21:53 - 2016-02-20 21:54 - 00631808 _____ C:\Windows\uvi.dat
    2016-02-15 22:45 - 2016-02-23 22:46 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-15 22:45 - 2016-02-23 22:46 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-15 22:43 - 2016-02-15 22:43 - 00987728 _____ (Google Inc.) C:\Users\felip_000\Downloads\ChromeSetup.exe
    2016-02-15 22:33 - 2016-02-26 23:23 - 00034673 _____ C:\Users\felip_000\Downloads\Addition.txt
    2016-02-15 22:31 - 2016-02-28 16:24 - 00000000 ____D C:\FRST
    2016-02-15 22:31 - 2016-02-26 23:23 - 00081230 _____ C:\Users\felip_000\Downloads\FRST.txt
    2016-02-15 22:28 - 2016-02-15 22:29 - 02370560 _____ (Farbar) C:\Users\felip_000\Downloads\FRST64.exe
    2016-02-15 22:13 - 2016-02-15 22:13 - 00000000 ____D C:\Users\felip_000\AppData\Local\Macromedia
    2016-02-15 21:12 - 2016-02-15 21:12 - 00631808 _____ C:\Windows\gyr.dat
    2016-02-15 20:17 - 2016-02-24 19:42 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
    2016-02-15 20:17 - 2016-02-15 21:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-02-15 20:16 - 2016-02-15 20:16 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-02-15 20:16 - 2016-02-15 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-02-15 20:15 - 2016-02-15 20:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-02-15 20:15 - 2016-02-15 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-02-15 20:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-02-15 20:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-02-15 20:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-02-15 20:02 - 2016-02-24 19:39 - 00000000 ____D C:\AdwCleaner
    2016-02-13 07:16 - 2016-02-13 07:16 - 00000016 _____ C:\InjectIntoProcess crash
    2016-02-12 22:43 - 2016-02-12 22:43 - 00000000 ____D C:\Users\felip_000\AppData\Local\Setup2214203
    2016-02-12 22:33 - 2016-02-24 19:39 - 00000008 __RSH C:\ProgramData\ntuser.pol
    2016-02-12 22:30 - 2016-02-24 19:36 - 00000000 ____D C:\ProgramData\wFNnYZgoU
    2016-02-12 22:26 - 2016-02-12 22:26 - 00002031 _____ C:\Users\felip_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aliexpress .lnk
    2016-02-12 22:25 - 2016-02-15 22:07 - 00003508 _____ C:\Windows\System32\Tasks\Varredura ByteFence
    2016-02-12 22:25 - 2016-02-12 22:25 - 00000302 _____ C:\Users\felip_000\Desktop\Aliexpress.URL
    2016-02-12 22:13 - 2016-02-23 22:12 - 00000000 ____D C:\Users\felip_000\AppData\Local\Setup Wizard
    2016-02-12 22:13 - 2016-02-12 22:13 - 00022424 _____ C:\Windows\System32\Tasks\{0C0A0A47-0C09-080F-0F11-0505780F1104}
    2016-02-12 22:12 - 2016-02-23 22:18 - 00000000 ____D C:\ProgramData\WindowsMsg
    2016-02-12 22:12 - 2016-02-12 22:12 - 00003028 _____ C:\Windows\System32\Tasks\ttwifi
    2016-02-12 22:05 - 2016-02-12 22:05 - 00000000 ____D C:\Users\Public\Documents\Baidu
    2016-02-12 22:04 - 2016-02-20 21:51 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\Baidu
    2016-02-12 22:04 - 2016-02-20 21:51 - 00000000 ____D C:\ProgramData\baidu
    2016-02-12 21:58 - 2016-02-12 21:58 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\gplyra
    2016-02-12 21:21 - 2016-02-12 21:16 - 00000965 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2016-02-12 21:04 - 2016-02-12 21:05 - 06740514 _____ ( ) C:\Users\felip_000\Downloads\mkv-player-2-1-17-en-win.exe
    2016-02-12 19:54 - 2016-02-12 19:54 - 02807296 _____ (TorrentsTime ) C:\Users\felip_000\Downloads\torrentsTime-download.exe
    2016-02-11 19:49 - 2016-02-11 19:50 - 00017920 ___SH C:\Users\felip_000\Downloads\Thumbs.db
    2016-02-11 19:31 - 2016-02-06 07:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-02-11 19:31 - 2016-02-06 07:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-02-11 19:31 - 2016-02-06 07:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-02-11 19:31 - 2016-02-06 06:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-02-11 19:31 - 2016-02-06 06:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-02-11 19:31 - 2016-02-06 06:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-02-11 19:31 - 2016-02-06 06:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-02-11 19:31 - 2016-02-06 05:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-02-11 19:29 - 2016-01-22 05:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-02-11 19:29 - 2016-01-22 04:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-02-11 19:29 - 2016-01-22 02:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2016-02-11 19:29 - 2016-01-22 02:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2016-02-11 19:29 - 2016-01-22 02:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-02-11 19:29 - 2016-01-22 01:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-02-11 19:29 - 2016-01-10 14:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
    2016-02-11 19:29 - 2016-01-10 14:31 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
    2016-02-11 19:29 - 2016-01-10 14:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
    2016-02-11 19:29 - 2016-01-10 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
    2016-02-11 19:29 - 2016-01-10 14:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2016-02-11 19:29 - 2016-01-10 13:58 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2016-02-11 19:29 - 2016-01-10 13:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
    2016-02-11 19:29 - 2016-01-10 13:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2016-02-11 19:29 - 2016-01-10 13:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
    2016-02-11 19:29 - 2015-12-29 12:45 - 07783936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2016-02-11 19:29 - 2015-12-29 12:45 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
    2016-02-11 19:29 - 2015-12-29 12:43 - 05267968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
    2016-02-11 19:29 - 2015-12-29 12:42 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2016-02-11 19:27 - 2016-01-14 22:42 - 00033472 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-02-11 19:27 - 2016-01-14 17:44 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-02-11 19:27 - 2016-01-14 17:44 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-02-11 19:27 - 2016-01-14 17:44 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-02-11 19:27 - 2016-01-14 17:44 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-02-11 19:27 - 2016-01-14 17:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-02-11 19:27 - 2016-01-14 17:44 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-02-11 19:26 - 2016-01-22 03:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-02-11 19:26 - 2016-01-22 03:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-02-11 19:26 - 2016-01-22 03:28 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2016-02-11 19:26 - 2016-01-22 03:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-02-11 19:26 - 2016-01-22 03:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-02-11 19:26 - 2016-01-22 02:55 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-02-11 19:26 - 2016-01-22 02:52 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2016-02-11 19:26 - 2016-01-22 02:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-02-11 19:26 - 2016-01-22 02:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-02-11 19:26 - 2016-01-22 02:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-02-11 19:26 - 2016-01-22 02:48 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-02-11 19:26 - 2016-01-22 02:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-02-11 19:26 - 2016-01-22 02:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-02-11 19:26 - 2016-01-22 02:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-02-11 19:26 - 2016-01-22 02:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-02-11 19:26 - 2016-01-22 02:31 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-02-11 19:26 - 2016-01-22 02:28 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2016-02-11 19:26 - 2016-01-22 02:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-02-11 19:26 - 2016-01-22 02:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-02-11 19:26 - 2016-01-22 02:25 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-02-11 19:26 - 2016-01-22 02:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-02-11 19:26 - 2016-01-22 02:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-02-11 19:26 - 2016-01-22 02:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-02-11 19:26 - 2016-01-22 02:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-02-11 19:26 - 2016-01-19 16:14 - 07453024 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-02-11 19:26 - 2016-01-19 16:13 - 02175008 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
    2016-02-11 19:26 - 2016-01-19 16:13 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
    2016-02-11 19:26 - 2016-01-19 16:12 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-02-11 19:26 - 2016-01-19 16:12 - 01133744 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-02-11 19:26 - 2016-01-19 15:23 - 01564496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
    2016-02-11 19:26 - 2016-01-19 15:23 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-02-11 19:26 - 2016-01-19 15:23 - 00548024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
    2016-02-11 19:26 - 2016-01-19 15:15 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
    2016-02-11 19:26 - 2016-01-19 14:30 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-02-11 19:26 - 2016-01-19 13:37 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
    2016-02-11 19:26 - 2016-01-10 16:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-02-11 19:26 - 2016-01-10 16:37 - 00136912 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2016-02-11 19:26 - 2016-01-10 15:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-02-11 19:26 - 2016-01-10 15:15 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-02-11 19:26 - 2016-01-10 15:15 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-02-11 19:26 - 2016-01-10 14:43 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-02-11 19:26 - 2016-01-10 14:09 - 01442304 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-02-11 19:26 - 2016-01-10 14:09 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-02-11 19:26 - 2016-01-10 14:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-02-11 19:26 - 2016-01-10 13:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
    2016-02-11 19:26 - 2016-01-10 13:51 - 03707392 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2016-02-11 19:26 - 2016-01-10 13:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-02-11 19:26 - 2016-01-10 13:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2016-02-11 19:26 - 2016-01-10 13:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2016-02-11 19:26 - 2016-01-10 13:36 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2016-02-11 19:26 - 2016-01-10 13:36 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2016-02-11 19:26 - 2016-01-10 13:35 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2016-02-11 19:26 - 2016-01-10 13:35 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2016-02-11 19:26 - 2016-01-10 13:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2016-02-11 19:26 - 2016-01-10 13:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2016-02-11 19:26 - 2016-01-10 13:27 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2016-02-11 19:26 - 2016-01-10 13:26 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2016-02-11 19:26 - 2016-01-07 15:34 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-02-11 19:26 - 2016-01-06 15:25 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-02-11 19:26 - 2015-12-28 18:42 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\WinSync.dll
    2016-02-11 19:26 - 2015-12-28 17:31 - 00578048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSync.dll
    2016-02-11 19:25 - 2015-12-17 15:29 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2016-02-11 19:25 - 2015-12-17 13:17 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2016-02-10 21:07 - 2016-02-27 19:15 - 00000000 ____D C:\Users\felip_000\AppData\LocalLow\uTorrent
    2016-02-10 20:45 - 2016-02-10 21:35 - 00000000 ____D C:\Users\felip_000\Downloads\The Last Witch Hunter (2015) [1080p] [YTS.AG]
    2016-02-10 20:43 - 2016-02-10 20:43 - 00059284 _____ C:\Users\felip_000\Downloads\THLSTWTCHHNTR-1080p.rar
    2016-02-10 20:43 - 2016-01-21 23:16 - 00033938 _____ C:\Users\felip_000\Downloads\The.Last.Witch.Hunter.2015.1080p.BluRay.x264-[YTS.AG].torrent
    2016-02-10 20:43 - 2016-01-20 13:42 - 00066912 _____ C:\Users\felip_000\Downloads\The.Last.Witch.Hunter.2015.1080p.BluRay.x264-[YTS.AG].srt
    2016-02-06 13:59 - 2016-02-06 13:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_usb2ser_01005.Wdf
    2016-02-06 13:58 - 2016-02-06 13:58 - 00001125 _____ C:\Users\Public\Desktop\D-Link Connection Manager.lnk
    2016-02-06 13:58 - 2016-02-06 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link Connection Manager
    2016-02-06 13:58 - 2016-02-06 13:58 - 00000000 ____D C:\Program Files (x86)\D-Link Connection Manager
    2016-02-06 13:58 - 2014-10-10 19:39 - 01919968 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoinstaller01005.dll
    2016-02-06 13:58 - 2014-10-10 19:39 - 00081408 _____ (MediaTek Inc.) C:\Windows\system32\Drivers\usb2ser.sys
    2016-02-06 13:58 - 2014-10-10 19:25 - 00103424 _____ (Thesycon GmbH) C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll
    2016-01-28 18:12 - 2016-02-06 09:45 - 00024576 ___SH C:\Users\felip_000\Desktop\Thumbs.db
    2016-01-27 20:34 - 2016-01-27 20:34 - 00000000 ____D C:\Users\felip_000\AppData\Local\ElevatedDiagnostics
    2016-01-27 19:12 - 2016-01-27 19:12 - 00001186 _____ C:\Users\Public\Desktop\Kantoo English.lnk
    2016-01-27 19:12 - 2016-01-27 19:12 - 00001041 _____ C:\Users\Public\Desktop\VIVO INTERNET.lnk
    2016-01-27 19:12 - 2016-01-27 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVO INTERNET
    2016-01-27 19:12 - 2011-01-30 18:20 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
    2016-01-27 19:12 - 2011-01-30 18:19 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
    2016-01-27 19:12 - 2011-01-30 18:19 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
    2016-01-27 19:12 - 2011-01-30 18:19 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
    2016-01-27 19:12 - 2011-01-30 18:19 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
    2016-01-27 19:12 - 2010-12-24 11:48 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
    2016-01-27 19:12 - 2010-12-23 09:48 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
    2016-01-27 19:12 - 2010-10-08 16:59 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
    2016-01-27 19:12 - 2010-09-26 18:09 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
    2016-01-27 19:12 - 2010-08-06 07:43 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
    2016-01-27 19:12 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
    2016-01-27 19:12 - 2010-03-20 12:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
    2016-01-27 18:56 - 2016-01-27 19:07 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\VIVO INTERNET
    2016-01-27 18:56 - 2016-01-27 18:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
    2016-01-27 18:55 - 2016-01-27 19:13 - 00002357 _____ C:\Users\Public\Desktop\Guia Vivo Internet.lnk
    2016-01-27 18:55 - 2016-01-27 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivo
    2016-01-27 18:55 - 2016-01-27 18:55 - 00000000 ____D C:\Program Files (x86)\Vivo
    2016-01-27 18:54 - 2016-01-27 19:13 - 00000000 ____D C:\Program Files (x86)\VIVO INTERNET
    2016-01-27 18:54 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
    2016-01-27 18:54 - 2008-03-27 16:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
    2016-01-27 18:52 - 2016-01-27 19:12 - 00000000 ____D C:\ProgramData\DatacardService
    2016-01-25 09:17 - 2016-01-25 09:17 - 04750212 _____ C:\Users\felip_000\Downloads\DOCUMENTOS PARA HABILITAÇÃO RADAR.pdf
    2016-01-19 19:55 - 2016-01-19 19:55 - 00062606 _____ C:\Users\felip_000\Downloads\SHHD.rar
    2016-01-19 19:55 - 2015-08-16 11:13 - 00021033 _____ C:\Users\felip_000\Downloads\Shahid (2013) DVDRip 720p x264 ESub MaNuDiL SilverRG.torrent
    2016-01-15 18:49 - 2016-01-15 19:28 - 00000000 ____D C:\Users\felip_000\Downloads\The Martian (2015)
    2016-01-15 18:47 - 2016-01-15 18:47 - 00065349 _____ C:\Users\felip_000\Downloads\THMRTN-720p-YTS.rar
    2016-01-15 18:47 - 2016-01-03 14:11 - 00021693 _____ C:\Users\felip_000\Downloads\The.Martian.2015.720p.BluRay.x264.[YTS.AG].torrent
    2016-01-15 18:47 - 2015-12-31 18:41 - 00123661 _____ C:\Users\felip_000\Downloads\The.Martian.2015.720p.BluRay.x264.[YTS.AG].srt
    2016-01-15 16:50 - 2016-01-25 09:19 - 00000000 ____D C:\Users\felip_000\Downloads\The 100 S02E04 HDTV x264-KILLERS[ettv]
    2016-01-15 16:49 - 2016-01-25 09:19 - 00000000 ____D C:\Users\felip_000\Downloads\The 100 S02E05 HDTV x264-KILLERS[ettv]
    2016-01-15 16:48 - 2014-12-05 00:03 - 00039358 _____ C:\Users\felip_000\Downloads\The.100.S02E06.HDTV.x264-KILLERS.srt
    2016-01-15 16:47 - 2016-01-15 16:43 - 379867289 ____R C:\Users\felip_000\Downloads\The.100.S02E06.HDTV.x264-KILLERS.mp4
    2016-01-13 21:13 - 2015-11-17 18:07 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-01-13 20:59 - 2015-12-11 00:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 02745184 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 02528784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 02450240 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 02447136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 02334104 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 02324744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 01877504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 01484888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 01288128 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 01210200 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 01150232 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 01115640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 01037680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00914672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00850680 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00735496 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00700360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00629600 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00584656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00557856 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00498472 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00492736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00463776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00299080 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00275312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00274280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00248432 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00246856 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00244296 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00229272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00203016 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00184912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00183856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00116720 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00110544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
    2016-01-13 20:59 - 2015-12-05 02:58 - 00090904 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00090392 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00081032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
    2016-01-13 20:59 - 2015-12-05 02:58 - 00076936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
    2016-01-13 20:59 - 2015-12-03 15:07 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-01-13 20:59 - 2015-12-03 15:07 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2016-01-13 20:59 - 2015-12-03 15:05 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
    2016-01-13 20:59 - 2015-12-03 15:02 - 01664000 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
    2016-01-13 20:59 - 2015-12-03 15:00 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
    2016-01-13 20:59 - 2015-12-03 14:36 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-01-13 20:59 - 2015-12-03 14:30 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
    2016-01-13 20:59 - 2015-12-03 14:28 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2016-01-13 20:59 - 2015-12-03 14:28 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
    2016-01-13 20:59 - 2015-12-03 14:27 - 00736256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
    2016-01-13 20:59 - 2015-12-03 14:24 - 01411584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
    2016-01-13 20:59 - 2015-12-03 14:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
    2016-01-13 20:59 - 2015-12-03 14:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2016-01-13 20:59 - 2015-12-03 14:01 - 00743936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
    2016-01-13 20:59 - 2015-12-03 13:40 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
    2016-01-13 20:59 - 2015-12-03 13:29 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
    2016-01-13 20:59 - 2015-12-02 12:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2016-01-13 20:59 - 2015-12-02 12:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2016-01-13 20:58 - 2015-12-08 16:08 - 00685432 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-01-13 20:58 - 2015-12-08 16:07 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-01-13 20:58 - 2015-12-07 07:56 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-01-13 20:58 - 2015-12-04 12:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-01-13 20:58 - 2015-12-03 16:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2016-01-13 20:58 - 2015-12-03 16:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-01-13 20:58 - 2015-12-03 16:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
    2016-01-13 20:58 - 2015-12-03 15:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2016-01-13 20:58 - 2015-12-03 15:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-01-13 20:58 - 2015-12-03 15:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2016-01-13 20:58 - 2015-12-03 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-01-13 20:58 - 2015-12-03 13:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-01-10 15:58 - 2016-01-10 15:58 - 00000000 ____D C:\Users\felip_000\Tracing
    2016-01-10 15:57 - 2016-02-28 15:29 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\Skype
    2016-01-10 15:57 - 2016-01-25 20:21 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-01-10 15:57 - 2016-01-10 15:57 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-01-10 15:57 - 2016-01-10 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-01-10 15:56 - 2016-01-10 15:57 - 00000000 ____D C:\ProgramData\Skype
    2016-01-10 15:55 - 2016-01-10 15:55 - 01503872 _____ (Skype Technologies S.A.) C:\Users\felip_000\Desktop\SkypeSetup.exe
    2016-01-08 19:46 - 2016-01-08 19:47 - 00000000 ____D C:\ProgramData\TuneUp Software
    2016-01-08 19:46 - 2016-01-08 19:46 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\TuneUp Software
    2016-01-08 19:46 - 2016-01-08 19:46 - 00000000 ____D C:\Users\felip_000\AppData\Local\TuneUp Software
    2016-01-08 19:45 - 2016-01-08 19:59 - 00000000 ____D C:\ProgramData\Freemake
    2016-01-08 19:45 - 2016-01-08 19:59 - 00000000 ____D C:\Program Files (x86)\Freemake
    2016-01-08 19:45 - 2016-01-08 19:46 - 00000000 ____D C:\Users\felip_000\Documents\Freemake
    2016-01-08 19:29 - 2016-01-08 19:29 - 00000000 ____D C:\Users\felip_000\AppData\Local\TempTaskUpdateDetectionF9D98D51-72BE-4976-826A-C1B540A0E87F
    2016-01-08 18:18 - 2016-01-07 17:55 - 08779666 ____R C:\Users\felip_000\Downloads\Event20160107185023020_roubo.avi
    2015-12-27 20:29 - 2015-12-27 20:35 - 153627562 _____ C:\Users\felip_000\Downloads\Z.S01E05.Leg.[www.theseriesdubladas.com].rar
    2015-12-27 20:29 - 2015-12-27 20:32 - 161973919 _____ C:\Users\felip_000\Downloads\Z.S01E04.Leg.[www.theseriesdubladas.com].rar
    2015-12-25 23:09 - 2015-07-16 12:27 - 155901086 _____ C:\Users\felip_000\Downloads\Zoo.S01E03.Leg.[www.theseriesdubladas.com].mp4
    2015-12-25 22:51 - 2015-07-11 03:23 - 155085775 _____ C:\Users\felip_000\Downloads\Zoo.S01E02.Leg.[www.theseriesdubladas.com].mp4
    2015-12-25 22:44 - 2015-12-25 23:09 - 155901191 _____ C:\Users\felip_000\Downloads\Z.S01E03.Leg.[www.theseriesdubladas.com].rar
    2015-12-25 22:42 - 2015-12-25 22:45 - 155085880 _____ C:\Users\felip_000\Downloads\Z.S01E02.Leg.[www.theseriesdubladas.com].rar
    2015-12-21 20:00 - 2015-07-02 13:48 - 154038460 _____ C:\Users\felip_000\Downloads\Zoo.S01E01.Leg.[www.theseriesdubladas.com].mp4
    2015-12-21 19:53 - 2015-12-21 19:58 - 154038567 _____ C:\Users\felip_000\Downloads\Z.S01E01.Leg.[www.theseriesdubladas.com].rar
    2015-12-20 20:02 - 2015-12-20 20:02 - 00524288 _____ C:\mem_dump
    2015-12-20 18:22 - 2015-10-05 15:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
    2015-12-20 18:22 - 2015-10-05 15:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2015-12-20 17:43 - 2015-10-11 03:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
    2015-12-20 17:43 - 2015-10-11 03:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2015-12-20 17:43 - 2015-10-11 03:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2015-12-20 17:43 - 2015-10-11 03:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2015-12-20 17:43 - 2015-10-11 03:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2015-12-20 17:43 - 2015-10-10 15:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2015-12-20 17:43 - 2015-10-10 15:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2015-12-20 17:43 - 2015-10-10 15:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys
    2015-12-20 17:43 - 2015-10-03 16:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-12-20 17:43 - 2015-10-03 16:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-12-20 17:41 - 2015-10-08 13:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
    2015-12-20 17:41 - 2015-10-08 12:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
    2015-12-20 17:16 - 2016-02-12 21:21 - 00000000 ____D C:\Users\felip_000\Downloads\PopcornTime
    2015-12-20 17:15 - 2015-12-20 21:14 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
    2015-12-20 17:15 - 2015-12-20 17:15 - 00001211 _____ C:\Users\Public\Desktop\Popcorn Time.lnk
    2015-12-20 17:15 - 2015-12-20 17:15 - 00000000 ____D C:\Users\felip_000\AppData\Local\PopcornTimeDesktop
    2015-12-20 17:15 - 2015-12-20 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
    2015-12-20 17:12 - 2015-12-20 17:13 - 48359224 _____ (Popcorn Time ) C:\Users\felip_000\Downloads\PopcornTime-latest.exe
    2015-12-17 20:41 - 2015-12-17 20:41 - 00000000 ____D C:\Users\felip_000\AppData\Local\TempTaskUpdateDetection2DF53862-6AFB-4E94-9A0E-144A365EE83E
    2015-12-16 11:34 - 2016-02-23 22:39 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2015-12-16 11:33 - 2015-12-16 11:33 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-12-14 19:17 - 2015-12-16 11:27 - 00000000 ____D C:\2d3e9d22cd8c044ea2f431f4f295
    2015-12-12 19:18 - 2015-11-11 12:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-12-12 19:18 - 2015-11-11 12:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-12-12 19:18 - 2015-11-09 21:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-12-12 19:18 - 2015-11-09 21:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-12-12 19:18 - 2015-11-09 20:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2015-12-12 19:18 - 2015-11-08 19:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-12-12 19:18 - 2015-11-08 18:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-12-12 19:18 - 2015-11-08 18:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-12-12 19:17 - 2015-11-22 03:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-12-12 19:17 - 2015-11-22 03:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-12-12 19:17 - 2015-11-22 03:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-12-12 19:17 - 2015-11-22 03:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-12-12 19:17 - 2015-11-21 15:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-12-12 19:17 - 2015-11-21 14:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-12-12 19:17 - 2015-11-21 13:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
    2015-12-12 19:17 - 2015-11-21 13:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
    2015-12-12 19:17 - 2015-11-21 13:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
    2015-12-12 19:17 - 2015-11-21 13:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
    2015-12-12 19:17 - 2015-11-20 15:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-12-12 19:17 - 2015-11-08 21:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2015-12-12 19:17 - 2015-11-08 18:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-12-12 19:17 - 2015-11-08 18:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-12-12 19:17 - 2015-11-08 18:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
    2015-12-12 19:17 - 2015-11-08 17:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-12-12 19:17 - 2015-11-08 17:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2015-12-12 19:17 - 2015-11-08 17:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2015-12-12 19:17 - 2015-11-05 05:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
    2015-12-02 19:39 - 2015-12-02 19:39 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
    2015-12-02 19:34 - 2015-12-02 19:34 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
    2015-11-30 18:34 - 2015-11-30 18:37 - 00000000 ____D C:\Users\felip_000\Downloads\Ash.vs.Evil.Dead.S01E02.HDTV.x264-KILLERS[ettv]
    2015-11-30 18:33 - 2015-11-30 18:33 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\Macromedia
    2015-11-30 18:33 - 2015-11-22 20:35 - 00058744 _____ C:\Users\felip_000\Downloads\Ash.vs.Evil.Dead.S01E02.720p.HDTV.x264-KILLERS.torrent
    2015-11-30 18:33 - 2015-11-22 20:35 - 00003229 _____ C:\Users\felip_000\Downloads\Ash.vs.Evil.Dead.S01E02.HDTV.x264-KILLER.torrent
    2015-11-30 18:33 - 2015-11-08 19:44 - 00027051 _____ C:\Users\felip_000\Downloads\Ash.vs.Evil.Dead.S01E02.HDTV.x264-KILLER.srt
    2015-11-30 18:33 - 2015-11-08 12:29 - 00027656 _____ C:\Users\felip_000\Downloads\Ash.vs.Evil.Dead.S01E02.720p.HDTV.x264-KILLERS.srt
    2015-11-30 18:32 - 2015-11-30 18:32 - 00083074 _____ C:\Users\felip_000\Downloads\SHVSVLDD-102.rar
    2015-11-30 18:22 - 2015-11-30 18:22 - 00000000 ____D C:\Users\felip_000\Desktop\LIVROS

    ==================== Three Months Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-28 16:25 - 2015-11-03 19:58 - 00000000 ____D C:\Users\felip_000\AppData\Roaming\uTorrent
    2016-02-28 15:31 - 2014-11-01 08:42 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-28 14:26 - 2014-11-01 19:41 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-02-27 22:39 - 2014-10-25 01:03 - 00776448 _____ C:\Windows\system32\prfh0416.dat
    2016-02-27 22:39 - 2014-10-25 01:03 - 00159344 _____ C:\Windows\system32\prfc0416.dat
    2016-02-27 22:39 - 2014-03-18 07:03 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-02-27 22:39 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Inf
    2016-02-27 21:31 - 2014-11-01 08:42 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-27 19:42 - 2015-04-14 23:52 - 00000000 ___SD C:\Windows\system32\GWX
    2016-02-27 19:42 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-02-27 18:29 - 2015-10-09 00:07 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2807476041-2843535405-863638596-1004
    2016-02-27 18:09 - 2015-10-09 00:09 - 00000000 ____D C:\Users\felip_000\OneDrive
    2016-02-27 18:09 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-02-24 19:45 - 2015-10-09 00:10 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F105407-6600-4B3B-9DCD-A116106D2DB1}
    2016-02-24 19:41 - 2014-11-19 23:16 - 00000000 ____D C:\Program Files (x86)\GbPlugin
    2016-02-24 19:41 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-02-24 19:41 - 2013-08-22 10:25 - 00524288 ___SH C:\Windows\system32\config\BBI
    2016-02-23 22:59 - 2015-10-28 20:16 - 00000000 ____D C:\Users\felip_000\AppData\Local\CrashDumps
    2016-02-23 22:46 - 2015-10-30 17:35 - 00002457 _____ C:\Users\felip_000\Desktop\Pessoa 1 - Chrome.lnk
    2016-02-23 22:39 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
    2016-02-23 22:36 - 2014-11-19 23:16 - 00000000 ____D C:\ProgramData\GbPlugin
    2016-02-23 22:27 - 2013-08-22 12:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-02-23 22:25 - 2015-04-06 23:24 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-02-20 21:51 - 2013-08-22 12:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-15 22:47 - 2014-11-01 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-15 22:45 - 2014-11-01 08:42 - 00000000 ____D C:\Program Files (x86)\Google
    2016-02-15 20:02 - 2013-08-22 10:25 - 00000194 _____ C:\Windows\win.ini
    2016-02-15 19:56 - 2015-10-08 23:59 - 00000000 ____D C:\Users\felip_000
    2016-02-14 06:25 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
    2016-02-12 19:30 - 2013-08-22 11:44 - 00483848 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-02-11 23:19 - 2014-12-18 02:08 - 00000000 ____D C:\Windows\system32\appraiser
    2016-02-11 23:19 - 2014-03-18 06:45 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-11 23:19 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\ToastData
    2016-02-11 19:44 - 2014-11-06 02:59 - 00000000 ____D C:\Windows\system32\MRT
    2016-02-11 19:35 - 2014-11-06 02:59 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-02-11 19:25 - 2015-11-10 21:59 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-02-11 19:25 - 2015-11-10 21:59 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-02-10 19:27 - 2014-11-01 19:41 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-02-01 23:37 - 2013-08-22 12:38 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-02-01 23:37 - 2013-08-22 12:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-01 21:26 - 2014-11-01 08:42 - 00004068 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-01 21:26 - 2014-11-01 08:42 - 00003832 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

    ==================== Files in the root of some directories =======

    2014-09-05 21:19 - 2014-03-25 22:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
    2014-05-16 17:02 - 2014-03-26 17:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
    2014-05-16 17:02 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2014-05-16 17:02 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

    Files to move or delete:
    ====================
    C:\ProgramData\RefreshReg.vbs


    Some files in TEMP:
    ====================
    C:\Users\felip_000\AppData\Local\Temp\0CRGJD50O2.exe
    C:\Users\felip_000\AppData\Local\Temp\1456015903.exe
    C:\Users\felip_000\AppData\Local\Temp\16C1.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\2669.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\3A78.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\49C3.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\6CCE.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\7za.exe
    C:\Users\felip_000\AppData\Local\Temp\8913.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\A894.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\B84C.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\CB90.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\DAEB.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\felip_000\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\felip_000\AppData\Local\Temp\FE73.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\hijackthis.exe
    C:\Users\felip_000\AppData\Local\Temp\MHVA9DBNOS.exe
    C:\Users\felip_000\AppData\Local\Temp\NirCmd.exe
    C:\Users\felip_000\AppData\Local\Temp\PEVZ.EXE
    C:\Users\felip_000\AppData\Local\Temp\remove.exe
    C:\Users\felip_000\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\felip_000\AppData\Local\Temp\SDShelEx-x64.dll
    C:\Users\felip_000\AppData\Local\Temp\sed.exe
    C:\Users\felip_000\AppData\Local\Temp\setup_1D88.exe
    C:\Users\felip_000\AppData\Local\Temp\shortcut.exe
    C:\Users\felip_000\AppData\Local\Temp\sqlite3.dll
    C:\Users\felip_000\AppData\Local\Temp\swreg.exe
    C:\Users\felip_000\AppData\Local\Temp\swxcacls.exe
    C:\Users\felip_000\AppData\Local\Temp\VoluminousTercentenaries.dll
    C:\Users\felip_000\AppData\Local\Temp\wget.exe
    C:\Users\felip_000\AppData\Local\Temp\ZAScan.exe
    C:\Users\felip_000\AppData\Local\Temp\zoek-delete.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-27 18:30

    ==================== End of FRST.txt ============================

    Addition_28-02-2016_16-27-16.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @Felipe_Ino

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

    Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

    Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    fixlist.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue:

     

    Fix result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
    Ran by felip_000 (2016-02-29 19:34:20) Run:1
    Running from C:\Users\felip_000\Desktop
    Loaded Profiles: felip_000 (Available Profiles: Dani & felip_000)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\RunOnce: [UpdateTask] => [X]
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {4044893f-cace-11e5-828d-7824afc65b72} - "E:\.\StartModem.exe" 
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {434ab848-c3ba-11e5-828b-7824afc65b72} - "E:\AutoRun.exe" 
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {434ab8c7-c3ba-11e5-828b-7824afc65b72} - "E:\AutoRun.exe" 
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\...\MountPoints2: {7d92a6fd-c541-11e5-828c-7824afc65b72} - "E:\AutoRun.exe" 
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2807476041-2843535405-863638596-1004 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2807476041-2843535405-863638596-1004 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll => No File
    C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
    C:\Program Files\McAfee Security Scan
    FF ProfilePath: C:\Users\felip_000\AppData\Roaming\Mozilla\Firefox\Profiles\2cg5exf2.default
    FF DefaultSearchEngine: Search Provided by Yahoo
    FF SelectedSearchEngine: Search Provided by Yahoo
    FF Homepage: hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_07&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0EtB0BtAtA0AyDtGtCtByB0FtG0A0FtB0EtGyDtDtDtDtGzz0AyEyDyDzyyB0E0C0ByD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D510924037%26a%3Dwbf_nwmeddnld_16_07%26os_ver%3D6.3%26os%3DWindows%2B8.1
    CHR HomePage: Profile 1 -> hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_06&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBzztByE0A0F0CyCyD0ByBtB0E0DtD0DtN0D0Tzu0StCyDtDtAtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDzztDzz0F0DtDzztGyByEzzzytGzy0CtC0EtGyCzz0B0AtG0F0AyCyBtD0CtDzz0CyCtD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0D0D0DtCzz0EtGyCyEyE0AtGyEzzyE0DtG0BzztC0EtGtC0B0A0FtD0FyB0FtD0AzyyE2QtN0A0LzuyE%26cr%3D1775980447%26a%3Dwbf_nwmeddnld_16_06%26os_ver%3D6.3%26os%3DWindows%2B8.1
    S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
    U0 msahci; system32\drivers\msahci.sys [X]
    2014-09-05 21:19 - 2014-03-25 22:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
    2014-05-16 17:02 - 2014-03-26 17:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
    2014-05-16 17:02 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2014-05-16 17:02 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
    C:\Users\felip_000\AppData\Local\Temp\0CRGJD50O2.exe
    C:\Users\felip_000\AppData\Local\Temp\1456015903.exe
    C:\Users\felip_000\AppData\Local\Temp\16C1.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\2669.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\3A78.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\49C3.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\6CCE.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\7za.exe
    C:\Users\felip_000\AppData\Local\Temp\8913.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\A894.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\B84C.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\CB90.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\DAEB.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\felip_000\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\felip_000\AppData\Local\Temp\FE73.tmp.exe
    C:\Users\felip_000\AppData\Local\Temp\hijackthis.exe
    C:\Users\felip_000\AppData\Local\Temp\MHVA9DBNOS.exe
    C:\Users\felip_000\AppData\Local\Temp\NirCmd.exe
    C:\Users\felip_000\AppData\Local\Temp\PEVZ.EXE
    C:\Users\felip_000\AppData\Local\Temp\remove.exe
    C:\Users\felip_000\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\felip_000\AppData\Local\Temp\SDShelEx-x64.dll
    C:\Users\felip_000\AppData\Local\Temp\sed.exe
    C:\Users\felip_000\AppData\Local\Temp\setup_1D88.exe
    C:\Users\felip_000\AppData\Local\Temp\shortcut.exe
    C:\Users\felip_000\AppData\Local\Temp\sqlite3.dll
    C:\Users\felip_000\AppData\Local\Temp\swreg.exe
    C:\Users\felip_000\AppData\Local\Temp\swxcacls.exe
    C:\Users\felip_000\AppData\Local\Temp\VoluminousTercentenaries.dll
    C:\Users\felip_000\AppData\Local\Temp\wget.exe
    C:\Users\felip_000\AppData\Local\Temp\ZAScan.exe
    C:\Users\felip_000\AppData\Local\Temp\zoek-delete.exe
    Task: {2B7CA81E-2594-4564-BAED-F5871350607C} - \felip_000TaciturnlyTrawledV2 -> No File <==== ATTENTION
    Task: {7C83C0E8-790C-4200-9CAC-DD98B706EC55} - \DNSSCHAAL -> No File <==== ATTENTION
    Hosts:
    CMD:ipconfig /flushdns
    EmptyTemp:

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\UpdateTask => value removed successfully
    "HKU\S-1-5-21-2807476041-2843535405-863638596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4044893f-cace-11e5-828d-7824afc65b72}" => key removed successfully
    HKCR\CLSID\{4044893f-cace-11e5-828d-7824afc65b72} => key not found. 
    "HKU\S-1-5-21-2807476041-2843535405-863638596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{434ab848-c3ba-11e5-828b-7824afc65b72}" => key removed successfully
    HKCR\CLSID\{434ab848-c3ba-11e5-828b-7824afc65b72} => key not found. 
    "HKU\S-1-5-21-2807476041-2843535405-863638596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{434ab8c7-c3ba-11e5-828b-7824afc65b72}" => key removed successfully
    HKCR\CLSID\{434ab8c7-c3ba-11e5-828b-7824afc65b72} => key not found. 
    "HKU\S-1-5-21-2807476041-2843535405-863638596-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d92a6fd-c541-11e5-828c-7824afc65b72}" => key removed successfully
    HKCR\CLSID\{7d92a6fd-c541-11e5-828c-7824afc65b72} => key not found. 
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
    HKU\S-1-5-21-2807476041-2843535405-863638596-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-2807476041-2843535405-863638596-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
    "C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll" => not found.
    "C:\Program Files\McAfee Security Scan" => not found.
    FF ProfilePath: C:\Users\felip_000\AppData\Roaming\Mozilla\Firefox\Profiles\2cg5exf2.default => FRST is scripted not to move this directory.
    Firefox DefaultSearchEngine removed successfully
    Firefox SelectedSearchEngine removed successfully
    Firefox "homepage" removed successfully
    Chrome HomePage => removed successfully
    gbpddfac => service could not remove
    msahci => service removed successfully
    C:\ProgramData\RefreshReg.vbs => moved successfully
    C:\ProgramData\SetStretch.cmd => moved successfully
    C:\ProgramData\SetStretch.exe => moved successfully
    C:\ProgramData\SetStretch.VBS => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\0CRGJD50O2.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\1456015903.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\16C1.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\2669.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\3A78.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\49C3.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\6CCE.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\7za.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\8913.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\A894.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\B84C.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\CB90.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\DAEB.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\DseShExt-x64.dll => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\DseShExt-x86.dll => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\FE73.tmp.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\hijackthis.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\MHVA9DBNOS.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\NirCmd.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\PEVZ.EXE => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\remove.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\SDShelEx-win32.dll => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\SDShelEx-x64.dll => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\sed.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\setup_1D88.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\shortcut.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\sqlite3.dll => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\swreg.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\swxcacls.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\VoluminousTercentenaries.dll => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\wget.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\ZAScan.exe => moved successfully
    C:\Users\felip_000\AppData\Local\Temp\zoek-delete.exe => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B7CA81E-2594-4564-BAED-F5871350607C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B7CA81E-2594-4564-BAED-F5871350607C}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\felip_000TaciturnlyTrawledV2 => key not found. 
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7C83C0E8-790C-4200-9CAC-DD98B706EC55}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C83C0E8-790C-4200-9CAC-DD98B706EC55}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSSCHAAL => key not found. 
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= ipconfig /flushdns =========


    Configura��o de IP do Windows

    Libera��o do Cache do DNS Resolver bem-sucedida.

    ========= End of CMD: =========

    EmptyTemp: => 1.1 GB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 19:38:57 ====

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @Felipe_Ino

     

    # Etapa nº 1 #

     

    Baixe a Malwarebytes Anti-Malware (MBAM).
     
    Clique duas vezes no mbam-setup.exe para instalar o programa.

    • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
    • Se houver atualizações a serem feitas, serão baixadas e instaladas..
    • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
    • Volte ao Painel e por fim clique em Verificar agora.
    • Começará então o exame. Aguarde, pois pode demorar.
    • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
    • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
    • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
    • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
    • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
    • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

     

    NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

     

    # Etapa nº 2 #

     

    Faça um novo log com o FRST, porém antes de clicar no botão Examinar, marque a opção Addition. Anexe os logs, por favor.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue:

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Data da verificação: 02/03/2016
    Hora da verificação: 18:55
    Arquivo de registro: mbam.txt
    Administrador: Sim

    Versão: 2.2.0.1024
    Banco de dados de malware: v2016.03.02.05
    Banco de dados de rootkit: v2016.02.27.01
    Licença: Versão de avaliação
    Proteção contra malware: Habilitado
    Proteção contra website malicioso: Habilitado
    Autoproteção: Desabilitado

    Sistema operacional: Windows 8.1
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: felip_000

    Tipo de verificação: Verificação da ameaça
    Resultado: Concluído
    Objetos verificados: 396204
    Tempo decorrido: 18 min, 38 seg

    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Habilitado
    PUM: Habilitado

    Processos: 0
    (Nenhum item malicioso detectado)

    Módulos: 0
    (Nenhum item malicioso detectado)

    Chaves de registro: 2
    PUP.Optional.BrowserWeb, HKLM\SOFTWARE\MICROSOFT\TRACING\BrowserWeb_RASMANCS, Quarentena, [e31a4e34a6f3b581e1249dbaad57936d], 
    PUP.Optional.Wajam, HKU\S-1-5-21-2807476041-2843535405-863638596-1001\SOFTWARE\WajIEnhance, Quarentena, [e01dee94485194a2e2e1859c7b8901ff], 

    Valores de registro: 1
    PUP.Optional.Revizer, HKU\S-1-5-21-2807476041-2843535405-863638596-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\GROUP POLICY OBJECTS\{0FDD42AB-B984-4CA0-91DE-263FF06B3537}Machine\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLWHITELIST|1, inmpieponfdjfekdfdfgmhamccfddpfb, Quarentena, [936a760c3c5dbb7be4e282f2b2525aa6]

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Pastas: 2
    PUP.Optional.PullUpdate, C:\ProgramData\wFNnYZgoU\dat, Quarentena, [02fbd4aeaced6ec80c321616b35250b0], 
    PUP.Optional.PullUpdate, C:\ProgramData\wFNnYZgoU, Quarentena, [02fbd4aeaced6ec80c321616b35250b0], 

    Arquivos: 20
    PUP.Optional.PullUpdate, C:\ProgramData\wFNnYZgoU\dat\suDFgAhVoUA.dll, Quarentena, [996451314d4c7bbbf15bce98a061cb35], 
    PUP.Optional.ZombieInvasion, C:\ProgramData\wFNnYZgoU\dat\VeBYIO.dll, Quarentena, [b24bd7abf3a674c2151aa12039cb24dc], 
    PUP.Optional.WebShield, C:\Users\felip_000\AppData\Roaming\ZHP\Quarantine\EPliLJqOf.exe, Quarentena, [ed101072a8f1f541d3b87cc652aff20e], 
    PUP.Optional.WebShield, C:\Users\felip_000\AppData\Roaming\ZHP\Quarantine\IgTkjg.exe, Quarentena, [42bb0082d0c95ed87a1197ab24ddf50b], 
    PUP.Optional.BrowseFox, C:\Users\felip_000\AppData\Local\Setup Wizard\2a2c305c-233f-4ef5-a12d-e9a2e7aab25a\primarycolorsetup.exe, Quarentena, [e419681a05948da9faaf8e2e5aa7946c], 
    PUP.Optional.MixiVideoPlayer, C:\Users\felip_000\AppData\Local\Setup Wizard\3d8bd2ad-8195-429b-803a-c292b6876fa9\mixvideoplayersetup.exe, Quarentena, [847993ef5148e94df788f5d138c9837d], 
    PUP.Optional.WebShield, C:\Users\felip_000\AppData\Local\Setup Wizard\43ea2cba-e372-4a93-9159-67eeebb24477\setup.exe, Quarentena, [db222959029746f0d6b587bb49b88977], 
    PUP.Optional.BrowseFox, C:\Users\felip_000\AppData\Local\Setup Wizard\51d9221f-886a-42f5-97b2-0d2045a3c302\primarycolorsetup.exe, Quarentena, [fffed5ad3465092d8425526a867b6898], 
    PUP.Optional.DNSUnlocker.EncJob, C:\Users\felip_000\AppData\Local\Setup Wizard\a772d8ca-b0f2-4d6e-baf6-6a73f45e29a4\setup.exe, Quarentena, [ae4f6022f3a6d85e85356d8f46bbc53b], 
    PUP.Optional.MyPCBackup, C:\Users\felip_000\AppData\Local\Setup Wizard\b0ea7635-a0c0-48b4-9672-041791b036f2\aff_setup.exe, Quarentena, [3bc2552d3762d561b14b22636d95d22e], 
    PUP.Optional.RinoReader, C:\Users\felip_000\AppData\Local\Setup Wizard\c03466a5-44bf-4382-b917-ab3edac0d068\setup.exe, Quarentena, [ee0f3a48970243f3558c46e7887821df], 
    PUP.Optional.WebShield, C:\Users\felip_000\AppData\Local\Setup Wizard\d2578b42-3076-466b-b817-d4287d1cd651\setup.exe, Quarentena, [e9142b57e2b74aece5a647fb3fc28e72], 
    PUP.Optional.MixiVideoPlayer, C:\Users\felip_000\AppData\Local\Setup Wizard\d5a899c8-c852-443c-95ac-f504fb2a426c\mixvideoplayersetup.exe, Quarentena, [b14c740efc9d1b1b66199432b150d729], 
    PUP.Optional.Wajam, C:\Users\felip_000\AppData\Local\Setup Wizard\d7464de1-933a-4a05-b82b-a550bff09af3\wwe_1.58.1.36.exe, Quarentena, [7d8096ecbcdd5dd915ae61c50104ee12], 
    PUP.Optional.MixiVideoPlayer, C:\Users\felip_000\AppData\Local\Setup Wizard\e1125353-f453-468f-a18b-57c217291c21\mixvideoplayersetup.exe, Quarentena, [42bbafd330690b2bf28d22a4c43d60a0], 
    PUP.Optional.DNSUnlocker.EncJob, C:\Users\felip_000\AppData\Local\Setup Wizard\ec8220d2-be05-4cb8-b25a-7791a0a78617\setup.exe, Quarentena, [7a83f9890e8b46f0447603f9d031758b], 
    Adware.EoRezo.Gen, C:\Users\felip_000\AppData\Local\Setup Wizard\f0b7855e-a539-4087-908e-4ca3062b8a21\sunnyday.exe, Quarentena, [df1ebac8a1f85adc8492da0411f0b749], 
    PUP.Optional.PullUpdate, C:\ProgramData\wFNnYZgoU\dat\EPliLJqOf.exe.config, Quarentena, [02fbd4aeaced6ec80c321616b35250b0], 
    PUP.Optional.PullUpdate, C:\ProgramData\wFNnYZgoU\dat\IgTkjg.exe.config, Quarentena, [02fbd4aeaced6ec80c321616b35250b0], 
    PUP.Optional.PullUpdate, C:\ProgramData\wFNnYZgoU\VDZOdCjC.exe.config, Quarentena, [02fbd4aeaced6ec80c321616b35250b0], 

    Setores físicos: 0
    (Nenhum item malicioso detectado)


    (end)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @Felipe_Ino

     

    Pergunta: O desktop weather foi removido?

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

     

    Citação

    CreateRestorePoint:
    CloseProcesses:

    SearchScopes: HKU\S-1-5-21-2807476041-2843535405-863638596-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
    SearchScopes: HKU\S-1-5-21-2807476041-2843535405-863638596-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
    Task: {23554E12-3246-41AE-88DB-131ABE684AA1} - \{0C0A0A47-0C09-080F-0F11-0505780F1104} -> No File <==== ATTENTION
    AlternateDataStreams: C:\Windows\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686]

    CMD:ipconfig /flushdns
    EmptyTemp:

     

    • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
    • Execute novamente o FRST e clique no botão Corrigir;
    • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Sim, aparentemente ele e todos os programas q ele instala  junto foram desinstalados.

     

    Segue o LOG:

     

    Fix result of Farbar Recovery Scan Tool (x64) Version:04-03-2016
    Ran by felip_000 (2016-03-09 21:22:15) Run:2
    Running from C:\Users\felip_000\Desktop
    Loaded Profiles: felip_000 (Available Profiles: Dani & felip_000)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    SearchScopes: HKU\S-1-5-21-2807476041-2843535405-863638596-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
    SearchScopes: HKU\S-1-5-21-2807476041-2843535405-863638596-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
    Task: {23554E12-3246-41AE-88DB-131ABE684AA1} - \{0C0A0A47-0C09-080F-0F11-0505780F1104} -> No File <==== ATTENTION
    AlternateDataStreams: C:\Windows\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686]
    CMD:ipconfig /flushdns
    EmptyTemp:
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKU\S-1-5-21-2807476041-2843535405-863638596-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
    HKU\S-1-5-21-2807476041-2843535405-863638596-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
    gbpddfac => service could not remove
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23554E12-3246-41AE-88DB-131ABE684AA1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23554E12-3246-41AE-88DB-131ABE684AA1}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C0A0A47-0C09-080F-0F11-0505780F1104}" => key removed successfully
    C:\Windows\system32\Drivers\gbpddreg64.sys => ":X5ZN8aGvT4" ADS removed successfully.

    ========= ipconfig /flushdns =========


    Configura��o de IP do Windows

    Libera��o do Cache do DNS Resolver bem-sucedida.

    ========= End of CMD: =========

    EmptyTemp: => 539.3 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 21:22:56 ====

     

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @Felipe_Ino

     

    Baixe a Malwarebytes Anti-Malware (MBAM).
     
    Clique duas vezes no mbam-setup.exe para instalar o programa.

    • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
    • Se houver atualizações a serem feitas, serão baixadas e instaladas..
    • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
    • Volte ao Painel e por fim clique em Verificar agora.
    • Começará então o exame. Aguarde, pois pode demorar.
    • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
    • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
    • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
    • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
    • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
    • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

     

    NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue:

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Data da verificação: 13/03/2016
    Hora da verificação: 23:01
    Arquivo de registro: registro de verificaçao.txt
    Administrador: Sim

    Versão: 2.2.0.1024
    Banco de dados de malware: v2016.03.14.01
    Banco de dados de rootkit: v2016.03.12.01
    Licença: Versão de avaliação
    Proteção contra malware: Habilitado
    Proteção contra website malicioso: Habilitado
    Autoproteção: Desabilitado

    Sistema operacional: Windows 8.1
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: felip_000

    Tipo de verificação: Verificação da ameaça
    Resultado: Concluído
    Objetos verificados: 399049
    Tempo decorrido: 17 min, 45 seg

    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Habilitado
    PUM: Habilitado

    Processos: 0
    (Nenhum item malicioso detectado)

    Módulos: 0
    (Nenhum item malicioso detectado)

    Chaves de registro: 0
    (Nenhum item malicioso detectado)

    Valores de registro: 0
    (Nenhum item malicioso detectado)

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Pastas: 0
    (Nenhum item malicioso detectado)

    Arquivos: 0
    (Nenhum item malicioso detectado)

    Setores físicos: 0
    (Nenhum item malicioso detectado)


    (end)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @Felipe_Ino

     

    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe o Stinger e salve em sua Área de trabalho (Desktop).
    32 bit (x86) ou 64 bit (x64)

    • Execute o arquivo Stinger.exe
      • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
    • Clique no botão “I Accept”


    Stinger%20a.png

    Na nova janela clique em “Advanced” e depois “Settings”

    Stinger%20b.png

    Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

    9hnsyu.png

    Clique em “Customize my Scan”

    Stinger%20f.png

    Selecione as unidades do sistema e em seguida clique no botão “Scan”

    Stinger%20g.png

    Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue:

     

    McAfee Stinger Scan Results

     


    McAfee® Labs Stinger™ Version 12.1.0.1960 built on Mar 16 2016 at 14:08:18
    Copyright© 2015, McAfee, Inc. All Rights Reserved.
    
    AV Engine version v5800.7501 for Windows.
    Virus data file v1000.0 created on Mar 16, 2016
    Ready to scan for 9743 viruses, trojans and variants.
    
    Custom scan initiated on quarta-feira, março 16, 2016 20:50:46
    
    
    Rootkit scan result : Not Scanned.
    
    
    C:\AdwCleaner\Quarantine\C\Program Files\SpaceSoundPro\uninstaller.exe.vir [MD5:78519b1ffc20360922d8b5e806f4651f] is infected with Artemis!78519B1FFC20
    C:\AdwCleaner\Quarantine\C\Program Files\SpaceSoundPro\uninstaller.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10638\jsdrv.sys.vir [MD5:96771308f9cbe146c293cbefbde932b0] is infected with Artemis!96771308F9CB
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10638\jsdrv.sys.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10644\jsdrv.sys.vir [MD5:39151c1548c5130b7b53745619641464] is infected with Artemis!39151C1548C5
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro3\JSDriver\1.42.1.10644\jsdrv.sys.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro3\JSDriver\jsdrv.sys.vir [MD5:39151c1548c5130b7b53745619641464] is infected with Artemis!39151C1548C5
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro3\JSDriver\jsdrv.sys.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SunnyDay7\predm.exe.vir [MD5:8e051cf045aa0637639e18377e42558e] is infected with Artemis!8E051CF045AA
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\SunnyDay7\predm.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir [MD5:0ca026927d44b0b8dc92cc80ffdd5624] is infected with Artemis!0CA026927D44
    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\ProgramData\WebShield\uninstall.exe.vir [MD5:fe5a4ef1817ccc49b20f4487016250d0] is infected with Artemis!FE5A4EF1817C
    C:\AdwCleaner\Quarantine\C\ProgramData\WebShield\uninstall.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_15591\ytdiegut_gutdc_inst.exe.vir [MD5:8c92e2c20327b9c15649ce664ffbca02] is infected with Artemis!8C92E2C20327
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_15591\ytdiegut_gutdc_inst.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_20678\ytdiegut_gutdc_inst.exe.vir [MD5:00ac54ab3b7cc0d94b423c8913cb7456] is infected with Artemis!00AC54AB3B7C
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_20678\ytdiegut_gutdc_inst.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_21425\ytdiegut_gutdc_inst.exe.vir [MD5:fee00412fdb212300ecc4da440856c3d] is infected with Artemis!FEE00412FDB2
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_21425\ytdiegut_gutdc_inst.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_26218\ytdiegut_gutdc_inst.exe.vir [MD5:8c92e2c20327b9c15649ce664ffbca02] is infected with Artemis!8C92E2C20327
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_26218\ytdiegut_gutdc_inst.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_3863\ytdiegut_gutdc_inst.exe.vir [MD5:fee00412fdb212300ecc4da440856c3d] is infected with Artemis!FEE00412FDB2
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_3863\ytdiegut_gutdc_inst.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_7707\ytdiegut_gutdc_inst.exe.vir [MD5:00ac54ab3b7cc0d94b423c8913cb7456] is infected with Artemis!00AC54AB3B7C
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\Installer\Install_7707\ytdiegut_gutdc_inst.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\PriceFountain\PriceFountainUpdateVer.exe.vir [MD5:43c8e0162429df2d7745688c6c4fa3d1] is infected with Artemis!43C8E0162429
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Local\PriceFountain\PriceFountainUpdateVer.exe.vir has been Deleted
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe.vir [MD5:43c8e0162429df2d7745688c6c4fa3d1] is infected with Artemis!43C8E0162429
    C:\AdwCleaner\Quarantine\C\Users\felip_000\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe.vir has been Deleted
    C:\Users\Dani\AppData\Roaming\unins000.exe [MD5:9b993bbff6ce802d35e4ab0a0178560c] is infected with Win32/Heur.c!sti
    C:\Users\Dani\AppData\Roaming\unins000.exe has been Deleted
    C:\Users\felip_000\AppData\Local\Setup Wizard\4c8a3cd4-a99c-48ed-ba62-118c0e655142\ytdiegut_gutdc_inst.exe [MD5:8c92e2c20327b9c15649ce664ffbca02] is infected with Artemis!8C92E2C20327
    C:\Users\felip_000\AppData\Local\Setup Wizard\4c8a3cd4-a99c-48ed-ba62-118c0e655142\ytdiegut_gutdc_inst.exe has been Deleted
    C:\Users\felip_000\AppData\Local\Setup Wizard\58440da9-acdd-4c08-bc91-e42a803959bd\ytdiegut_gutdc_inst.exe [MD5:8c92e2c20327b9c15649ce664ffbca02] is infected with Artemis!8C92E2C20327
    C:\Users\felip_000\AppData\Local\Setup Wizard\58440da9-acdd-4c08-bc91-e42a803959bd\ytdiegut_gutdc_inst.exe has been Deleted
    C:\Users\felip_000\AppData\Local\Setup Wizard\65c660c9-487d-4d9d-bcac-01d8b8fce9b4\ytdiegut_gutdc_inst.exe [MD5:8c92e2c20327b9c15649ce664ffbca02] is infected with Artemis!8C92E2C20327
    C:\Users\felip_000\AppData\Local\Setup Wizard\65c660c9-487d-4d9d-bcac-01d8b8fce9b4\ytdiegut_gutdc_inst.exe has been Deleted
    C:\Users\felip_000\AppData\Local\Setup Wizard\9b2c2f9a-c4fa-400d-b5b4-04da8c4e2dca\ytdiegut_gutdc_inst.exe [MD5:fee00412fdb212300ecc4da440856c3d] is infected with Artemis!FEE00412FDB2
    C:\Users\felip_000\AppData\Local\Setup Wizard\9b2c2f9a-c4fa-400d-b5b4-04da8c4e2dca\ytdiegut_gutdc_inst.exe has been Deleted
    C:\Users\felip_000\AppData\Local\Setup Wizard\cd451888-6ee6-4c44-8c26-a80503d84409\ytdiegut_gutdc_inst.exe [MD5:00ac54ab3b7cc0d94b423c8913cb7456] is infected with Artemis!00AC54AB3B7C
    C:\Users\felip_000\AppData\Local\Setup Wizard\cd451888-6ee6-4c44-8c26-a80503d84409\ytdiegut_gutdc_inst.exe has been Deleted
    
    Summary Report on C:
    File(s)
    	TotalFiles:............	388286
    	Clean:.................	230763
    	Not Scanned:........... 157502
    	Possibly Infected:.....	21
    
    Time: 01:58:34
    
    Scan completed on quarta-feira, março 16, 2016 22:49:20
    

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @Felipe_Ino

     

    Como está seu Windows?

     

    Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

     

    Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

    • Aguarde enquanto a ferramenta faz o exame.
    • Ao final abrirá um log: SecurityCheck.txt.
    • Este log é salvo em C: (Disco local) na pasta SecurityCheck que foi criada.
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue:

     

    SecurityCheck by glax24 & Severnyj v.1.4.0.37 [05.03.16]
    WebSite: www.safezone.cc
    DateLog: 22.03.2016 18:26:42
    Path starting: C:\Users\felip_000\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
    Log directory: C:\SecurityCheck\
    IsAdmin: True
    User: felip_000
    VersionXML: 2.62is-22.03.2016
    ___________________________________________________________________________

    Windows 8.1(6.3.9600) (x64) Core Lang: English(0409)
    Installation date OS: 25.10.2014 03:40:49
    LicenseStatus: Office 15, OfficeO365HomePremR_Subscription4 edition Timebased activation will expire :75868 minutes
    LicenseStatus: Windows(R), Core edition The machine is permanently activated.
    LicenseStatus: Office 15, OfficeO365HomePremR_Grace edition Windows is in Notification mode
    Boot Mode: Normal
    Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    SystemDrive: C: FS: [NTFS] Capacity: [46 Gb] Used: [41 Gb] Free: [5 Gb]
    ------------------------------- [ Windows ] -------------------------------
    Internet Explorer 11.0.9600.18231
    User Account Control enabled
    Automatic download and scheduled installation
    Date install updates: 2016-03-14 02:33:04
    Windows Update (wuauserv) - The service is running
    Central de Segurança (wscsvc) - The service is running
    Registro remoto (RemoteRegistry) - The service has stopped
    Descoberta SSDP (SSDPSRV) - The service is running
    Serviços de Área de Trabalho Remota (TermService) - The service has stopped
    Windows Remote Management (WS-Management) (WinRM) - The service has stopped
    ---------------------------- [ Antivirus_WMI ] ----------------------------
    Norton Security (disabled)
    Windows Defender (disabled and out of date)
    ---------------------------- [ Firewall_WMI ] -----------------------------
    Norton Security
    --------------------------- [ AntiSpyware_WMI ] ---------------------------
    Windows Defender (disabled and out of date)
    Norton Security (disabled)
    ---------------------- [ AntiVirusFirewallInstall ] -----------------------
    Norton Security v.22.5.5.15
    -------------------------- [ SecurityUtilities ] --------------------------
    Malwarebytes Anti-Malware versão 2.2.0.1024 v.2.2.0.1024
    --------------------------- [ OtherUtilities ] ----------------------------
    Microsoft Silverlight v.5.1.41212.0
    WinRAR 5.21 (32-bit) v.5.21.0 Warning! Download Update
    --------------------------------- [ IM ] ----------------------------------
    Skype™ 7.17 v.7.17.106 Warning! Download Update
    ^Optional update.^
    --------------------------------- [ P2P ] ---------------------------------
    µTorrent v.3.4.5.41865 Warning! P2P-client.
    -------------------------------- [ Java ] ---------------------------------
    Java 8 Update 31 v.8.0.310 Warning! Download Update
    Uninstall old version and install new one.
    --------------------------- [ AppleProduction ] ---------------------------
    Bonjour v.3.0.0.10 Warning! Download Update
    ^Please use Apple Software Update tool.^
    iTunes v.12.1.2.27 Warning! Download Update
    ^Please use Apple Software Update tool.^
    QuickTime 7 v.7.76.80.95 Warning! Download Update
    Serviço do Bonjour (Bonjour Service) - The service is running
    --------------------------- [ AdobeProduction ] ---------------------------
    Adobe Flash Player 21 NPAPI v.21.0.0.182
    ------------------------------- [ Browser ] -------------------------------
    Google Chrome v.49.0.2623.87
    --------------------------- [ RunningProcess ] ----------------------------
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.49.0.2623.87
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.6.0
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.19.0
    C:\Windows\System32\mfevtps.exe
    ---------------------------- [ UnwantedApps ] -----------------------------
    Google Toolbar for Internet Explorer v.1.0.0 << Hidden Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
    Skype Click to Call v.8.0.0.9103 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
    ----------------------------- [ End of Log ] ------------------------------
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @Felipe_Ino

     

    No post seu acima, clique em Download Update, para fazer as atualizações propostas pelo programa.

     

    Fico no aguardo.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Felipe_Ino

     

    Manter seus programas atualizados é uma medida de segurança! ;)

     

    Caso não faça uso dos programas citados ou de alguns deles, o recomendado seria a desinstalação.

     

    Aguardo. :)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Tópico Arquivado

     

    Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

     

    CarlosTurco

    diego_moicano

     

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×