Ir ao conteúdo
  • Comunicados

    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.

Davi Torobay

Membros Juniores
  • Total de itens

    11
  • Registro em

  • Última visita

  • Qualificações

    N/D

Reputação

0

Sobre Davi Torobay

  1. Análise de log - pc travando/ ip malicioso

    Claro, podemos finalizar. Valeu!
  2. Análise de log - pc travando/ ip malicioso

    Após seguir os passos que me indicou e reiniciar o PC, voltou ao normal. Agora podemos considerar como finalizado o problema? Posso utilizar o SecurityCheck ocasionalmente para verificar possíveis brechas de segurança? Gratidão por toda ajuda!
  3. Análise de log - pc travando/ ip malicioso

    Está rodando bem melhor, o Windows, porém ainda continuam os tópicos ocultos no desktop. Verifiquei que a opção de mostrar as pastas ocultas está selecionado, sendo que não configurei isso anteriormente. Abração!
  4. Análise de log - pc travando/ ip malicioso

    SecurityCheck by glax24 & Severnyj v.1.4.0.52 [25.07.17] WebSite: www.safezone.cc DateLog: 22.08.2017 11:25:19 Path starting: C:\Users\Davi\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Davi VersionXML: 4.57is-21.08.2017 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: Portuguese(0416) Installation date OS: 14.04.2011 13:01:39 LicenseStatus: Windows(R) 7, HomePremium edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe SystemDrive: C: FS: [NTFS] Capacity: [285.7 Gb] Used: [272 Gb] Free: [13.7 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.0.9600.18762 User Account Control enabled Notify before download Date install updates: 2017-08-13 12:45:31 Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2010 x86 v.14.0.7015.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Microsoft Security Essentials (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Firewall do Windows (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Malwarebytes (disabled and up to date) Microsoft Security Essentials (enabled and up to date) Windows Defender (disabled and up to date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Microsoft Security Essentials v.4.10.209.0 --------------------------- [ OtherUtilities ] ---------------------------- WinRAR 4.00 (64-bit) v.4.00.0 Warning! Download Update Oracle VM VirtualBox 5.1.10 v.5.1.10 Warning! Download Update Microsoft Silverlight v.5.1.50907.0 Foxit Reader v.6.0.2.413 Warning! Download Update TeamViewer 12 v.12.0.78716 Warning! Download Update VLC media player v.2.1.5 Warning! Download Update OpenOffice.org 3.3 v.3.3.9567 Warning! Download Update TeamViewer 12 (TeamViewer) - The service is running --------------------------------- [ IM ] ---------------------------------- Skype™ 7.3 v.7.3.101 Warning! Download Update --------------------------------- [ P2P ] --------------------------------- qBittorrent 3.3.13 v.3.3.13 Warning! P2P-client. -------------------------------- [ Java ] --------------------------------- JavaFX 2.1.1 v.2.1.1 Warning! This software is no longer supported. Please uninstall it and use Java SE 8 (jre-8u144-windows-i586.exe). Java 8 Update 73 v.8.0.730.2 Warning! Download Update Uninstall old version and install new one (jre-8u144-windows-i586.exe). --------------------------- [ AppleProduction ] --------------------------- QuickTime v.7.72.80.56 Warning! This software is no longer supported. Please uninstall it and use another software. --------------------------- [ AdobeProduction ] --------------------------- Adobe Flash Player 11 ActiveX v.11.4.402.278 Warning! Download Update Adobe Flash Player 26 NPAPI v.26.0.0.151 Adobe Shockwave Player 11.6 v.11.6.6.636 Warning! Download Update ------------------------------- [ Browser ] ------------------------------- Google Chrome v.60.0.3112.101 Mozilla Firefox 54.0.1 (x86 pt-BR) v.54.0.1 Warning! Download Update ----------------------------- [ EmailClient ] ----------------------------- Windows Live Mail v.15.4.3502.0922 Warning! This software is no longer supported. --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.54.0.1.6388 ------------------ [ AntivirusFirewallProcessServices ] ------------------- McAfee Validation Trust Protection Service (mfevtp) - The service is running C:\Windows\System32\mfevtps.exe Microsoft Antimalware Service (MsMpSvc) - The service is running C:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.10.209.0 C:\Program Files\Microsoft Security Client\msseces.exe v.4.10.209.0 Inspeção de Rede da Microsoft (NisSrv) - The service is running C:\Program Files\Microsoft Security Client\NisSrv.exe v.4.10.209.0 Windows Defender (WinDefend) - The service has stopped ---------------------------- [ UnwantedApps ] ----------------------------- IObit Uninstaller v.5.3.0.142 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Skype Toolbars v.5.3.7555 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. ----------------------------- [ End of Log ] ------------------------------
  5. Análise de log - pc travando/ ip malicioso

    Após reiniciar o computador, alguns arquivos ocultos apareceram no meu desktop. Alguns eram arquivos temporários e outros eram 'desktop.ini' e 'Stinger.opt'. Alguma orientação quanto à isso? Outra dúvida: Qual dos programas devo manter rodando? Stinger e Malwarebytes?
  6. Análise de log - pc travando/ ip malicioso

    McAfee® Labs Stinger™ Version 12.1.0.2459 built on Aug 17 2017 at 23:45:45 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5900.7806 for Windows. Virus data file v1000.0 created on Aug 18, 2017 Ready to scan for 10202 viruses, trojans and variants. Custom scan initiated on domingo, agosto 20, 2017 12:50:30 Rootkit scan result : Clean. C:\Users\Davi\AppData\Roaming\unins000.exe [MD5:169180f02abceca5de72fc5eebc861bb] is infected with Win32/Heur.c!sti C:\Users\Davi\AppData\Roaming\unins000.exe has been Deleted Summary Report on C: File(s) TotalFiles:............ 2575818 Clean:................. 631300 Not Scanned:........... 1944517 Possibly Infected:..... 1 Time: 08:51:37 Scan completed on domingo, agosto 20, 2017 21:42:07 Abraço! Boa semana.
  7. Análise de log - pc travando/ ip malicioso

    Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 17/08/17 Hora da análise: 14:26 Arquivo de registro: malwarebyte.txt Administrador: Sim -Informação do software- Versão: 3.1.2.1733 Versão de componentes: 1.0.160 Versão do pacote de definições: 1.0.2607 Licença: Versão de avaliação -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: Davi-PC\Davi -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 410598 Ameaças detectadas: 0 (Nenhum item malicioso detectado) Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 30 min, 51 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) (end) ==================================== Todos os itens potencialmente perigosos foram colocados em quarentena (Advanced System Care, Yontoo e Optional ASK). Abraços!
  8. Análise de log - pc travando/ ip malicioso

    Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 16-08-2017 Executado por Davi (16-08-2017 14:04:35) Run:1 Executando a partir de C:\Users\Davi\Desktop Perfis Carregados: Davi (Perfis Disponíveis: Davi & Convidado) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [CSTDCMainController2014] => [X] HKLM-x32\...\Run: [CSTDCSolverServer2014] => [X] Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Policies\Explorer: [] HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {82e00990-d509-11e1-be86-f04da2d80e70} - E:\AutoRun.exe HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {82e009a2-d509-11e1-be86-f04da2d80e70} - E:\AutoRun.exe HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {989a0896-fe02-11e6-b71b-f04da2d80e70} - F:\Setup.exe HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Davi\AppData\Roaming\Copy\CopyAgent.exe" C:\Users\Davi\AppData\Roaming\Copy\CopyAgent.exe C:\Users\Davi\AppData\Roaming\Copy CHR HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oquefazernainternet.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/ HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/ SearchScopes: HKLM -> DefaultScope {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = SearchScopes: HKU\.DEFAULT -> {311B6EAC-21C4-4C1D-B77B-57E70F6D473F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=pt_US&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=4a3f1cb4-9a12-410c-aa95-cfbd28adee52&apn_sauid=34E34A9E-7478-4A70-96A9-14BD282199B4 SearchScopes: HKU\.DEFAULT -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> DefaultScope {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {B8BCEE04-6600-484A-8E6E-3D79BA02941E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=4a3f1cb4-9a12-410c-aa95-cfbd28adee52&apn_sauid=34E34A9E-7478-4A70-96A9-14BD282199B4 SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = BHO-x32: Sem Nome -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> Nenhum Arquivo 2014-04-24 22:50 - 2013-04-12 18:15 - 007672792 _____ (Foxit Corporation) C:\Users\Convidado\AppData\Local\Temp\Foxit Reader Updater.exe 2013-06-23 12:27 - 2013-06-23 12:27 - 001582944 _____ () C:\Users\Convidado\AppData\Local\Temp\{15230C96-126A-47B7-8444-E1EB59EF8F54}-27.0.1453.116_27.0.1453.110_chrome_updater.exe 2017-08-06 10:58 - 2013-04-12 18:15 - 007672792 _____ (Foxit Corporation) C:\Users\Davi\AppData\Local\Temp\Foxit Reader Updater.exe ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => -> Nenhum Arquivo ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Nenhum Arquivo CMD: ipconfig /flushdns EmptyTemp: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CSTDCMainController2014 => valor removido (a) com sucesso. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CSTDCSolverServer2014 => valor removido (a) com sucesso. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist => chave removido (a) com sucesso. HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => valor removido (a) com sucesso. HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => valor removido (a) com sucesso. HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e00990-d509-11e1-be86-f04da2d80e70} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{82e00990-d509-11e1-be86-f04da2d80e70} => chave não encontrado (a). HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e009a2-d509-11e1-be86-f04da2d80e70} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{82e009a2-d509-11e1-be86-f04da2d80e70} => chave não encontrado (a). HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{989a0896-fe02-11e6-b71b-f04da2d80e70} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{989a0896-fe02-11e6-b71b-f04da2d80e70} => chave não encontrado (a). HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Copy => valor removido (a) com sucesso. "C:\Users\Davi\AppData\Roaming\Copy\CopyAgent.exe" => não encontrado (a). "C:\Users\Davi\AppData\Roaming\Copy" => não encontrado (a). HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Policies\Google => chave removido (a) com sucesso. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => valor removido (a) com sucesso. HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} => chave não encontrado (a). HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave removido (a) com sucesso. HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave removido (a) com sucesso. HKLM\Software\Wow6432Node\Classes\CLSID\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave não encontrado (a). HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{311B6EAC-21C4-4C1D-B77B-57E70F6D473F} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{311B6EAC-21C4-4C1D-B77B-57E70F6D473F} => chave não encontrado (a). HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave não encontrado (a). HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso. HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => chave não encontrado (a). HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{A800410B-6035-45A2-BAF2-5DF1730C79CB} => chave não encontrado (a). HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8BCEE04-6600-484A-8E6E-3D79BA02941E} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{B8BCEE04-6600-484A-8E6E-3D79BA02941E} => chave não encontrado (a). HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} => chave removido (a) com sucesso. HKLM\Software\Classes\CLSID\{C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} => chave não encontrado (a). HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} => chave removido (a) com sucesso. HKLM\Software\Wow6432Node\Classes\CLSID\{9FDDE16B-836F-4806-AB1F-1455CBEFF289} => chave não encontrado (a). C:\Users\Convidado\AppData\Local\Temp\Foxit Reader Updater.exe => movido com sucesso C:\Users\Convidado\AppData\Local\Temp\{15230C96-126A-47B7-8444-E1EB59EF8F54}-27.0.1453.116_27.0.1453.110_chrome_updater.exe => movido com sucesso C:\Users\Davi\AppData\Local\Temp\Foxit Reader Updater.exe => movido com sucesso ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => -> Nenhum Arquivo => Erro: Nenhuma correção automática foi encontrada para esta entrada. ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Nenhum Arquivo => Erro: Nenhuma correção automática foi encontrada para esta entrada. ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 88141321 B Java, Flash, Steam htmlcache => 4605 B Windows/system/drivers => 7995195 B Edge => 0 B Chrome => 102338341 B Firefox => 474361590 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 42367612 B systemprofile32 => 129266 B LocalService => 132244 B NetworkService => 503225036 B Davi => 265070710 B Convidado => 95340891 B RecycleBin => 100570864 B EmptyTemp: => 1.6 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 14:08:26 ====
  9. Análise de log - pc travando/ ip malicioso

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 12-08-2017 Executado por Davi (administrador) em DAVI-PC (14-08-2017 10:28:02) Executando a partir de C:\Users\Davi\Desktop Perfis Carregados: Davi (Perfis Disponíveis: Davi & Convidado) Platform: Windows 7 Home Premium Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: FF) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Dropbox, Inc.) C:\Users\Davi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\Davi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\Davi\AppData\Roaming\Dropbox\bin\Dropbox.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.249.993.0.exe (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CSTDCMainController2014] => [X] HKLM-x32\...\Run: [CSTDCSolverServer2014] => [X] HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-11] (Dell) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-16] (Banco do Brasil) HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2022688 2017-08-09] (IObit) HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Policies\Explorer: [] HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {82e00990-d509-11e1-be86-f04da2d80e70} - E:\AutoRun.exe HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {82e009a2-d509-11e1-be86-f04da2d80e70} - E:\AutoRun.exe HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\MountPoints2: {989a0896-fe02-11e6-b71b-f04da2d80e70} - F:\Setup.exe HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Davi\AppData\Roaming\Copy\CopyAgent.exe" HKU\S-1-5-18\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2022688 2017-08-09] (IObit) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1947872 2016-06-16] (Banco do Brasil) Startup: C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-04-14] ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Nenhum Arquivo) Startup: C:\Users\Davi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-08-10] ShortcutTarget: Dropbox.lnk -> C:\Users\Davi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-04-07] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Nenhum Arquivo) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-04-07] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Nenhum Arquivo) Startup: C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-04-07] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Nenhum Arquivo) CHR HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 187.36.192.38 187.36.192.43 Tcpip\..\Interfaces\{03B4D17C-3B3D-442B-BF99-50E2143CBBF9}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{03B4D17C-3B3D-442B-BF99-50E2143CBBF9}: [DhcpNameServer] 187.36.192.38 187.36.192.43 Tcpip\..\Interfaces\{9DF28F99-148E-413E-8A1A-8FC2B5E708C3}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oquefazernainternet.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oquefazernainternet.com/ HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = SearchScopes: HKU\.DEFAULT -> {311B6EAC-21C4-4C1D-B77B-57E70F6D473F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=pt_US&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=4a3f1cb4-9a12-410c-aa95-cfbd28adee52&apn_sauid=34E34A9E-7478-4A70-96A9-14BD282199B4 SearchScopes: HKU\.DEFAULT -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> DefaultScope {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {A800410B-6035-45A2-BAF2-5DF1730C79CB} URL = SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {B8BCEE04-6600-484A-8E6E-3D79BA02941E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=4a3f1cb4-9a12-410c-aa95-cfbd28adee52&apn_sauid=34E34A9E-7478-4A70-96A9-14BD282199B4 SearchScopes: HKU\S-1-5-21-453046077-1574525704-2639514093-1001 -> {C383C6F6-50F0-4A60-BB8F-D9DEA91C394D} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-16] (Oracle Corporation) BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Sem Nome -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> Nenhum Arquivo BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2016-06-16] (Banco do Brasil) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-16] (Oracle Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default [2017-08-14] FF user.js: detected! => C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\user.js [2016-08-07] FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\jwtv0n0d.default -> v9 FF Homepage: Mozilla\Firefox\Profiles\jwtv0n0d.default -> www.google.com.br FF Session Restore: Mozilla\Firefox\Profiles\jwtv0n0d.default -> está habilitado. FF Extension: (Cookies Export/import) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\CookiesIE@yahoo.com.xpi [2016-05-01] FF Extension: (Beef Taco (Targeted Advertising Cookie Opt-Out)) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\john@velvetcache.org.xpi [2016-05-04] FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-05-28] FF Extension: (Adblock Plus) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07] FF Extension: (Peers) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\{dd7515c0-0820-4234-806b-74197fa5955c}.xpi [2016-05-04] FF Extension: (Greasemonkey) - C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-26] FF Extension: (QuickStores-Toolbar) - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de [2015-06-05] [não assinado] FF HKU\S-1-5-21-453046077-1574525704-2639514093-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Davi\AppData\Local\GAS Tecnologia\GBBD\cef\xpi FF Extension: (GBBD Caixa Economica Federal) - C:\Users\Davi\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-12-19] [não assinado] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] () FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-01] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-16] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-13] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-13] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems) FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Davi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Davi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: @talk.google.com/O1DPlugin -> C:\Users\Davi\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Davi\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Davi\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin HKU\S-1-5-21-453046077-1574525704-2639514093-1001: gastecnologia.com.br/sf/cef -> C:\Users\Davi\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-19] (GAS Tecnologia) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-06-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Davi\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Davi\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2017-08-11] <==== ATENÇÃO (Aponta para arquivo *.cfg) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\warsaw.cfg [2017-08-11] <==== ATENÇÃO Chrome: ======= CHR DefaultProfile: Default CHR Session Restore: Default -> está habilitado. CHR Profile: C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default [2017-08-13] CHR Extension: (Magic Actions for YouTube™) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-05-14] CHR Extension: (Google Drive) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (Documentos Google off-line) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Invite All Friends on Facebook) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2017-08-08] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-15] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10] CHR Extension: (Chrome Media Router) - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08] CHR HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Davi\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-27] CHR HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-453046077-1574525704-2639514093-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Davi\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-06-25] CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\serach.crx <não encontrado (a)> CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Users\Davi\AppData\Local\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx <não encontrado (a)> ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated) R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.) S4 CST License Manager; C:\Program Files (x86)\CST STUDIO SUITE 2014\License Manager\lmgrd.exe [1457528 2014-02-26] (Flexera Software LLC) S4 CST_DC_Main_Controller_2014; C:\Program Files (x86)\CST STUDIO SUITE 2014\DC Main Controller\CSTDCMainController.exe [2660696 2016-10-06] (CST AG) [Arquivo não assinado] S4 CST_DC_Solver_Server_2014; C:\Program Files (x86)\CST STUDIO SUITE 2014\DC Solver Server\CSTDCSolverServer.exe [4073816 2014-02-26] (CST AG) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-06-16] (GAS Tecnologia) S4 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-01-11] (SafeNet Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.) S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2011-07-07] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-04-19] (GAS Tecnologia LTDA) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-16] (Dell Inc.) [Arquivo não assinado] ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-08-14] (GAS Tecnologia) R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-08-26] (GAS Tecnologia) S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia) R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.) S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr)) R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206416 2016-11-21] (Oracle Corporation) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-08-26] (GAS Tecnologia LTDA) S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-07-25] (GAS Tecnologia) R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-11-11] (GAS Tecnologia) S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-11-11] (GAS Tecnologia) S3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-11] (GAS Tecnologia) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-08-14 10:28 - 2017-08-14 10:31 - 000026547 _____ C:\Users\Davi\Desktop\FRST.txt 2017-08-14 10:27 - 2017-08-14 10:28 - 000000000 ____D C:\FRST 2017-08-14 10:25 - 2017-08-14 10:25 - 002395648 _____ (Farbar) C:\Users\Davi\Desktop\FRST64.exe 2017-08-13 10:28 - 2017-08-13 10:28 - 000000832 _____ C:\Users\Davi\Desktop\ZHPCleaner.lnk 2017-08-13 10:28 - 2017-08-13 10:28 - 000000000 ____D C:\Users\Davi\AppData\Roaming\ZHP 2017-08-13 10:28 - 2017-08-13 10:28 - 000000000 ____D C:\Users\Davi\AppData\Local\ZHP 2017-08-13 09:38 - 2017-07-29 11:56 - 000117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-08-13 09:38 - 2017-07-21 11:26 - 000518144 _____ C:\Windows\SysWOW64\msjetoledb40.dll 2017-08-13 09:38 - 2017-07-21 11:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch40.dll 2017-08-13 09:38 - 2017-07-21 11:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjtes40.dll 2017-08-13 09:38 - 2017-07-21 11:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext40.dll 2017-08-13 09:38 - 2017-07-15 15:35 - 000394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-08-13 09:38 - 2017-07-15 14:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 000486400 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2017-08-13 09:38 - 2017-07-14 12:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2017-08-13 09:38 - 2017-07-14 12:12 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-08-13 09:38 - 2017-07-14 12:12 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2017-08-13 09:38 - 2017-07-14 12:11 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2017-08-13 09:38 - 2017-07-14 12:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-08-13 09:38 - 2017-07-14 12:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-08-13 09:38 - 2017-07-14 12:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll 2017-08-13 09:38 - 2017-07-14 12:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2017-08-13 09:38 - 2017-07-14 12:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2017-08-13 09:38 - 2017-07-14 12:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2017-08-13 09:38 - 2017-07-14 12:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2017-08-13 09:38 - 2017-07-14 12:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll 2017-08-13 09:38 - 2017-07-14 12:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll 2017-08-13 09:38 - 2017-07-14 12:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll 2017-08-13 09:38 - 2017-07-14 12:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-08-13 09:38 - 2017-07-14 12:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2017-08-13 09:38 - 2017-07-14 11:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2017-08-13 09:38 - 2017-07-14 11:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll 2017-08-13 09:38 - 2017-07-14 11:57 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2017-08-13 09:38 - 2017-07-14 11:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2017-08-13 09:38 - 2017-07-14 11:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2017-08-13 09:38 - 2017-07-14 04:16 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-08-13 09:38 - 2017-07-14 04:15 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-08-13 09:38 - 2017-07-14 03:49 - 025733632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-08-13 09:38 - 2017-07-14 03:47 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-08-13 09:38 - 2017-07-14 03:45 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-08-13 09:38 - 2017-07-14 03:45 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-08-13 09:38 - 2017-07-14 03:44 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-08-13 09:38 - 2017-07-14 03:44 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-08-13 09:38 - 2017-07-14 03:38 - 002899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-08-13 09:38 - 2017-07-14 03:29 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-08-13 09:38 - 2017-07-14 03:28 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-08-13 09:38 - 2017-07-14 03:22 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-08-13 09:38 - 2017-07-14 03:20 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-08-13 09:38 - 2017-07-14 03:20 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-08-13 09:38 - 2017-07-14 03:19 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-08-13 09:38 - 2017-07-14 03:19 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-08-13 09:38 - 2017-07-14 03:08 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-08-13 09:38 - 2017-07-14 03:02 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-08-13 09:38 - 2017-07-14 02:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-08-13 09:38 - 2017-07-14 02:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-08-13 09:38 - 2017-07-14 02:47 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-08-13 09:38 - 2017-07-14 02:42 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-08-13 09:38 - 2017-07-14 02:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-08-13 09:38 - 2017-07-14 02:35 - 005981184 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-08-13 09:38 - 2017-07-14 02:35 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-08-13 09:38 - 2017-07-14 02:33 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-08-13 09:38 - 2017-07-14 02:16 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-08-13 09:38 - 2017-07-14 02:11 - 000725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-08-13 09:38 - 2017-07-14 02:10 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-08-13 09:38 - 2017-07-14 02:09 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-08-13 09:38 - 2017-07-14 02:09 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-08-13 09:38 - 2017-07-14 01:40 - 015254016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-08-13 09:38 - 2017-07-14 01:23 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-08-13 09:38 - 2017-07-14 01:07 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-08-13 09:38 - 2017-07-14 00:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-08-13 09:38 - 2017-07-14 00:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2017-08-13 09:38 - 2017-07-13 23:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-08-13 09:38 - 2017-07-13 23:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-08-13 09:38 - 2017-07-13 23:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2017-08-13 09:38 - 2017-07-13 23:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2017-08-13 09:38 - 2017-07-13 23:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2017-08-13 09:38 - 2017-07-13 23:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2017-08-13 09:38 - 2017-07-13 23:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-08-13 09:38 - 2017-07-13 23:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2017-08-13 09:38 - 2017-07-13 23:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2017-08-13 09:38 - 2017-07-13 23:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2017-08-13 09:38 - 2017-07-13 23:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-08-13 09:38 - 2017-07-13 23:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2017-08-13 09:38 - 2017-07-13 23:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2017-08-13 09:38 - 2017-07-13 23:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2017-08-13 09:38 - 2017-07-13 23:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2017-08-13 09:38 - 2017-07-13 23:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2017-08-13 09:38 - 2017-07-13 23:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2017-08-13 09:38 - 2017-07-13 23:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2017-08-13 09:38 - 2017-07-13 23:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-08-13 09:38 - 2017-07-13 23:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-08-13 09:38 - 2017-07-13 23:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2017-08-13 09:38 - 2017-07-13 23:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-08-13 09:38 - 2017-07-13 23:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-08-13 09:38 - 2017-07-13 23:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-08-13 09:38 - 2017-07-13 23:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-08-13 09:38 - 2017-07-13 23:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2017-08-13 09:38 - 2017-07-13 23:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-08-13 09:38 - 2017-07-13 22:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-08-13 09:38 - 2017-07-13 22:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-08-13 09:38 - 2017-07-13 22:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-08-13 09:38 - 2017-07-08 12:34 - 000370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2017-08-13 09:38 - 2017-07-08 12:00 - 003224064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-08-13 09:38 - 2017-07-07 12:37 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2017-08-13 09:38 - 2017-07-07 12:33 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-08-13 09:38 - 2017-07-07 12:33 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2017-08-13 09:38 - 2017-07-07 12:33 - 000363752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys 2017-08-13 09:38 - 2017-07-07 12:33 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-08-13 09:38 - 2017-07-07 12:33 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-08-13 09:38 - 2017-07-07 12:31 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2017-08-13 09:38 - 2017-07-07 12:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2017-08-13 09:38 - 2017-07-07 12:13 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2017-08-13 09:38 - 2017-07-07 12:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 12:02 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-08-13 09:38 - 2017-07-07 12:01 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-08-13 09:38 - 2017-07-07 12:01 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2017-08-13 09:38 - 2017-07-07 12:01 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-08-13 09:38 - 2017-07-07 11:58 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2017-08-13 09:38 - 2017-07-07 11:57 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2017-08-13 09:38 - 2017-07-07 11:54 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-08-13 09:38 - 2017-07-07 11:54 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-08-13 09:38 - 2017-07-07 11:54 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-08-13 09:38 - 2017-07-07 11:53 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2017-08-13 09:38 - 2017-07-07 11:53 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-08-13 09:38 - 2017-07-07 11:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2017-08-13 09:38 - 2017-07-07 11:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2017-08-13 09:38 - 2017-07-07 11:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2017-08-13 09:38 - 2017-07-07 11:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2017-08-13 09:38 - 2017-07-07 11:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2017-08-13 09:38 - 2017-07-07 11:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2017-08-13 09:38 - 2017-07-07 11:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 11:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 11:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2017-08-13 09:38 - 2017-07-07 11:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswdat10.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl40.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2017-08-13 09:38 - 2017-07-01 10:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter40.dll 2017-08-13 08:52 - 2017-08-14 10:26 - 000002431 _____ C:\Users\Davi\Desktop\av.txt 2017-08-13 08:43 - 2017-08-13 10:35 - 000000000 ____D C:\AdwCleaner 2017-08-13 08:41 - 2017-08-13 08:41 - 002852224 _____ C:\Users\Davi\Desktop\ZHPCleaner.exe 2017-08-13 08:40 - 2017-08-13 08:40 - 008185288 _____ (Malwarebytes) C:\Users\Davi\Desktop\adwcleaner_7.0.1.0.exe 2017-08-13 08:40 - 2017-08-13 08:40 - 001790024 _____ (Malwarebytes) C:\Users\Davi\Desktop\JRT.exe 2017-08-13 08:02 - 2017-08-13 08:02 - 000110567 _____ C:\Users\Davi\Desktop\Currículo Davi Torobay - Superkids.pdf 2017-08-10 22:19 - 2017-08-10 22:19 - 000000000 ____D C:\Users\Davi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-08-10 08:26 - 2017-08-10 08:50 - 000000000 ____D C:\zoek_backup 2017-08-10 07:20 - 2017-08-10 07:20 - 039608320 _____ C:\Users\Davi\Desktop\install_virtualdj_pc_v8.2.3798.msi 2017-08-09 19:00 - 2017-08-09 19:02 - 000000000 ____D C:\Users\Davi\Desktop\RPPN Reluz 2017-08-09 17:14 - 2017-07-21 16:10 - 002620394 _____ C:\Users\Davi\Desktop\V2 - Palestra - Como usar o Facebook e Google para aumentar as vendas - UÌNICO AgeÌ‚ncia Digital.pdf 2017-08-09 16:48 - 2017-08-09 16:48 - 000109738 _____ C:\Users\Davi\Desktop\Currículo Davi Torobay - engenharia.pdf 2017-08-09 16:46 - 2017-08-09 16:46 - 000109497 _____ C:\Users\Davi\Desktop\Currículo Davi Torobay - trainee engenharia.pdf 2017-08-08 20:48 - 2017-08-08 20:48 - 000309806 _____ C:\Users\Davi\Desktop\Historico_parcial (1).pdf 2017-08-07 22:43 - 2017-08-07 22:43 - 000000000 ____D C:\Users\Davi\Documents\11. Concursos 2017-08-05 17:22 - 2017-08-05 17:22 - 000000666 _____ C:\Users\Davi\Desktop\transferencia 12,72 pro André.txt 2017-08-01 21:10 - 2017-08-01 21:10 - 000000293 _____ C:\Users\Davi\Desktop\Aliança de noivado.txt 2017-07-31 17:09 - 2017-07-31 17:09 - 000190644 _____ C:\Users\Davi\Desktop\edital_n56_2017_ufes_dou_s3_p53-56.pdf 2017-07-29 19:04 - 2017-07-29 19:04 - 001895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-07-29 19:04 - 2017-07-29 19:04 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2017-07-29 19:04 - 2017-07-29 19:04 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 001363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 001227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 000986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-07-29 19:04 - 2017-07-29 19:04 - 000753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2017-07-29 19:04 - 2017-07-29 19:04 - 000594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 000475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx 2017-07-29 19:04 - 2017-07-29 19:04 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 000390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx 2017-07-29 19:04 - 2017-07-29 19:04 - 000379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe 2017-07-29 19:04 - 2017-07-29 19:04 - 000377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2017-07-29 19:04 - 2017-07-29 19:04 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 000303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe 2017-07-29 19:04 - 2017-07-29 19:04 - 000287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2017-07-29 19:04 - 2017-07-29 19:04 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 000265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2017-07-29 19:04 - 2017-07-29 19:04 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe 2017-07-29 19:04 - 2017-07-29 19:04 - 000157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe 2017-07-29 19:04 - 2017-07-29 19:04 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe 2017-07-29 19:04 - 2017-07-29 19:04 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe 2017-07-29 19:04 - 2017-07-29 19:04 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2017-07-29 19:04 - 2017-07-29 19:04 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-07-24 13:37 - 2017-08-13 10:43 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDavi 2017-07-24 13:37 - 2017-08-13 10:43 - 000000328 _____ C:\Windows\Tasks\HPCeeScheduleForDavi.job 2017-07-21 13:29 - 2017-07-25 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visustin 2017-07-17 19:07 - 2017-07-17 19:20 - 332246760 _____ C:\Users\Davi\Downloads\Black.Mirror.S03E01.WebRip.x264-FS.mp4 2017-07-09 18:54 - 2017-07-09 18:54 - 000000000 ____D C:\Users\Davi\Downloads\Miles Davis 2017-07-09 18:40 - 2017-07-09 19:01 - 000000000 ____D C:\Users\Davi\Downloads\T2.Trainspotting.2017.HDRip.XviD.AC3-EVO[SN] 2017-07-08 15:51 - 2017-07-08 15:51 - 000109558 _____ C:\Users\Davi\Desktop\Currículo Davi Torobay - técnico.pdf 2017-07-06 10:35 - 2017-05-10 12:29 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-07-06 10:35 - 2017-05-10 12:14 - 002651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-07-06 10:35 - 2017-04-27 19:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-07-06 10:35 - 2017-04-12 10:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-07-06 10:34 - 2017-06-02 05:10 - 000733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-07-06 10:34 - 2017-05-12 15:26 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-07-06 10:34 - 2017-05-12 15:22 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2017-07-06 10:34 - 2017-05-12 15:22 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-07-06 10:34 - 2017-05-12 15:22 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2017-07-06 10:34 - 2017-05-12 15:22 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-07-06 10:34 - 2017-05-12 15:22 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2017-07-06 10:34 - 2017-05-12 15:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2017-07-06 10:34 - 2017-05-12 15:07 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2017-07-06 10:34 - 2017-05-12 15:03 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2017-07-06 10:34 - 2017-05-12 15:03 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2017-07-06 10:34 - 2017-05-12 15:03 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2017-07-06 10:34 - 2017-05-12 15:03 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2017-07-06 10:34 - 2017-05-12 15:03 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2017-07-06 10:34 - 2017-05-12 14:43 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2017-07-06 10:34 - 2017-05-12 13:25 - 001251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2017-07-06 10:34 - 2017-05-12 12:58 - 001648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-07-06 10:34 - 2017-05-12 12:58 - 001180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-07-06 10:34 - 2017-05-10 12:33 - 000091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe 2017-07-06 10:34 - 2017-05-10 12:29 - 003165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2017-07-06 10:34 - 2017-05-10 12:29 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2017-07-06 10:34 - 2017-05-10 12:29 - 000098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2017-07-06 10:34 - 2017-05-10 12:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2017-07-06 10:34 - 2017-05-10 12:16 - 000091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe 2017-07-06 10:34 - 2017-05-10 12:13 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-07-06 10:34 - 2017-05-10 12:13 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2017-07-06 10:34 - 2017-05-10 12:13 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2017-07-06 10:34 - 2017-05-10 12:13 - 000037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2017-07-06 10:34 - 2017-05-10 12:13 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2017-07-06 10:34 - 2017-05-10 12:13 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2017-07-06 10:34 - 2017-05-10 12:12 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-07-06 10:34 - 2017-05-10 12:12 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2017-07-06 10:34 - 2017-05-10 12:00 - 000573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2017-07-06 10:34 - 2017-05-10 12:00 - 000093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2017-07-06 10:34 - 2017-05-10 12:00 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2017-07-06 10:34 - 2017-05-10 12:00 - 000030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2017-07-06 10:34 - 2017-05-09 12:30 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-07-06 10:34 - 2017-05-09 12:29 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-07-06 10:34 - 2017-05-09 12:11 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2017-07-06 10:34 - 2017-05-07 12:33 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2017-07-06 10:34 - 2017-05-07 12:29 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2017-07-06 10:34 - 2017-03-30 12:03 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe 2017-07-06 10:34 - 2017-03-30 11:58 - 000045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe 2017-07-04 13:56 - 2017-07-04 13:56 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignf9e9ad2d1cec162e 2017-07-04 13:56 - 2017-07-04 13:56 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignf2aa15e374eb4fa9 2017-07-04 13:56 - 2017-07-04 13:56 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign58bdf747a2c3ad7d 2017-07-04 13:56 - 2017-07-04 13:56 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign32b872a1e5d260ec 2017-07-04 12:44 - 2017-07-04 12:44 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigncba308f8f727df18 2017-07-04 12:43 - 2017-07-04 12:43 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign57908f0a97968d9e 2017-07-04 12:42 - 2017-07-04 12:42 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7eba2c748a174df1 2017-07-04 12:42 - 2017-07-04 12:42 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign56dd7bb60938a8e9 2017-07-04 11:37 - 2017-07-04 11:37 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignb0fdeea2869c0b19 2017-07-04 11:37 - 2017-07-04 11:37 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign654135f2f7182417 2017-07-04 11:37 - 2017-07-04 11:37 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign54efacf6d6b0ad33 2017-07-04 11:04 - 2017-07-04 11:04 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7d9c26b63faebcd9 2017-07-04 10:34 - 2017-07-04 10:34 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign83805354e55dccd2 2017-07-04 10:33 - 2017-07-04 10:33 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignc1fbb3da8f972c9f 2017-07-04 10:33 - 2017-07-04 10:33 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign4ae3df81bbde7e19 2017-07-03 21:43 - 2017-07-03 21:43 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign87a6bd5889d27328 2017-07-03 21:43 - 2017-07-03 21:43 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign76da94e37c686815 2017-07-03 21:43 - 2017-07-03 21:43 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign4f76bcf9f700a585 2017-07-03 20:54 - 2017-07-03 20:54 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignf95fc6f2cc869ce6 2017-07-03 19:08 - 2017-07-03 19:08 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1a138d3f80f5387a 2017-07-03 19:07 - 2017-07-03 19:07 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignfad754897f5f650b 2017-07-03 19:07 - 2017-07-03 19:07 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign29d2b2258d0e03f2 2017-07-03 15:48 - 2017-07-03 15:48 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignabcafac19744b720 2017-07-03 15:47 - 2017-07-03 15:47 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignd5fc16d1ff797ece 2017-07-03 15:47 - 2017-07-03 15:47 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7ee7a8c170c857b5 2017-07-03 15:47 - 2017-07-03 15:47 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign6350b978ee13285f 2017-07-03 12:37 - 2017-07-25 16:28 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-07-03 12:37 - 2017-07-04 14:10 - 000000000 ____D C:\Users\Davi\AppData\Roaming\TeamViewer 2017-07-03 12:37 - 2017-07-03 12:37 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-07-01 22:48 - 2017-07-01 22:48 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign712cf2f6ba5842a4 2017-07-01 22:48 - 2017-07-01 22:48 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign404f3f16b487b18e 2017-07-01 22:48 - 2017-07-01 22:48 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign0c1241152e8d6530 2017-07-01 21:14 - 2017-07-01 21:14 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigne246091c5e1a87b0 2017-07-01 21:12 - 2017-07-01 21:12 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7325499d5a2f1ebf 2017-07-01 21:11 - 2017-07-01 21:11 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign451214967acf6de8 2017-07-01 21:11 - 2017-07-01 21:11 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign09b150e41b117d67 2017-06-27 11:34 - 2017-08-08 06:36 - 000020530 _____ C:\Users\Davi\Desktop\Notas das disciplinas.xlsx 2017-06-26 15:42 - 2017-06-26 15:42 - 000000185 _____ C:\Users\Davi\Desktop\problema de conexão do notebook.txt 2017-06-19 19:49 - 2017-06-19 20:00 - 000000000 ____D C:\Users\Davi\Downloads\What the Health (2017)720p.WebRip.H264.AAC Subs[SN] 2017-06-19 19:48 - 2017-07-17 23:30 - 000000000 ____D C:\Users\Davi\AppData\Roaming\qBittorrent 2017-06-19 19:47 - 2017-06-19 19:48 - 000000000 ____D C:\Users\Davi\AppData\Local\qBittorrent 2017-06-17 17:21 - 2017-06-17 17:21 - 000000117 _____ C:\Users\Davi\Documents\acad.err 2017-06-08 22:52 - 2017-06-08 22:52 - 000001532 _____ C:\Users\Davi\Desktop\linguiça caseira.txt 2017-06-08 11:10 - 2017-06-08 11:10 - 000095905 _____ C:\Users\Davi\Documents\Tratamento e procedimentos- seminario integrada marina.pptx 2017-06-07 16:14 - 2017-06-07 16:14 - 000000000 ____D C:\Users\Davi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-06-07 16:14 - 2017-06-07 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-06-04 21:10 - 2017-06-04 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2017-06-04 21:09 - 2017-06-04 21:10 - 000000000 ____D C:\Program Files\qBittorrent 2017-05-24 14:05 - 2017-05-24 14:05 - 000000000 ____D C:\Users\Davi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker 2017-05-24 14:04 - 2017-05-24 14:05 - 000000000 ____D C:\Program Files (x86)\Texmaker 2017-05-21 22:33 - 2017-05-21 22:33 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign6428e38eec9f74cf 2017-05-21 22:33 - 2017-05-21 22:33 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign2b8d158b8bbe5d7a 2017-05-21 22:33 - 2017-05-21 22:33 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign20fb273924f49945 2017-05-21 21:41 - 2017-05-21 21:41 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign8c6e27f9ca9d0808 2017-05-21 21:40 - 2017-05-21 21:40 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign228ab11c0d130c3f 2017-05-21 21:39 - 2017-05-21 21:39 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignf49881ab3e04da38 2017-05-21 21:39 - 2017-05-21 21:39 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignc8f9dd4c70876c82 2017-05-21 18:35 - 2017-05-21 18:35 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign2b152f77bacc7ae9 2017-05-21 18:35 - 2017-05-21 18:35 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign11925d69e06cb087 2017-05-21 18:34 - 2017-05-21 18:34 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign90b76e7935b167d2 2017-05-21 18:34 - 2017-05-21 18:34 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign489202bed865e575 2017-05-21 00:28 - 2017-05-21 00:28 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignfb4c8939dd8040ee 2017-05-21 00:28 - 2017-05-21 00:28 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1fcced55280963f0 2017-05-21 00:28 - 2017-05-21 00:28 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign003fe475a1f97987 2017-05-20 23:40 - 2017-05-20 23:40 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigneb89c8078df8e9db 2017-05-20 23:40 - 2017-05-20 23:40 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1fb7ab2d4357f10c 2017-05-20 23:38 - 2017-05-20 23:38 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigndd4eff5b4ef99cae 2017-05-20 23:38 - 2017-05-20 23:38 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign2df3a70ace2bd624 2017-05-20 16:41 - 2017-05-20 16:41 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigne24a97df4a829a01 2017-05-20 16:36 - 2017-05-20 16:36 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignd9b7b2b27c850838 2017-05-20 16:36 - 2017-05-20 16:36 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign8cb3f94d118a7635 2017-05-20 16:36 - 2017-05-20 16:36 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7dd904b72d4b7df9 2017-05-20 14:01 - 2017-05-20 14:01 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign6c710039405edeb8 2017-05-20 14:00 - 2017-05-20 14:00 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign09e277308b9763a8 2017-05-20 13:59 - 2017-05-20 13:59 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignddb36b4ff7e2487a 2017-05-20 13:59 - 2017-05-20 13:59 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign2bf451820b700a4c 2017-05-20 12:14 - 2017-05-20 12:14 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign49695ecb1b3bd967 2017-05-20 12:10 - 2017-05-20 12:10 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign69819856b72d33d5 2017-05-20 12:10 - 2017-05-20 12:10 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign3d42113744bcdfb9 2017-05-20 12:10 - 2017-05-20 12:10 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1cc5f0c10c8f5a64 2017-05-20 10:44 - 2017-05-20 10:44 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign637ef6e50ba34902 2017-05-20 10:42 - 2017-05-20 10:42 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignb9941492cc934495 2017-05-20 10:20 - 2017-05-20 10:20 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign20767a89704ddbab 2017-05-20 10:19 - 2017-05-20 10:19 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignd9dc2627d31a9597 2017-05-20 10:19 - 2017-05-20 10:19 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign0b3307c55b48826f 2017-05-20 10:18 - 2017-05-20 10:18 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignc330b05b04059fcb 2017-05-20 10:17 - 2017-05-20 10:17 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign697d6f2fa662d5aa 2017-05-20 10:17 - 2017-05-20 10:17 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign45d987737fe0f73c 2017-05-20 09:46 - 2017-07-04 15:45 - 000000000 ____D C:\Users\Davi\Desktop\Backup No Rep Photo 2017-05-19 22:48 - 2017-05-19 22:48 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign74d839cc3572a39d 2017-05-19 22:47 - 2017-05-19 22:47 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignc78176a7e83e3a48 2017-05-19 22:45 - 2017-05-19 22:45 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigna5f203458895f108 2017-05-19 22:44 - 2017-05-19 22:44 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign61e3b375ae1a0647 2017-05-19 22:44 - 2017-05-19 22:44 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign5d4a9ae3e674c016 2017-05-19 19:58 - 2017-05-19 19:58 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign2d91ff1bcc497da9 2017-05-19 19:57 - 2017-05-19 19:57 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1b12e9afe8f03083 2017-05-19 19:55 - 2017-05-19 19:55 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignf6f9dc3b7f9292a6 2017-05-19 19:55 - 2017-05-19 19:55 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign65386ba52637c2b2 2017-05-19 19:06 - 2017-05-19 19:06 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigne85256340b440035 2017-05-19 19:06 - 2017-05-19 19:06 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign7d5d78c62ce70e91 2017-05-19 19:06 - 2017-05-19 19:06 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign5267423e9f77b80c 2017-05-19 18:40 - 2017-05-19 18:40 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign9fafcf7429311bd2 2017-05-19 17:13 - 2017-05-19 17:13 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign201396c1c76354af 2017-05-19 17:12 - 2017-05-19 17:12 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsignd6327fc2f321794a 2017-05-19 17:12 - 2017-05-19 17:12 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign8961c3a8858b142f 2017-05-18 22:34 - 2017-05-18 22:34 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign42e7f00e6f8f32fa 2017-05-18 16:52 - 2017-05-18 16:52 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigna430bc105e63cb7f 2017-05-18 16:52 - 2017-05-18 16:52 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign99532f193004a737 2017-05-18 16:52 - 2017-05-18 16:52 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign71394c97fd5d20b1 2017-05-18 16:43 - 2017-05-18 16:43 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign1e49addcf799d4a0 2017-05-18 16:32 - 2017-05-18 16:32 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign70f95bbd3fa13ca1 2017-05-18 16:31 - 2017-05-18 16:31 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsigndb1f459d1591b5c0 2017-05-18 16:30 - 2017-05-18 16:30 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign90102e0955fbbe13 2017-05-18 16:30 - 2017-05-18 16:30 - 000000000 ____D C:\Users\Davi\AppData\Local\Tempzxpsign3267606b4c3c7506 ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-08-14 10:30 - 2009-07-14 01:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-14 10:30 - 2009-07-14 01:45 - 000022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-14 10:26 - 2016-11-17 16:49 - 000000000 ____D C:\Users\Davi\AppData\LocalLow\Mozilla 2017-08-14 10:19 - 2015-06-17 19:54 - 000001026 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-453046077-1574525704-2639514093-1001UA.job 2017-08-14 10:12 - 2014-01-17 08:20 - 000000000 ____D C:\Users\Davi\AppData\Local\Adobe 2017-08-14 10:11 - 2011-04-23 10:52 - 000000000 ____D C:\Users\Todos os Usuários\GbPlugin 2017-08-14 10:11 - 2011-04-23 10:52 - 000000000 ____D C:\ProgramData\GbPlugin 2017-08-14 10:10 - 2015-08-29 14:43 - 000028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2017-08-14 10:10 - 2011-04-23 10:52 - 000000000 ____D C:\Program Files (x86)\GbPlugin 2017-08-14 10:09 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-13 23:37 - 2009-07-14 14:55 - 000706024 _____ C:\Windows\system32\prfh0416.dat 2017-08-13 23:37 - 2009-07-14 14:55 - 000147864 _____ C:\Windows\system32\prfc0416.dat 2017-08-13 23:37 - 2009-07-14 02:13 - 001635898 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-13 23:37 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf 2017-08-13 23:35 - 2012-10-13 01:53 - 000000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453046077-1574525704-2639514093-1001UA.job 2017-08-13 10:44 - 2013-05-07 09:59 - 000000000 ____D C:\Users\Davi\AppData\LocalLow\IObit 2017-08-13 10:38 - 2012-01-03 14:04 - 000000000 ____D C:\Users\Davi\AppData\Roaming\IObit 2017-08-13 10:37 - 2012-01-04 08:43 - 000000000 ____D C:\Users\Todos os Usuários\IObit 2017-08-13 10:37 - 2012-01-04 08:43 - 000000000 ____D C:\ProgramData\IObit 2017-08-13 09:56 - 2009-07-14 01:45 - 000513768 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-13 09:45 - 2011-04-17 12:36 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2017-08-13 09:45 - 2009-07-13 23:34 - 000000510 _____ C:\Windows\win.ini 2017-08-13 09:13 - 2016-11-09 21:25 - 000003534 _____ C:\Users\Davi\Desktop\Baixar e gravar.txt 2017-08-13 08:52 - 2017-02-13 18:52 - 000001655 _____ C:\Users\Davi\Desktop\LEMBRETES URGENTES.txt 2017-08-13 08:51 - 2012-04-03 10:55 - 000000000 ____D C:\Users\Convidado\AppData\Roaming\IObit 2017-08-13 08:49 - 2013-12-26 09:21 - 000000000 ____D C:\IObit 2017-08-13 07:16 - 2015-06-17 19:54 - 000000974 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-453046077-1574525704-2639514093-1001Core.job 2017-08-10 22:19 - 2011-04-14 17:46 - 000000000 ____D C:\Users\Davi\AppData\Roaming\Dropbox 2017-08-09 17:22 - 2011-04-15 09:32 - 000000000 ____D C:\Users\Davi\Documents\0. Documentos pessoais 2017-08-09 16:23 - 2016-03-26 17:07 - 000002900 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Davi 2017-08-09 08:47 - 2012-08-03 15:34 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-08-09 08:47 - 2012-08-03 15:34 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-09 08:47 - 2011-11-16 19:01 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-09 08:46 - 2011-04-07 19:49 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-08-08 18:31 - 2017-02-06 17:11 - 000041984 ___SH C:\Users\Davi\Downloads\Thumbs.db 2017-08-07 22:48 - 2011-04-15 09:52 - 000000000 ____D C:\Users\Davi\Documents\6. Viagens 2017-08-07 22:06 - 2012-06-15 20:43 - 000002384 _____ C:\Users\Davi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-06 15:57 - 2017-04-19 15:19 - 000009959 _____ C:\Users\Davi\Desktop\dívida Marina.xlsx 2017-08-04 18:44 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF 2017-08-02 13:48 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\rescache 2017-07-29 19:30 - 2014-09-04 22:58 - 000000000 ____D C:\Users\Todos os Usuários\Temp 2017-07-29 19:30 - 2014-09-04 22:58 - 000000000 ____D C:\ProgramData\Temp 2017-07-29 18:35 - 2011-06-07 18:07 - 000000000 ____D C:\Program Files (x86)\Google 2017-07-28 13:03 - 2015-11-08 16:52 - 000000000 ____D C:\frasm 2017-07-25 10:58 - 2017-01-11 17:46 - 000028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2017-07-25 10:34 - 2011-04-14 10:01 - 000000000 ____D C:\Users\Davi 2017-07-25 10:28 - 2017-01-29 11:06 - 000000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard 2017-07-25 10:28 - 2011-04-19 14:08 - 000000000 ____D C:\Users\Davi\AppData\Roaming\Winamp 2017-07-25 10:28 - 2011-04-14 18:25 - 000000000 ____D C:\Users\Convidado 2017-07-25 10:28 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\registration 2017-07-22 15:47 - 2011-04-14 10:07 - 000000000 ____D C:\Users\Davi\AppData\Local\VirtualStore 2017-07-22 15:06 - 2012-10-13 01:53 - 000000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-453046077-1574525704-2639514093-1001Core.job 2017-07-21 19:18 - 2013-04-01 09:13 - 000000000 ____D C:\Users\Davi\AppData\Roaming\HpUpdate 2017-07-21 19:00 - 2009-07-14 02:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-07-21 13:29 - 2017-04-24 11:41 - 000263824 ____N (Microsoft Corporation) C:\Windows\Setup1.exe 2017-07-21 13:29 - 2017-04-24 11:40 - 000087200 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE 2017-07-17 13:44 - 2013-10-27 17:40 - 000000000 ___RD C:\Users\Davi\Google Drive 2017-07-16 10:51 - 2015-05-11 23:06 - 000001769 _____ C:\Users\Davi\Desktop\LEMBRETES.txt 2017-07-16 10:49 - 2014-02-06 22:06 - 000000000 ____D C:\Users\Davi\Desktop\provisório 1 ==================== Arquivos na raiz de alguns diretórios ======= 2011-04-17 14:09 - 2011-03-02 12:40 - 000098816 _____ () C:\Program Files (x86)\Default.SFX 2011-04-17 14:09 - 2011-03-02 12:40 - 000128000 _____ () C:\Program Files (x86)\Default64.SFX 2011-04-17 14:09 - 2006-09-18 20:13 - 000001063 _____ () C:\Program Files (x86)\Descript.ion 2011-04-17 14:09 - 2011-03-02 12:38 - 000000496 _____ () C:\Program Files (x86)\File_Id.diz 2011-04-17 14:09 - 2010-09-28 11:23 - 000007019 _____ () C:\Program Files (x86)\License.txt 2011-04-17 14:09 - 2010-11-25 13:15 - 000003266 _____ () C:\Program Files (x86)\Order.htm 2011-04-17 14:09 - 2011-03-02 12:39 - 000417792 _____ () C:\Program Files (x86)\Rar.exe 2011-04-17 14:09 - 2011-02-22 16:57 - 000078667 _____ () C:\Program Files (x86)\Rar.txt 2011-04-17 14:09 - 2010-11-26 18:23 - 000001233 _____ () C:\Program Files (x86)\RarFiles.lst 2011-04-17 14:09 - 2011-04-17 14:09 - 000000020 _____ () C:\Program Files (x86)\rarnew.dat 2011-04-17 14:09 - 2011-01-23 14:41 - 000001411 _____ () C:\Program Files (x86)\ReadMe.txt 2012-12-18 18:44 - 2012-12-18 18:44 - 012729856 _____ () C:\Program Files (x86)\Setup_TeighaFileConverter_3.8.1.msi 2011-04-17 14:09 - 2010-12-01 17:26 - 000009234 _____ () C:\Program Files (x86)\TechNote.txt 2011-04-17 14:09 - 2011-03-02 12:41 - 000132608 _____ () C:\Program Files (x86)\Uninstall.exe 2011-04-17 14:09 - 2011-03-02 12:41 - 000000700 _____ () C:\Program Files (x86)\Uninstall.lst 2011-04-17 14:09 - 2011-03-02 12:39 - 000276992 _____ () C:\Program Files (x86)\UnRAR.exe 2011-04-17 14:09 - 2005-05-12 17:02 - 000000090 _____ () C:\Program Files (x86)\UnrarSrc.txt 2011-04-17 14:09 - 2011-03-01 12:28 - 000022081 _____ () C:\Program Files (x86)\WhatsNew.txt 2011-04-17 14:09 - 2011-03-02 12:39 - 000072704 _____ () C:\Program Files (x86)\WinCon.SFX 2011-04-17 14:09 - 2011-03-02 12:39 - 000094720 _____ () C:\Program Files (x86)\WinCon64.SFX 2011-04-17 14:09 - 2011-03-02 12:41 - 000266224 _____ () C:\Program Files (x86)\WinRAR.chm 2011-04-17 14:09 - 2011-03-02 12:39 - 001163264 _____ () C:\Program Files (x86)\WinRAR.exe 2011-04-17 14:09 - 2011-03-02 12:40 - 000078336 _____ () C:\Program Files (x86)\Zip.SFX 2011-04-17 14:09 - 2011-03-02 12:40 - 000097792 _____ () C:\Program Files (x86)\Zip64.SFX 2011-04-17 14:09 - 2011-04-17 14:09 - 000000022 _____ () C:\Program Files (x86)\zipnew.dat 2012-06-07 17:59 - 2012-06-07 17:59 - 000000055 _____ () C:\Users\Davi\AppData\Roaming\pcouffin.log 2012-03-18 22:25 - 2012-05-08 17:31 - 000000363 _____ () C:\Users\Davi\AppData\Roaming\Solve Elec 2.5 Prefs 2013-06-25 15:59 - 2014-01-25 16:28 - 000027830 _____ () C:\Users\Davi\AppData\Roaming\unins000.dat 2014-01-25 16:28 - 2014-01-25 16:27 - 000730322 _____ () C:\Users\Davi\AppData\Roaming\unins000.exe 2012-06-04 21:56 - 2012-06-05 00:08 - 000001057 _____ () C:\Users\Davi\AppData\Roaming\vso_ts_preview.xml 2011-05-02 12:40 - 2014-03-03 17:45 - 000006144 _____ () C:\Users\Davi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-21 11:55 - 2014-09-16 14:17 - 000007598 _____ () C:\Users\Davi\AppData\Local\Resmon.ResmonCfg 2011-04-21 11:20 - 2011-04-21 11:20 - 000000000 _____ () C:\Users\Davi\AppData\Local\rx_image32.Cache 2011-07-02 19:45 - 2011-07-02 19:45 - 000000000 _____ () C:\Users\Davi\AppData\Local\{D6AC9727-1FF1-499C-A58F-5C5B14DD3AC5} 2013-04-01 09:12 - 2013-04-01 09:12 - 000000057 _____ () C:\ProgramData\Ament.ini 2011-04-28 07:28 - 2011-04-28 07:28 - 000000056 ____H () C:\ProgramData\ezsidmv.dat 2016-02-03 22:01 - 2016-02-03 22:01 - 000000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2013-03-22 11:59 - 2013-06-01 11:46 - 000000629 _____ () C:\ProgramData\qcadrc Alguns arquivos em TEMP: ==================== 2014-04-24 22:50 - 2013-04-12 18:15 - 007672792 _____ (Foxit Corporation) C:\Users\Convidado\AppData\Local\Temp\Foxit Reader Updater.exe 2013-06-23 12:27 - 2013-06-23 12:27 - 001582944 _____ () C:\Users\Convidado\AppData\Local\Temp\{15230C96-126A-47B7-8444-E1EB59EF8F54}-27.0.1453.116_27.0.1453.110_chrome_updater.exe 2017-08-06 10:58 - 2013-04-12 18:15 - 007672792 _____ (Foxit Corporation) C:\Users\Davi\AppData\Local\Temp\Foxit Reader Updater.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-08-02 13:39 ==================== Fim de FRST.txt ============================ Grato pela ajuda!! Addition.txt
  10. Análise de log - pc travando/ ip malicioso

    Olá, só consegui cumprir o primeiro passo, pois, assim que executei o JRT.exe como administrador aparece a mensagem em anexo. Segue o log do AdwCleaner: # AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 13 11:51:46 2017 # Updated on 2017/05/08 by Malwarebytes # Running on Windows 7 Home Premium (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: AdAppMgrSvc ***** [ Folders ] ***** Deleted: C:\IObit\Advanced SystemCare Deleted: C:\ProgramData\IObit\Advanced SystemCare Deleted: C:\ProgramData\Application Data\IObit\Advanced SystemCare Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\Users\All Users\IObit\Advanced SystemCare Deleted: C:\Users\Convidado\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\Users\Davi\AppData\Roaming\IObit\Advanced SystemCare Deleted: C:\Users\Todos os Usuários\IObit\Advanced SystemCare Deleted: C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar Deleted: C:\Users\Davi\AppData\Roaming\QuickStoresToolbar Deleted: C:\ProgramData\IObit\ASCDownloader Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader Deleted: C:\Users\All Users\IObit\ASCDownloader Deleted: C:\Users\Todos os Usuários\IObit\ASCDownloader Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AskToolbar Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AskToolbar Deleted: C:\ProgramData\Tarma Installer Deleted: C:\ProgramData\Application Data\Tarma Installer Deleted: C:\Users\All Users\Tarma Installer Deleted: C:\Users\Todos os Usuários\Tarma Installer Deleted: C:\Users\Davi\AppData\Local\apn Deleted: C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} Deleted: C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} Deleted: C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} ***** [ Files ] ***** Deleted: C:\Users\Davi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 9.lnk Deleted: C:\Users\Davi\AppData\Roaming\Mozilla\Firefox\Profiles\jwtv0n0d.default\searchplugins\Askcom.xml Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare Deleted: [Key] - HKLM\SOFTWARE\PIP Deleted: [Key] - HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\PIP Deleted: [Key] - HKCU\Software\PIP Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1 Deleted: [Key] - HKLM\SOFTWARE\V9Software Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1 Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} Deleted: [Value] - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Deleted: [Key] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Deleted: [Key] - HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar Deleted: [Key] - HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\Softonic Deleted: [Key] - HKCU\Software\Softonic Deleted: [Key] - HKU\S-1-5-21-453046077-1574525704-2639514093-1001\Software\InstallCore Deleted: [Key] - HKCU\Software\InstallCore ***** [ Firefox (and derivatives) ] ***** SearchProvider deleted: websearch.ask.com - Ask.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::TCP/IP settings cleared ::IE policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [6780 B] - [2017/8/13 11:47:37] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Aguardo novas instruções. Gratidão! Abraços!
  11. Olá, o meu pc está travando em momentos que navego na internet e/ou acesso os programas e pastas do mesmo. Certa vez o computador acusou erro no boot do pc, e quando fiz a recuperação automática oferecida pelo Windows, o programa Advanced Care System indicou que o ip estava trocado e possivelmente malicioso e aceitei que ele configurasse automaticamente. Além disso, usei o programa Malwarebyte para fazer uma análise e ele identificou o Yontoo que teoricamente já foi deletado, porém não vi diferença no uso do computador. ZA-Scan.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×