Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
danirruas

Mouse cliques imprecisos e não encerra programas

Recommended Posts

Boa tarde, meu pc ao desligar sempre aparece a mensagem que não pode desligar pois tem algum programa aberto.
Além disso o que mais complica o uso é o mouse que não responde corretamente aos cliques. Dando um clique algumas vezes ele clica duas vezes outras ele não clica, outras vai normal.
Já troquei de mouse, 2 microsoft, e já testei ambos em outros computadores e em outras máquinas funcionam sem problemas.
O antivírus achou um trojan e já excluí, mas o pc continua do mesmo jeito. Necessito muito de ajuda.
Help!
 

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara @danirruas

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe Como Administrador

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Execute o jrt.exe Como Administrador

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Bom dia, no AdwCleaner /opções não encontrei esses itens para serem marcados: Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"

    E eu desinstalei o Chrome recentemente, devo instalar de novo antes de executar essa ação?

    Segue o print.
    image.thumb.png.7cc372df5a6a8e9f97b78200b0750437.png

     

    image.png

    Editado por danirruas

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara @danirruas

     

    Deixe o AdwCleaner com as configurações default e pode seguir com o scanner. ;)
     

    Citação


    E eu desinstalei o Chrome recentemente, devo instalar de novo antes de executar essa ação?

     

     

    Peço que faça isso quando terminarmos este tópico.

     

    Aguardo os log.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ok, obrigada. Seguem os logs abaixo!!


     

     

    # AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 24 19:03:42 2017
    # Updated on 2017/29/08 by Malwarebytes
    # Database: 09-23-2017.2
    # Running on Windows 7 Home Premium (X64)
    # Mode: scan
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
    PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
    PUP.Optional.Legacy, C:\Users\All Users\Documents\pc faster
    PUP.Optional.Legacy, C:\Users\Public\Documents\pc faster
    PUP.Optional.Legacy, C:\Users\Todos os Usuários\Documents\pc faster


    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    PUP.Optional.WeatherTool, WeatherTool_start_schedule_task


    ***** [ Registry ] *****

    PUP.Optional.WeatherTool, [Key] - HKLM\SOFTWARE\DtsEncodeTools


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries.

    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [4115 B] - [2015/1/21 2:48:37]
    C:/AdwCleaner/AdwCleaner[S1].txt - [2820 B] - [2015/7/3 12:51:20]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########

     

     

    # AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 24 19:05:00 2017
    # Updated on 2017/29/08 by Malwarebytes
    # Running on Windows 7 Home Premium (X64)
    # Mode: clean
    # Support: https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services deleted.

    ***** [ Folders ] *****

    Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
    Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
    Deleted: C:\Users\All Users\Documents\pc faster
    Deleted: C:\Users\Public\Documents\pc faster
    Deleted: C:\Users\Todos os Usuários\Documents\pc faster


    ***** [ Files ] *****

    No malicious files deleted.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    Deleted: WeatherTool_start_schedule_task


    ***** [ Registry ] *****

    Deleted: [Key] - HKLM\SOFTWARE\DtsEncodeTools


    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries deleted.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries deleted.

    *************************

    ::Tracing keys deleted
    ::Winsock settings cleared
    ::Additional Actions: 0

    *************************

    C:/AdwCleaner/AdwCleaner[S0].txt - [4115 B] - [2015/1/21 2:48:37]
    C:/AdwCleaner/AdwCleaner[S1].txt - [2820 B] - [2015/7/3 12:51:20]
    C:/AdwCleaner/AdwCleaner[S2].txt - [1510 B] - [2017/9/24 19:3:42]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 7 Home Premium x64
    Ran by Daniele BR (Administrator) on 24/09/2017 at 16:13:55,10
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    File System: 18

    Successfully deleted: C:\users\Public\Documents\pc faster (Folder)
    Successfully deleted: C:\Program Files (x86)\GUT158.tmp (File)
    Successfully deleted: C:\Users\Daniele BR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniele BR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniele BR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLM5RXV4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniele BR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniele BR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2XZO58D (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniele BR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAGUDU8F (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniele BR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Daniele BR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q127O0P5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLM5RXV4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2XZO58D (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAGUDU8F (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q127O0P5 (Temporary Internet Files Folder)

    Registry: 3

    Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0175721401675120mcinstcleanup (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB9E200-99B0-4321-B4E2-AE20FCDE2D46} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CEFBE591-CE22-4E76-A573-A9520F6DAC45} (Registry Key)


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 24/09/2017 at 16:23:50,05
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~ ZHPCleaner v2017.9.24.167 by Nicolas Coolman (2017/09/24)
    ~ Run by Daniele BR (Administrator)  (24/09/2017 16:55:09)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Reparo
    ~ Report : C:\Users\Daniele BR\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\Daniele BR\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Activate
    ~ Boot Mode : Normal (Normal boot)
    Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


    ---\\  Serviços (0)


    ---\\  Navegadores de Internet (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Arquivo hosts (1)
    ~ O arquivo hosts é legítimo (23)


    ---\\  Tarefas automáticas agendadas. (2)
    SUPRIMIDO tarefas: [DropboxUpdateTaskUserS-1-5-21-971680230-1680443159-1465981135-1000Core] [C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-971680230-1680443159-1465981135-1000Core.job (Not File) ]  =>PUP.Optional.MySearch
    SUPRIMIDO tarefas: [DropboxUpdateTaskUserS-1-5-21-971680230-1680443159-1465981135-1000UA] [C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-971680230-1680443159-1465981135-1000UA.job (Not File) ]  =>PUP.Optional.MySearch


    ---\\  Explorer ( Arquivos, Pastas) (9)
    MOVIDO pasta: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-971680230-1680443159-1465981135-1000Core.job    =>PUP.Optional.MySearch
    MOVIDO pasta: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-971680230-1680443159-1465981135-1000UA.job    =>PUP.Optional.MySearch
    MOVIDO pasta: C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe [Akamai Technologies, Inc. - Akamai NetSession Client]  =>.SUP.AkamaiHD
    MOVIDO arquivo*: C:\Windows\System32\config\systemprofile\AppData\Roaming\{90140011-0066-0416-0000-0000000FF1CE}  =>Heuristic.Suspect
    MOVIDO arquivo*: C:\Users\Daniele BR\AppData\Local\Akamai  =>.SUP.AkamaiHD
    MOVIDO arquivo*: C:\Users\Daniele BR\AppData\Local\Tempzxpsign01ddec984cbdf509  =>.SUP.Temporary
    MOVIDO arquivo*: C:\Users\Daniele BR\AppData\Local\Tempzxpsign2bbd8acb45e8adbe  =>.SUP.Temporary
    MOVIDO arquivo*: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
    MOVIDO arquivo*: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime


    ---\\  Registro ( Chaves, Valores, Dados ) (39)
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97 [Avast Software]  =>PUM.Misplaced.Certificate
    SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\SessionLauncher [c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (Not File)]  =>PUP.Optional.Youndoo
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface ["C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe" (Not File)]  =>.SUP.AkamaiHD
    SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-971680230-1680443159-1465981135-1000\SOFTWARE\Akamai []  =>.SUP.AkamaiHD
    SUPRIMIDO chave: HKCU\Software\Akamai []  =>.SUP.AkamaiHD
    SUPRIMIDO chave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Akamai [Akamai Technologies, Inc]  =>.SUP.AkamaiHD
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Autodesk.AutoCAD.Interop.Common.AcToolbarDockStatus [Autodesk.AutoCAD.Interop.Common.AcToolbarDockStatus]  =>PUP.Optional.InboxEmail
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Autodesk.AutoCAD.Interop.Common.AcToolbarItemType [Autodesk.AutoCAD.Interop.Common.AcToolbarItemType]  =>PUP.Optional.InboxEmail
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Akamai []  =>.SUP.AkamaiHD
    SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{43BB5AB6-F90C-4A49-A782-B971879D4F82} [C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe]  =>.SUP.AkamaiHD
    SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{51197AFF-4F07-49EF-9746-3FBCE8D0A976} [C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe]  =>.SUP.AkamaiHD
    SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{22D97A61-A25C-4C8D-8739-9CDF302202B0} [C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe]  =>.SUP.AkamaiHD
    SUPRIMIDO valor: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{4ABB9FF5-DB28-40BB-89FC-DD1022BA9106} [C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe]  =>.SUP.AkamaiHD


    ---\\  Resumo dos elementos encontrados na sua estação de trabalho (8)
    https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.MySearch
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.AkamaiHD
    https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary
    https://nicolascoolman.eu/2017/01/15/riskware-quicktime/ =>Riskware.QuickTime
    https://nicolascoolman.eu/2017/06/26/trojan-certlock/ =>PUM.Misplaced.Certificate
    https://nicolascoolman.eu/2017/03/11/superfluous-youndoo/ =>PUP.Optional.Youndoo
    https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.InboxEmail


    ---\\  Dodatkowe oczyszczenie. (12)
    ~ Chave de registro Tracing Supprimido (12)
    ~ Remover os relatórios antigos ZHPCleaner. (0)


    ---\\ Resultado de reparação
    Reparação efectuada com sucesso
    ~ Este navegador está faltando ! (Google Chrome)
    ~ Este navegador está faltando ! (Opera Software)


    ---\\ Estatísticas
    ~ Items scan : 1335
    ~ Items encontrado : 0
    ~ items cancelados : 0
    ~ Items réparo : 51


    ~ End of clean in 00h01mn16s
    ~====================
    ZHPCleaner-[R]-24092017-16_56_25.txt

    ZHPCleaner--24092017-16_36_21.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Durante o uso computador está muito mais veloz, mas o problema do desligamento e do mouse continuam. Testei novamente em outros computadores ele está funcionando perfeitamente :(

    Editado por danirruas
    Acrecentar o que percebi usando o pc após as ações.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Calma minha amiga, estamos começando agora. ;)

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


    32 bit (x86) ou 64 bit (x64)

    • Clique com o botão direito e escolha Executar como Administrador;
    • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar;
    • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop);
    • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta;
    • Anexe o log Addition.txt.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Hey, ok! Desculpe a ansiedade!! rs

    Depois das ações meu Acad parou de funcionar e tive que reinstalar para atender aos alunos ontem.
    Akamai está pedindo muitas vezes acesso à rede.
    Segue o log e arquivo.
    Thanks!!

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-09-2017 01
    Executado por Daniele BR (administrador) em PC-PROGRAMAS (26-09-2017 14:05:36)
    Executando a partir de C:\Users\Daniele BR\Desktop\Clube do Hardware 2017
    Perfis Carregados: Daniele BR (Perfis Disponíveis: Daniele BR)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Chrome)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Baidu, Inc.) C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Akamai Technologies, Inc.) C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
    (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

    ==================== Registro (Whitelisted) ===========================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2480584 2017-07-18] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
    HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
    Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2014-07-11] (Caixa Economica Federal)
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== ATENÇÃO
    HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1718088 2014-07-11] (Caixa Economica Federal)
    BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 177.223.13.43
    Tcpip\..\Interfaces\{1D8BCDB5-6FF5-4198-9F06-1B32B319C8FB}: [DhcpNameServer] 200.222.122.134 192.168.0.1
    Tcpip\..\Interfaces\{3B6AE428-2091-442A-92C8-D366C74A1B80}: [DhcpNameServer] 8.8.8.8 177.223.13.43

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {CEFBE591-CE22-4E76-A573-A9520F6DAC45} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {1CB9E200-99B0-4321-B4E2-AE20FCDE2D46} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-971680230-1680443159-1465981135-1000 -> {1AB5A945-CCF8-4155-B1B1-1D83BBDBD7A1} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll => Nenhum Arquivo
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-15] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
    BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2014-07-11] (Caixa Economica Federal)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
    Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll Nenhum Arquivo
    Toolbar: HKU\S-1-5-21-971680230-1680443159-1465981135-1000 -> Sem Nome - {56CF4856-ECB4-4E46-A897-A378821F97B9} -  Nenhum Arquivo
    DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab
    DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: HKLM-x32 {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\07187q7j.default-1495139530515 [2017-09-26]
    FF Session Restore: Mozilla\Firefox\Profiles\07187q7j.default-1495139530515 -> está habilitado.
    FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-05-28] [não assinado]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-13] ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-13] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-15] (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-06] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-06] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-06] (Apple Inc.)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2017-09-02] <==== ATENÇÃO (Aponta para arquivo *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2017-09-02] <==== ATENÇÃO

    Chrome:
    =======
    CHR Profile: C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-09-04]
    CHR Extension: (Sem Nome) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-02-20]
    CHR Extension: (Documentos Google off-line) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-01]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
    CHR Extension: (Gmail) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01]
    CHR Extension: (Chrome Media Router) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
    CHR Profile: C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-04]
    CHR HKU\S-1-5-21-971680230-1680443159-1465981135-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
    S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
    S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Arquivo não assinado]
    S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-09-05] (Autodesk)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [Arquivo não assinado]
    S4 ENAgent; C:\Windows\SysWOW64\ENAgent.exe [4209856 2012-07-05] (SEIKO EPSON CORPORATION)
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [590048 2017-09-02] (GAS Tecnologia)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-07-18] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-06-13] (Western Digital)
    R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [69632 2009-03-04] (Tablet Driver) [Arquivo não assinado]
    S4 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATENÇÃO (não ServiceDLL)
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77432 2017-07-18] ()
    S1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2017-09-02] (GAS Tecnologia)
    S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [47688 2013-07-01] (GAS Tecnologia)
    S4 LMIRfsClientNP; não ImagePath
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
    S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
    S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-09-06] () [Arquivo não assinado]
    U3 a09vpr0m; C:\Windows\System32\Drivers\a09vpr0m.sys [0 ] (Microsoft Corporation) <==== ATENÇÃO (zero byte Arquivo/Pasta)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
    S3 Warsaw_PP; \??\C:\PROGRA~2\GbPlugin\wsftprp64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Três Meses Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-26 14:05 - 2017-09-26 14:05 - 000000000 ____D C:\FRST
    2017-09-26 13:56 - 2017-09-26 13:56 - 000000000 ___HD C:\OneDriveTemp
    2017-09-26 02:00 - 2017-09-26 02:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
    2017-09-25 14:56 - 2017-09-25 14:56 - 000002325 _____ C:\Users\Daniele BR\Desktop\Install Now Autodesk® AutoCAD® 2018.lnk
    2017-09-25 14:56 - 2017-09-25 14:56 - 000001489 _____ C:\Users\Public\Desktop\Aplicativo da área de trabalho Autodesk.lnk
    2017-09-25 14:56 - 2017-09-25 14:56 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
    2017-09-25 14:53 - 2017-09-25 14:53 - 000002259 _____ C:\Users\Public\Desktop\AutoCAD 2018 - English.lnk
    2017-09-25 14:51 - 2017-09-25 14:51 - 000000000 ____D C:\Users\Daniele BR\Documents\Inventor Server SDK ACAD 2018
    2017-09-25 13:59 - 2017-09-25 14:00 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\Akamai
    2017-09-25 13:57 - 2017-09-25 13:58 - 000000000 ____D C:\Users\Daniele BR\Downloads\AutoCad2018_educacional
    2017-09-25 13:57 - 2017-09-25 13:57 - 000000000 ____D C:\Users\Daniele BR\Downloads\2017.08
    2017-09-25 06:11 - 2017-09-25 06:11 - 000000000 ____D C:\Users\Public\Documents\PC Faster
    2017-09-24 16:25 - 2017-09-24 16:56 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\ZHP
    2017-09-24 16:25 - 2017-09-24 16:25 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\ZHP
    2017-09-21 15:52 - 2017-09-21 15:52 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-09-21 10:55 - 2017-09-21 10:55 - 000000000 ____D C:\Users\Public\Recorded TV
    2017-09-20 23:39 - 2017-09-26 14:08 - 000000000 ____D C:\Users\Daniele BR\Desktop\Clube do Hardware 2017
    2017-09-20 23:34 - 2017-09-20 23:34 - 000000000 __RHD C:\Users\Public\Libraries
    2017-09-20 23:23 - 2017-09-20 23:23 - 000035953 _____ C:\ZA-Scan.txt
    2017-09-20 16:43 - 2017-09-20 17:06 - 000000000 ____D C:\zoek_backup
    2017-09-20 16:09 - 2017-09-20 16:09 - 000002160 _____ C:\Users\Public\Desktop\Style Builder 2017.lnk
    2017-09-20 16:09 - 2017-09-20 16:09 - 000002074 _____ C:\Users\Public\Desktop\LayOut 2017.lnk
    2017-09-20 16:09 - 2017-09-20 16:09 - 000001989 _____ C:\Users\Public\Desktop\SketchUp 2017.lnk
    2017-09-20 16:09 - 2017-09-20 16:09 - 000000000 ____D C:\Users\Todos os Usuários\Reprise
    2017-09-20 16:09 - 2017-09-20 16:09 - 000000000 ____D C:\ProgramData\Reprise
    2017-09-20 16:09 - 2017-09-20 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017
    2017-09-20 16:07 - 2017-09-20 16:07 - 000000000 ____D C:\Program Files\SketchUp
    2017-09-20 15:57 - 2017-09-20 15:58 - 000000000 ____D C:\Users\Daniele BR\Downloads\SketchUpMake 2017_64bits
    2017-09-19 23:44 - 2017-09-19 23:45 - 057870112 _____ (Microsoft Corporation) C:\Users\Daniele BR\Downloads\MouseKeyboardCenter_64bit_PTB_3.0.337.exe
    2017-09-12 16:12 - 2017-08-19 12:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
    2017-09-12 16:12 - 2017-08-19 12:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2017-09-12 16:12 - 2017-08-16 12:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-09-12 16:12 - 2017-08-16 12:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-09-12 16:12 - 2017-08-16 11:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-09-12 16:12 - 2017-08-15 22:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-09-12 16:12 - 2017-08-15 21:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-09-12 16:12 - 2017-08-15 12:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-09-12 16:12 - 2017-08-15 12:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-09-12 16:12 - 2017-08-15 12:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-09-12 16:12 - 2017-08-15 12:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-09-12 16:12 - 2017-08-15 11:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-09-12 16:12 - 2017-08-15 11:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-09-12 16:12 - 2017-08-15 11:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-09-12 16:12 - 2017-08-15 11:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-09-12 16:12 - 2017-08-15 10:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
    2017-09-12 16:12 - 2017-08-14 14:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
    2017-09-12 16:12 - 2017-08-13 18:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
    2017-09-12 16:12 - 2017-08-13 18:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
    2017-09-12 16:12 - 2017-08-13 15:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-09-12 16:12 - 2017-08-13 14:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-09-12 16:12 - 2017-08-13 14:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-09-12 16:12 - 2017-08-13 14:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-09-12 16:12 - 2017-08-13 14:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-09-12 16:12 - 2017-08-13 14:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-09-12 16:12 - 2017-08-13 14:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-09-12 16:12 - 2017-08-13 14:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-09-12 16:12 - 2017-08-13 14:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-09-12 16:12 - 2017-08-13 13:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-09-12 16:12 - 2017-08-13 13:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-09-12 16:12 - 2017-08-13 13:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-09-12 16:12 - 2017-08-13 13:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-09-12 16:12 - 2017-08-13 13:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-09-12 16:12 - 2017-08-13 13:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-09-12 16:12 - 2017-08-13 13:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-09-12 16:12 - 2017-08-13 13:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-09-12 16:12 - 2017-08-13 13:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-09-12 16:12 - 2017-08-13 13:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-09-12 16:12 - 2017-08-13 13:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-09-12 16:12 - 2017-08-13 13:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-09-12 16:12 - 2017-08-13 13:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-09-12 16:12 - 2017-08-13 13:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-09-12 16:12 - 2017-08-13 13:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-09-12 16:12 - 2017-08-13 13:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-09-12 16:12 - 2017-08-13 13:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-09-12 16:12 - 2017-08-13 13:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-09-12 16:12 - 2017-08-13 13:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-09-12 16:12 - 2017-08-13 13:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-09-12 16:12 - 2017-08-13 13:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-09-12 16:12 - 2017-08-13 13:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-09-12 16:12 - 2017-08-13 13:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-09-12 16:12 - 2017-08-13 13:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-09-12 16:12 - 2017-08-13 13:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-09-12 16:12 - 2017-08-13 13:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-09-12 16:12 - 2017-08-13 13:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-09-12 16:12 - 2017-08-13 13:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-09-12 16:12 - 2017-08-13 13:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-09-12 16:12 - 2017-08-13 13:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-09-12 16:12 - 2017-08-13 13:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-09-12 16:12 - 2017-08-13 13:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-09-12 16:12 - 2017-08-13 13:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-09-12 16:12 - 2017-08-13 13:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-09-12 16:12 - 2017-08-13 13:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-09-12 16:12 - 2017-08-13 13:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-09-12 16:12 - 2017-08-13 13:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-09-12 16:12 - 2017-08-13 13:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-09-12 16:12 - 2017-08-13 13:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-09-12 16:12 - 2017-08-13 12:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-09-12 16:12 - 2017-08-13 12:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-09-12 16:12 - 2017-08-13 12:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-09-12 16:12 - 2017-08-13 12:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-09-12 16:12 - 2017-08-13 12:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-09-12 16:12 - 2017-08-13 12:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-09-12 16:12 - 2017-08-13 12:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-09-12 16:12 - 2017-08-13 12:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-09-12 16:12 - 2017-08-13 12:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-09-12 16:12 - 2017-08-13 12:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-09-12 16:12 - 2017-08-13 12:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-09-12 16:12 - 2017-08-13 12:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-09-12 16:12 - 2017-08-13 12:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-09-12 16:12 - 2017-08-11 03:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-09-12 16:12 - 2017-08-11 03:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-09-12 16:12 - 2017-08-11 03:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-09-12 16:12 - 2017-08-11 03:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-09-12 16:12 - 2017-08-11 03:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-09-12 16:12 - 2017-08-11 03:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-09-12 16:12 - 2017-08-11 03:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-09-12 16:12 - 2017-08-11 03:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-09-12 16:12 - 2017-08-11 03:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
    2017-09-12 16:12 - 2017-08-11 03:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
    2017-09-12 16:12 - 2017-08-11 03:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
    2017-09-12 16:12 - 2017-08-11 03:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
    2017-09-12 16:12 - 2017-08-11 03:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-09-12 16:12 - 2017-08-11 03:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-09-12 16:12 - 2017-08-11 03:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-09-12 16:12 - 2017-08-11 03:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-09-12 16:12 - 2017-08-11 03:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-09-12 16:12 - 2017-08-11 03:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
    2017-09-12 16:12 - 2017-08-11 03:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-09-12 16:12 - 2017-08-11 03:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
    2017-09-12 16:12 - 2017-08-11 03:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2017-09-12 16:12 - 2017-08-11 03:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-09-12 16:12 - 2017-08-11 03:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-09-12 16:12 - 2017-08-11 02:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-09-12 16:12 - 2017-08-11 02:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-09-12 16:12 - 2017-08-11 02:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-09-12 16:12 - 2017-08-11 02:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-09-12 16:12 - 2017-08-11 02:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-09-12 16:12 - 2017-08-11 02:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-09-12 16:12 - 2017-08-11 02:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-09-12 16:12 - 2017-08-11 02:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
    2017-09-12 16:12 - 2017-08-11 02:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-09-12 16:12 - 2017-08-11 02:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-09-12 16:12 - 2017-08-11 02:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-09-12 16:12 - 2017-08-11 02:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-09-12 16:12 - 2017-08-11 02:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-09-12 16:12 - 2017-08-11 02:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 02:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 02:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 02:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-09-12 16:12 - 2017-07-07 12:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
    2017-09-12 16:12 - 2017-07-07 12:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
    2017-09-05 00:31 - 2017-09-05 00:31 - 000003204 _____ C:\Windows\System32\Tasks\{E3BD104F-ABAA-4E98-83BD-83CB3BA429D7}
    2017-09-02 11:09 - 2017-09-02 13:07 - 000028888 _____ (GAS Tecnologia) C:\Windows\SysWOW64\Drivers\gbpddfac64.sys
    2017-09-02 11:09 - 2017-09-02 11:09 - 000002912 _____ C:\Windows\System32\Tasks\Rerun Warsaw's CoreFixer
    2017-09-02 11:09 - 2015-12-04 10:30 - 000029816 _____ (GAS Tecnologia) C:\Windows\SysWOW64\Drivers\gbpddreg64.sys
    2017-09-02 11:07 - 2017-09-05 10:29 - 000000000 ____D C:\Program Files\Diebold
    2017-09-02 11:06 - 2017-09-02 11:07 - 011079440 _____ (Banco Itaú) C:\Users\Daniele BR\Downloads\DiagnosticoItau.exe
    2017-09-02 11:05 - 2017-09-02 11:05 - 003580664 _____ C:\Users\Daniele BR\Downloads\aplicativoitau.exe
    2017-08-18 12:09 - 2017-09-05 10:38 - 000000000 ___RD C:\Users\Daniele BR\Creative Cloud Files
    2017-08-18 12:06 - 2017-08-18 12:06 - 000003520 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-PC-PROGRAMAS-Daniele BR
    2017-08-18 11:44 - 2017-08-18 11:44 - 000001183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
    2017-08-18 11:44 - 2017-08-18 11:44 - 000001171 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
    2017-08-14 16:52 - 2017-08-14 16:52 - 000640144 _____ C:\Windows\Minidump\081417-30810-01.dmp
    2017-08-08 21:44 - 2017-07-21 11:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
    2017-08-08 21:44 - 2017-07-21 11:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
    2017-08-08 21:44 - 2017-07-14 12:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2017-08-08 21:44 - 2017-07-14 12:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
    2017-08-08 21:43 - 2017-07-29 11:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2017-08-08 21:43 - 2017-07-21 11:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
    2017-08-08 21:43 - 2017-07-21 11:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
    2017-08-08 21:43 - 2017-07-14 12:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2017-08-08 21:43 - 2017-07-14 12:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2017-08-08 21:43 - 2017-07-14 12:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2017-08-08 21:43 - 2017-07-14 12:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2017-08-08 21:43 - 2017-07-14 12:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2017-08-08 21:43 - 2017-07-14 12:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2017-08-08 21:43 - 2017-07-14 11:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2017-08-08 21:43 - 2017-07-14 11:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2017-08-08 21:43 - 2017-07-14 11:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2017-08-08 21:43 - 2017-07-14 11:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2017-08-08 21:43 - 2017-07-14 11:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2017-08-08 21:43 - 2017-07-08 12:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2017-08-08 21:43 - 2017-07-07 12:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
    2017-08-08 21:43 - 2017-07-07 12:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2017-08-08 21:43 - 2017-07-07 12:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2017-08-08 21:43 - 2017-07-01 10:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
    2017-08-08 21:43 - 2017-07-01 10:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
    2017-08-08 21:43 - 2017-07-01 10:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
    2017-08-08 21:43 - 2017-07-01 10:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
    2017-07-27 12:43 - 2017-09-21 15:36 - 000003190 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-971680230-1680443159-1465981135-1000
    2017-07-14 13:46 - 2017-06-15 17:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2017-07-14 13:46 - 2017-06-12 19:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
    2017-07-14 13:46 - 2017-06-12 19:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
    2017-07-14 13:46 - 2017-06-12 19:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
    2017-07-14 13:46 - 2017-06-12 19:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
    2017-07-14 13:46 - 2017-06-12 19:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
    2017-07-14 13:46 - 2017-06-12 19:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
    2017-07-14 13:46 - 2017-06-12 19:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
    2017-07-14 13:46 - 2017-06-12 19:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
    2017-07-14 13:46 - 2017-06-12 19:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
    2017-07-14 13:46 - 2017-06-12 19:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
    2017-07-14 13:46 - 2017-06-12 19:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
    2017-07-14 13:46 - 2017-06-12 19:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
    2017-07-14 13:46 - 2017-06-12 19:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
    2017-07-14 13:46 - 2017-06-12 19:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
    2017-07-14 13:46 - 2017-06-09 12:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2017-07-14 13:46 - 2017-05-30 01:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2017-07-14 13:46 - 2017-05-30 01:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2017-07-14 13:46 - 2017-05-30 01:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2017-07-14 13:46 - 2017-05-16 12:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-07-14 13:46 - 2017-05-16 12:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-07-14 13:46 - 2017-05-03 12:34 - 000094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-07-14 13:46 - 2017-05-03 12:29 - 001206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-07-14 13:46 - 2017-03-22 23:06 - 001691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2017-07-14 13:45 - 2017-05-21 01:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-07-14 13:45 - 2017-05-21 01:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-07-14 13:45 - 2017-05-16 12:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

    ==================== Três Meses Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-26 14:08 - 2017-05-28 18:32 - 000000000 ____D C:\Users\Daniele BR\AppData\LocalLow\Mozilla
    2017-09-26 14:04 - 2009-07-14 01:45 - 000014240 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-09-26 14:04 - 2009-07-14 01:45 - 000014240 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-09-26 13:56 - 2014-04-25 03:32 - 000000000 ___RD C:\Users\Daniele BR\OneDrive
    2017-09-26 13:50 - 2015-06-29 19:46 - 000000692 _____ C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
    2017-09-26 13:50 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-09-26 13:49 - 2010-08-30 21:30 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
    2017-09-26 13:49 - 2010-08-30 21:30 - 000000000 ____D C:\ProgramData\NVIDIA
    2017-09-26 02:42 - 2010-09-05 22:21 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\SoftGrid Client
    2017-09-26 02:00 - 2014-06-30 11:01 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\Adobe
    2017-09-25 22:11 - 2009-07-14 01:45 - 003288552 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-09-25 14:59 - 2010-09-04 15:14 - 000219048 _____ C:\Users\Daniele BR\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-09-25 14:57 - 2010-09-05 21:04 - 000000000 ____D C:\Users\Todos os Usuários\Autodesk
    2017-09-25 14:57 - 2010-09-05 21:04 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Autodesk
    2017-09-25 14:57 - 2010-09-05 21:04 - 000000000 ____D C:\ProgramData\Autodesk
    2017-09-25 14:56 - 2010-09-05 21:04 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\Autodesk
    2017-09-25 14:56 - 2010-09-05 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
    2017-09-25 14:55 - 2010-09-05 21:03 - 000000000 ____D C:\Program Files (x86)\Autodesk
    2017-09-25 14:53 - 2017-05-15 13:56 - 000000000 ____D C:\Users\Public\Documents\Autodesk
    2017-09-25 14:52 - 2010-09-11 05:42 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
    2017-09-25 14:44 - 2010-09-11 05:42 - 000000000 ____D C:\Program Files\Autodesk
    2017-09-25 14:11 - 2016-01-13 14:43 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
    2017-09-25 14:11 - 2016-01-13 14:43 - 000000000 ____D C:\ProgramData\Package Cache
    2017-09-25 13:59 - 2010-09-08 12:17 - 000000000 ____D C:\Autodesk
    2017-09-25 13:42 - 2010-09-07 19:20 - 000000000 ____D C:\Users\Todos os Usuários\FLEXnet
    2017-09-25 13:42 - 2010-09-07 19:20 - 000000000 ____D C:\ProgramData\FLEXnet
    2017-09-24 16:05 - 2015-01-20 23:40 - 000000000 ____D C:\AdwCleaner
    2017-09-22 12:33 - 2014-08-14 09:21 - 000002004 _____ C:\Users\Public\Desktop\Google Slides.lnk
    2017-09-22 12:33 - 2014-08-14 09:21 - 000002002 _____ C:\Users\Public\Desktop\Google Sheets.lnk
    2017-09-22 12:33 - 2014-08-14 09:21 - 000001992 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2017-09-22 12:33 - 2014-08-14 09:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2017-09-21 15:52 - 2013-02-21 20:35 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Dropbox
    2017-09-21 15:35 - 2014-08-07 10:48 - 000002185 _____ C:\Users\Daniele BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2017-09-21 15:32 - 2009-07-14 02:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-09-20 23:35 - 2010-11-24 22:32 - 000000000 ____D C:\Users\Daniele BR\Downloads\segredo dos seus olhos
    2017-09-20 22:30 - 2012-02-05 11:23 - 000000000 ____D C:\Users\PESQUISA CASA NOVA
    2017-09-20 16:07 - 2014-06-05 15:59 - 000000000 ____D C:\Users\Todos os Usuários\SketchUp
    2017-09-20 16:07 - 2014-06-05 15:59 - 000000000 ____D C:\ProgramData\SketchUp
    2017-09-20 06:55 - 2012-02-03 11:26 - 000000000 ____D C:\Program Files (x86)\epson
    2017-09-20 00:02 - 2010-09-05 13:59 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\ElevatedDiagnostics
    2017-09-19 23:06 - 2012-02-03 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    2017-09-19 15:32 - 2015-07-06 12:40 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
    2017-09-19 15:32 - 2015-07-06 12:40 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
    2017-09-13 17:07 - 2017-02-05 21:04 - 000000000 ____D C:\Windows\rescache
    2017-09-13 16:04 - 2009-07-14 14:55 - 000706266 _____ C:\Windows\system32\prfh0416.dat
    2017-09-13 16:04 - 2009-07-14 14:55 - 000147848 _____ C:\Windows\system32\prfc0416.dat
    2017-09-13 16:04 - 2009-07-14 02:13 - 001637514 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-09-13 16:04 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
    2017-09-12 17:59 - 2013-07-13 03:01 - 000000000 ____D C:\Windows\system32\MRT
    2017-09-12 17:59 - 2010-09-08 23:43 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
    2017-09-12 17:54 - 2010-09-05 03:20 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-09-12 17:45 - 2010-09-05 22:20 - 001601900 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-09-06 15:29 - 2011-10-26 11:03 - 000000000 ____D C:\Program Files (x86)\GbPlugin
    2017-09-05 10:30 - 2011-10-26 11:03 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin
    2017-09-05 10:30 - 2011-10-26 11:03 - 000000000 ____D C:\ProgramData\GbPlugin
    2017-09-05 10:29 - 2014-06-06 01:55 - 000000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
    2017-09-05 10:29 - 2014-06-06 01:55 - 000000000 ____D C:\ProgramData\GAS Tecnologia
    2017-09-05 00:31 - 2014-05-28 14:22 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\EvernoteNW
    2017-09-05 00:25 - 2010-09-07 19:11 - 000000000 ____D C:\Program Files\Adobe
    2017-09-05 00:24 - 2010-09-05 02:21 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Adobe
    2017-09-05 00:04 - 2010-08-30 21:41 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
    2017-09-05 00:03 - 2012-02-03 11:28 - 000000000 ____D C:\Users\Todos os Usuários\EPSON
    2017-09-05 00:03 - 2012-02-03 11:28 - 000000000 ____D C:\ProgramData\EPSON
    2017-09-05 00:02 - 2012-02-03 11:42 - 000000000 ____D C:\Users\Todos os Usuários\ABBYY
    2017-09-05 00:02 - 2012-02-03 11:42 - 000000000 ____D C:\ProgramData\ABBYY
    2017-09-05 00:01 - 2012-02-03 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    2017-09-05 00:01 - 2012-02-03 11:28 - 000000000 ____D C:\Program Files (x86)\Epson Software
    2017-09-04 23:56 - 2010-09-05 22:07 - 000000000 ____D C:\Program Files (x86)\Google
    2017-09-02 19:39 - 2015-09-16 14:13 - 000000000 ____D C:\Users\Daniele BR\Desktop\Cabelos 2015
    2017-09-02 19:30 - 2015-07-30 13:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-09-02 19:29 - 2015-07-30 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2017-09-02 19:28 - 2010-08-30 21:31 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2017-09-02 16:14 - 2010-09-05 22:33 - 000000000 ____D C:\Users\Todos os Usuários\TEMP
    2017-09-02 16:14 - 2010-09-05 22:33 - 000000000 ____D C:\ProgramData\TEMP
    2017-09-02 11:09 - 2017-05-28 15:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-08-31 21:06 - 2010-09-05 04:45 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Skype
    2017-08-31 13:43 - 2010-08-30 21:50 - 000000000 ___RD C:\Program Files (x86)\Skype
    2017-08-31 13:43 - 2010-08-30 21:49 - 000000000 ____D C:\Users\Todos os Usuários\Skype
    2017-08-31 13:43 - 2010-08-30 21:49 - 000000000 ____D C:\ProgramData\Skype
    2017-08-31 13:20 - 2015-12-18 19:59 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-08-31 00:32 - 2014-08-14 09:23 - 000000000 ___RD C:\Users\Daniele BR\Google Drive
    2017-08-30 13:29 - 2017-05-30 00:08 - 000000000 ____D C:\Program Files (x86)\Plagius
    2017-08-28 10:40 - 2016-02-19 12:47 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\cache

    ==================== Arquivos na raiz de alguns diretórios =======

    2014-06-02 10:07 - 2014-06-02 10:07 - 000000044 _____ () C:\Users\Daniele BR\AppData\Roaming\mbam.context.scan
    2010-09-09 09:57 - 2010-09-09 10:17 - 000007859 _____ () C:\Users\Daniele BR\AppData\Roaming\pcouffin.cat
    2010-09-09 09:57 - 2010-09-09 10:17 - 000001167 _____ () C:\Users\Daniele BR\AppData\Roaming\pcouffin.inf
    2010-09-09 09:58 - 2010-09-09 10:17 - 000000033 _____ () C:\Users\Daniele BR\AppData\Roaming\pcouffin.log
    2010-09-09 09:57 - 2010-09-09 10:17 - 000082816 _____ (VSO Software) C:\Users\Daniele BR\AppData\Roaming\pcouffin.sys
    2012-05-17 00:17 - 2012-05-17 00:17 - 000000017 _____ () C:\Users\Daniele BR\AppData\Local\resmon.resmoncfg
    2012-08-24 12:17 - 2012-08-24 12:17 - 000000000 _____ () C:\Users\Daniele BR\AppData\Local\{6817C3C0-1A88-446A-BA6D-D9E1A9411F82}
    2010-09-07 19:38 - 2012-03-20 18:50 - 000003140 ___SH () C:\ProgramData\KGyGaAvL.sys
    2016-02-19 12:19 - 2016-02-19 12:19 - 000000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    Arquivos para serem movidos ou deletados:
    ====================
    C:\Users\Daniele BR\.sysconfig.dat
    C:\Users\Public\setup_amr.exe
    C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job


    Alguns arquivos em TEMP:
    ====================
    2016-02-19 12:27 - 2017-01-18 02:50 - 000066472 _____ (Autodesk, Inc.) C:\Users\Daniele BR\AppData\Local\Temp\AcDeltree.exe
    2016-01-17 20:36 - 2016-01-17 20:36 - 000043008 _____ () C:\Users\Daniele BR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe5j_1x.dll
    2016-01-17 20:37 - 2016-01-17 20:37 - 000043008 _____ () C:\Users\Daniele BR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjuhu1i.dll
    2015-05-15 01:14 - 2015-05-15 01:14 - 001188328 _____ () C:\Users\Daniele BR\AppData\Local\Temp\InstallHelper.exe
    2015-01-18 14:35 - 2015-01-18 14:35 - 000372936 _____ (ESET) C:\Users\Daniele BR\AppData\Local\Temp\InstHelper.exe
    2014-12-18 14:29 - 2014-12-18 14:29 - 000641448 _____ (Oracle Corporation) C:\Users\Daniele BR\AppData\Local\Temp\jre-8u31-windows-au.exe
    2015-07-27 07:36 - 2015-07-27 07:37 - 050294992 _____ (Microsoft Corporation) C:\Users\Daniele BR\AppData\Local\Temp\MouseKeyboardCenterx64_1046.exe
    2015-07-30 13:13 - 2015-06-29 16:08 - 001219240 _____ (NVIDIA Corporation) C:\Users\Daniele BR\AppData\Local\Temp\nvSCPAPI.dll
    2015-07-30 13:09 - 2015-06-29 16:07 - 000825544 _____ (NVIDIA Corporation) C:\Users\Daniele BR\AppData\Local\Temp\nvStInst.exe
    2014-11-08 05:33 - 2015-06-21 14:56 - 000610816 _____ () C:\Users\Daniele BR\AppData\Local\Temp\Quarantine.exe
    2015-04-01 10:46 - 2016-05-10 11:27 - 041345664 _____ (Skype Technologies S.A.) C:\Users\Daniele BR\AppData\Local\Temp\SkypeSetup.exe
    2015-08-18 17:30 - 2015-08-18 17:30 - 000541696 _____ () C:\Users\Daniele BR\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    2014-11-08 05:47 - 2014-10-17 08:39 - 000665682 _____ (SQLite Development Team) C:\Users\Daniele BR\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
    C:\Windows\system32\drivers\sptd.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATENÇÃO

    LastRegBack: 2017-09-20 07:42

    ==================== Fim de FRST.txt ============================

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara @danirruas

     

    Sem problemas, sei como é hehehe

     

    O FRST deve ser executado diretamente da Área de Trabalho (Desktop), no entanto você executou da pasta:

     

    Executando a partir de C:\Users\Daniele BR\Desktop\Clube do Hardware 2017

     

    Delete-o daí, baixe um novo para o Desktop, execute o FRST, marque a opção Addition e clique no botão Examinar.

     

    Anexe os logs.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Hey! Agora foi.

    Segue:

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 26-09-2017 01
    Executado por Daniele BR (administrador) em PC-PROGRAMAS (27-09-2017 16:07:54)
    Executando a partir de C:\Users\Daniele BR\Desktop
    Perfis Carregados: Daniele BR (Perfis Disponíveis: Daniele BR)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Chrome)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Baidu, Inc.) C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe
    (Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Akamai Technologies, Inc.) C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
    (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
    (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
    (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registro (Whitelisted) ===========================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2480584 2017-07-18] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-06-15] (Autodesk, Inc.)
    HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
    Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2014-07-11] (Caixa Economica Federal)
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Daniele BR\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== ATENÇÃO
    HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1718088 2014-07-11] (Caixa Economica Federal)
    BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 177.223.13.43
    Tcpip\..\Interfaces\{1D8BCDB5-6FF5-4198-9F06-1B32B319C8FB}: [DhcpNameServer] 200.222.122.134 192.168.0.1
    Tcpip\..\Interfaces\{3B6AE428-2091-442A-92C8-D366C74A1B80}: [DhcpNameServer] 8.8.8.8 177.223.13.43

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {CEFBE591-CE22-4E76-A573-A9520F6DAC45} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {1CB9E200-99B0-4321-B4E2-AE20FCDE2D46} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-971680230-1680443159-1465981135-1000 -> {1AB5A945-CCF8-4155-B1B1-1D83BBDBD7A1} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll => Nenhum Arquivo
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-15] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
    BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2014-07-11] (Caixa Economica Federal)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
    Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll Nenhum Arquivo
    Toolbar: HKU\S-1-5-21-971680230-1680443159-1465981135-1000 -> Sem Nome - {56CF4856-ECB4-4E46-A897-A378821F97B9} -  Nenhum Arquivo
    DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab
    DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: HKLM-x32 {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Daniele BR\AppData\Roaming\Mozilla\Firefox\Profiles\07187q7j.default-1495139530515 [2017-09-27]
    FF Session Restore: Mozilla\Firefox\Profiles\07187q7j.default-1495139530515 -> está habilitado.
    FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-05-28] [não assinado]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-13] ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-13] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [2014-01-15] (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-06] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-06] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-06-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-06-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-06-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-06-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-06-06] (Apple Inc.)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2017-09-02] <==== ATENÇÃO (Aponta para arquivo *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2017-09-02] <==== ATENÇÃO

    Chrome:
    =======
    CHR Profile: C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-09-04]
    CHR Extension: (Sem Nome) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-02-20]
    CHR Extension: (Documentos Google off-line) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-01]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
    CHR Extension: (Gmail) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-01]
    CHR Extension: (Chrome Media Router) - C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
    CHR Profile: C:\Users\Daniele BR\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-04]
    CHR HKU\S-1-5-21-971680230-1680443159-1465981135-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1353208 2017-06-15] (Autodesk Inc.)
    S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-07-13] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
    S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [Arquivo não assinado]
    S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-09-05] (Autodesk)
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [Arquivo não assinado]
    S4 ENAgent; C:\Windows\SysWOW64\ENAgent.exe [4209856 2012-07-05] (SEIKO EPSON CORPORATION)
    R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [590048 2017-09-02] (GAS Tecnologia)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155080 2017-07-18] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-06-13] (Western Digital)
    R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S4 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [69632 2009-03-04] (Tablet Driver) [Arquivo não assinado]
    S4 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATENÇÃO (não ServiceDLL)
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77432 2017-07-18] ()
    S1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2017-09-02] (GAS Tecnologia)
    S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [47688 2013-07-01] (GAS Tecnologia)
    S4 LMIRfsClientNP; não ImagePath
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R1 MpKsl87796120; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BACEC7E5-EEE3-4D7F-88AC-2BFBF5953129}\MpKsl87796120.sys [44928 2017-09-27] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
    S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
    S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-09-06] () [Arquivo não assinado]
    U3 auhn9rqb; C:\Windows\System32\Drivers\auhn9rqb.sys [0 ] (Microsoft Corporation) <==== ATENÇÃO (zero byte Arquivo/Pasta)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
    S3 Warsaw_PP; \??\C:\PROGRA~2\GbPlugin\wsftprp64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Três Meses Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-27 16:07 - 2017-09-27 16:09 - 000022668 _____ C:\Users\Daniele BR\Desktop\FRST.txt
    2017-09-27 16:07 - 2017-09-27 16:07 - 002399744 _____ (Farbar) C:\Users\Daniele BR\Desktop\FRST64.exe
    2017-09-26 14:05 - 2017-09-27 16:07 - 000000000 ____D C:\FRST
    2017-09-26 13:56 - 2017-09-26 13:56 - 000000000 ___HD C:\OneDriveTemp
    2017-09-25 14:56 - 2017-09-25 14:56 - 000002325 _____ C:\Users\Daniele BR\Desktop\Install Now Autodesk® AutoCAD® 2018.lnk
    2017-09-25 14:56 - 2017-09-25 14:56 - 000001489 _____ C:\Users\Public\Desktop\Aplicativo da área de trabalho Autodesk.lnk
    2017-09-25 14:56 - 2017-09-25 14:56 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
    2017-09-25 14:53 - 2017-09-25 14:53 - 000002259 _____ C:\Users\Public\Desktop\AutoCAD 2018 - English.lnk
    2017-09-25 14:51 - 2017-09-25 14:51 - 000000000 ____D C:\Users\Daniele BR\Documents\Inventor Server SDK ACAD 2018
    2017-09-25 13:59 - 2017-09-25 14:00 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\Akamai
    2017-09-25 13:57 - 2017-09-25 13:58 - 000000000 ____D C:\Users\Daniele BR\Downloads\AutoCad2018_educacional
    2017-09-25 13:57 - 2017-09-25 13:57 - 000000000 ____D C:\Users\Daniele BR\Downloads\2017.08
    2017-09-25 06:11 - 2017-09-25 06:11 - 000000000 ____D C:\Users\Public\Documents\PC Faster
    2017-09-24 16:25 - 2017-09-24 16:56 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\ZHP
    2017-09-24 16:25 - 2017-09-24 16:25 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\ZHP
    2017-09-21 15:52 - 2017-09-21 15:52 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-09-21 10:55 - 2017-09-21 10:55 - 000000000 ____D C:\Users\Public\Recorded TV
    2017-09-20 23:39 - 2017-09-27 16:05 - 000000000 ____D C:\Users\Daniele BR\Desktop\Clube do Hardware 2017
    2017-09-20 23:34 - 2017-09-20 23:34 - 000000000 __RHD C:\Users\Public\Libraries
    2017-09-20 23:23 - 2017-09-20 23:23 - 000035953 _____ C:\ZA-Scan.txt
    2017-09-20 16:43 - 2017-09-20 17:06 - 000000000 ____D C:\zoek_backup
    2017-09-20 16:09 - 2017-09-20 16:09 - 000002160 _____ C:\Users\Public\Desktop\Style Builder 2017.lnk
    2017-09-20 16:09 - 2017-09-20 16:09 - 000002074 _____ C:\Users\Public\Desktop\LayOut 2017.lnk
    2017-09-20 16:09 - 2017-09-20 16:09 - 000001989 _____ C:\Users\Public\Desktop\SketchUp 2017.lnk
    2017-09-20 16:09 - 2017-09-20 16:09 - 000000000 ____D C:\Users\Todos os Usuários\Reprise
    2017-09-20 16:09 - 2017-09-20 16:09 - 000000000 ____D C:\ProgramData\Reprise
    2017-09-20 16:09 - 2017-09-20 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017
    2017-09-20 16:07 - 2017-09-20 16:07 - 000000000 ____D C:\Program Files\SketchUp
    2017-09-20 15:57 - 2017-09-20 15:58 - 000000000 ____D C:\Users\Daniele BR\Downloads\SketchUpMake 2017_64bits
    2017-09-19 23:44 - 2017-09-19 23:45 - 057870112 _____ (Microsoft Corporation) C:\Users\Daniele BR\Downloads\MouseKeyboardCenter_64bit_PTB_3.0.337.exe
    2017-09-12 16:12 - 2017-08-19 12:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
    2017-09-12 16:12 - 2017-08-19 12:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2017-09-12 16:12 - 2017-08-16 12:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-09-12 16:12 - 2017-08-16 12:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-09-12 16:12 - 2017-08-16 11:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-09-12 16:12 - 2017-08-15 22:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-09-12 16:12 - 2017-08-15 21:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-09-12 16:12 - 2017-08-15 12:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-09-12 16:12 - 2017-08-15 12:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-09-12 16:12 - 2017-08-15 12:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-09-12 16:12 - 2017-08-15 12:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-09-12 16:12 - 2017-08-15 11:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-09-12 16:12 - 2017-08-15 11:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-09-12 16:12 - 2017-08-15 11:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-09-12 16:12 - 2017-08-15 11:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-09-12 16:12 - 2017-08-15 10:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
    2017-09-12 16:12 - 2017-08-14 14:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
    2017-09-12 16:12 - 2017-08-14 14:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
    2017-09-12 16:12 - 2017-08-13 18:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
    2017-09-12 16:12 - 2017-08-13 18:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
    2017-09-12 16:12 - 2017-08-13 15:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-09-12 16:12 - 2017-08-13 14:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-09-12 16:12 - 2017-08-13 14:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-09-12 16:12 - 2017-08-13 14:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-09-12 16:12 - 2017-08-13 14:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-09-12 16:12 - 2017-08-13 14:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-09-12 16:12 - 2017-08-13 14:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-09-12 16:12 - 2017-08-13 14:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-09-12 16:12 - 2017-08-13 14:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-09-12 16:12 - 2017-08-13 13:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-09-12 16:12 - 2017-08-13 13:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-09-12 16:12 - 2017-08-13 13:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-09-12 16:12 - 2017-08-13 13:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-09-12 16:12 - 2017-08-13 13:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-09-12 16:12 - 2017-08-13 13:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-09-12 16:12 - 2017-08-13 13:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-09-12 16:12 - 2017-08-13 13:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-09-12 16:12 - 2017-08-13 13:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-09-12 16:12 - 2017-08-13 13:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-09-12 16:12 - 2017-08-13 13:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-09-12 16:12 - 2017-08-13 13:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-09-12 16:12 - 2017-08-13 13:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-09-12 16:12 - 2017-08-13 13:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-09-12 16:12 - 2017-08-13 13:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-09-12 16:12 - 2017-08-13 13:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2017-09-12 16:12 - 2017-08-13 13:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-09-12 16:12 - 2017-08-13 13:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-09-12 16:12 - 2017-08-13 13:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-09-12 16:12 - 2017-08-13 13:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-09-12 16:12 - 2017-08-13 13:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-09-12 16:12 - 2017-08-13 13:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-09-12 16:12 - 2017-08-13 13:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-09-12 16:12 - 2017-08-13 13:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-09-12 16:12 - 2017-08-13 13:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-09-12 16:12 - 2017-08-13 13:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-09-12 16:12 - 2017-08-13 13:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-09-12 16:12 - 2017-08-13 13:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-09-12 16:12 - 2017-08-13 13:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-09-12 16:12 - 2017-08-13 13:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-09-12 16:12 - 2017-08-13 13:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-09-12 16:12 - 2017-08-13 13:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-09-12 16:12 - 2017-08-13 13:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-09-12 16:12 - 2017-08-13 13:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-09-12 16:12 - 2017-08-13 13:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-09-12 16:12 - 2017-08-13 13:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-09-12 16:12 - 2017-08-13 13:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2017-09-12 16:12 - 2017-08-13 13:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-09-12 16:12 - 2017-08-13 13:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-09-12 16:12 - 2017-08-13 12:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-09-12 16:12 - 2017-08-13 12:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-09-12 16:12 - 2017-08-13 12:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-09-12 16:12 - 2017-08-13 12:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-09-12 16:12 - 2017-08-13 12:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-09-12 16:12 - 2017-08-13 12:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-09-12 16:12 - 2017-08-13 12:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-09-12 16:12 - 2017-08-13 12:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-09-12 16:12 - 2017-08-13 12:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-09-12 16:12 - 2017-08-13 12:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-09-12 16:12 - 2017-08-13 12:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-09-12 16:12 - 2017-08-13 12:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-09-12 16:12 - 2017-08-13 12:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-09-12 16:12 - 2017-08-11 03:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-09-12 16:12 - 2017-08-11 03:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-09-12 16:12 - 2017-08-11 03:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-09-12 16:12 - 2017-08-11 03:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-09-12 16:12 - 2017-08-11 03:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-09-12 16:12 - 2017-08-11 03:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-09-12 16:12 - 2017-08-11 03:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-09-12 16:12 - 2017-08-11 03:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-09-12 16:12 - 2017-08-11 03:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-09-12 16:12 - 2017-08-11 03:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
    2017-09-12 16:12 - 2017-08-11 03:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
    2017-09-12 16:12 - 2017-08-11 03:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 03:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
    2017-09-12 16:12 - 2017-08-11 03:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
    2017-09-12 16:12 - 2017-08-11 03:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-09-12 16:12 - 2017-08-11 03:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-09-12 16:12 - 2017-08-11 03:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-09-12 16:12 - 2017-08-11 03:06 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-09-12 16:12 - 2017-08-11 03:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-09-12 16:12 - 2017-08-11 03:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
    2017-09-12 16:12 - 2017-08-11 03:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-09-12 16:12 - 2017-08-11 03:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
    2017-09-12 16:12 - 2017-08-11 03:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2017-09-12 16:12 - 2017-08-11 03:00 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-09-12 16:12 - 2017-08-11 03:00 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-09-12 16:12 - 2017-08-11 02:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-09-12 16:12 - 2017-08-11 02:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-09-12 16:12 - 2017-08-11 02:59 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-09-12 16:12 - 2017-08-11 02:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-09-12 16:12 - 2017-08-11 02:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-09-12 16:12 - 2017-08-11 02:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-09-12 16:12 - 2017-08-11 02:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-09-12 16:12 - 2017-08-11 02:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
    2017-09-12 16:12 - 2017-08-11 02:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-09-12 16:12 - 2017-08-11 02:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-09-12 16:12 - 2017-08-11 02:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-09-12 16:12 - 2017-08-11 02:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-09-12 16:12 - 2017-08-11 02:55 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-09-12 16:12 - 2017-08-11 02:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 02:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 02:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-09-12 16:12 - 2017-08-11 02:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-09-12 16:12 - 2017-07-07 12:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
    2017-09-12 16:12 - 2017-07-07 12:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
    2017-09-05 00:31 - 2017-09-05 00:31 - 000003204 _____ C:\Windows\System32\Tasks\{E3BD104F-ABAA-4E98-83BD-83CB3BA429D7}
    2017-09-02 11:09 - 2017-09-02 13:07 - 000028888 _____ (GAS Tecnologia) C:\Windows\SysWOW64\Drivers\gbpddfac64.sys
    2017-09-02 11:09 - 2017-09-02 11:09 - 000002912 _____ C:\Windows\System32\Tasks\Rerun Warsaw's CoreFixer
    2017-09-02 11:09 - 2015-12-04 10:30 - 000029816 _____ (GAS Tecnologia) C:\Windows\SysWOW64\Drivers\gbpddreg64.sys
    2017-09-02 11:07 - 2017-09-05 10:29 - 000000000 ____D C:\Program Files\Diebold
    2017-09-02 11:06 - 2017-09-02 11:07 - 011079440 _____ (Banco Itaú) C:\Users\Daniele BR\Downloads\DiagnosticoItau.exe
    2017-09-02 11:05 - 2017-09-02 11:05 - 003580664 _____ C:\Users\Daniele BR\Downloads\aplicativoitau.exe
    2017-08-18 12:09 - 2017-09-05 10:38 - 000000000 ___RD C:\Users\Daniele BR\Creative Cloud Files
    2017-08-18 12:06 - 2017-08-18 12:06 - 000003520 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-PC-PROGRAMAS-Daniele BR
    2017-08-18 11:44 - 2017-08-18 11:44 - 000001183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
    2017-08-18 11:44 - 2017-08-18 11:44 - 000001171 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
    2017-08-14 16:52 - 2017-08-14 16:52 - 000640144 _____ C:\Windows\Minidump\081417-30810-01.dmp
    2017-08-08 21:44 - 2017-07-21 11:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll
    2017-08-08 21:44 - 2017-07-21 11:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll
    2017-08-08 21:44 - 2017-07-14 12:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2017-08-08 21:44 - 2017-07-14 12:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
    2017-08-08 21:44 - 2017-07-01 10:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
    2017-08-08 21:43 - 2017-07-29 11:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2017-08-08 21:43 - 2017-07-21 11:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll
    2017-08-08 21:43 - 2017-07-21 11:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2017-08-08 21:43 - 2017-07-14 12:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
    2017-08-08 21:43 - 2017-07-14 12:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2017-08-08 21:43 - 2017-07-14 12:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2017-08-08 21:43 - 2017-07-14 12:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2017-08-08 21:43 - 2017-07-14 12:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
    2017-08-08 21:43 - 2017-07-14 12:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
    2017-08-08 21:43 - 2017-07-14 12:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
    2017-08-08 21:43 - 2017-07-14 12:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
    2017-08-08 21:43 - 2017-07-14 11:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
    2017-08-08 21:43 - 2017-07-14 11:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
    2017-08-08 21:43 - 2017-07-14 11:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2017-08-08 21:43 - 2017-07-14 11:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2017-08-08 21:43 - 2017-07-14 11:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2017-08-08 21:43 - 2017-07-08 12:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2017-08-08 21:43 - 2017-07-07 12:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
    2017-08-08 21:43 - 2017-07-07 12:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
    2017-08-08 21:43 - 2017-07-07 12:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
    2017-08-08 21:43 - 2017-07-01 10:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll
    2017-08-08 21:43 - 2017-07-01 10:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
    2017-08-08 21:43 - 2017-07-01 10:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
    2017-08-08 21:43 - 2017-07-01 10:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll
    2017-07-27 12:43 - 2017-09-21 15:36 - 000003190 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-971680230-1680443159-1465981135-1000
    2017-07-14 13:46 - 2017-06-15 17:23 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2017-07-14 13:46 - 2017-06-12 19:49 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
    2017-07-14 13:46 - 2017-06-12 19:49 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
    2017-07-14 13:46 - 2017-06-12 19:49 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
    2017-07-14 13:46 - 2017-06-12 19:49 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
    2017-07-14 13:46 - 2017-06-12 19:29 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
    2017-07-14 13:46 - 2017-06-12 19:29 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
    2017-07-14 13:46 - 2017-06-12 19:29 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
    2017-07-14 13:46 - 2017-06-12 19:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
    2017-07-14 13:46 - 2017-06-12 19:14 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
    2017-07-14 13:46 - 2017-06-12 19:14 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
    2017-07-14 13:46 - 2017-06-12 19:14 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
    2017-07-14 13:46 - 2017-06-12 19:06 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
    2017-07-14 13:46 - 2017-06-12 19:06 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
    2017-07-14 13:46 - 2017-06-12 19:06 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
    2017-07-14 13:46 - 2017-06-09 12:33 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2017-07-14 13:46 - 2017-05-30 01:56 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2017-07-14 13:46 - 2017-05-30 01:56 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2017-07-14 13:46 - 2017-05-30 01:56 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2017-07-14 13:46 - 2017-05-16 12:35 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2017-07-14 13:46 - 2017-05-16 12:35 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2017-07-14 13:46 - 2017-05-03 12:34 - 000094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-07-14 13:46 - 2017-05-03 12:29 - 001206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 001555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-07-14 13:46 - 2017-05-03 10:05 - 000127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-07-14 13:46 - 2017-03-22 23:06 - 001691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2017-07-14 13:45 - 2017-05-21 01:24 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-07-14 13:45 - 2017-05-21 01:06 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-07-14 13:45 - 2017-05-16 12:30 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

    ==================== Três Meses Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-09-27 16:07 - 2017-05-28 18:32 - 000000000 ____D C:\Users\Daniele BR\AppData\LocalLow\Mozilla
    2017-09-27 06:54 - 2010-09-05 22:21 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\SoftGrid Client
    2017-09-27 05:10 - 2009-07-14 01:45 - 000014240 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-09-27 05:10 - 2009-07-14 01:45 - 000014240 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-09-27 04:59 - 2014-06-30 11:01 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\Adobe
    2017-09-27 04:53 - 2014-04-25 03:32 - 000000000 ___RD C:\Users\Daniele BR\OneDrive
    2017-09-27 04:49 - 2015-06-29 19:46 - 000000692 _____ C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
    2017-09-27 04:48 - 2010-08-30 21:30 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
    2017-09-27 04:48 - 2010-08-30 21:30 - 000000000 ____D C:\ProgramData\NVIDIA
    2017-09-27 04:48 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-09-25 22:11 - 2009-07-14 01:45 - 003288552 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-09-25 14:59 - 2010-09-04 15:14 - 000219048 _____ C:\Users\Daniele BR\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-09-25 14:57 - 2010-09-05 21:04 - 000000000 ____D C:\Users\Todos os Usuários\Autodesk
    2017-09-25 14:57 - 2010-09-05 21:04 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Autodesk
    2017-09-25 14:57 - 2010-09-05 21:04 - 000000000 ____D C:\ProgramData\Autodesk
    2017-09-25 14:56 - 2010-09-05 21:04 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\Autodesk
    2017-09-25 14:56 - 2010-09-05 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
    2017-09-25 14:55 - 2010-09-05 21:03 - 000000000 ____D C:\Program Files (x86)\Autodesk
    2017-09-25 14:53 - 2017-05-15 13:56 - 000000000 ____D C:\Users\Public\Documents\Autodesk
    2017-09-25 14:52 - 2010-09-11 05:42 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
    2017-09-25 14:44 - 2010-09-11 05:42 - 000000000 ____D C:\Program Files\Autodesk
    2017-09-25 14:11 - 2016-01-13 14:43 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
    2017-09-25 14:11 - 2016-01-13 14:43 - 000000000 ____D C:\ProgramData\Package Cache
    2017-09-25 13:59 - 2010-09-08 12:17 - 000000000 ____D C:\Autodesk
    2017-09-25 13:42 - 2010-09-07 19:20 - 000000000 ____D C:\Users\Todos os Usuários\FLEXnet
    2017-09-25 13:42 - 2010-09-07 19:20 - 000000000 ____D C:\ProgramData\FLEXnet
    2017-09-24 16:05 - 2015-01-20 23:40 - 000000000 ____D C:\AdwCleaner
    2017-09-22 12:33 - 2014-08-14 09:21 - 000002004 _____ C:\Users\Public\Desktop\Google Slides.lnk
    2017-09-22 12:33 - 2014-08-14 09:21 - 000002002 _____ C:\Users\Public\Desktop\Google Sheets.lnk
    2017-09-22 12:33 - 2014-08-14 09:21 - 000001992 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2017-09-22 12:33 - 2014-08-14 09:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2017-09-21 15:52 - 2013-02-21 20:35 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Dropbox
    2017-09-21 15:35 - 2014-08-07 10:48 - 000002185 _____ C:\Users\Daniele BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
    2017-09-21 15:32 - 2009-07-14 02:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-09-20 23:35 - 2010-11-24 22:32 - 000000000 ____D C:\Users\Daniele BR\Downloads\segredo dos seus olhos
    2017-09-20 22:30 - 2012-02-05 11:23 - 000000000 ____D C:\Users\PESQUISA CASA NOVA
    2017-09-20 16:07 - 2014-06-05 15:59 - 000000000 ____D C:\Users\Todos os Usuários\SketchUp
    2017-09-20 16:07 - 2014-06-05 15:59 - 000000000 ____D C:\ProgramData\SketchUp
    2017-09-20 06:55 - 2012-02-03 11:26 - 000000000 ____D C:\Program Files (x86)\epson
    2017-09-20 00:02 - 2010-09-05 13:59 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\ElevatedDiagnostics
    2017-09-19 23:06 - 2012-02-03 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
    2017-09-19 15:32 - 2015-07-06 12:40 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
    2017-09-19 15:32 - 2015-07-06 12:40 - 000000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
    2017-09-13 17:07 - 2017-02-05 21:04 - 000000000 ____D C:\Windows\rescache
    2017-09-13 16:04 - 2009-07-14 14:55 - 000706266 _____ C:\Windows\system32\prfh0416.dat
    2017-09-13 16:04 - 2009-07-14 14:55 - 000147848 _____ C:\Windows\system32\prfc0416.dat
    2017-09-13 16:04 - 2009-07-14 02:13 - 001637514 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-09-13 16:04 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
    2017-09-12 17:59 - 2013-07-13 03:01 - 000000000 ____D C:\Windows\system32\MRT
    2017-09-12 17:59 - 2010-09-08 23:43 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
    2017-09-12 17:54 - 2010-09-05 03:20 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-09-12 17:45 - 2010-09-05 22:20 - 001601900 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-09-06 15:29 - 2011-10-26 11:03 - 000000000 ____D C:\Program Files (x86)\GbPlugin
    2017-09-05 10:30 - 2011-10-26 11:03 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin
    2017-09-05 10:30 - 2011-10-26 11:03 - 000000000 ____D C:\ProgramData\GbPlugin
    2017-09-05 10:29 - 2014-06-06 01:55 - 000000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
    2017-09-05 10:29 - 2014-06-06 01:55 - 000000000 ____D C:\ProgramData\GAS Tecnologia
    2017-09-05 00:31 - 2014-05-28 14:22 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\EvernoteNW
    2017-09-05 00:25 - 2010-09-07 19:11 - 000000000 ____D C:\Program Files\Adobe
    2017-09-05 00:24 - 2010-09-05 02:21 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Adobe
    2017-09-05 00:04 - 2010-08-30 21:41 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
    2017-09-05 00:03 - 2012-02-03 11:28 - 000000000 ____D C:\Users\Todos os Usuários\EPSON
    2017-09-05 00:03 - 2012-02-03 11:28 - 000000000 ____D C:\ProgramData\EPSON
    2017-09-05 00:02 - 2012-02-03 11:42 - 000000000 ____D C:\Users\Todos os Usuários\ABBYY
    2017-09-05 00:02 - 2012-02-03 11:42 - 000000000 ____D C:\ProgramData\ABBYY
    2017-09-05 00:01 - 2012-02-03 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
    2017-09-05 00:01 - 2012-02-03 11:28 - 000000000 ____D C:\Program Files (x86)\Epson Software
    2017-09-04 23:56 - 2010-09-05 22:07 - 000000000 ____D C:\Program Files (x86)\Google
    2017-09-02 19:39 - 2015-09-16 14:13 - 000000000 ____D C:\Users\Daniele BR\Desktop\Cabelos 2015
    2017-09-02 19:30 - 2015-07-30 13:13 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-09-02 19:29 - 2015-07-30 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2017-09-02 19:28 - 2010-08-30 21:31 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2017-09-02 16:14 - 2010-09-05 22:33 - 000000000 ____D C:\Users\Todos os Usuários\TEMP
    2017-09-02 16:14 - 2010-09-05 22:33 - 000000000 ____D C:\ProgramData\TEMP
    2017-09-02 11:09 - 2017-05-28 15:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-08-31 21:06 - 2010-09-05 04:45 - 000000000 ____D C:\Users\Daniele BR\AppData\Roaming\Skype
    2017-08-31 13:43 - 2010-08-30 21:50 - 000000000 ___RD C:\Program Files (x86)\Skype
    2017-08-31 13:43 - 2010-08-30 21:49 - 000000000 ____D C:\Users\Todos os Usuários\Skype
    2017-08-31 13:43 - 2010-08-30 21:49 - 000000000 ____D C:\ProgramData\Skype
    2017-08-31 13:20 - 2015-12-18 19:59 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-08-31 00:32 - 2014-08-14 09:23 - 000000000 ___RD C:\Users\Daniele BR\Google Drive
    2017-08-30 13:29 - 2017-05-30 00:08 - 000000000 ____D C:\Program Files (x86)\Plagius
    2017-08-28 10:40 - 2016-02-19 12:47 - 000000000 ____D C:\Users\Daniele BR\AppData\Local\cache

    ==================== Arquivos na raiz de alguns diretórios =======

    2014-06-02 10:07 - 2014-06-02 10:07 - 000000044 _____ () C:\Users\Daniele BR\AppData\Roaming\mbam.context.scan
    2010-09-09 09:57 - 2010-09-09 10:17 - 000007859 _____ () C:\Users\Daniele BR\AppData\Roaming\pcouffin.cat
    2010-09-09 09:57 - 2010-09-09 10:17 - 000001167 _____ () C:\Users\Daniele BR\AppData\Roaming\pcouffin.inf
    2010-09-09 09:58 - 2010-09-09 10:17 - 000000033 _____ () C:\Users\Daniele BR\AppData\Roaming\pcouffin.log
    2010-09-09 09:57 - 2010-09-09 10:17 - 000082816 _____ (VSO Software) C:\Users\Daniele BR\AppData\Roaming\pcouffin.sys
    2012-05-17 00:17 - 2012-05-17 00:17 - 000000017 _____ () C:\Users\Daniele BR\AppData\Local\resmon.resmoncfg
    2012-08-24 12:17 - 2012-08-24 12:17 - 000000000 _____ () C:\Users\Daniele BR\AppData\Local\{6817C3C0-1A88-446A-BA6D-D9E1A9411F82}
    2010-09-07 19:38 - 2012-03-20 18:50 - 000003140 ___SH () C:\ProgramData\KGyGaAvL.sys
    2016-02-19 12:19 - 2016-02-19 12:19 - 000000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    Arquivos para serem movidos ou deletados:
    ====================
    C:\Users\Daniele BR\.sysconfig.dat
    C:\Users\Public\setup_amr.exe
    C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job


    Alguns arquivos em TEMP:
    ====================
    2016-02-19 12:27 - 2017-01-18 02:50 - 000066472 _____ (Autodesk, Inc.) C:\Users\Daniele BR\AppData\Local\Temp\AcDeltree.exe
    2016-01-17 20:36 - 2016-01-17 20:36 - 000043008 _____ () C:\Users\Daniele BR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe5j_1x.dll
    2016-01-17 20:37 - 2016-01-17 20:37 - 000043008 _____ () C:\Users\Daniele BR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjuhu1i.dll
    2015-05-15 01:14 - 2015-05-15 01:14 - 001188328 _____ () C:\Users\Daniele BR\AppData\Local\Temp\InstallHelper.exe
    2015-01-18 14:35 - 2015-01-18 14:35 - 000372936 _____ (ESET) C:\Users\Daniele BR\AppData\Local\Temp\InstHelper.exe
    2014-12-18 14:29 - 2014-12-18 14:29 - 000641448 _____ (Oracle Corporation) C:\Users\Daniele BR\AppData\Local\Temp\jre-8u31-windows-au.exe
    2015-07-27 07:36 - 2015-07-27 07:37 - 050294992 _____ (Microsoft Corporation) C:\Users\Daniele BR\AppData\Local\Temp\MouseKeyboardCenterx64_1046.exe
    2015-07-30 13:13 - 2015-06-29 16:08 - 001219240 _____ (NVIDIA Corporation) C:\Users\Daniele BR\AppData\Local\Temp\nvSCPAPI.dll
    2015-07-30 13:09 - 2015-06-29 16:07 - 000825544 _____ (NVIDIA Corporation) C:\Users\Daniele BR\AppData\Local\Temp\nvStInst.exe
    2014-11-08 05:33 - 2015-06-21 14:56 - 000610816 _____ () C:\Users\Daniele BR\AppData\Local\Temp\Quarantine.exe
    2015-04-01 10:46 - 2016-05-10 11:27 - 041345664 _____ (Skype Technologies S.A.) C:\Users\Daniele BR\AppData\Local\Temp\SkypeSetup.exe
    2015-08-18 17:30 - 2015-08-18 17:30 - 000541696 _____ () C:\Users\Daniele BR\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    2014-11-08 05:47 - 2014-10-17 08:39 - 000665682 _____ (SQLite Development Team) C:\Users\Daniele BR\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
    C:\Windows\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
    C:\Windows\system32\drivers\sptd.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATENÇÃO

    LastRegBack: 2017-09-20 07:42

    ==================== Fim de FRST.txt ============================

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara @danirruas

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

    Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

    Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    fixlist.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Ok!! Segue abaixo:

     

     

    Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 29-09-2017
    Executado por Daniele BR (29-09-2017 16:44:31) Run:1
    Executando a partir de C:\Users\Daniele BR\Desktop
    Perfis Carregados: Daniele BR (Perfis Disponíveis: Daniele BR)
    Modo da Inicialização: Normal
    ==============================================

    fixlist Conteúdo:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    (Baidu, Inc.) C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe)
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== ATENÇÃO
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-971680230-1680443159-1465981135-1000 -> Sem Nome - {56CF4856-ECB4-4E46-A897-A378821F97B9} -  Nenhum Arquivo
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATENÇÃO (não ServiceDLL)
    U3 auhn9rqb; C:\Windows\System32\Drivers\auhn9rqb.sys [0 ] (Microsoft Corporation) <==== ATENÇÃO (zero byte Arquivo/Pasta)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    C:\ComboFix\catchme.sys
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
    S3 Warsaw_PP; \??\C:\PROGRA~2\GbPlugin\wsftprp64.sys [X]
    C:\Users\Daniele BR\.sysconfig.dat
    C:\Users\Public\setup_amr.exe
    C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
    2016-02-19 12:27 - 2017-01-18 02:50 - 000066472 _____ (Autodesk, Inc.) C:\Users\Daniele BR\AppData\Local\Temp\AcDeltree.exe
    2016-01-17 20:36 - 2016-01-17 20:36 - 000043008 _____ () C:\Users\Daniele BR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe5j_1x.dll
    2016-01-17 20:37 - 2016-01-17 20:37 - 000043008 _____ () C:\Users\Daniele BR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjuhu1i.dll
    2015-05-15 01:14 - 2015-05-15 01:14 - 001188328 _____ () C:\Users\Daniele BR\AppData\Local\Temp\InstallHelper.exe
    2015-01-18 14:35 - 2015-01-18 14:35 - 000372936 _____ (ESET) C:\Users\Daniele BR\AppData\Local\Temp\InstHelper.exe
    2014-12-18 14:29 - 2014-12-18 14:29 - 000641448 _____ (Oracle Corporation) C:\Users\Daniele BR\AppData\Local\Temp\jre-8u31-windows-au.exe
    2015-07-27 07:36 - 2015-07-27 07:37 - 050294992 _____ (Microsoft Corporation) C:\Users\Daniele BR\AppData\Local\Temp\MouseKeyboardCenterx64_1046.exe
    2015-07-30 13:13 - 2015-06-29 16:08 - 001219240 _____ (NVIDIA Corporation) C:\Users\Daniele BR\AppData\Local\Temp\nvSCPAPI.dll
    2015-07-30 13:09 - 2015-06-29 16:07 - 000825544 _____ (NVIDIA Corporation) C:\Users\Daniele BR\AppData\Local\Temp\nvStInst.exe
    2014-11-08 05:33 - 2015-06-21 14:56 - 000610816 _____ () C:\Users\Daniele BR\AppData\Local\Temp\Quarantine.exe
    2015-04-01 10:46 - 2016-05-10 11:27 - 041345664 _____ (Skype Technologies S.A.) C:\Users\Daniele BR\AppData\Local\Temp\SkypeSetup.exe
    2015-08-18 17:30 - 2015-08-18 17:30 - 000541696 _____ () C:\Users\Daniele BR\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    2014-11-08 05:47 - 2014-10-17 08:39 - 000665682 _____ (SQLite Development Team) C:\Users\Daniele BR\AppData\Local\Temp\sqlite3.dll
    ContextMenuHandlers1-x32: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> Nenhum Arquivo
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll -> Nenhum Arquivo
    ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> Nenhum Arquivo
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Nenhum Arquivo
    ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> Nenhum Arquivo
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll -> Nenhum Arquivo
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> Nenhum Arquivo
    ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> Nenhum Arquivo
    Task: {18AF5AFA-E0C0-48E1-9F97-A3F2EF8A2E97} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\Windows\TEMP\is-IF9JG.tmp\corefixer.exe <==== ATENÇÃO
    C:\Windows\TEMP\is-IF9JG.tmp\corefixer.exe
    Task: {BD2A3D95-32C1-4B64-B485-3C266766F533} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-15] () <==== ATENÇÃO
    C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe
    Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe-RunCheckUpdate C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATENÇÃO
    C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe
    AlternateDataStreams: C:\ProgramData\TEMP:BF98CBAF [156]
    AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:BF98CBAF [156]
    CMD: ipconfig /flushdns
    EmptyTemp:

    *****************

    Ponto de Restauração criado com sucesso.
    Processos fechados com sucesso.
    C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe) => Não foi encontrado em execução o processo
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => valor removido (a) com sucesso.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    HKU\S-1-5-21-971680230-1680443159-1465981135-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{56CF4856-ECB4-4E46-A897-A378821F97B9} => valor removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{56CF4856-ECB4-4E46-A897-A378821F97B9} => chave não encontrado (a).
    HKLM\System\CurrentControlSet\Services\AppMgmt => chave removido (a) com sucesso.
    AppMgmt => serviço removido (a) com sucesso.
    auhn9rqb => serviço não encontrado (a).
    HKLM\System\CurrentControlSet\Services\catchme => chave removido (a) com sucesso.
    catchme => serviço removido (a) com sucesso.
    "C:\ComboFix\catchme.sys" => não encontrado (a).
    HKLM\System\CurrentControlSet\Services\ew_hwusbdev => chave removido (a) com sucesso.
    ew_hwusbdev => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\ew_usbenumfilter => chave removido (a) com sucesso.
    ew_usbenumfilter => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\huawei_cdcacm => chave removido (a) com sucesso.
    huawei_cdcacm => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\huawei_enumerator => chave removido (a) com sucesso.
    huawei_enumerator => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\LMIInfo => chave removido (a) com sucesso.
    LMIInfo => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\Tablet2k => chave removido (a) com sucesso.
    Tablet2k => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\usbbus => chave removido (a) com sucesso.
    usbbus => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\UsbDiag => chave removido (a) com sucesso.
    UsbDiag => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\USBModem => chave removido (a) com sucesso.
    USBModem => serviço removido (a) com sucesso.
    HKLM\System\CurrentControlSet\Services\Warsaw_PP => chave removido (a) com sucesso.
    Warsaw_PP => serviço removido (a) com sucesso.
    C:\Users\Daniele BR\.sysconfig.dat => movido com sucesso
    C:\Users\Public\setup_amr.exe => movido com sucesso
    C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\AcDeltree.exe => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe5j_1x.dll => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjuhu1i.dll => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\InstallHelper.exe => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\InstHelper.exe => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\jre-8u31-windows-au.exe => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\MouseKeyboardCenterx64_1046.exe => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\nvSCPAPI.dll => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\nvStInst.exe => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\Quarantine.exe => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\SkypeSetup.exe => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => movido com sucesso
    C:\Users\Daniele BR\AppData\Local\Temp\sqlite3.dll => movido com sucesso
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu => chave removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => chave não encontrado (a).
    HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => chave removido (a) com sucesso.
    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{0365FE2C-F183-4091-AC82-BFC39FB75C49} => chave não encontrado (a).
    HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => chave não encontrado (a).
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => chave removido (a) com sucesso.
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => chave não encontrado (a).
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => chave não encontrado (a).
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu => chave removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => chave não encontrado (a).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{18AF5AFA-E0C0-48E1-9F97-A3F2EF8A2E97} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18AF5AFA-E0C0-48E1-9F97-A3F2EF8A2E97} => chave removido (a) com sucesso.
    C:\Windows\System32\Tasks\Rerun Warsaw's CoreFixer => movido com sucesso
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rerun Warsaw's CoreFixer => chave removido (a) com sucesso.
    "C:\Windows\TEMP\is-IF9JG.tmp\corefixer.exe" => não encontrado (a).
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD2A3D95-32C1-4B64-B485-3C266766F533} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD2A3D95-32C1-4B64-B485-3C266766F533} => chave removido (a) com sucesso.
    C:\Windows\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => movido com sucesso
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => chave removido (a) com sucesso.
    C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe => movido com sucesso
    C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => não encontrado (a).
    C:\Users\Daniele BR\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe => movido com sucesso
    C:\ProgramData\TEMP => ":BF98CBAF" ADS removido (a) com sucesso..
    "C:\Users\Todos os Usuários\TEMP" => ":BF98CBAF" ADS não encontrado (a).

    ========= ipconfig /flushdns =========


    Configura‡Æo de IP do Windows

    Libera‡Æo do Cache do DNS Resolver bem-sucedida.

    ========= Fim de CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 90013341 B
    Java, Flash, Steam htmlcache => 30026 B
    Windows/system/drivers => 621707250 B
    Edge => 0 B
    Chrome => 126019710 B
    Firefox => 399203429 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 48489 B
    systemprofile32 => 6328372 B
    LocalService => 132244 B
    NetworkService => 219753727 B
    Daniele BR => 4062072232 B
    UpdatusUser => 0 B

    RecycleBin => 15931484723 B
    EmptyTemp: => 20 GB de dados temporários Removidos.

    ================================


    O sistema precisou ser reiniciado.

    ==== Fim de Fixlog 16:49:14 ====

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Atualize o MalwareBytes AntiMalware, faça um scan e poste o log.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara @danirruas

     

    Faça um novo log com o FRST, porém antes de clicar no botão Examinar, marque a opção Addition.

     

    Anexe os logs, por favor.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Anexos!! :)
    (difícil anexar com esse mouse bugado...) :(

     

    Addition.txt

    FRST.txt

     

    (Ansiedade... só para passar o andamento: o pc ficou extremamente lento bugando os programas todos) :(

     

    Editado por danirruas
    atualização

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Citação

    (Ansiedade... só para passar o andamento: o pc ficou extremamente lento bugando os programas todos)

     

    Olha, faz 12 anos que trabalho nesta área e já vi de tudo: alguns Windows têm uma melhora outros pioram, mas por vez voltam a melhorar... não sei o motivo.

     

    Etapa 1

     

    Baixe o TDSSKiller e salve em sua Área de Trabalho (Desktop)

     

    • Execute o programa como Administrador
    • Clique em Start scan;
    • No que for encontrado deixe marcado como Cure e clique em Continue;
    • Poste o log.

     

    Etapa 2

     

    Baixe o RogueKiller e salve em sua Área de Trabalho (Desktop).
    32 bit (x86) ou 64 bit (x64)

    Execute o arquivo RogueKiller.exe como Administrador

     

    • Clique na aba Scan, depois Start Scan. Aguarde o exame finalizar.
    • Clique no botão Open Report, e seguida em Open TXT
    • Abrirá um bloco de notas com informações.
    • Copie e cole o conteúdo desse arquivo em sua próxima resposta.

     

    OBS: não use o botão Remove Selected pois precisamos primeiro avaliar os itens encontrados.

     

    Abraços :D

    Editado por diego_moicano

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • 16:59:22.0967 0x1038  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
    16:59:27.0521 0x1038  ============================================================
    16:59:27.0521 0x1038  Current date / time: 2017/10/04 16:59:27.0521
    16:59:27.0521 0x1038  SystemInfo:
    16:59:27.0521 0x1038  
    16:59:27.0521 0x1038  OS Version: 6.1.7601 ServicePack: 1.0
    16:59:27.0521 0x1038  Product type: Workstation
    16:59:27.0521 0x1038  ComputerName: PC-PROGRAMAS
    16:59:27.0521 0x1038  UserName: Daniele BR
    16:59:27.0521 0x1038  Windows directory: C:\Windows
    16:59:27.0521 0x1038  System windows directory: C:\Windows
    16:59:27.0521 0x1038  Running under WOW64
    16:59:27.0521 0x1038  Processor architecture: Intel x64
    16:59:27.0521 0x1038  Number of processors: 4
    16:59:27.0521 0x1038  Page size: 0x1000
    16:59:27.0521 0x1038  Boot type: Normal boot
    16:59:27.0521 0x1038  CodeIntegrityOptions = 0x00000001
    16:59:27.0521 0x1038  ============================================================
    16:59:29.0929 0x1038  KLMD registered as C:\Windows\system32\drivers\46000209.sys
    16:59:29.0929 0x1038  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23889, osProperties = 0x1
    16:59:31.0012 0x1038  System UUID: {AC51AED5-E72D-9A51-1B52-B9BA1CC52E30}
    16:59:31.0619 0x1038  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:59:31.0619 0x1038  Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:59:31.0658 0x1038  ============================================================
    16:59:31.0659 0x1038  \Device\Harddisk0\DR0:
    16:59:31.0661 0x1038  MBR partitions:
    16:59:31.0661 0x1038  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x15C3000
    16:59:31.0661 0x1038  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15E6800, BlocksNum 0x23E47800
    16:59:31.0661 0x1038  \Device\Harddisk1\DR1:
    16:59:31.0662 0x1038  MBR partitions:
    16:59:31.0662 0x1038  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12EBD0F1
    16:59:31.0675 0x1038  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12EBD16F, BlocksNum 0x274C7AD2
    16:59:31.0675 0x1038  ============================================================
    16:59:31.0712 0x1038  C: <-> \Device\Harddisk0\DR0\Partition2
    16:59:31.0714 0x1038  E: <-> \Device\Harddisk1\DR1\Partition1
    16:59:31.0735 0x1038  F: <-> \Device\Harddisk1\DR1\Partition2
    16:59:31.0735 0x1038  ============================================================
    16:59:31.0735 0x1038  Initialize success
    16:59:31.0735 0x1038  ============================================================

    8 horas atrás, diego_moicano disse:

    Olha, faz 12 anos que trabalho nesta área e já vi de tudo: alguns Windows têm uma melhora outros pioram, mas por vez voltam a melhorar... não sei o motivo.

    Imagino!! Tomara que seja esse caso também!!

     

    8 horas atrás, diego_moicano disse:

    Baixe o RogueKiller e salve em sua Área de Trabalho (Desktop).
    32 bit (x86) ou 64 bit (x64)

    Execute o arquivo RogueKiller.exe como Administrador

     

    Baixei o 64x e cliquei para executar como Administrador, ele diz q não vai executar porque não é um aplicativo WIN32 válido.
    Seguem as imagens.

    image.thumb.png.f8625792ad943fb339516f194b3126ad.png

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Cara @danirruas

     

    Execute o Farbar Recovery Scan Tool (FRST)  como Administrador e em Search digite o que se segue:

     

    sptd.sys*

     

    Poste o conteúdo do relatório Search.txt.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa tarde!!


    Segue o log de pesquisa como arquivo:

     

    Farbar Recovery Scan Tool (x64) Versão: 03-10-2017 01
    Executado por Daniele BR (06-10-2017 14:42:13)
    Executando a partir de C:\Users\Daniele BR\Desktop
    Modo da Inicialização: Normal

    ================== Pesquisar Arquivos: "sptd.sys*" =============

    C:\Windows\System32\drivers\sptd.sys
    [2010-09-06 22:22][2010-09-06 22:22] 000834544 _____ () D41D8CD98F00B204E9800998ECF8427E [Arquivo não assinado]

    ====== Fim de Pesquisar ======

     

    E o log de pesquisa como registro:

     

    Farbar Recovery Scan Tool (x64) Versão: 03-10-2017 01
    Executado por Daniele BR (06-10-2017 14:55:11)
    Executando a partir de C:\Users\Daniele BR\Desktop
    Modo da Inicialização: Normal

    ================== Pesquisar Registro: "sptd.sys" ===========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sptd]
    "ImagePath"="System32\Drivers\sptd.sys"

    ====== Fim de Pesquisar ======

     

    Abç!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Por favor, refaça a pesquisa acima, porém desta forma:

    *sptd.sys

     

    Obrigado!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Farbar Recovery Scan Tool (x64) Versão: 08-10-2017
    Executado por Daniele BR (08-10-2017 16:01:18)
    Executando a partir de C:\Users\Daniele BR\Desktop
    Modo da Inicialização: Normal

    ================== Pesquisar Arquivos: "*sptd.sys" =============

    C:\Windows\System32\drivers\sptd.sys
    [2010-09-06 22:22][2010-09-06 22:22] 000834544 _____ () D41D8CD98F00B204E9800998ECF8427E [Arquivo não assinado]


    ====== Fim de Pesquisar ======

     

    Farbar Recovery Scan Tool (x64) Versão: 08-10-2017
    Executado por Daniele BR (08-10-2017 16:41:24)
    Executando a partir de C:\Users\Daniele BR\Desktop
    Modo da Inicialização: Normal

    ================== Pesquisar Registro: "sptd.sys" ===========


    ====== Fim de Pesquisar ======

    Editado por danirruas
    log de registro procura

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @danirruas

     

    Leia as instruções contidas neste link: "Como usar o ComboFix"
     
    Faça o download do ComboFix e salve em sua Área de Trabalho (Desktop).

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    • Clique duas vezes em ComboFix.exe como Administrador.
    • Leia e aceite as condições, teclando ENTER.
    • Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
    • Poderá surgir o aviso que é necessário reiniciar o computador.  
    • NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
    • Quando a ferramenta terminar, será gerado um log (o arquivo C:\ComboFix.txt).
    • Copie e cole o conteúdo desse arquivo em sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Estou com um pouco de dificuldade de utilizar o Combofix, estou anotando as instruções antes e não tive o tempo necessário.
    E estarei fora até segunda feira. Peço por gentileza que não feche o tópico por ausência, pois não é a intenção, estou com outras demandas de médicos e trabalhos. Agradeço.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Crie uma conta ou entre para comentar

    Você precisar ser um membro para fazer um comentário






    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×