Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Davi Torobay

Análise de log - pc travando/ ip malicioso

Recommended Posts

Olá,

o meu pc está travando em momentos que navego na internet e/ou acesso os programas e pastas do mesmo.

Certa vez o computador acusou erro no boot do pc, e quando fiz a recuperação automática oferecida pelo Windows, o programa Advanced Care System indicou que o ip estava trocado e possivelmente malicioso e aceitei que ele configurasse automaticamente.

Além disso, usei o programa Malwarebyte para fazer uma análise e ele identificou o Yontoo que teoricamente já foi deletado, porém não vi diferença no uso do computador.

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
diego_moicano    472

Caro @Davi Torobay

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe Como Administrador

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Execute o jrt.exe Como Administrador

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Davi Torobay    0
  • Autor do tópico
  • Olá, só consegui cumprir o primeiro passo, pois, assim que executei o JRT.exe como administrador aparece a mensagem em anexo.

     

    Segue o log do AdwCleaner:

     

    # AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 13 11:51:46 2017
    # Updated on 2017/05/08 by Malwarebytes
    # Running on Windows 7 Home Premium (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    Deleted: AdAppMgrSvc


    ***** [ Folders ] *****

    Deleted: C:\IObit\Advanced SystemCare
    Deleted: C:\ProgramData\IObit\Advanced SystemCare
    Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare
    Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
    Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
    Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
    Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
    Deleted: C:\Users\All Users\IObit\Advanced SystemCare
    Deleted: C:\Users\Convidado\AppData\Roaming\IObit\Advanced SystemCare
    Deleted: C:\Users\Davi\AppData\Roaming\IObit\Advanced SystemCare
    Deleted: C:\Users\Todos os Usuários\IObit\Advanced SystemCare
    Deleted: C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
    Deleted: C:\Users\Davi\AppData\Roaming\QuickStoresToolbar
    Deleted: C:\ProgramData\IObit\ASCDownloader
    Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
    Deleted: C:\Users\All Users\IObit\ASCDownloader
    Deleted: C:\Users\Todos os Usuários\IObit\ASCDownloader
    Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
    Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AskToolbar
    Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AskToolbar
    Deleted: C:\ProgramData\Tarma Installer
    Deleted: C:\ProgramData\Application Data\Tarma Installer
    Deleted: C:\Users\All Users\Tarma Installer
    Deleted: C:\Users\Todos os Usuários\Tarma Installer
    Deleted: C:\Users\Davi\AppData\Local\apn
    Deleted: C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
    Deleted: C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
    Deleted: C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}


    ***** [ Files ] *****

    Deleted: C:\Users\Davi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 9.lnk
    Deleted: C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\searchplugins\Askcom.xml
    Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
    Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml


    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks deleted.

    ***** [ Registry ] *****

    Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
    Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
    Deleted: [Key] - HKLM\SOFTWARE\PIP
    Deleted: [Key] - HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\PIP
    Deleted: [Key] - HKCU\Software\PIP
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
    Deleted: [Key] - HKLM\SOFTWARE\V9Software
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
    Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Deleted: [Value] - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Deleted: [Key] - HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
    Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar
    Deleted: [Key] - HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Softonic
    Deleted: [Key] - HKCU\Software\Softonic
    Deleted: [Key] - HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\InstallCore
    Deleted: [Key] - HKCU\Software\InstallCore


    ***** [ Firefox (and derivatives) ] *****

    SearchProvider deleted: websearch.ask.com - Ask.com


    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::TCP/IP settings cleared
    ::IE policies deleted
    ::Additional Actions: 0

    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [6780 B] - [2017/8/13 11:47:37]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

     

     

    Aguardo novas instruções. Gratidão!

    Abraços!

    jrt.JPG

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @Davi Torobay

     

    Ok... vamos seguir em frente! :)

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


    32 bit (x86) ou 64 bit (x64)

    • Clique com o botão direito e escolha Executar como Administrador;
    • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar;
    • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop);
    • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta;
    • Anexe o log Addition.txt.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Davi Torobay    0
  • Autor do tópico
  • Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 12-08-2017
    Executado por Davi (administrador) em DAVI-PC (14-08-2017 10:28:02)
    Executando a partir de C:\Users\Davi\Desktop
    Perfis Carregados: Davi (Perfis Disponíveis: Davi & Convidado)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: FF)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (Dropbox, Inc.) C:\Users\Davi\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Dropbox, Inc.) C:\Users\Davi\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Dropbox, Inc.) C:\Users\Davi\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.249.993.0.exe
    (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

    ==================== Registro (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
    HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [CSTDCMainController2014] => [X]
    HKLM-x32\...\Run: [CSTDCSolverServer2014] => [X]
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-11] (Dell)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil)
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2022688 2017-08-09] (IObit)
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {82e00990-d509-11e1-be86-f04da2d80e70} - E:\AutoRun.exe
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {82e009a2-d509-11e1-be86-f04da2d80e70} - E:\AutoRun.exe
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {989a0896-fe02-11e6-b71b-f04da2d80e70} - F:\Setup.exe
    HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Davi\AppData\Roaming\Copy\CopyAgent.exe"
    HKU\S-1-5-18\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2022688 2017-08-09] (IObit)
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil)
    Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-04-14]
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Nenhum Arquivo)
    Startup: C:\Users\Davi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-08-10]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Davi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-04-07]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Nenhum Arquivo)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-04-07]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Nenhum Arquivo)
    Startup: C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-04-07]
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Nenhum Arquivo)
    CHR HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Tcpip\Parameters: [DhcpNameServer] 187.36.192.38 187.36.192.43
    Tcpip\..\Interfaces\{03B4D17C-3B3D-442B-BF99-50E2143CBBF9}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{03B4D17C-3B3D-442B-BF99-50E2143CBBF9}: [DhcpNameServer] 187.36.192.38 187.36.192.43
    Tcpip\..\Interfaces\{9DF28F99-148E-413E-8A1A-8FC2B5E708C3}: [DhcpNameServer] 192.168.42.129

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oquefazernainternet.com/
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> DefaultScope {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL =
    SearchScopes: HKU\.DEFAULT -> {311B6EAC-21C4-4C1D-B77B-57E70F6D473F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=pt_US&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=4a3f1cb4-9a12-410c-aa95-cfbd28adee52&apn_sauid=34E34A9E-7478-4A70-96A9-14BD282199B4
    SearchScopes: HKU\.DEFAULT -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL =
    SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> DefaultScope {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL =
    SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL =
    SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {B8BCEE04-6600-484A-8E6E-3D79BA02941E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=4a3f1cb4-9a12-410c-aa95-cfbd28adee52&apn_sauid=34E34A9E-7478-4A70-96A9-14BD282199B4
    SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL =
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-16] (Oracle Corporation)
    BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Sem Nome -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> Nenhum Arquivo
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-16] (Oracle Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default [2017-08-14]
    FF user.js: detected! => C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\user.js [2016-08-07]
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\jwtv0n0d.default -> v9
    FF Homepage: Mozilla\Firefox\Profiles\jwtv0n0d.default -> www.google.com.br
    FF Session Restore: Mozilla\Firefox\Profiles\jwtv0n0d.default -> está habilitado.
    FF Extension: (Cookies Export/import) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\CookiesIE@yahoo.com.xpi [2016-05-01]
    FF Extension: (Beef Taco (Targeted Advertising Cookie Opt-Out)) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\john@velvetcache.org.xpi [2016-05-04]
    FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-05-28]
    FF Extension: (Adblock Plus) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
    FF Extension: (Peers) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\{dd7515c0-0820-4234-806b-74197fa5955c}.xpi [2016-05-04]
    FF Extension: (Greasemonkey) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-26]
    FF Extension: (QuickStores-Toolbar) - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de [2015-06-05] [não assinado]
    FF HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Davi\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
    FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Davi\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-12-19] [não assinado]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
    FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-01] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-16] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-13] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-13] (RealNetworks, Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Davi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
    FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Davi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: @talk.google.com/O1DPlugin -> C:\Users\Davi\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Davi\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Davi\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
    FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: gastecnologia.com.br/sf/cef -> C:\Users\Davi\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-19] (GAS Tecnologia)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-06-14] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-06-14] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-06-14] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-06-14] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-06-14] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-06-14] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-06-14] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Davi\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Davi\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2017-08-11] <==== ATENÇÃO (Aponta para arquivo *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2017-08-11] <==== ATENÇÃO

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Session Restore: Default -> está habilitado.
    CHR Profile: C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default [2017-08-13]
    CHR Extension: (Magic Actions for YouTube™) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-05-14]
    CHR Extension: (Google Drive) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (Documentos Google off-line) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
    CHR Extension: (Invite All Friends on Facebook) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2017-08-08]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-15]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
    CHR Extension: (Chrome Media Router) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
    CHR HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Davi\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-27]
    CHR HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Davi\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-06-25]
    CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\serach.crx <não encontrado (a)>
    CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx <não encontrado (a)>

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
    R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
    S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
    S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
    S4 CST License Manager; C:\Program Files (x86)\CST STUDIO SUITE 2014\License Manager\lmgrd.exe [1457528 2014-02-26] (Flexera Software LLC)
    S4 CST_DC_Main_Controller_2014; C:\Program Files (x86)\CST STUDIO SUITE 2014\DC Main Controller\CSTDCMainController.exe [2660696 2016-10-06] (CST AG) [Arquivo não assinado]
    S4 CST_DC_Solver_Server_2014; C:\Program Files (x86)\CST STUDIO SUITE 2014\DC Solver Server\CSTDCSolverServer.exe [4073816 2014-02-26] (CST AG)
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia)
    S4 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-01-11] (SafeNet Inc.)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
    S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
    S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
    S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2011-07-07] ()
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
    R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [Arquivo não assinado]

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-08-14] (GAS Tecnologia)
    R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-08-26] (GAS Tecnologia)
    S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
    R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia)
    R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.)
    S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))
    R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)
    R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206416 2016-11-21] (Oracle Corporation)
    R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-08-26] (GAS Tecnologia LTDA)
    S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-07-25] (GAS Tecnologia)
    R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-11-11] (GAS Tecnologia)
    S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-11-11] (GAS Tecnologia)
    S3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-11] (GAS Tecnologia)

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Três Meses Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-08-14 10:28 - 2017-08-14 10:31 - 000026547 _____ C:\Users\Davi\Desktop\FRST.txt
    2017-08-14 10:27 - 2017-08-14 10:28 - 000000000 ____D C:\FRST
    2017-08-14 10:25 - 2017-08-14 10:25 - 002395648 _____ (Farbar) C:\Users\Davi\Desktop\FRST64.exe
    2017-08-13 10:28 - 2017-08-13 10:28 - 000000832 _____ C:\Users\Davi\Desktop\ZHPCleaner.lnk
    2017-08-13 10:28 - 2017-08-13 10:28 - 000000000 ____D C:\Users\Davi\AppData\Roaming\ZHP
    2017-08-13 10:28 - 2017-08-13 10:28 - 000000000 ____D C:\Users\Davi\AppData\Local\ZHP
    2017-08-13 09:38 - 2017-07-29 11:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2017-08-13 09:38 - 2017-07-21 11:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
    2017-08-13 09:38 - 2017-07-21 11:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
    2017-08-13 09:38 - 2017-07-21 11:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
    2017-08-13 09:38 - 2017-07-21 11:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
    2017-08-13 09:38 - 2017-07-15 15:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-08-13 09:38 - 2017-07-15 14:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2017-08-13 09:38 - 2017-07-14 12:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
    2017-08-13 09:38 - 2017-07-14 12:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2017-08-13 09:38 - 2017-07-14 12:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2017-08-13 09:38 - 2017-07-14 12:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2017-08-13 09:38 - 2017-07-14 12:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2017-08-13 09:38 - 2017-07-14 12:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2017-08-13 09:38 - 2017-07-14 12:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
    2017-08-13 09:38 - 2017-07-14 12:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2017-08-13 09:38 - 2017-07-14 12:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2017-08-13 09:38 - 2017-07-14 12:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2017-08-13 09:38 - 2017-07-14 12:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2017-08-13 09:38 - 2017-07-14 12:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
    2017-08-13 09:38 - 2017-07-14 12:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
    2017-08-13 09:38 - 2017-07-14 12:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2017-08-13 09:38 - 2017-07-14 12:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2017-08-13 09:38 - 2017-07-14 12:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2017-08-13 09:38 - 2017-07-14 11:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2017-08-13 09:38 - 2017-07-14 11:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2017-08-13 09:38 - 2017-07-14 11:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2017-08-13 09:38 - 2017-07-14 11:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2017-08-13 09:38 - 2017-07-14 11:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2017-08-13 09:38 - 2017-07-14 04:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-08-13 09:38 - 2017-07-14 04:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-08-13 09:38 - 2017-07-14 03:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-08-13 09:38 - 2017-07-14 03:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-08-13 09:38 - 2017-07-14 03:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-08-13 09:38 - 2017-07-14 03:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-08-13 09:38 - 2017-07-14 03:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-08-13 09:38 - 2017-07-14 03:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-08-13 09:38 - 2017-07-14 03:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-08-13 09:38 - 2017-07-14 03:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-08-13 09:38 - 2017-07-14 03:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-08-13 09:38 - 2017-07-14 03:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-08-13 09:38 - 2017-07-14 03:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-08-13 09:38 - 2017-07-14 03:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-08-13 09:38 - 2017-07-14 03:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-08-13 09:38 - 2017-07-14 03:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-08-13 09:38 - 2017-07-14 03:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-08-13 09:38 - 2017-07-14 03:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-08-13 09:38 - 2017-07-14 02:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-08-13 09:38 - 2017-07-14 02:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-08-13 09:38 - 2017-07-14 02:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-08-13 09:38 - 2017-07-14 02:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-08-13 09:38 - 2017-07-14 02:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-08-13 09:38 - 2017-07-14 02:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-08-13 09:38 - 2017-07-14 02:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-08-13 09:38 - 2017-07-14 02:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-08-13 09:38 - 2017-07-14 02:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-08-13 09:38 - 2017-07-14 02:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-08-13 09:38 - 2017-07-14 02:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-08-13 09:38 - 2017-07-14 02:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-08-13 09:38 - 2017-07-14 02:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-08-13 09:38 - 2017-07-14 01:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-08-13 09:38 - 2017-07-14 01:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-08-13 09:38 - 2017-07-14 01:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-08-13 09:38 - 2017-07-14 00:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-08-13 09:38 - 2017-07-14 00:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-08-13 09:38 - 2017-07-13 23:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-08-13 09:38 - 2017-07-13 23:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-08-13 09:38 - 2017-07-13 23:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-08-13 09:38 - 2017-07-13 23:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-08-13 09:38 - 2017-07-13 23:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-08-13 09:38 - 2017-07-13 23:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-08-13 09:38 - 2017-07-13 23:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-08-13 09:38 - 2017-07-13 23:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-08-13 09:38 - 2017-07-13 23:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-08-13 09:38 - 2017-07-13 23:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-08-13 09:38 - 2017-07-13 23:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-08-13 09:38 - 2017-07-13 23:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-08-13 09:38 - 2017-07-13 23:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-08-13 09:38 - 2017-07-13 23:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-08-13 09:38 - 2017-07-13 23:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-08-13 09:38 - 2017-07-13 23:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-08-13 09:38 - 2017-07-13 23:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-08-13 09:38 - 2017-07-13 23:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-08-13 09:38 - 2017-07-13 23:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-08-13 09:38 - 2017-07-13 23:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-08-13 09:38 - 2017-07-13 23:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-08-13 09:38 - 2017-07-13 23:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-08-13 09:38 - 2017-07-13 23:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-08-13 09:38 - 2017-07-13 23:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-08-13 09:38 - 2017-07-13 23:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-08-13 09:38 - 2017-07-13 23:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-08-13 09:38 - 2017-07-13 23:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-08-13 09:38 - 2017-07-13 22:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-08-13 09:38 - 2017-07-13 22:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-08-13 09:38 - 2017-07-13 22:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-08-13 09:38 - 2017-07-08 12:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2017-08-13 09:38 - 2017-07-08 12:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-08-13 09:38 - 2017-07-07 12:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-08-13 09:38 - 2017-07-07 12:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-08-13 09:38 - 2017-07-07 12:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-08-13 09:38 - 2017-07-07 12:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
    2017-08-13 09:38 - 2017-07-07 12:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-08-13 09:38 - 2017-07-07 12:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-08-13 09:38 - 2017-07-07 12:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-08-13 09:38 - 2017-07-07 12:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-08-13 09:38 - 2017-07-07 12:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-08-13 09:38 - 2017-07-07 12:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 12:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-08-13 09:38 - 2017-07-07 12:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-08-13 09:38 - 2017-07-07 12:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-08-13 09:38 - 2017-07-07 12:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-08-13 09:38 - 2017-07-07 11:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-08-13 09:38 - 2017-07-07 11:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-08-13 09:38 - 2017-07-07 11:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-08-13 09:38 - 2017-07-07 11:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-08-13 09:38 - 2017-07-07 11:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-08-13 09:38 - 2017-07-07 11:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-08-13 09:38 - 2017-07-07 11:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-08-13 09:38 - 2017-07-07 11:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-08-13 09:38 - 2017-07-07 11:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-08-13 09:38 - 2017-07-07 11:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-08-13 09:38 - 2017-07-07 11:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-08-13 09:38 - 2017-07-07 11:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-08-13 09:38 - 2017-07-07 11:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-08-13 09:38 - 2017-07-07 11:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 11:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 11:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-07 11:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
    2017-08-13 09:38 - 2017-07-01 10:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
    2017-08-13 08:52 - 2017-08-14 10:26 - 000002431 _____ C:\Users\Davi\Desktop\av.txt
    2017-08-13 08:43 - 2017-08-13 10:35 - 000000000 ____D C:\AdwCleaner
    2017-08-13 08:41 - 2017-08-13 08:41 - 002852224 _____ C:\Users\Davi\Desktop\ZHPCleaner.exe
    2017-08-13 08:40 - 2017-08-13 08:40 - 008185288 _____ (Malwarebytes) C:\Users\Davi\Desktop\adwcleaner_7.0.1.0.exe
    2017-08-13 08:40 - 2017-08-13 08:40 - 001790024 _____ (Malwarebytes) C:\Users\Davi\Desktop\JRT.exe
    2017-08-13 08:02 - 2017-08-13 08:02 - 000110567 _____ C:\Users\Davi\Desktop\Currículo Davi Torobay - Superkids.pdf
    2017-08-10 22:19 - 2017-08-10 22:19 - 000000000 ____D C:\Users\Davi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-08-10 08:26 - 2017-08-10 08:50 - 000000000 ____D C:\zoek_backup
    2017-08-10 07:20 - 2017-08-10 07:20 - 039608320 _____ C:\Users\Davi\Desktop\install_virtualdj_pc_v8.2.3798.msi
    2017-08-09 19:00 - 2017-08-09 19:02 - 000000000 ____D C:\Users\Davi\Desktop\RPPN Reluz
    2017-08-09 17:14 - 2017-07-21 16:10 - 002620394 _____ C:\Users\Davi\Desktop\V2 - Palestra - Como usar o Facebook e Google para aumentar as vendas - UÌNICO AgeÌ‚ncia Digital.pdf
    2017-08-09 16:48 - 2017-08-09 16:48 - 000109738 _____ C:\Users\Davi\Desktop\Currículo Davi Torobay - engenharia.pdf
    2017-08-09 16:46 - 2017-08-09 16:46 - 000109497 _____ C:\Users\Davi\Desktop\Currículo Davi Torobay - trainee engenharia.pdf
    2017-08-08 20:48 - 2017-08-08 20:48 - 000309806 _____ C:\Users\Davi\Desktop\Historico_parcial (1).pdf
    2017-08-07 22:43 - 2017-08-07 22:43 - 000000000 ____D C:\Users\Davi\Documents\11. Concursos
    2017-08-05 17:22 - 2017-08-05 17:22 - 000000666 _____ C:\Users\Davi\Desktop\transferencia 12,72 pro André.txt
    2017-08-01 21:10 - 2017-08-01 21:10 - 000000293 _____ C:\Users\Davi\Desktop\Aliança de noivado.txt
    2017-07-31 17:09 - 2017-07-31 17:09 - 000190644 _____ C:\Users\Davi\Desktop\edital_n56_2017_ufes_dou_s3_p53-56.pdf
    2017-07-29 19:04 - 2017-07-29 19:04 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2017-07-29 19:04 - 2017-07-29 19:04 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2017-07-29 19:04 - 2017-07-29 19:04 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-07-29 19:04 - 2017-07-29 19:04 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2017-07-29 19:04 - 2017-07-29 19:04 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
    2017-07-29 19:04 - 2017-07-29 19:04 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
    2017-07-29 19:04 - 2017-07-29 19:04 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
    2017-07-29 19:04 - 2017-07-29 19:04 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2017-07-29 19:04 - 2017-07-29 19:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
    2017-07-29 19:04 - 2017-07-29 19:04 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2017-07-29 19:04 - 2017-07-29 19:04 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-07-29 19:04 - 2017-07-29 19:04 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
    2017-07-29 19:04 - 2017-07-29 19:04 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
    2017-07-29 19:04 - 2017-07-29 19:04 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
    2017-07-29 19:04 - 2017-07-29 19:04 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
    2017-07-29 19:04 - 2017-07-29 19:04 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-07-29 19:04 - 2017-07-29 19:04 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-07-24 13:37 - 2017-08-13 10:43 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDavi
    2017-07-24 13:37 - 2017-08-13 10:43 - 000000328 _____ C:\Windows\Tasks\HPCeeScheduleForDavi.job
    2017-07-21 13:29 - 2017-07-25 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visustin
    2017-07-17 19:07 - 2017-07-17 19:20 - 332246760 _____ C:\Users\Davi\Downloads\Black.Mirror.S03E01.WebRip.x264-FS.mp4
    2017-07-09 18:54 - 2017-07-09 18:54 - 000000000 ____D C:\Users\Davi\Downloads\Miles Davis
    2017-07-09 18:40 - 2017-07-09 19:01 - 000000000 ____D C:\Users\Davi\Downloads\T2.Trainspotting.2017.HDRip.XviD.AC3-EVO[SN]
    2017-07-08 15:51 - 2017-07-08 15:51 - 000109558 _____ C:\Users\Davi\Desktop\Currículo Davi Torobay - técnico.pdf
    2017-07-06 10:35 - 2017-05-10 12:29 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-07-06 10:35 - 2017-05-10 12:14 - 002651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-07-06 10:35 - 2017-04-27 19:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
    2017-07-06 10:35 - 2017-04-12 10:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
    2017-07-06 10:34 - 2017-06-02 05:10 - 000733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
    2017-07-06 10:34 - 2017-05-12 15:26 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-07-06 10:34 - 2017-05-12 15:22 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-07-06 10:34 - 2017-05-12 15:22 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-07-06 10:34 - 2017-05-12 15:22 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-07-06 10:34 - 2017-05-12 15:22 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-07-06 10:34 - 2017-05-12 15:22 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-07-06 10:34 - 2017-05-12 15:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-07-06 10:34 - 2017-05-12 15:07 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-07-06 10:34 - 2017-05-12 15:03 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-07-06 10:34 - 2017-05-12 15:03 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-07-06 10:34 - 2017-05-12 15:03 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-07-06 10:34 - 2017-05-12 15:03 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-07-06 10:34 - 2017-05-12 15:03 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-07-06 10:34 - 2017-05-12 14:43 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-07-06 10:34 - 2017-05-12 13:25 - 001251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2017-07-06 10:34 - 2017-05-12 12:58 - 001648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-07-06 10:34 - 2017-05-12 12:58 - 001180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-07-06 10:34 - 2017-05-10 12:33 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
    2017-07-06 10:34 - 2017-05-10 12:29 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-07-06 10:34 - 2017-05-10 12:29 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-07-06 10:34 - 2017-05-10 12:29 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-07-06 10:34 - 2017-05-10 12:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-07-06 10:34 - 2017-05-10 12:16 - 000091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
    2017-07-06 10:34 - 2017-05-10 12:13 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-07-06 10:34 - 2017-05-10 12:13 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-07-06 10:34 - 2017-05-10 12:13 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-07-06 10:34 - 2017-05-10 12:13 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-07-06 10:34 - 2017-05-10 12:13 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-07-06 10:34 - 2017-05-10 12:13 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-07-06 10:34 - 2017-05-10 12:12 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-07-06 10:34 - 2017-05-10 12:12 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-07-06 10:34 - 2017-05-10 12:00 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-07-06 10:34 - 2017-05-10 12:00 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-07-06 10:34 - 2017-05-10 12:00 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-07-06 10:34 - 2017-05-10 12:00 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-07-06 10:34 - 2017-05-09 12:30 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-07-06 10:34 - 2017-05-09 12:29 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2017-07-06 10:34 - 2017-05-09 12:11 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-07-06 10:34 - 2017-05-07 12:33 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2017-07-06 10:34 - 2017-05-07 12:29 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2017-07-06 10:34 - 2017-03-30 12:03 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
    2017-07-06 10:34 - 2017-03-30 11:58 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    2017-07-04 13:56 - 2017-07-04 13:56 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignf9e9ad2d1cec162e
    2017-07-04 13:56 - 2017-07-04 13:56 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignf2aa15e374eb4fa9
    2017-07-04 13:56 - 2017-07-04 13:56 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign58bdf747a2c3ad7d
    2017-07-04 13:56 - 2017-07-04 13:56 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign32b872a1e5d260ec
    2017-07-04 12:44 - 2017-07-04 12:44 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigncba308f8f727df18
    2017-07-04 12:43 - 2017-07-04 12:43 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign57908f0a97968d9e
    2017-07-04 12:42 - 2017-07-04 12:42 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7eba2c748a174df1
    2017-07-04 12:42 - 2017-07-04 12:42 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign56dd7bb60938a8e9
    2017-07-04 11:37 - 2017-07-04 11:37 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignb0fdeea2869c0b19
    2017-07-04 11:37 - 2017-07-04 11:37 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign654135f2f7182417
    2017-07-04 11:37 - 2017-07-04 11:37 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign54efacf6d6b0ad33
    2017-07-04 11:04 - 2017-07-04 11:04 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7d9c26b63faebcd9
    2017-07-04 10:34 - 2017-07-04 10:34 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign83805354e55dccd2
    2017-07-04 10:33 - 2017-07-04 10:33 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignc1fbb3da8f972c9f
    2017-07-04 10:33 - 2017-07-04 10:33 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign4ae3df81bbde7e19
    2017-07-03 21:43 - 2017-07-03 21:43 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign87a6bd5889d27328
    2017-07-03 21:43 - 2017-07-03 21:43 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign76da94e37c686815
    2017-07-03 21:43 - 2017-07-03 21:43 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign4f76bcf9f700a585
    2017-07-03 20:54 - 2017-07-03 20:54 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignf95fc6f2cc869ce6
    2017-07-03 19:08 - 2017-07-03 19:08 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1a138d3f80f5387a
    2017-07-03 19:07 - 2017-07-03 19:07 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignfad754897f5f650b
    2017-07-03 19:07 - 2017-07-03 19:07 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign29d2b2258d0e03f2
    2017-07-03 15:48 - 2017-07-03 15:48 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignabcafac19744b720
    2017-07-03 15:47 - 2017-07-03 15:47 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignd5fc16d1ff797ece
    2017-07-03 15:47 - 2017-07-03 15:47 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7ee7a8c170c857b5
    2017-07-03 15:47 - 2017-07-03 15:47 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign6350b978ee13285f
    2017-07-03 12:37 - 2017-07-25 16:28 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2017-07-03 12:37 - 2017-07-04 14:10 - 000000000 ____D C:\Users\Davi\AppData\Roaming\TeamViewer
    2017-07-03 12:37 - 2017-07-03 12:37 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-07-01 22:48 - 2017-07-01 22:48 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign712cf2f6ba5842a4
    2017-07-01 22:48 - 2017-07-01 22:48 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign404f3f16b487b18e
    2017-07-01 22:48 - 2017-07-01 22:48 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign0c1241152e8d6530
    2017-07-01 21:14 - 2017-07-01 21:14 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigne246091c5e1a87b0
    2017-07-01 21:12 - 2017-07-01 21:12 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7325499d5a2f1ebf
    2017-07-01 21:11 - 2017-07-01 21:11 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign451214967acf6de8
    2017-07-01 21:11 - 2017-07-01 21:11 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign09b150e41b117d67
    2017-06-27 11:34 - 2017-08-08 06:36 - 000020530 _____ C:\Users\Davi\Desktop\Notas das disciplinas.xlsx
    2017-06-26 15:42 - 2017-06-26 15:42 - 000000185 _____ C:\Users\Davi\Desktop\problema de conexão do notebook.txt
    2017-06-19 19:49 - 2017-06-19 20:00 - 000000000 ____D C:\Users\Davi\Downloads\What the Health (2017)720p.WebRip.H264.AAC Subs[SN]
    2017-06-19 19:48 - 2017-07-17 23:30 - 000000000 ____D C:\Users\Davi\AppData\Roaming\qBittorrent
    2017-06-19 19:47 - 2017-06-19 19:48 - 000000000 ____D C:\Users\Davi\AppData\Local\qBittorrent
    2017-06-17 17:21 - 2017-06-17 17:21 - 000000117 _____ C:\Users\Davi\Documents\acad.err
    2017-06-08 22:52 - 2017-06-08 22:52 - 000001532 _____ C:\Users\Davi\Desktop\linguiça caseira.txt
    2017-06-08 11:10 - 2017-06-08 11:10 - 000095905 _____ C:\Users\Davi\Documents\Tratamento e procedimentos- seminario integrada marina.pptx
    2017-06-07 16:14 - 2017-06-07 16:14 - 000000000 ____D C:\Users\Davi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-06-07 16:14 - 2017-06-07 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-06-04 21:10 - 2017-06-04 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
    2017-06-04 21:09 - 2017-06-04 21:10 - 000000000 ____D C:\Program Files\qBittorrent
    2017-05-24 14:05 - 2017-05-24 14:05 - 000000000 ____D C:\Users\Davi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
    2017-05-24 14:04 - 2017-05-24 14:05 - 000000000 ____D C:\Program Files (x86)\Texmaker
    2017-05-21 22:33 - 2017-05-21 22:33 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign6428e38eec9f74cf
    2017-05-21 22:33 - 2017-05-21 22:33 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign2b8d158b8bbe5d7a
    2017-05-21 22:33 - 2017-05-21 22:33 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign20fb273924f49945
    2017-05-21 21:41 - 2017-05-21 21:41 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign8c6e27f9ca9d0808
    2017-05-21 21:40 - 2017-05-21 21:40 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign228ab11c0d130c3f
    2017-05-21 21:39 - 2017-05-21 21:39 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignf49881ab3e04da38
    2017-05-21 21:39 - 2017-05-21 21:39 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignc8f9dd4c70876c82
    2017-05-21 18:35 - 2017-05-21 18:35 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign2b152f77bacc7ae9
    2017-05-21 18:35 - 2017-05-21 18:35 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign11925d69e06cb087
    2017-05-21 18:34 - 2017-05-21 18:34 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign90b76e7935b167d2
    2017-05-21 18:34 - 2017-05-21 18:34 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign489202bed865e575
    2017-05-21 00:28 - 2017-05-21 00:28 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignfb4c8939dd8040ee
    2017-05-21 00:28 - 2017-05-21 00:28 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1fcced55280963f0
    2017-05-21 00:28 - 2017-05-21 00:28 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign003fe475a1f97987
    2017-05-20 23:40 - 2017-05-20 23:40 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigneb89c8078df8e9db
    2017-05-20 23:40 - 2017-05-20 23:40 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1fb7ab2d4357f10c
    2017-05-20 23:38 - 2017-05-20 23:38 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigndd4eff5b4ef99cae
    2017-05-20 23:38 - 2017-05-20 23:38 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign2df3a70ace2bd624
    2017-05-20 16:41 - 2017-05-20 16:41 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigne24a97df4a829a01
    2017-05-20 16:36 - 2017-05-20 16:36 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignd9b7b2b27c850838
    2017-05-20 16:36 - 2017-05-20 16:36 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign8cb3f94d118a7635
    2017-05-20 16:36 - 2017-05-20 16:36 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7dd904b72d4b7df9
    2017-05-20 14:01 - 2017-05-20 14:01 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign6c710039405edeb8
    2017-05-20 14:00 - 2017-05-20 14:00 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign09e277308b9763a8
    2017-05-20 13:59 - 2017-05-20 13:59 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignddb36b4ff7e2487a
    2017-05-20 13:59 - 2017-05-20 13:59 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign2bf451820b700a4c
    2017-05-20 12:14 - 2017-05-20 12:14 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign49695ecb1b3bd967
    2017-05-20 12:10 - 2017-05-20 12:10 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign69819856b72d33d5
    2017-05-20 12:10 - 2017-05-20 12:10 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign3d42113744bcdfb9
    2017-05-20 12:10 - 2017-05-20 12:10 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1cc5f0c10c8f5a64
    2017-05-20 10:44 - 2017-05-20 10:44 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign637ef6e50ba34902
    2017-05-20 10:42 - 2017-05-20 10:42 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignb9941492cc934495
    2017-05-20 10:20 - 2017-05-20 10:20 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign20767a89704ddbab
    2017-05-20 10:19 - 2017-05-20 10:19 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignd9dc2627d31a9597
    2017-05-20 10:19 - 2017-05-20 10:19 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign0b3307c55b48826f
    2017-05-20 10:18 - 2017-05-20 10:18 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignc330b05b04059fcb
    2017-05-20 10:17 - 2017-05-20 10:17 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign697d6f2fa662d5aa
    2017-05-20 10:17 - 2017-05-20 10:17 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign45d987737fe0f73c
    2017-05-20 09:46 - 2017-07-04 15:45 - 000000000 ____D C:\Users\Davi\Desktop\Backup No Rep Photo
    2017-05-19 22:48 - 2017-05-19 22:48 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign74d839cc3572a39d
    2017-05-19 22:47 - 2017-05-19 22:47 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignc78176a7e83e3a48
    2017-05-19 22:45 - 2017-05-19 22:45 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigna5f203458895f108
    2017-05-19 22:44 - 2017-05-19 22:44 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign61e3b375ae1a0647
    2017-05-19 22:44 - 2017-05-19 22:44 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign5d4a9ae3e674c016
    2017-05-19 19:58 - 2017-05-19 19:58 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign2d91ff1bcc497da9
    2017-05-19 19:57 - 2017-05-19 19:57 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1b12e9afe8f03083
    2017-05-19 19:55 - 2017-05-19 19:55 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignf6f9dc3b7f9292a6
    2017-05-19 19:55 - 2017-05-19 19:55 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign65386ba52637c2b2
    2017-05-19 19:06 - 2017-05-19 19:06 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigne85256340b440035
    2017-05-19 19:06 - 2017-05-19 19:06 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7d5d78c62ce70e91
    2017-05-19 19:06 - 2017-05-19 19:06 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign5267423e9f77b80c
    2017-05-19 18:40 - 2017-05-19 18:40 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign9fafcf7429311bd2
    2017-05-19 17:13 - 2017-05-19 17:13 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign201396c1c76354af
    2017-05-19 17:12 - 2017-05-19 17:12 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignd6327fc2f321794a
    2017-05-19 17:12 - 2017-05-19 17:12 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign8961c3a8858b142f
    2017-05-18 22:34 - 2017-05-18 22:34 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign42e7f00e6f8f32fa
    2017-05-18 16:52 - 2017-05-18 16:52 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigna430bc105e63cb7f
    2017-05-18 16:52 - 2017-05-18 16:52 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign99532f193004a737
    2017-05-18 16:52 - 2017-05-18 16:52 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign71394c97fd5d20b1
    2017-05-18 16:43 - 2017-05-18 16:43 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1e49addcf799d4a0
    2017-05-18 16:32 - 2017-05-18 16:32 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign70f95bbd3fa13ca1
    2017-05-18 16:31 - 2017-05-18 16:31 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigndb1f459d1591b5c0
    2017-05-18 16:30 - 2017-05-18 16:30 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign90102e0955fbbe13
    2017-05-18 16:30 - 2017-05-18 16:30 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign3267606b4c3c7506

    ==================== Três Meses Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-08-14 10:30 - 2009-07-14 01:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-08-14 10:30 - 2009-07-14 01:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-08-14 10:26 - 2016-11-17 16:49 - 000000000 ____D C:\Users\Davi\AppData\LocalLow\Mozilla
    2017-08-14 10:19 - 2015-06-17 19:54 - 000001026 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-453046077-1574525704-2639514093-1001UA.job
    2017-08-14 10:12 - 2014-01-17 08:20 - 000000000 ____D C:\Users\Davi\AppData\Local\Adobe
    2017-08-14 10:11 - 2011-04-23 10:52 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin
    2017-08-14 10:11 - 2011-04-23 10:52 - 000000000 ____D C:\ProgramData\GbPlugin
    2017-08-14 10:10 - 2015-08-29 14:43 - 000028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
    2017-08-14 10:10 - 2011-04-23 10:52 - 000000000 ____D C:\Program Files (x86)\GbPlugin
    2017-08-14 10:09 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-08-13 23:37 - 2009-07-14 14:55 - 000706024 _____ C:\Windows\system32\prfh0416.dat
    2017-08-13 23:37 - 2009-07-14 14:55 - 000147864 _____ C:\Windows\system32\prfc0416.dat
    2017-08-13 23:37 - 2009-07-14 02:13 - 001635898 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-08-13 23:37 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
    2017-08-13 23:35 - 2012-10-13 01:53 - 000000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453046077-1574525704-2639514093-1001UA.job
    2017-08-13 10:44 - 2013-05-07 09:59 - 000000000 ____D C:\Users\Davi\AppData\LocalLow\IObit
    2017-08-13 10:38 - 2012-01-03 14:04 - 000000000 ____D C:\Users\Davi\AppData\Roaming\IObit
    2017-08-13 10:37 - 2012-01-04 08:43 - 000000000 ____D C:\Users\Todos os Usuários\IObit
    2017-08-13 10:37 - 2012-01-04 08:43 - 000000000 ____D C:\ProgramData\IObit
    2017-08-13 09:56 - 2009-07-14 01:45 - 000513768 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-08-13 09:45 - 2011-04-17 12:36 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
    2017-08-13 09:45 - 2009-07-13 23:34 - 000000510 _____ C:\Windows\win.ini
    2017-08-13 09:13 - 2016-11-09 21:25 - 000003534 _____ C:\Users\Davi\Desktop\Baixar e gravar.txt
    2017-08-13 08:52 - 2017-02-13 18:52 - 000001655 _____ C:\Users\Davi\Desktop\LEMBRETES URGENTES.txt
    2017-08-13 08:51 - 2012-04-03 10:55 - 000000000 ____D C:\Users\Convidado\AppData\Roaming\IObit
    2017-08-13 08:49 - 2013-12-26 09:21 - 000000000 ____D C:\IObit
    2017-08-13 07:16 - 2015-06-17 19:54 - 000000974 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-453046077-1574525704-2639514093-1001Core.job
    2017-08-10 22:19 - 2011-04-14 17:46 - 000000000 ____D C:\Users\Davi\AppData\Roaming\Dropbox
    2017-08-09 17:22 - 2011-04-15 09:32 - 000000000 ____D C:\Users\Davi\Documents\0. Documentos pessoais
    2017-08-09 16:23 - 2016-03-26 17:07 - 000002900 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Davi
    2017-08-09 08:47 - 2012-08-03 15:34 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-08-09 08:47 - 2012-08-03 15:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-08-09 08:47 - 2011-11-16 19:01 - 000000000 ____D C:\Windows\system32\Macromed
    2017-08-09 08:46 - 2011-04-07 19:49 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2017-08-08 18:31 - 2017-02-06 17:11 - 000041984 ___SH C:\Users\Davi\Downloads\Thumbs.db
    2017-08-07 22:48 - 2011-04-15 09:52 - 000000000 ____D C:\Users\Davi\Documents\6. Viagens
    2017-08-07 22:06 - 2012-06-15 20:43 - 000002384 _____ C:\Users\Davi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-06 15:57 - 2017-04-19 15:19 - 000009959 _____ C:\Users\Davi\Desktop\dívida Marina.xlsx
    2017-08-04 18:44 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
    2017-08-02 13:48 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\rescache
    2017-07-29 19:30 - 2014-09-04 22:58 - 000000000 ____D C:\Users\Todos os Usuários\Temp
    2017-07-29 19:30 - 2014-09-04 22:58 - 000000000 ____D C:\ProgramData\Temp
    2017-07-29 18:35 - 2011-06-07 18:07 - 000000000 ____D C:\Program Files (x86)\Google
    2017-07-28 13:03 - 2015-11-08 16:52 - 000000000 ____D C:\frasm
    2017-07-25 10:58 - 2017-01-11 17:46 - 000028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
    2017-07-25 10:34 - 2011-04-14 10:01 - 000000000 ____D C:\Users\Davi
    2017-07-25 10:28 - 2017-01-29 11:06 - 000000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
    2017-07-25 10:28 - 2011-04-19 14:08 - 000000000 ____D C:\Users\Davi\AppData\Roaming\Winamp
    2017-07-25 10:28 - 2011-04-14 18:25 - 000000000 ____D C:\Users\Convidado
    2017-07-25 10:28 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\registration
    2017-07-22 15:47 - 2011-04-14 10:07 - 000000000 ____D C:\Users\Davi\AppData\Local\VirtualStore
    2017-07-22 15:06 - 2012-10-13 01:53 - 000000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453046077-1574525704-2639514093-1001Core.job
    2017-07-21 19:18 - 2013-04-01 09:13 - 000000000 ____D C:\Users\Davi\AppData\Roaming\HpUpdate
    2017-07-21 19:00 - 2009-07-14 02:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-07-21 13:29 - 2017-04-24 11:41 - 000263824 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
    2017-07-21 13:29 - 2017-04-24 11:40 - 000087200 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
    2017-07-17 13:44 - 2013-10-27 17:40 - 000000000 ___RD C:\Users\Davi\Google Drive
    2017-07-16 10:51 - 2015-05-11 23:06 - 000001769 _____ C:\Users\Davi\Desktop\LEMBRETES.txt
    2017-07-16 10:49 - 2014-02-06 22:06 - 000000000 ____D C:\Users\Davi\Desktop\provisório 1

    ==================== Arquivos na raiz de alguns diretórios =======

    2011-04-17 14:09 - 2011-03-02 12:40 - 000098816 _____ () C:\Program Files (x86)\Default.SFX
    2011-04-17 14:09 - 2011-03-02 12:40 - 000128000 _____ () C:\Program Files (x86)\Default64.SFX
    2011-04-17 14:09 - 2006-09-18 20:13 - 000001063 _____ () C:\Program Files (x86)\Descript.ion
    2011-04-17 14:09 - 2011-03-02 12:38 - 000000496 _____ () C:\Program Files (x86)\File_Id.diz
    2011-04-17 14:09 - 2010-09-28 11:23 - 000007019 _____ () C:\Program Files (x86)\License.txt
    2011-04-17 14:09 - 2010-11-25 13:15 - 000003266 _____ () C:\Program Files (x86)\Order.htm
    2011-04-17 14:09 - 2011-03-02 12:39 - 000417792 _____ () C:\Program Files (x86)\Rar.exe
    2011-04-17 14:09 - 2011-02-22 16:57 - 000078667 _____ () C:\Program Files (x86)\Rar.txt
    2011-04-17 14:09 - 2010-11-26 18:23 - 000001233 _____ () C:\Program Files (x86)\RarFiles.lst
    2011-04-17 14:09 - 2011-04-17 14:09 - 000000020 _____ () C:\Program Files (x86)\rarnew.dat
    2011-04-17 14:09 - 2011-01-23 14:41 - 000001411 _____ () C:\Program Files (x86)\ReadMe.txt
    2012-12-18 18:44 - 2012-12-18 18:44 - 012729856 _____ () C:\Program Files (x86)\Setup_TeighaFileConverter_3.8.1.msi
    2011-04-17 14:09 - 2010-12-01 17:26 - 000009234 _____ () C:\Program Files (x86)\TechNote.txt
    2011-04-17 14:09 - 2011-03-02 12:41 - 000132608 _____ () C:\Program Files (x86)\Uninstall.exe
    2011-04-17 14:09 - 2011-03-02 12:41 - 000000700 _____ () C:\Program Files (x86)\Uninstall.lst
    2011-04-17 14:09 - 2011-03-02 12:39 - 000276992 _____ () C:\Program Files (x86)\UnRAR.exe
    2011-04-17 14:09 - 2005-05-12 17:02 - 000000090 _____ () C:\Program Files (x86)\UnrarSrc.txt
    2011-04-17 14:09 - 2011-03-01 12:28 - 000022081 _____ () C:\Program Files (x86)\WhatsNew.txt
    2011-04-17 14:09 - 2011-03-02 12:39 - 000072704 _____ () C:\Program Files (x86)\WinCon.SFX
    2011-04-17 14:09 - 2011-03-02 12:39 - 000094720 _____ () C:\Program Files (x86)\WinCon64.SFX
    2011-04-17 14:09 - 2011-03-02 12:41 - 000266224 _____ () C:\Program Files (x86)\WinRAR.chm
    2011-04-17 14:09 - 2011-03-02 12:39 - 001163264 _____ () C:\Program Files (x86)\WinRAR.exe
    2011-04-17 14:09 - 2011-03-02 12:40 - 000078336 _____ () C:\Program Files (x86)\Zip.SFX
    2011-04-17 14:09 - 2011-03-02 12:40 - 000097792 _____ () C:\Program Files (x86)\Zip64.SFX
    2011-04-17 14:09 - 2011-04-17 14:09 - 000000022 _____ () C:\Program Files (x86)\zipnew.dat
    2012-06-07 17:59 - 2012-06-07 17:59 - 000000055 _____ () C:\Users\Davi\AppData\Roaming\pcouffin.log
    2012-03-18 22:25 - 2012-05-08 17:31 - 000000363 _____ () C:\Users\Davi\AppData\Roaming\Solve Elec 2.5 Prefs
    2013-06-25 15:59 - 2014-01-25 16:28 - 000027830 _____ () C:\Users\Davi\AppData\Roaming\unins000.dat
    2014-01-25 16:28 - 2014-01-25 16:27 - 000730322 _____ () C:\Users\Davi\AppData\Roaming\unins000.exe
    2012-06-04 21:56 - 2012-06-05 00:08 - 000001057 _____ () C:\Users\Davi\AppData\Roaming\vso_ts_preview.xml
    2011-05-02 12:40 - 2014-03-03 17:45 - 000006144 _____ () C:\Users\Davi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-07-21 11:55 - 2014-09-16 14:17 - 000007598 _____ () C:\Users\Davi\AppData\Local\Resmon.ResmonCfg
    2011-04-21 11:20 - 2011-04-21 11:20 - 000000000 _____ () C:\Users\Davi\AppData\Local\rx_image32.Cache
    2011-07-02 19:45 - 2011-07-02 19:45 - 000000000 _____ () C:\Users\Davi\AppData\Local\{D6AC9727-1FF1-499C-A58F-5C5B14DD3AC5}
    2013-04-01 09:12 - 2013-04-01 09:12 - 000000057 _____ () C:\ProgramData\Ament.ini
    2011-04-28 07:28 - 2011-04-28 07:28 - 000000056 ____H () C:\ProgramData\ezsidmv.dat
    2016-02-03 22:01 - 2016-02-03 22:01 - 000000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    2013-03-22 11:59 - 2013-06-01 11:46 - 000000629 _____ () C:\ProgramData\qcadrc

    Alguns arquivos em TEMP:
    ====================
    2014-04-24 22:50 - 2013-04-12 18:15 - 007672792 _____ (Foxit Corporation) C:\Users\Convidado\AppData\Local\Temp\Foxit Reader Updater.exe
    2013-06-23 12:27 - 2013-06-23 12:27 - 001582944 _____ () C:\Users\Convidado\AppData\Local\Temp\{15230C96-126A-47B7-8444-E1EB59EF8F54}-27.0.1453.116_27.0.1453.110_chrome_updater.exe
    2017-08-06 10:58 - 2013-04-12 18:15 - 007672792 _____ (Foxit Corporation) C:\Users\Davi\AppData\Local\Temp\Foxit Reader Updater.exe

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2017-08-02 13:39

    ==================== Fim de FRST.txt ============================

     

     

    Grato pela ajuda!!

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @Davi Torobay

     

    Amigo, ative o firewall do Windows ;)

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

    Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

    Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    fixlist.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Davi Torobay    0
  • Autor do tópico
  • Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 16-08-2017
    Executado por Davi (16-08-2017 14:04:35) Run:1
    Executando a partir de C:\Users\Davi\Desktop
    Perfis Carregados: Davi (Perfis Disponíveis: Davi & Convidado)
    Modo da Inicialização: Normal
    ==============================================

    fixlist Conteúdo:
    *****************

    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [CSTDCMainController2014] => [X]
    HKLM-x32\...\Run: [CSTDCSolverServer2014] => [X]
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {82e00990-d509-11e1-be86-f04da2d80e70} - E:\AutoRun.exe
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {82e009a2-d509-11e1-be86-f04da2d80e70} - E:\AutoRun.exe
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {989a0896-fe02-11e6-b71b-f04da2d80e70} - F:\Setup.exe
    HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Davi\AppData\Roaming\Copy\CopyAgent.exe"
    C:\Users\Davi\AppData\Roaming\Copy\CopyAgent.exe
    C:\Users\Davi\AppData\Roaming\Copy
    CHR HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oquefazernainternet.com/
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/
    SearchScopes: HKLM -> DefaultScope {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL =
    SearchScopes: HKU\.DEFAULT -> {311B6EAC-21C4-4C1D-B77B-57E70F6D473F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=pt_US&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=4a3f1cb4-9a12-410c-aa95-cfbd28adee52&apn_sauid=34E34A9E-7478-4A70-96A9-14BD282199B4
    SearchScopes: HKU\.DEFAULT -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL =
    SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> DefaultScope {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL =
    SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL =
    SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {B8BCEE04-6600-484A-8E6E-3D79BA02941E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=4a3f1cb4-9a12-410c-aa95-cfbd28adee52&apn_sauid=34E34A9E-7478-4A70-96A9-14BD282199B4
    SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL =
    BHO-x32: Sem Nome -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> Nenhum Arquivo
    2014-04-24 22:50 - 2013-04-12 18:15 - 007672792 _____ (Foxit Corporation) C:\Users\Convidado\AppData\Local\Temp\Foxit Reader Updater.exe
    2013-06-23 12:27 - 2013-06-23 12:27 - 001582944 _____ () C:\Users\Convidado\AppData\Local\Temp\{15230C96-126A-47B7-8444-E1EB59EF8F54}-27.0.1453.116_27.0.1453.110_chrome_updater.exe
    2017-08-06 10:58 - 2013-04-12 18:15 - 007672792 _____ (Foxit Corporation) C:\Users\Davi\AppData\Local\Temp\Foxit Reader Updater.exe
    ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> Nenhum Arquivo
    ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Nenhum Arquivo
    CMD: ipconfig /flushdns
    EmptyTemp:

    *****************

    Ponto de Restauração criado com sucesso.
    Processos fechados com sucesso.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CSTDCMainController2014 => valor removido (a) com sucesso.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CSTDCSolverServer2014 => valor removido (a) com sucesso.
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist => chave removido (a) com sucesso.
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => valor removido (a) com sucesso.
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => valor removido (a) com sucesso.
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e00990-d509-11e1-be86-f04da2d80e70} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{82e00990-d509-11e1-be86-f04da2d80e70} => chave não encontrado (a).
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e009a2-d509-11e1-be86-f04da2d80e70} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{82e009a2-d509-11e1-be86-f04da2d80e70} => chave não encontrado (a).
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{989a0896-fe02-11e6-b71b-f04da2d80e70} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{989a0896-fe02-11e6-b71b-f04da2d80e70} => chave não encontrado (a).
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Copy => valor removido (a) com sucesso.
    "C:\Users\Davi\AppData\Roaming\Copy\CopyAgent.exe" => não encontrado (a).
    "C:\Users\Davi\AppData\Roaming\Copy" => não encontrado (a).
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Policies\Google => chave removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => valor removido (a) com sucesso.
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a).
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} => chave não encontrado (a).
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a).
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Classes\CLSID\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave não encontrado (a).
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{311B6EAC-21C4-4C1D-B77B-57E70F6D473F} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{311B6EAC-21C4-4C1D-B77B-57E70F6D473F} => chave não encontrado (a).
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave não encontrado (a).
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => chave não encontrado (a).
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave não encontrado (a).
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8BCEE04-6600-484A-8E6E-3D79BA02941E} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{B8BCEE04-6600-484A-8E6E-3D79BA02941E} => chave não encontrado (a).
    HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} => chave não encontrado (a).
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} => chave removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Classes\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} => chave não encontrado (a).
    C:\Users\Convidado\AppData\Local\Temp\Foxit Reader Updater.exe => movido com sucesso
    C:\Users\Convidado\AppData\Local\Temp\{15230C96-126A-47B7-8444-E1EB59EF8F54}-27.0.1453.116_27.0.1453.110_chrome_updater.exe => movido com sucesso
    C:\Users\Davi\AppData\Local\Temp\Foxit Reader Updater.exe => movido com sucesso
    ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> Nenhum Arquivo => Erro: Nenhuma correção automática foi encontrada para esta entrada.
    ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Nenhum Arquivo => Erro: Nenhuma correção automática foi encontrada para esta entrada.

    ========= ipconfig /flushdns =========


    Configura‡Æo de IP do Windows

    Libera‡Æo do Cache do DNS Resolver bem-sucedida.

    ========= Fim de CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88141321 B
    Java, Flash, Steam htmlcache => 4605 B
    Windows/system/drivers => 7995195 B
    Edge => 0 B
    Chrome => 102338341 B
    Firefox => 474361590 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 66228 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 42367612 B
    systemprofile32 => 129266 B
    LocalService => 132244 B
    NetworkService => 503225036 B
    Davi => 265070710 B
    Convidado => 95340891 B

    RecycleBin => 100570864 B
    EmptyTemp: => 1.6 GB de dados temporários Removidos.

    ================================


    O sistema precisou ser reiniciado.

    ==== Fim de Fixlog 14:08:26 ====

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @Davi Torobay

     

    Acesse o site Malwarebytes, clique em Download Gratuito e baixe o arquivo para sua Área de Trabalho (Desktop).

     

    Desative antivírus, antispywares, enfim, programas de prevenção para não causar conflitos.

     

    Clique com o botão direito do mouse no arquivo setup.exe e escolha: Executar como Administrador

     

    • Siga os passos para a instalação;
    • Ao clicar em Concluir aguarde o programa ser aberto;
    • No alto à direita clique em Atualizar agora;
    • O navegador irá abrir, pode fechá-lo e aguarde o término das atualizações;
    • No painel à esquerda clique em Configurações;
    • Na aba Proteção ative Procurar rootkits;
    • Depois clique em Análise no painel à esquerda;
    • Então clique no botão Iniciar Análise e aguarde;
    • Quando o scan terminar uma janela irá se abrir próximo ao relógio;
    • Nela clique em Ver Resultado;
    • Deixe todas as entradas marcadas e clique no botão Colocar em Quarentena;
    • Na janela que abrir clique em Sim para que o computador seja reiniciado;
    • Uma vez reiniciado, abra novamente o Malwarebytes e clique em Histórico e cliquem em Excluir Tudo (opcional);
    • O log será salvo automaticamente pelo programa.
    • Para exportá-lo, clique na aba Histórico > Registros do aplicativo na janela principal do programa;
    • Clique duas vezes em cima do log mais atual e exporte em .TXT;
    • Poste em sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Davi Torobay    0
  • Autor do tópico
  • Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 17/08/17
    Hora da análise: 14:26
    Arquivo de registro: malwarebyte.txt
    Administrador: Sim

    -Informação do software-
    Versão: 3.1.2.1733
    Versão de componentes: 1.0.160
    Versão do pacote de definições: 1.0.2607
    Licença: Versão de avaliação

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: Davi-PC\Davi

    -Resumo da análise-
    Tipo de análise: Análise de Ameaças
    Resultado: Concluído
    Objetos verificados: 410598
    Ameaças detectadas: 0
    (Nenhum item malicioso detectado)
    Ameaças em quarentena: 0
    (Nenhum item malicioso detectado)
    Tempo decorrido: 30 min, 51 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Habilitado
    PUM: Habilitado

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 0
    (Nenhum item malicioso detectado)

    Valor de registro: 0
    (Nenhum item malicioso detectado)

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 0
    (Nenhum item malicioso detectado)

    Arquivo: 0
    (Nenhum item malicioso detectado)

    Setor físico: 0
    (Nenhum item malicioso detectado)


    (end)

    ====================================

    Todos os itens potencialmente perigosos foram colocados em quarentena (Advanced System Care, Yontoo e Optional ASK).

     

    Abraços!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @Davi Torobay

     

    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe o Stinger e salve em sua Área de trabalho (Desktop).
    32 bit (x86) ou 64 bit (x64)

    • Execute o arquivo Stinger.exe como Administrador.
    • Clique no botão “I Accept”


    Stinger%20a.png

    Na nova janela clique em “Advanced” e depois “Settings”

    Stinger%20b.png

    Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

    9hnsyu.png

    Clique em “Customize my Scan”

    Stinger%20f.png

    Selecione as unidades do sistema e em seguida clique no botão “Scan”

    Stinger%20g.png

    Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Davi Torobay    0
  • Autor do tópico
  • McAfee® Labs Stinger™ Version 12.1.0.2459 built on Aug 17 2017 at 23:45:45 Copyright© 2015, McAfee, Inc. All Rights Reserved.

    AV Engine version v5900.7806 for Windows.

    Virus data file v1000.0 created on Aug 18, 2017

    Ready to scan for 10202 viruses, trojans and variants.

     

    Custom scan initiated on domingo, agosto 20, 2017 12:50:30

     

    Rootkit scan result : Clean.

     

    C:\Users\Davi\AppData\Roaming\unins000.exe [MD5:169180f02abceca5de72fc5eebc861bb] is infected with Win32/Heur.c!sti

     

    C:\Users\Davi\AppData\Roaming\unins000.exe has been Deleted

     

    Summary Report on C:

    File(s)

    TotalFiles:............ 2575818

    Clean:................. 631300

    Not Scanned:........... 1944517

    Possibly Infected:..... 1

     

    Time: 08:51:37

     

    Scan completed on domingo, agosto 20, 2017 21:42:07

     

     

     

     

     

    Abraço! Boa semana.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Davi Torobay    0
  • Autor do tópico
  • Após reiniciar o computador, alguns arquivos ocultos apareceram no meu desktop. Alguns eram arquivos temporários e outros eram 'desktop.ini' e 'Stinger.opt'. Alguma orientação quanto à isso?

     

    Outra dúvida: Qual dos programas devo manter rodando? Stinger e Malwarebytes?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @Davi Torobay

     

    Citação

    Alguma orientação quanto à isso?

     

    Por favor, aguarde até o final, caso persistir me avise. ;)

     

    Citação

    Outra dúvida: Qual dos programas devo manter rodando? Stinger e Malwarebytes?

     

    Pode desinstalar os dois, mantenha somente o seu antivírus.

     

    Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

     

    Execute o arquivo como Administrador

    • Aguarde enquanto a ferramenta faz o exame.
    • Ao final salve log como SecurityCheck.html
    • Abra o arquivo com o bloco de notas;
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Davi Torobay    0
  • Autor do tópico
  • SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17]
    WebSite: www.safezone.cc
    DateLog: 22.08.2017 11:25:19
    Path starting: C:\Users\Davi\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
    Log directory: C:\SecurityCheck\
    IsAdmin: True
    User: Davi
    VersionXML: 4.57is-21.08.2017
    ___________________________________________________________________________

    Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: Portuguese(0416)
    Installation date OS: 14.04.2011 13:01:39
    LicenseStatus: Windows(R) 7, HomePremium edition The machine is permanently activated.
    Boot Mode: Normal
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    SystemDrive: C: FS: [NTFS] Capacity: [285.7 Gb] Used: [272 Gb] Free: [13.7 Gb]
    ------------------------------- [ Windows ] -------------------------------
    Internet Explorer 11.0.9600.18762
    User Account Control enabled
    Notify before download
    Date install updates: 2017-08-13 12:45:31
    Windows Update (wuauserv) - The service is running
    Central de Segurança (wscsvc) - The service is running
    Registro remoto (RemoteRegistry) - The service has stopped
    Descoberta SSDP (SSDPSRV) - The service is running
    Serviços de Área de Trabalho Remota (TermService) - The service has stopped
    Windows Remote Management (WS-Management) (WinRM) - The service has stopped
    ------------------------------ [ MS Office ] ------------------------------
    Microsoft Office 2010 x86 v.14.0.7015.1000
    ---------------------------- [ Antivirus_WMI ] ----------------------------
    Microsoft Security Essentials (enabled and up to date)
    --------------------------- [ FirewallWindows ] ---------------------------
    Firewall do Windows (MpsSvc) - The service is running
    --------------------------- [ AntiSpyware_WMI ] ---------------------------
    Malwarebytes (disabled and up to date)
    Microsoft Security Essentials (enabled and up to date)
    Windows Defender (disabled and up to date)
    ---------------------- [ AntiVirusFirewallInstall ] -----------------------
    Microsoft Security Essentials v.4.10.209.0
    --------------------------- [ OtherUtilities ] ----------------------------
    WinRAR 4.00 (64-bit) v.4.00.0 Warning! Download Update
    Oracle VM VirtualBox 5.1.10 v.5.1.10 Warning! Download Update
    Microsoft Silverlight v.5.1.50907.0
    Foxit Reader v.6.0.2.413 Warning! Download Update
    TeamViewer 12 v.12.0.78716 Warning! Download Update
    VLC media player v.2.1.5 Warning! Download Update
    OpenOffice.org 3.3 v.3.3.9567 Warning! Download Update
    TeamViewer 12 (TeamViewer) - The service is running
    --------------------------------- [ IM ] ----------------------------------
    Skype™ 7.3 v.7.3.101 Warning! Download Update
    --------------------------------- [ P2P ] ---------------------------------
    qBittorrent 3.3.13 v.3.3.13 Warning! P2P-client.
    -------------------------------- [ Java ] ---------------------------------
    JavaFX 2.1.1 v.2.1.1 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u144-windows-i586.exe).
    Java 8 Update 73 v.8.0.730.2 Warning! Download Update
    Uninstall old version and install new one (jre-8u144-windows-i586.exe).
    --------------------------- [ AppleProduction ] ---------------------------
    QuickTime v.7.72.80.56 Warning! This software is no longer supported. Please uninstall it and use another software.
    --------------------------- [ AdobeProduction ] ---------------------------
    Adobe Flash Player 11 ActiveX v.11.4.402.278 Warning! Download Update
    Adobe Flash Player 26 NPAPI v.26.0.0.151
    Adobe Shockwave Player 11.6 v.11.6.6.636 Warning! Download Update
    ------------------------------- [ Browser ] -------------------------------
    Google Chrome v.60.0.3112.101
    Mozilla Firefox 54.0.1 (x86 pt-BR) v.54.0.1 Warning! Download Update
    ----------------------------- [ EmailClient ] -----------------------------
    Windows Live Mail v.15.4.3502.0922 Warning! This software is no longer supported.
    --------------------------- [ RunningProcess ] ----------------------------
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.54.0.1.6388
    ------------------ [ AntivirusFirewallProcessServices ] -------------------
    McAfee Validation Trust Protection Service (mfevtp) - The service is running
    C:\Windows\System32\mfevtps.exe
    Microsoft Antimalware Service (MsMpSvc) - The service is running
    C:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.10.209.0
    C:\Program Files\Microsoft Security Client\msseces.exe v.4.10.209.0
    Inspeção de Rede da Microsoft (NisSrv) - The service is running
    C:\Program Files\Microsoft Security Client\NisSrv.exe v.4.10.209.0
    Windows Defender (WinDefend) - The service has stopped
    ---------------------------- [ UnwantedApps ] -----------------------------
    IObit Uninstaller v.5.3.0.142 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
    Skype Toolbars v.5.3.7555 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
    ----------------------------- [ End of Log ] ------------------------------

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Caro @Davi Torobay

     

    Como está seu Windows?

     

    # Etapa nº 1 #

     

    Baixe o Delfix by Xplode e salve na sua área de trabalho.

     

    Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

     

    ** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

     

    2mez6ld.png

     

    Clique no botão Executar.

     

    Ao final será gerado um log, mas não é necessário postar.

    # Etapa nº 2 #

    imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.

    Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).

    Basta clicar no Download Update de cada aviso (post acima), que irá para o site do desenvolvedor.

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

     

    # Etapa nº 3 #

     

    O Ccleaner é um excelente utilitário de limpeza para o computador.

     

    Faça o download dele aqui Ccleaner

     

    • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
    • Clique duas vezes nesta pasta;
    • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
    • Coloque o nome de backups.
    • Abra o programa e clique em Executar Limpeza;
    • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Davi Torobay    0
  • Autor do tópico
  • Está rodando bem melhor, o Windows, porém ainda continuam os tópicos ocultos no desktop. Verifiquei que a opção de mostrar as pastas ocultas está selecionado, sendo que não configurei isso anteriormente.

     

    Abração!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Davi Torobay    0
  • Autor do tópico
  • Após seguir os passos que me indicou e reiniciar o PC, voltou ao normal.

     

    Agora podemos considerar como finalizado o problema?

     

    Posso utilizar o SecurityCheck ocasionalmente para verificar possíveis brechas de segurança?

     

    Gratidão por toda ajuda!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    diego_moicano    472

    Amigo
     

    Citação


    Agora podemos considerar como finalizado o problema?

     

     

    Sim :)

     

    Citação

    Posso utilizar o SecurityCheck ocasionalmente para verificar possíveis brechas de segurança?

     

    Sim, lembre-se que ele irá te mostrar programas desatualizados principalmente. Note que você deve salvar o log em html e depois abrir em algum navegador para facilitar sua visualização.

     

    Citação

    Gratidão por toda ajuda!

     

    :joia:

     

    Podemos finalizar?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×