Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
NandoStahelin79

Surgem novas abas no navegador e etc.

Recommended Posts

E aí pessoal, tudo bem?

 

Estão surgindo novas abas no meu navegador do nada, o proxy se ativa automaticamente, o que faz a pesquisa do google redirecionar para a pesquisa personalizada (já tentei desativar pelo regedit), não consigo entrar em sites de anti-vírus, e quando clico em cima de algum link ou botão, surgem novas abas. Além disso a central de segurança sempre desativa automaticamente quando ligo o pc, a mesma coisa com o firewall e Windows Defender. Uso Windows 10 64 bits, e Google Chrome.

Minha família e eu usamos o pc para trabalho.

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @NandoStahelin79

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • AdwCleaner:

    Citação

    # AdwCleaner v5.201 - Relatório criado 08/07/2016 às 18:40:40
    # Atualizado 30/06/2016 por ToolsLib
    # Banco de dados : 2016-07-08.2 [Servidor]
    # Sistema operacional : Windows 10 Pro  (X64)
    # Usuário : Mae e Pai - DESKTOP-0TOPMB6
    # Executando de : C:\Users\Mae e Pai\Desktop\adwcleaner_5.201.exe
    # Opção : Limpar
    # Apoio : https://toolslib.net/forum

    ***** [ Serviços ] *****


    ***** [ Pastas ] *****


    ***** [ Arquivos ] *****

    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_affiliate.navegaki.com_0.localstorage
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_affiliate.navegaki.com_0.localstorage-journal
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_searchglobo.com_0.localstorage
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_searchglobo.com_0.localstorage-journal
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_affiliate.navegaki.com_0.localstorage
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_affiliate.navegaki.com_0.localstorage-journal
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
    [-] Arquivo Excluído : C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal

    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Atalhos ] *****


    ***** [ Tarefas agendadas ] *****


    ***** [ Registro ] *****


    ***** [ Navegadores ] *****

    [-] [C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com

    *************************

    :: Chaves "Tracing" excluídas
    :: Configurações Winsock restauradas
    :: Políticas do IE excluídas
    :: Políticas do Chrome excluídas

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [4762 bytes] - [07/07/2016 23:55:58]
    C:\AdwCleaner\AdwCleaner[C2].txt - [2835 bytes] - [08/07/2016 18:40:40]
    C:\AdwCleaner\AdwCleaner[S1].txt - [4507 bytes] - [07/07/2016 23:48:16]
    C:\AdwCleaner\AdwCleaner[S2].txt - [2852 bytes] - [08/07/2016 18:25:52]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3054 bytes] ##########
     

    JRT

    Citação

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 10 Pro x64 
    Ran by Mae e Pai (Administrator) on 08/07/2016 at 19:00:02,37
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    File System: 10 

    Successfully deleted: C:\Users\Mae e Pai\AppData\Roaming\productdata (Folder) 
    Successfully deleted: C:\Users\Mae e Pai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33QYL4XT (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Mae e Pai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O01NNNB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Mae e Pai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8X0UJH3 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Mae e Pai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XB6C21I5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\WINDOWS\prefetch\FREEBIGUPGRADE.EXE-0B23C251.pf (File) 
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33QYL4XT (Temporary Internet Files Folder) 
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O01NNNB (Temporary Internet Files Folder) 
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W8X0UJH3 (Temporary Internet Files Folder) 
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XB6C21I5 (Temporary Internet Files Folder) 

    Registry: 0 

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 08/07/2016 at 19:03:39,73
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    ZHP-Cleaner

    Citação

    ~ ZHPCleaner v2016.7.8.83 by Nicolas Coolman (2016/08/08)
    ~ Run by Mae e Pai (Administrator)  (08/07/2016 19:12:19)
    ~ Site : http://www.nicolascoolman.com
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Type : Reparo
    ~ Report : C:\Users\Mae e Pai\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\Mae e Pai\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
    ~ UAC : Activate
    ~ Boot Mode : Normal (Normal boot)
    Windows 10 Pro, 64-bit  (Build 10586)


    ---\\  Serviços (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Navegadores de Internet (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Arquivo hosts (1)
    ~ O arquivo hosts é legítimo (21)


    ---\\  Tarefas automáticas agendadas. (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Explorer ( Arquivos, Pastas) (13)
    MOVIDO pasta: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [Copyright 2009 - Starter Module]  =>PUP.Optional.Skillbrains
    MOVIDO pasta: C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage    =>.Superfluous.AkamaiHD
    MOVIDO pasta: C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal    =>.Superfluous.AkamaiHD
    MOVIDO pasta: C:\Windows\SECOH-QAD.exe    =>HackTool.KMSpico
    MOVIDO pasta: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
    MOVIDO arquivo: C:\Program Files (x86)\Skillbrains  =>PUP.Optional.Skillbrains
    MOVIDO arquivo: C:\Program Files\KMSpico  =>HackTool.KMSpico
    MOVIDO arquivo: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
    MOVIDO arquivo: C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}  =>PUP.Optional.Generic
    MOVIDO arquivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
    MOVIDO arquivo: C:\WINDOWS\AutoKMS  =>HackTool.AutoKMS
    MOVIDO arquivo: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
    MOVIDO arquivo: C:\ProgramData\Microsoft\Network\Dsq  =>PUP.Optional.WindowsSecurity


    ---\\  Registro ( Chaves, Valores, Dados ) (6)
    SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2153180568-1299950508-860908323-1001\SOFTWARE\SkillBrains []  =>PUP.Optional.Skillbrains
    SUPRIMIDO chave*: HKCU\Software\SkillBrains []  =>PUP.Optional.Skillbrains
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Skillbrains []  =>PUP.Optional.Skillbrains
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains]  =>PUP.Optional.Skillbrains
    SUPRIMIDO valor: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lightshot [C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe]  =>PUP.Optional.Skillbrains


    ---\\  Resumo dos elementos encontrados na sua estação de trabalho (8)
    https://www.nicolascoolman.info/2016/04/30/pup-optional-skillbrains/  =>PUP.Optional.Skillbrains
    http://www.nicolascoolman.fr/?p=5145  =>.Superfluous.AkamaiHD
    http://www.nicolascoolman.fr/?p=989  =>HackTool.KMSpico
    https://www.nicolascoolman.info/2016/05/04/hacktool-autokms/  =>HackTool.AutoKMS
    https://www.nicolascoolman.info/2016/05/01/definition-dun-logiciel-pup-lpi/  =>PUP.Optional.Generic
    https://www.nicolascoolman.info/2016/04/21/riskware-quicktime/  =>Riskware.QuickTime
    http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.WindowsSecurity
    http://www.nicolascoolman.fr/?p=235  =>Toolbar.Ask


    ---\\  Dodatkowe oczyszczenie. (21)
    ~ Chave de registro Tracing Supprimido (21)
    ~ Remover os relatórios antigos ZHPCleaner. (0)


    ---\\ Resultado de reparação
    Reparação efectuada com sucesso
    ~ Este navegador está faltando ! (Mozilla Firefox)
    ~ Este navegador está faltando ! (Opera Software)


    ---\\ Estatísticas
    ~ Items scan : 240
    ~ Items encontrado : 0
    ~ items cancelados : 0
    ~ Items réparo : 19


    ~ End of clean in 00h00mn19s
    ~====================
    ZHPCleaner-[R]-08072016-19_12_38.txt
    ZHPCleaner--08072016-19_11_31.txt
     

    Quando digito algo no google, sou redirecionado para searchglobo.com

     

    Editado por NandoStahelin79
    Arrumar a formatação da frase

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @NandoStahelin79

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


    32 bit (x86) ou 64 bit (x64)

     

    • Clique duas vezes para executar a ferramenta.
      • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
    • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
    • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
    • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
    • Anexe o log Addition.txt

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Bom dia @diego_moicano

    Muito obrigado pela sua ajuda =D

    Citação

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 09-07-2016
    Executado por Mae e Pai (administrador) em DESKTOP-0TOPMB6 (09-07-2016 12:00:07)
    Executando a partir de C:\Users\Mae e Pai\Desktop
    Perfis Carregados: Fernandowski & Mae e Pai (Perfis Disponíveis: Fernandowski & Mae e Pai)
    Platform: Windows 10 Pro Versão 1511 (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Chrome)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe\HxMail.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe\HxTsr.exe


    ==================== Registro (Whitelisted) ===========================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2016-01-16] (Pixart Imaging Inc)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
    HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-10] (Avira Operations GmbH & Co. KG)
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-09] (Valve Corporation)
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    ProxyServer: [S-1-5-21-2153180568-1299950508-860908323-1002] => http=127.0.0.1:8080;https=127.0.0.1:8080
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{b149ec71-30d5-4a4f-b456-21fe7796f52b}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.br
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/?gws_rd=ssl
    HKU\S-1-5-21-2153180568-1299950508-860908323-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    SearchScopes: HKU\S-1-5-21-2153180568-1299950508-860908323-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg

    FireFox:
    ========
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Fernando\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)

    Chrome: 
    =======
    CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
    CHR Profile: C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Apresentações) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-15]
    CHR Extension: (Google Docs) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-15]
    CHR Extension: (Google Drive) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-15]
    CHR Extension: (YouTube) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-15]
    CHR Extension: (Google Search) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-15]
    CHR Extension: (Context Search) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnfenkefdfainompfoaahgkmlejmilb [2016-07-01]
    CHR Extension: (Planilhas do Google) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-15]
    CHR Extension: (Segurança do navegador Avira) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-08]
    CHR Extension: (Documentos Google off-line) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
    CHR Extension: (AdBlock) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-08]
    CHR Extension: (MailTrack para Gmail) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2016-07-08]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
    CHR Extension: (Stylebot) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha [2016-01-17]
    CHR Extension: (Gmail) - C:\Users\Mae e Pai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-15]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Serviços (Whitelisted) ========================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    S4 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
    S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-10] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-10] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-10] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-10] (Avira Operations GmbH & Co. KG)
    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG)
    S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
    S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [242960 2016-05-27] (EasyAntiCheat Ltd)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2016-01-14] (Intel Corporation)
    S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-03-10] (IObit)
    S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-01-17] ()
    S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7031056 2016-05-02] (TeamViewer GmbH)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    S2 XBox; C:\Program Files (x86)\XBox\XBLive.exe [6341560 2016-05-25] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R0 88A07145; C:\Windows\System32\drivers\88A07145.sys [478392 2016-07-08] (Kaspersky Lab ZAO)
    R0 88A071456; C:\Windows\System32\drivers\88A071456.sys [478392 2016-07-05] (Kaspersky Lab ZAO)
    R0 88A0714561; C:\Windows\System32\drivers\88A0714561.sys [478392 2016-07-05] (Kaspersky Lab ZAO)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-04-10] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-04-10] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-04-10] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-10] (Avira Operations GmbH & Co. KG)
    S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2016-02-17] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2016-01-18] (Windows (R) Win 7 DDK provider)
    R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-17] (Disc Soft Ltd)
    R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-01-17] (Disc Soft Ltd)
    S3 EasyAntiCheatSys; C:\WINDOWS\system32\drivers\EasyAntiCheat.sys [347896 2016-05-27] ()
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-02] ()
    S3 EverestDriver; não ImagePath
    R3 int0800; C:\Windows\System32\drivers\flashud.sys [51712 2009-09-09] (Intel Corporation)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-06] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2016-01-14] (Intel Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek                                            )
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
    R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2016-01-16] ()
    S1 UGKrnlDrv; não ImagePath
    S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [202144 2016-03-24] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202144 2016-03-24] (Zemana Ltd.)

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Três Meses Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2016-07-09 11:56 - 2016-07-09 11:57 - 00041663 _____ C:\Users\Mae e Pai\Desktop\Addition.txt
    2016-07-09 11:54 - 2016-07-09 12:00 - 00018772 _____ C:\Users\Mae e Pai\Desktop\FRST.txt
    2016-07-09 11:53 - 2016-07-09 12:00 - 00000000 ____D C:\FRST
    2016-07-09 11:37 - 2016-07-09 11:32 - 02390016 _____ (Farbar) C:\Users\Mae e Pai\Desktop\FRST64.exe
    2016-07-09 11:31 - 2016-07-09 11:32 - 02390016 _____ (Farbar) C:\Users\Fernando\Desktop\FRST64.exe
    2016-07-09 09:38 - 2016-07-09 09:38 - 00000620 _____ C:\WINDOWS\ZAM.krnl.trace
    2016-07-09 09:38 - 2016-07-09 09:38 - 00000119 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2016-07-09 01:46 - 2016-07-09 01:50 - 426890710 _____ C:\Users\Fernando\Desktop\Fecart é o tchan.mp4
    2016-07-08 23:52 - 2016-07-08 23:52 - 00338680 _____ C:\Users\Fernando\Desktop\É o Tchan   Tchan no Hawai   Clipe Oficial.mp3.sfk
    2016-07-08 22:38 - 2016-07-09 00:16 - 00000000 ____D C:\Users\Fernando\Desktop\STREAM
    2016-07-08 20:58 - 2016-07-08 21:05 - 00016148 _____ C:\Users\Fernando\Desktop\INSTITUTO FEDERAL CATARINENSE.odt
    2016-07-08 20:30 - 2016-07-08 21:31 - 00022624 _____ C:\Users\Fernando\Desktop\TRABALHO_FERNANDO_HENRIQUE_STAHELIN.odt
    2016-07-08 20:30 - 2016-07-08 20:40 - 00000000 ____D C:\Users\Fernando\Desktop\filmagens colação 5.7
    2016-07-08 19:12 - 2016-07-08 19:12 - 00004185 _____ C:\Users\Mae e Pai\Desktop\ZHPCleaner.txt
    2016-07-08 19:04 - 2016-07-08 19:12 - 00000000 ____D C:\Users\Mae e Pai\AppData\Roaming\ZHP
    2016-07-08 19:04 - 2016-07-08 19:04 - 00000926 _____ C:\Users\Mae e Pai\Desktop\ZHPCleaner.lnk
    2016-07-08 19:03 - 2016-07-08 19:03 - 00002041 _____ C:\Users\Mae e Pai\Desktop\JRT.txt
    2016-07-08 19:03 - 2016-07-08 18:41 - 00003133 _____ C:\Users\Mae e Pai\Desktop\AdwCleaner[C2].txt
    2016-07-08 18:40 - 2016-07-08 18:40 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
    2016-07-08 18:40 - 2016-07-08 18:40 - 00000008 __RSH C:\ProgramData\ntuser.pol
    2016-07-08 18:14 - 2016-07-08 18:13 - 02280448 _____ C:\Users\Mae e Pai\Desktop\ZHPCleaner.exe
    2016-07-08 18:14 - 2016-07-08 18:12 - 03712064 _____ C:\Users\Mae e Pai\Desktop\adwcleaner_5.201.exe
    2016-07-08 18:14 - 2016-07-07 19:20 - 01610816 _____ (Malwarebytes) C:\Users\Mae e Pai\Desktop\JRT.exe
    2016-07-08 18:13 - 2016-07-08 18:13 - 02280448 _____ C:\Users\Fernando\Desktop\ZHPCleaner.exe
    2016-07-08 18:12 - 2016-07-08 18:12 - 03712064 _____ C:\Users\Fernando\Desktop\adwcleaner_5.201.exe
    2016-07-08 14:36 - 2016-07-08 14:36 - 00000000 ____D C:\Users\Mae e Pai\AppData\Roaming\Avira
    2016-07-08 08:16 - 2016-07-08 08:16 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\Avira
    2016-07-08 00:25 - 2016-07-08 00:25 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\88A07145.sys
    2016-07-08 00:21 - 2016-04-10 11:03 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
    2016-07-08 00:21 - 2016-04-10 11:03 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
    2016-07-08 00:21 - 2016-04-10 11:03 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
    2016-07-08 00:21 - 2016-04-10 11:03 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
    2016-07-08 00:12 - 2016-07-08 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2016-07-08 00:12 - 2016-07-08 00:21 - 00000000 ____D C:\Users\Todos os Usuários\Avira
    2016-07-08 00:12 - 2016-07-08 00:21 - 00000000 ____D C:\ProgramData\Avira
    2016-07-08 00:12 - 2016-07-08 00:21 - 00000000 ____D C:\Program Files (x86)\Avira
    2016-07-07 23:47 - 2016-07-08 18:40 - 00000000 ____D C:\AdwCleaner
    2016-07-07 19:20 - 2016-07-07 19:20 - 01610816 _____ (Malwarebytes) C:\Users\Fernando\Desktop\JRT.exe
    2016-07-06 19:46 - 2016-07-06 19:46 - 00019508 _____ C:\Users\Fernando\Desktop\ZA-Scan.txt
    2016-07-06 19:43 - 2016-07-06 19:43 - 00019505 _____ C:\ZA-Scan.txt
    2016-07-06 19:27 - 2016-07-06 19:27 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2016-07-06 19:27 - 2016-07-06 19:27 - 00000000 ____D C:\zoek_backup
    2016-07-06 19:22 - 2016-07-06 19:48 - 00141282 _____ C:\WINDOWS\ntbtlog.txt
    2016-07-06 19:19 - 2016-07-06 19:22 - 00425672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-07-05 23:11 - 2016-07-05 23:11 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\88A0714561.sys
    2016-07-05 23:06 - 2016-07-05 23:06 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\88A071456.sys
    2016-07-05 07:07 - 2016-07-05 07:08 - 839780606 _____ C:\Users\Fernando\Desktop\Trabalho de ADM - Maná do Brasil - Final.mp4
    2016-07-04 17:25 - 2016-07-04 17:38 - 00010306 _____ C:\Users\Mae e Pai\Desktop\detalhePedido.xlsx
    2016-07-03 11:58 - 2016-07-03 12:24 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\ZHP
    2016-07-02 13:43 - 2016-07-02 13:43 - 00001047 _____ C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursos Opcionais.lnk
    2016-07-02 13:25 - 2016-07-02 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    2016-07-02 13:25 - 2016-07-02 13:25 - 00000000 ____D C:\Program Files\Trend Micro
    2016-07-02 13:04 - 2016-07-06 09:35 - 00000000 ____D C:\KVRT_Data
    2016-06-28 21:32 - 2016-07-01 20:16 - 00000000 ____D C:\Users\Fernando\Desktop\Fotos e vídeos T5i
    2016-06-27 22:02 - 2016-06-29 20:05 - 01275409 _____ C:\Users\Fernando\Desktop\Balanço Patrimonial.pptx
    2016-06-26 17:02 - 2016-06-26 17:02 - 00000034 _____ C:\Users\Fernando\AppData\Roaming\AdobeWLCMCache.dat
    2016-06-26 12:25 - 2016-06-26 12:25 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
    2016-06-26 12:23 - 2016-06-26 12:23 - 02870984 _____ (ESET) C:\Users\Fernando\Downloads\esetsmartinstaller_ptg.exe
    2016-06-26 12:23 - 2016-06-26 12:23 - 00000000 ____D C:\Program Files (x86)\ESET
    2016-06-25 20:52 - 2016-06-25 20:52 - 02491984 _____ C:\Users\Fernando\Desktop\Slide biologia final.pdf
    2016-06-24 18:58 - 2016-06-14 15:33 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-06-24 18:58 - 2016-06-14 15:33 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-06-19 16:08 - 2016-06-25 21:03 - 20268432 _____ C:\Users\Fernando\Desktop\Biologia.pptx
    2016-06-14 18:55 - 2016-05-28 01:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-06-14 18:55 - 2016-05-28 01:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-06-14 18:55 - 2016-05-28 01:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-06-14 18:55 - 2016-05-28 01:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-06-14 18:55 - 2016-05-28 01:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
    2016-06-14 18:55 - 2016-05-28 01:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-06-14 18:55 - 2016-05-28 01:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-06-14 18:55 - 2016-05-28 01:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-06-14 18:55 - 2016-05-28 01:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-06-14 18:55 - 2016-05-28 01:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-06-14 18:55 - 2016-05-28 01:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-06-14 18:55 - 2016-05-28 01:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-06-14 18:55 - 2016-05-28 01:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-06-14 18:55 - 2016-05-28 01:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-06-14 18:55 - 2016-05-28 01:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-06-14 18:55 - 2016-05-28 01:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-06-14 18:55 - 2016-05-28 01:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-06-14 18:55 - 2016-05-28 01:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-06-14 18:55 - 2016-05-28 01:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-06-14 18:55 - 2016-05-28 01:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-06-14 18:55 - 2016-05-28 01:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-06-14 18:55 - 2016-05-28 01:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-06-14 18:55 - 2016-05-28 01:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-06-14 18:55 - 2016-05-28 01:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-06-14 18:55 - 2016-05-28 01:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-06-14 18:55 - 2016-05-28 01:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2016-06-14 18:55 - 2016-05-28 00:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2016-06-14 18:54 - 2016-05-28 03:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-06-14 18:54 - 2016-05-28 03:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-06-14 18:54 - 2016-05-28 02:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-06-14 18:54 - 2016-05-28 02:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-06-14 18:54 - 2016-05-28 01:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-06-14 18:54 - 2016-05-28 01:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-06-14 18:54 - 2016-05-28 01:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-06-14 18:54 - 2016-05-28 01:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-06-14 18:54 - 2016-05-28 01:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
    2016-06-14 18:54 - 2016-05-28 01:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2016-06-14 18:54 - 2016-05-28 01:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2016-06-14 18:54 - 2016-05-28 01:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2016-06-14 18:54 - 2016-05-28 01:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2016-06-14 18:54 - 2016-05-28 01:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-06-14 18:54 - 2016-05-28 01:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-06-14 18:54 - 2016-05-28 01:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-06-14 18:54 - 2016-05-28 01:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-06-14 18:54 - 2016-05-28 01:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-06-14 18:54 - 2016-05-28 01:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-06-14 18:54 - 2016-05-28 01:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-06-14 18:54 - 2016-05-28 01:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-06-14 18:54 - 2016-05-28 01:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-06-14 18:53 - 2016-05-28 01:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-06-14 18:53 - 2016-05-28 01:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2016-06-14 18:53 - 2016-05-28 01:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-06-14 18:53 - 2016-05-28 01:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-06-14 18:53 - 2016-05-28 01:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-06-14 18:53 - 2016-05-28 01:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-06-14 18:53 - 2016-05-28 01:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
    2016-06-14 18:53 - 2016-05-28 01:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-06-14 18:53 - 2016-05-28 01:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2016-06-14 18:53 - 2016-05-28 01:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-06-14 18:53 - 2016-05-28 01:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-06-14 18:53 - 2016-05-28 01:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-06-14 18:53 - 2016-05-28 00:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-06-14 18:53 - 2016-05-28 00:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-06-14 18:52 - 2016-05-28 03:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-06-14 18:52 - 2016-05-28 02:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-06-14 18:52 - 2016-05-28 02:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-06-14 18:52 - 2016-05-28 02:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-06-14 18:52 - 2016-05-28 02:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-06-14 18:52 - 2016-05-28 02:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-06-14 18:52 - 2016-05-28 01:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2016-06-14 18:52 - 2016-05-28 01:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2016-06-14 18:52 - 2016-05-28 01:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2016-06-14 18:52 - 2016-05-28 01:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
    2016-06-14 18:52 - 2016-05-28 01:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
    2016-06-14 18:52 - 2016-05-28 01:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2016-06-14 18:52 - 2016-05-28 01:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
    2016-06-14 18:52 - 2016-05-28 01:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2016-06-14 18:52 - 2016-05-28 01:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2016-06-14 18:52 - 2016-05-28 01:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
    2016-06-14 18:52 - 2016-05-28 01:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2016-06-14 18:52 - 2016-05-28 01:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-06-14 18:52 - 2016-05-28 01:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-06-14 18:52 - 2016-05-28 01:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-06-14 18:52 - 2016-05-28 01:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2016-06-14 18:52 - 2016-05-28 01:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-06-14 18:52 - 2016-05-28 01:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2016-06-14 18:52 - 2016-05-28 01:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-06-14 18:52 - 2016-05-28 01:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-06-14 18:52 - 2016-05-28 01:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-06-14 18:52 - 2016-05-28 01:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2016-06-14 18:52 - 2016-05-28 01:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-06-14 18:52 - 2016-05-28 01:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
    2016-06-14 18:52 - 2016-05-28 01:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-06-14 18:52 - 2016-05-28 01:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-06-14 18:52 - 2016-05-28 01:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-06-14 18:52 - 2016-05-28 01:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2016-06-14 18:52 - 2016-05-28 01:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-06-14 18:52 - 2016-05-28 00:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-06-14 18:52 - 2016-05-28 00:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-06-14 18:51 - 2016-05-28 03:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-06-14 18:51 - 2016-05-28 02:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
    2016-06-14 18:51 - 2016-05-28 02:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
    2016-06-14 18:51 - 2016-05-28 02:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
    2016-06-14 18:51 - 2016-05-28 02:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
    2016-06-14 18:51 - 2016-05-28 02:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2016-06-14 18:51 - 2016-05-28 02:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2016-06-14 18:51 - 2016-05-28 02:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
    2016-06-14 18:51 - 2016-05-28 02:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
    2016-06-14 18:51 - 2016-05-28 02:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-06-14 18:51 - 2016-05-28 02:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2016-06-14 18:51 - 2016-05-28 02:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-06-14 18:51 - 2016-05-28 02:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-06-14 18:51 - 2016-05-28 02:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-06-14 18:51 - 2016-05-28 02:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2016-06-14 18:51 - 2016-05-28 02:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2016-06-14 18:51 - 2016-05-28 02:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
    2016-06-14 18:51 - 2016-05-28 02:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-06-14 18:51 - 2016-05-28 02:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-06-14 18:51 - 2016-05-28 02:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2016-06-14 18:51 - 2016-05-28 02:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-06-14 18:51 - 2016-05-28 02:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2016-06-14 18:51 - 2016-05-28 01:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-06-14 18:51 - 2016-05-28 01:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-06-14 18:51 - 2016-05-28 01:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2016-06-14 18:51 - 2016-05-28 01:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2016-06-14 18:51 - 2016-05-28 01:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2016-06-14 18:51 - 2016-05-28 01:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2016-06-14 18:51 - 2016-05-28 01:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2016-06-14 18:51 - 2016-05-28 01:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
    2016-06-14 18:51 - 2016-05-28 01:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-06-14 18:51 - 2016-05-28 01:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-06-14 18:51 - 2016-05-28 01:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
    2016-06-14 18:51 - 2016-05-28 01:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-06-14 18:51 - 2016-05-28 01:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2016-06-14 18:51 - 2016-05-28 01:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2016-06-14 18:51 - 2016-05-28 01:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2016-06-14 18:51 - 2016-05-28 01:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2016-06-14 18:51 - 2016-05-28 01:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
    2016-06-14 18:51 - 2016-05-28 01:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2016-06-14 18:51 - 2016-05-28 01:15 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
    2016-06-14 18:51 - 2016-05-28 01:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-06-14 18:51 - 2016-05-28 01:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-06-14 18:51 - 2016-05-28 01:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2016-06-14 18:51 - 2016-05-28 01:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-06-14 18:51 - 2016-05-28 01:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
    2016-06-14 18:51 - 2016-05-28 01:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
    2016-06-14 18:51 - 2016-05-28 01:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-06-14 18:51 - 2016-05-28 01:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2016-06-14 18:51 - 2016-05-28 01:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-06-14 18:51 - 2016-05-28 01:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-06-14 18:51 - 2016-05-28 01:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-06-14 18:51 - 2016-05-28 01:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2016-06-14 18:51 - 2016-05-28 00:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-06-14 18:51 - 2016-05-28 00:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-06-14 18:50 - 2016-05-28 03:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-06-14 18:50 - 2016-05-28 03:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-06-14 18:50 - 2016-05-28 02:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2016-06-14 18:50 - 2016-05-28 02:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-06-14 18:50 - 2016-05-28 02:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
    2016-06-14 18:50 - 2016-05-28 02:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-06-14 18:50 - 2016-05-28 02:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
    2016-06-14 18:50 - 2016-05-28 02:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-06-14 18:50 - 2016-05-28 02:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2016-06-14 18:50 - 2016-05-28 02:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2016-06-14 18:50 - 2016-05-28 02:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
    2016-06-14 18:50 - 2016-05-28 01:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2016-06-14 18:50 - 2016-05-28 01:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
    2016-06-14 18:50 - 2016-05-28 01:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
    2016-06-14 18:50 - 2016-05-28 01:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-06-14 18:50 - 2016-05-28 01:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
    2016-06-14 18:50 - 2016-05-28 01:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-06-14 18:50 - 2016-05-28 01:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2016-06-14 18:50 - 2016-05-28 01:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
    2016-06-14 18:50 - 2016-05-28 01:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2016-06-14 18:50 - 2016-05-28 01:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
    2016-06-14 18:50 - 2016-05-28 01:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-06-14 18:50 - 2016-05-28 01:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-06-14 18:50 - 2016-05-28 01:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
    2016-06-14 18:50 - 2016-05-28 01:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
    2016-06-14 18:50 - 2016-05-28 01:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2016-06-14 18:50 - 2016-05-28 01:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
    2016-06-14 18:50 - 2016-05-28 01:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-06-14 18:50 - 2016-05-28 01:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-06-14 18:50 - 2016-05-28 01:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
    2016-06-14 18:50 - 2016-05-28 01:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-06-14 18:50 - 2016-05-28 01:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-06-14 18:50 - 2016-05-28 01:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
    2016-06-14 18:50 - 2016-05-28 01:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
    2016-06-14 18:50 - 2016-05-28 01:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2016-06-14 18:50 - 2016-05-28 01:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
    2016-06-14 18:50 - 2016-05-28 01:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
    2016-06-14 18:50 - 2016-05-28 01:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
    2016-06-14 18:50 - 2016-05-28 01:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-06-14 18:50 - 2016-05-28 01:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-06-14 18:50 - 2016-05-28 01:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2016-06-14 18:50 - 2016-05-28 01:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
    2016-06-14 18:50 - 2016-05-28 01:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
    2016-06-14 18:50 - 2016-05-28 01:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
    2016-06-14 18:50 - 2016-05-28 01:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-06-14 18:50 - 2016-05-28 01:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
    2016-06-14 18:50 - 2016-05-28 01:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2016-06-14 18:50 - 2016-05-28 01:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
    2016-06-14 18:50 - 2016-05-28 01:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
    2016-06-14 18:50 - 2016-05-28 01:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2016-06-14 18:50 - 2016-05-28 01:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2016-06-14 18:50 - 2016-05-28 01:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2016-06-14 18:50 - 2016-05-28 01:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2016-06-14 18:50 - 2016-05-28 01:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-06-14 18:50 - 2016-05-28 01:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-06-14 18:50 - 2016-05-28 01:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
    2016-06-14 18:50 - 2016-05-28 01:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2016-06-14 18:50 - 2016-05-28 01:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
    2016-06-14 18:50 - 2016-05-28 01:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
    2016-06-14 18:50 - 2016-05-28 01:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2016-06-14 18:50 - 2016-05-28 01:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2016-06-14 18:50 - 2016-05-28 01:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-06-14 18:50 - 2016-05-28 01:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2016-06-14 18:50 - 2016-05-28 00:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2016-06-14 18:50 - 2016-05-28 00:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
    2016-06-13 16:25 - 2016-06-13 16:25 - 00000000 ____D C:\Program Files (x86)\XBox
    2016-06-13 16:24 - 2016-07-08 07:08 - 00000034 _____ C:\Users\Todos os Usuários\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2016-06-13 16:24 - 2016-07-08 07:08 - 00000034 _____ C:\ProgramData\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2016-06-11 13:12 - 2016-07-08 00:24 - 00000288 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_Fernandowski.job
    2016-06-11 13:12 - 2016-06-11 13:12 - 00002488 _____ C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Fernandowski
    2016-06-10 14:41 - 2016-06-10 14:43 - 39297065 _____ C:\Users\Fernando\Downloads\kit_hako2016.exe
    2016-06-08 07:22 - 2016-06-13 16:24 - 00000000 ____D C:\Users\Todos os Usuários\Intel
    2016-06-08 07:22 - 2016-06-13 16:24 - 00000000 ____D C:\Users\Todos os Usuários\AMD
    2016-06-08 07:22 - 2016-06-13 16:24 - 00000000 ____D C:\ProgramData\Intel
    2016-06-08 07:22 - 2016-06-13 16:24 - 00000000 ____D C:\ProgramData\AMD
    2016-06-06 09:32 - 2016-06-06 09:32 - 00000034 _____ C:\Program Files\Common Files\9E3EC1B1.zq
    2016-06-06 09:32 - 2016-06-06 09:32 - 00000000 ____D C:\Users\Todos os Usuários\Chrome
    2016-06-06 09:32 - 2016-06-06 09:32 - 00000000 ____D C:\ProgramData\Chrome
    2016-05-27 12:53 - 2016-05-27 14:59 - 00347896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
    2016-05-27 00:02 - 2016-05-27 00:01 - 00242960 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
    2016-05-22 15:14 - 2016-05-22 15:14 - 00000000 ____D C:\Users\Fernando\AppData\Local\Tecno_Clique
    2016-05-22 15:02 - 2016-05-22 15:02 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
    2016-05-22 15:01 - 2016-05-22 15:01 - 00000000 ____D C:\Program Files\Reference Assemblies
    2016-05-22 15:01 - 2016-05-22 15:01 - 00000000 ____D C:\Program Files\MSBuild
    2016-05-22 15:01 - 2016-05-22 15:01 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2016-05-22 14:50 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2016-05-22 14:50 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2016-05-22 14:50 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2016-05-22 14:45 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2016-05-22 14:45 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2016-05-22 14:44 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2016-05-22 14:28 - 2016-05-22 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
    2016-05-22 14:28 - 2016-05-22 14:28 - 00000000 ____D C:\Program Files (x86)\HD Tune
    2016-05-22 14:20 - 2016-05-22 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamePower
    2016-05-22 14:20 - 2016-05-22 14:20 - 00000000 ____D C:\Program Files (x86)\GamePower
    2016-05-21 14:28 - 2016-05-21 14:28 - 00000000 ____D C:\Users\Fernando\AppData\Local\SoftorinoUpdates
    2016-05-17 19:57 - 2016-05-17 19:57 - 00267512 _____ C:\Users\Mae e Pai\Desktop\VIVO - Fatura 0334105062-0.zip
    2016-05-16 19:17 - 2016-05-16 19:25 - 00004166 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-05-16 19:17 - 2016-05-16 19:25 - 00003934 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-05-14 21:36 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\WINDOWS\SysWOW64\fmcodec.DLL
    2016-05-14 17:36 - 2016-05-14 17:36 - 425085582 _____ C:\Users\Mae e Pai\Desktop\Não confirmado 273565.crdownload
    2016-05-14 15:14 - 2016-05-28 12:31 - 00000000 ____D C:\Users\Mae e Pai\Desktop\FOTOS CELULAR SANDRA
    2016-05-11 21:02 - 2016-05-11 21:02 - 00057982 _____ C:\Users\Mae e Pai\Desktop\boleto_bradesco.asp.html 2.html
    2016-05-11 21:02 - 2016-05-11 21:02 - 00000000 ____D C:\Users\Mae e Pai\Desktop\boleto_bradesco.asp.html 2_files
    2016-05-10 22:56 - 2016-05-10 22:56 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-05-10 16:27 - 2016-04-23 01:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-05-10 16:27 - 2016-04-23 01:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-05-10 16:27 - 2016-04-23 01:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-05-10 16:27 - 2016-04-23 01:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-05-10 16:26 - 2016-04-23 01:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-05-10 16:25 - 2016-04-23 03:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-05-10 16:25 - 2016-04-23 03:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-05-10 16:25 - 2016-04-23 02:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-05-10 16:25 - 2016-04-23 02:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-05-10 16:25 - 2016-04-23 02:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-05-10 16:25 - 2016-04-23 02:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-05-10 16:25 - 2016-04-23 02:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2016-05-10 16:25 - 2016-04-23 02:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-05-10 16:25 - 2016-04-23 02:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-05-10 16:25 - 2016-04-23 02:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-05-10 16:25 - 2016-04-23 02:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-05-10 16:25 - 2016-04-23 02:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-05-10 16:25 - 2016-04-23 02:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-05-10 16:25 - 2016-04-23 02:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-05-10 16:25 - 2016-04-23 02:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-05-10 16:25 - 2016-04-23 01:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-05-10 16:25 - 2016-04-23 01:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-05-10 16:25 - 2016-04-23 01:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-05-10 16:25 - 2016-04-23 01:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-05-10 16:25 - 2016-04-23 01:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-05-10 16:25 - 2016-04-23 01:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-05-10 16:25 - 2016-04-23 01:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-05-10 16:25 - 2016-04-23 01:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-05-10 16:25 - 2016-04-23 01:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-05-10 16:25 - 2016-04-23 01:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-05-10 16:25 - 2016-04-23 01:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2016-05-10 16:25 - 2016-04-23 01:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-05-10 16:25 - 2016-04-23 01:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-05-10 16:25 - 2016-04-23 01:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2016-05-10 16:25 - 2016-04-23 01:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2016-05-10 16:25 - 2016-04-23 01:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-05-10 16:25 - 2016-04-23 01:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-05-10 16:25 - 2016-04-23 01:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2016-05-10 16:25 - 2016-04-23 01:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-05-10 16:25 - 2016-04-23 01:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-05-10 16:25 - 2016-04-23 01:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2016-05-10 16:25 - 2016-04-23 01:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-05-10 16:25 - 2016-04-23 01:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-05-10 16:25 - 2016-04-23 01:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-05-10 16:25 - 2016-04-23 01:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2016-05-10 16:25 - 2016-04-23 01:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-05-10 16:25 - 2016-04-23 01:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2016-05-10 16:25 - 2016-04-23 01:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2016-05-10 16:25 - 2016-04-23 01:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2016-05-10 16:25 - 2016-04-23 01:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2016-05-10 16:24 - 2016-05-06 01:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
    2016-05-10 16:24 - 2016-05-06 01:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2016-05-10 16:24 - 2016-05-06 01:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2016-05-10 16:24 - 2016-05-06 00:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2016-05-10 16:24 - 2016-05-06 00:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
    2016-05-10 16:24 - 2016-05-06 00:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2016-05-10 16:24 - 2016-05-06 00:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2016-05-10 16:24 - 2016-04-23 02:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2016-05-10 16:24 - 2016-04-23 02:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2016-05-10 16:24 - 2016-04-23 02:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2016-05-10 16:24 - 2016-04-23 02:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2016-05-10 16:24 - 2016-04-23 02:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2016-05-10 16:24 - 2016-04-23 02:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2016-05-10 16:24 - 2016-04-23 02:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-05-10 16:24 - 2016-04-23 02:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
    2016-05-10 16:24 - 2016-04-23 02:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2016-05-10 16:24 - 2016-04-23 02:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2016-05-10 16:24 - 2016-04-23 02:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2016-05-10 16:24 - 2016-04-23 02:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2016-05-10 16:24 - 2016-04-23 02:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-05-10 16:24 - 2016-04-23 02:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-05-10 16:24 - 2016-04-23 02:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2016-05-10 16:24 - 2016-04-23 02:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2016-05-10 16:24 - 2016-04-23 02:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
    2016-05-10 16:24 - 2016-04-23 02:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2016-05-10 16:24 - 2016-04-23 02:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
    2016-05-10 16:24 - 2016-04-23 02:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
    2016-05-10 16:24 - 2016-04-23 02:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-05-10 16:24 - 2016-04-23 02:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2016-05-10 16:24 - 2016-04-23 02:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2016-05-10 16:24 - 2016-04-23 02:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2016-05-10 16:24 - 2016-04-23 02:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-05-10 16:24 - 2016-04-23 02:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-05-10 16:24 - 2016-04-23 02:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2016-05-10 16:24 - 2016-04-23 02:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2016-05-10 16:24 - 2016-04-23 02:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
    2016-05-10 16:24 - 2016-04-23 01:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2016-05-10 16:24 - 2016-04-23 01:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-05-10 16:24 - 2016-04-23 01:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
    2016-05-10 16:24 - 2016-04-23 01:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-05-10 16:24 - 2016-04-23 01:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2016-05-10 16:24 - 2016-04-23 01:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
    2016-05-10 16:24 - 2016-04-23 01:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
    2016-05-10 16:24 - 2016-04-23 01:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
    2016-05-10 16:24 - 2016-04-23 01:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2016-05-10 16:24 - 2016-04-23 01:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2016-05-10 16:24 - 2016-04-23 01:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2016-05-10 16:24 - 2016-04-23 01:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2016-05-10 16:24 - 2016-04-23 01:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
    2016-05-10 16:24 - 2016-04-23 01:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-05-10 16:24 - 2016-04-23 01:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
    2016-05-10 16:24 - 2016-04-23 01:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
    2016-05-10 16:24 - 2016-04-23 01:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2016-05-10 16:24 - 2016-04-23 01:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
    2016-05-10 16:24 - 2016-04-23 01:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
    2016-05-10 16:24 - 2016-04-23 01:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2016-05-10 16:24 - 2016-04-23 01:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
    2016-05-10 16:24 - 2016-04-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
    2016-05-10 16:24 - 2016-04-23 01:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2016-05-10 16:24 - 2016-04-23 01:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-05-10 16:24 - 2016-04-23 01:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-05-10 16:24 - 2016-04-23 01:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2016-05-10 16:24 - 2016-04-23 01:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2016-05-10 16:24 - 2016-04-23 01:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2016-05-10 16:24 - 2016-04-23 01:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
    2016-05-10 16:24 - 2016-04-23 01:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
    2016-05-10 16:24 - 2016-04-23 01:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
    2016-05-10 16:24 - 2016-04-23 01:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
    2016-05-10 16:24 - 2016-04-23 01:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
    2016-05-10 16:24 - 2016-04-23 01:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2016-05-10 16:24 - 2016-04-23 01:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-05-10 16:24 - 2016-04-23 01:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2016-05-10 16:24 - 2016-04-23 01:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2016-05-10 16:24 - 2016-04-23 01:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-05-10 16:24 - 2016-04-23 01:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
    2016-05-10 16:24 - 2016-04-23 01:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
    2016-05-10 16:24 - 2016-04-23 01:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
    2016-05-10 16:24 - 2016-04-23 01:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2016-05-10 16:24 - 2016-04-23 01:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-05-10 16:24 - 2016-04-23 01:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-05-10 16:24 - 2016-04-23 01:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
    2016-05-10 16:24 - 2016-04-23 01:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2016-05-10 16:24 - 2016-04-23 01:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-05-10 16:24 - 2016-04-23 01:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2016-05-10 16:24 - 2016-04-23 01:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2016-05-10 16:24 - 2016-04-23 01:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2016-05-10 16:24 - 2016-04-23 01:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2016-05-10 16:24 - 2016-04-23 01:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-05-10 16:24 - 2016-04-23 00:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2016-05-10 16:24 - 2016-04-22 23:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-05-10 16:23 - 2016-04-22 23:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
    2016-05-10 16:23 - 2016-04-18 19:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
    2016-05-05 21:55 - 2016-05-05 21:55 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\vlc
    2016-05-05 16:18 - 2016-05-05 16:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2016-05-05 16:18 - 2016-05-05 16:18 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
    2016-05-04 20:55 - 2016-05-04 21:10 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\Stellarium
    2016-05-04 20:55 - 2016-05-04 20:55 - 00000000 ____D C:\Users\Fernando\AppData\Local\stellarium
    2016-05-04 20:54 - 2016-05-04 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
    2016-05-04 20:52 - 2016-05-04 20:54 - 00000000 ____D C:\Program Files\Stellarium
    2016-05-02 18:33 - 2016-05-02 18:35 - 00000000 ____D C:\Program Files\EqualizerAPO
    2016-05-02 18:33 - 2016-05-02 18:33 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.1.1
    2016-04-25 00:35 - 2016-04-25 00:35 - 00221824 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
    2016-04-25 00:35 - 2016-04-25 00:35 - 00129152 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
    2016-04-24 11:18 - 2016-04-24 11:18 - 00064808 _____ C:\Users\Fernando\Downloads\E7FA.tmp
    2016-04-20 16:34 - 2016-05-05 16:18 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\TeamViewer
    2016-04-16 20:19 - 2016-04-16 20:19 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\raidcall
    2016-04-16 20:19 - 2016-04-16 20:19 - 00000000 ____D C:\Users\Fernando\AppData\LocalLow\raidcall
    2016-04-16 20:18 - 2016-04-16 20:18 - 00001100 _____ C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
    2016-04-16 20:18 - 2016-04-16 20:18 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
    2016-04-16 20:17 - 2016-04-16 20:19 - 00000000 ____D C:\Program Files (x86)\RaidCall
    2016-04-16 11:57 - 2016-04-16 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
    2016-04-16 11:57 - 2016-04-16 11:57 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
    2016-04-15 12:31 - 2016-05-07 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP
    2016-04-15 12:31 - 2016-05-07 17:21 - 00000000 ____D C:\Program Files\TruckersMP
    2016-04-13 06:35 - 2016-03-29 04:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-04-13 06:35 - 2016-03-29 04:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-04-13 06:35 - 2016-03-29 04:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-04-13 06:34 - 2016-04-02 00:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-04-13 06:34 - 2016-03-29 07:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-04-13 06:34 - 2016-03-29 07:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-04-13 06:34 - 2016-03-29 06:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-04-13 06:34 - 2016-03-29 06:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-04-13 06:34 - 2016-03-29 06:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-04-13 06:34 - 2016-03-29 04:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-04-13 06:34 - 2016-03-29 04:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-04-13 06:34 - 2016-03-29 04:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-04-13 06:34 - 2016-03-29 04:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-04-13 06:34 - 2016-03-29 04:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-04-13 06:34 - 2016-03-29 03:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2016-04-13 06:34 - 2016-03-29 03:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-04-13 06:34 - 2016-03-29 03:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-04-13 06:34 - 2016-03-29 03:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-04-13 06:34 - 2016-03-29 02:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-04-13 06:34 - 2016-03-29 02:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-04-13 06:33 - 2016-04-02 01:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-04-13 06:33 - 2016-03-29 07:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-04-13 06:33 - 2016-03-29 07:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-04-13 06:33 - 2016-03-29 07:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-04-13 06:33 - 2016-03-29 07:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-04-13 06:33 - 2016-03-29 07:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2016-04-13 06:33 - 2016-03-29 07:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2016-04-13 06:33 - 2016-03-29 06:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2016-04-13 06:33 - 2016-03-29 06:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-04-13 06:33 - 2016-03-29 06:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-04-13 06:33 - 2016-03-29 05:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-04-13 06:33 - 2016-03-29 05:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-04-13 06:33 - 2016-03-29 05:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-04-13 06:33 - 2016-03-29 05:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2016-04-13 06:33 - 2016-03-29 04:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2016-04-13 06:33 - 2016-03-29 04:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2016-04-13 06:33 - 2016-03-29 04:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2016-04-13 06:33 - 2016-03-29 04:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
    2016-04-13 06:33 - 2016-03-29 04:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2016-04-13 06:33 - 2016-03-29 04:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-04-13 06:33 - 2016-03-29 04:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
    2016-04-13 06:33 - 2016-03-29 04:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2016-04-13 06:33 - 2016-03-29 04:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2016-04-13 06:33 - 2016-03-29 04:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2016-04-13 06:33 - 2016-03-29 04:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-04-13 06:33 - 2016-03-29 04:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
    2016-04-13 06:33 - 2016-03-29 04:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-04-13 06:33 - 2016-03-29 03:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-04-13 06:33 - 2016-03-29 03:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
    2016-04-13 06:33 - 2016-03-29 03:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
    2016-04-13 06:33 - 2016-03-29 03:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
    2016-04-13 06:33 - 2016-03-29 03:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
    2016-04-13 06:33 - 2016-03-29 03:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2016-04-13 06:33 - 2016-03-29 03:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-04-13 06:33 - 2016-03-29 03:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
    2016-04-13 06:33 - 2016-03-29 03:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2016-04-13 06:33 - 2016-03-29 03:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2016-04-13 06:33 - 2016-03-29 03:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-04-13 06:33 - 2016-03-29 03:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2016-04-13 06:33 - 2016-03-29 03:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2016-04-13 06:33 - 2016-03-29 03:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-04-13 06:33 - 2016-03-29 03:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-04-13 06:33 - 2016-03-29 03:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
    2016-04-13 06:33 - 2016-03-29 03:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-04-13 06:33 - 2016-03-29 03:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
    2016-04-13 06:33 - 2016-03-29 03:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
    2016-04-13 06:33 - 2016-03-29 03:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2016-04-13 06:33 - 2016-03-29 03:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2016-04-13 06:33 - 2016-03-29 03:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
    2016-04-13 06:33 - 2016-03-29 02:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2016-04-13 06:33 - 2016-03-29 02:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2016-04-13 06:33 - 2016-03-29 02:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2016-04-13 06:33 - 2016-03-29 02:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2016-04-13 06:32 - 2016-04-02 01:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
    2016-04-13 06:32 - 2016-04-02 01:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2016-04-13 06:32 - 2016-04-02 00:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
    2016-04-13 06:32 - 2016-04-02 00:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
    2016-04-13 06:32 - 2016-03-29 07:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2016-04-13 06:32 - 2016-03-29 07:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
    2016-04-13 06:32 - 2016-03-29 07:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2016-04-13 06:32 - 2016-03-29 07:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-04-13 06:32 - 2016-03-29 06:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2016-04-13 06:32 - 2016-03-29 06:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2016-04-13 06:32 - 2016-03-29 06:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
    2016-04-13 06:32 - 2016-03-29 06:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
    2016-04-13 06:32 - 2016-03-29 06:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
    2016-04-13 06:32 - 2016-03-29 06:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
    2016-04-13 06:32 - 2016-03-29 06:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
    2016-04-13 06:32 - 2016-03-29 05:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
    2016-04-13 06:32 - 2016-03-29 05:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
    2016-04-13 06:32 - 2016-03-29 05:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
    2016-04-13 06:32 - 2016-03-29 05:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
    2016-04-13 06:32 - 2016-03-29 05:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
    2016-04-13 06:32 - 2016-03-29 05:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2016-04-13 06:32 - 2016-03-29 05:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2016-04-13 06:32 - 2016-03-29 05:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2016-04-13 06:32 - 2016-03-29 05:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
    2016-04-13 06:32 - 2016-03-29 05:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
    2016-04-13 06:32 - 2016-03-29 05:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
    2016-04-13 06:32 - 2016-03-29 05:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
    2016-04-13 06:32 - 2016-03-29 04:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
    2016-04-13 06:32 - 2016-03-29 04:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
    2016-04-13 06:32 - 2016-03-29 04:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
    2016-04-13 06:32 - 2016-03-29 04:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
    2016-04-13 06:32 - 2016-03-29 04:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
    2016-04-13 06:32 - 2016-03-29 04:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-04-13 06:32 - 2016-03-29 04:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
    2016-04-13 06:32 - 2016-03-29 04:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
    2016-04-13 06:32 - 2016-03-29 04:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2016-04-13 06:32 - 2016-03-29 04:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
    2016-04-13 06:32 - 2016-03-29 04:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
    2016-04-13 06:32 - 2016-03-29 04:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
    2016-04-13 06:32 - 2016-03-29 04:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
    2016-04-13 06:32 - 2016-03-29 04:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
    2016-04-13 06:32 - 2016-03-29 04:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
    2016-04-13 06:32 - 2016-03-29 04:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2016-04-13 06:32 - 2016-03-29 04:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
    2016-04-13 06:32 - 2016-03-29 04:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
    2016-04-13 06:32 - 2016-03-29 04:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2016-04-13 06:32 - 2016-03-29 04:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2016-04-13 06:32 - 2016-03-29 04:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
    2016-04-13 06:32 - 2016-03-29 04:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2016-04-13 06:32 - 2016-03-29 04:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-04-13 06:32 - 2016-03-29 04:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2016-04-13 06:32 - 2016-03-29 04:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-04-13 06:32 - 2016-03-29 04:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
    2016-04-13 06:32 - 2016-03-29 04:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
    2016-04-13 06:32 - 2016-03-29 04:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
    2016-04-13 06:32 - 2016-03-29 04:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
    2016-04-13 06:32 - 2016-03-29 04:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2016-04-13 06:32 - 2016-03-29 04:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
    2016-04-13 06:32 - 2016-03-29 04:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
    2016-04-13 06:32 - 2016-03-29 04:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
    2016-04-13 06:32 - 2016-03-29 04:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2016-04-13 06:32 - 2016-03-29 04:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2016-04-13 06:32 - 2016-03-29 04:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-04-13 06:32 - 2016-03-29 04:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
    2016-04-13 06:32 - 2016-03-29 04:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
    2016-04-13 06:32 - 2016-03-29 04:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
    2016-04-13 06:32 - 2016-03-29 04:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
    2016-04-13 06:32 - 2016-03-29 04:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
    2016-04-13 06:32 - 2016-03-29 03:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2016-04-13 06:32 - 2016-03-29 03:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
    2016-04-13 06:32 - 2016-03-29 03:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
    2016-04-13 06:32 - 2016-03-29 03:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
    2016-04-13 06:32 - 2016-03-29 03:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
    2016-04-13 06:32 - 2016-03-29 03:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
    2016-04-13 06:32 - 2016-03-29 03:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-04-13 06:32 - 2016-03-29 03:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
    2016-04-13 06:32 - 2016-03-29 03:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
    2016-04-13 06:32 - 2016-03-29 03:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2016-04-13 06:32 - 2016-03-29 03:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2016-04-13 06:32 - 2016-03-29 03:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2016-04-13 06:32 - 2016-03-29 03:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2016-04-13 06:32 - 2016-03-29 03:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2016-04-13 06:32 - 2016-03-29 02:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
    2016-04-13 06:32 - 2016-03-29 02:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
    2016-04-13 06:32 - 2016-03-29 02:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
    2016-04-13 06:32 - 2016-03-29 02:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
    2016-04-13 06:32 - 2016-03-29 02:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2016-04-13 06:32 - 2016-03-29 02:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2016-04-13 06:32 - 2016-03-29 02:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2016-04-13 06:32 - 2016-03-29 02:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
    2016-04-13 06:31 - 2016-03-29 04:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
    2016-04-13 06:31 - 2016-03-29 04:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-04-13 06:31 - 2016-03-29 03:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll

    ==================== Três Meses Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2016-07-09 11:52 - 2016-03-04 07:13 - 00004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{019EEAAB-9B1C-4B1D-9609-7B555C3B5DF1}
    2016-07-09 11:38 - 2016-01-14 13:58 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-09 11:37 - 2016-01-15 08:55 - 00000000 __SHD C:\Users\Mae e Pai\IntelGraphicsProfiles
    2016-07-09 11:30 - 2016-01-14 13:58 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-07-09 09:39 - 2016-03-02 09:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-07-09 05:30 - 2015-10-30 03:28 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
    2016-07-09 02:14 - 2016-01-16 17:53 - 00000000 ____D C:\Users\Fernando\AppData\Local\Adobe
    2016-07-09 01:21 - 2016-01-16 12:49 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\foobar2000
    2016-07-08 23:43 - 2016-02-27 11:00 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\MPC-HC
    2016-07-08 22:41 - 2016-01-14 11:03 - 01819274 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-07-08 22:41 - 2015-10-30 16:11 - 00785262 _____ C:\WINDOWS\system32\prfh0416.dat
    2016-07-08 22:41 - 2015-10-30 16:11 - 00154048 _____ C:\WINDOWS\system32\prfc0416.dat
    2016-07-08 22:41 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
    2016-07-08 21:34 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-07-08 21:34 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-07-08 20:52 - 2016-01-15 06:28 - 00000000 ___RD C:\Users\Fernando\Desktop\Nando
    2016-07-08 18:41 - 2016-03-02 08:41 - 00000000 ____D C:\Users\Fernando
    2016-07-08 18:41 - 2016-03-02 08:40 - 00000000 ____D C:\Users\Mae e Pai
    2016-07-08 14:48 - 2016-01-15 10:16 - 00000000 ____D C:\Users\Mae e Pai\Desktop\IMOVEIS
    2016-07-08 00:09 - 2016-01-16 18:03 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
    2016-07-08 00:09 - 2016-01-16 18:03 - 00000000 ____D C:\ProgramData\Package Cache
    2016-07-07 20:00 - 2016-01-15 10:16 - 00000000 ____D C:\Users\Mae e Pai\Desktop\luiz carlos
    2016-07-07 19:16 - 2016-04-01 21:53 - 00000000 ____D C:\Users\Mae e Pai\Desktop\EMPRESA - SANDRA - FABI
    2016-07-06 21:39 - 2016-01-14 15:06 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-07-06 19:19 - 2016-01-15 05:36 - 00000000 ____D C:\Program Files (x86)\Panda Security
    2016-07-06 19:16 - 2016-01-15 05:35 - 00000000 ____D C:\Users\Todos os Usuários\Panda Security
    2016-07-06 19:16 - 2016-01-15 05:35 - 00000000 ____D C:\ProgramData\Panda Security
    2016-07-06 19:14 - 2016-01-15 09:01 - 00000000 ____D C:\Users\Mae e Pai\AppData\Roaming\Panda Security
    2016-07-06 19:14 - 2016-01-15 05:38 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\Panda Security
    2016-07-06 18:09 - 2016-01-18 12:37 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-07-06 18:09 - 2016-01-16 08:13 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\uTorrent
    2016-07-06 17:51 - 2016-03-24 12:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-07-06 15:51 - 2016-03-11 23:24 - 00000000 ____D C:\Users\Todos os Usuários\System32
    2016-07-06 15:51 - 2016-03-11 23:24 - 00000000 ____D C:\ProgramData\System32
    2016-07-04 09:53 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-07-03 14:34 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-07-02 23:30 - 2015-10-30 16:11 - 00000000 ____D C:\WINDOWS\OCR
    2016-07-02 17:55 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\Web
    2016-07-02 17:46 - 2016-01-14 11:15 - 00000000 ____D C:\Users\Fernando\AppData\Local\VirtualStore
    2016-07-02 14:38 - 2015-10-30 16:11 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
    2016-07-02 14:38 - 2015-10-30 16:11 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
    2016-07-02 14:38 - 2015-10-30 16:11 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
    2016-07-02 14:38 - 2015-10-30 16:11 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
    2016-07-02 14:38 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2016-07-02 14:37 - 2015-10-30 16:11 - 00000000 ____D C:\WINDOWS\system32\winrm
    2016-07-02 14:37 - 2015-10-30 16:11 - 00000000 ____D C:\WINDOWS\system32\WCN
    2016-07-02 14:37 - 2015-10-30 16:11 - 00000000 ____D C:\WINDOWS\system32\slmgr
    2016-07-02 14:37 - 2015-10-30 16:11 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
    2016-07-02 14:37 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2016-07-02 14:37 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-07-02 14:37 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
    2016-07-02 14:37 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2016-07-02 14:37 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\MiracastView
    2016-07-02 14:37 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-07-02 14:37 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
    2016-07-02 14:37 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\servicing
    2016-07-02 14:36 - 2015-10-30 16:14 - 00000000 ____D C:\Program Files\Windows Journal
    2016-07-02 14:36 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-07-02 14:36 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2016-07-02 14:36 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2016-07-02 14:36 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Defender
    2016-07-02 14:36 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2016-07-02 14:36 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2016-07-02 11:32 - 2016-01-15 07:33 - 00000000 ____D C:\Users\Fernando\Documents\OFX Presets
    2016-06-29 12:22 - 2016-03-24 14:26 - 00000000 ____D C:\Users\Mae e Pai\AppData\Local\ElevatedDiagnostics
    2016-06-26 22:21 - 2016-01-27 21:09 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\Audacity
    2016-06-26 12:25 - 2016-01-14 14:52 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-06-26 12:03 - 2016-02-08 19:44 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\.minecraft
    2016-06-25 21:21 - 2016-01-21 19:13 - 00000000 ____D C:\Users\Fernando\AppData\Roaming\TS3Client
    2016-06-18 14:27 - 2016-01-15 07:33 - 00000000 ____D C:\Users\Fernando\Documents\WHATSAPP
    2016-06-17 22:32 - 2016-01-14 13:59 - 00002412 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-17 16:51 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-06-14 19:16 - 2016-01-14 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-06-14 19:04 - 2016-01-14 13:07 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help

    ==================== Arquivos na raiz de alguns diretórios =======

    2016-06-06 09:32 - 2016-06-06 09:32 - 0000034 _____ () C:\Program Files\Common Files\9E3EC1B1.zq
    2016-01-17 18:41 - 2016-01-17 18:41 - 0000000 ___SH () C:\ProgramData\.rdata

    Alguns arquivos em TEMP:
    ====================
    C:\Users\Fernando\AppData\Local\Temp\avgnt.exe
    C:\Users\Mae e Pai\AppData\Local\Temp\avgnt.exe
    C:\Users\Mae e Pai\AppData\Local\Temp\libeay32.dll
    C:\Users\Mae e Pai\AppData\Local\Temp\msvcr120.dll
    C:\Users\Mae e Pai\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


    LastRegBack: 2016-07-09 10:00

    ==================== Fim de FRST.txt ============================

     

    Addition.txt

    Editado por NandoStahelin79

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @NandoStahelin79

     

    Opa! :)

     

    Amigo, por favor, não coloque os logs entre TAGS, obrigado!

     

    Ative o firewall do Windows.

     

    Você conhece e/ou utiliza este proxy: http=127.0.0.1:8080

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @NandoStahelin79

     

    Atenção: Salve o conteúdo abaixo (fixlist.txt) em UNICODE.

     

    1. Clique com o botão direito na Área de Trabalho. Escolha a opção Novo, Documento de texto.

    2. Abra o Novo Documento de Texto.txt. Não escreva nada no arquivo, deixe-o em branco.

    3. Vá em Arquivo -> Salvar como... -> Selecione Unicode na opção Codificação, e clique em Salvar substituindo o arquivo existente. Feche o arquivo.

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

     

    Citação

    CreateRestorePoint:
    CloseProcesses:
    CMD: bitsadmin /util /setieproxy localsystem NO_PROXY RESET
    Firewall do Windows está desabilitado.
    ProxyServer: [S-1-5-21-2153180568-1299950508-860908323-1002] => http=127.0.0.1:8080;https=127.0.0.1:8080
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.br
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/?gws_rd=ssl
    HKU\S-1-5-21-2153180568-1299950508-860908323-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    SearchScopes: HKU\S-1-5-21-2153180568-1299950508-860908323-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    R0 88A07145; C:\Windows\System32\drivers\88A07145.sys [478392 2016-07-08] (Kaspersky Lab ZAO)
    R0 88A071456; C:\Windows\System32\drivers\88A071456.sys [478392 2016-07-05] (Kaspersky Lab ZAO)
    R0 88A0714561; C:\Windows\System32\drivers\88A0714561.sys [478392 2016-07-05] (Kaspersky Lab ZAO)
    2016-07-08 00:25 - 2016-07-08 00:25 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\88A07145.sys
    2016-07-05 23:11 - 2016-07-05 23:11 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\88A0714561.sys
    2016-07-05 23:06 - 2016-07-05 23:06 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\88A071456.sys
    S3 EverestDriver; não ImagePath
    S1 UGKrnlDrv; não ImagePath
    2016-06-06 09:32 - 2016-06-06 09:32 - 0000034 _____ () C:\Program Files\Common Files\9E3EC1B1.zq
    2016-01-17 18:41 - 2016-01-17 18:41 - 0000000 ___SH () C:\ProgramData\.rdata
    C:\Users\Fernando\AppData\Local\Temp\avgnt.exe
    C:\Users\Mae e Pai\AppData\Local\Temp\avgnt.exe
    C:\Users\Mae e Pai\AppData\Local\Temp\libeay32.dll
    C:\Users\Mae e Pai\AppData\Local\Temp\msvcr120.dll
    C:\Users\Mae e Pai\AppData\Local\Temp\sqlite3.dll
    Task: {BBBA083A-4DAC-4387-960A-ED9DE417FB37} - \AutoPico Daily Restart -> Nenhum Arquivo <==== ATENÇÃO
    Task: {C51D0B39-1927-45A7-B5FB-C85987E4FA6F} - \AutoKMS -> Nenhum Arquivo <==== ATENÇÃO
    Task: {EAC9582B-E88D-44D4-9125-661429227B5C} - \klcp_update -> Nenhum Arquivo <==== ATENÇÃO
    FirewallRules: [{C7E31308-2A5D-4955-AD63-75D1E0DECEF4}] => (Allow) 㩃啜敳獲䙜牥慮摮屯灁䑰瑡屡潒浡湩屧獳屮獳⹮硥e
    FirewallRules: [{4E09DA1C-8A06-4CE5-99BA-5D454FF0E9EC}] => (Allow) 㩃啜敳獲䙜牥慮摮屯灁䑰瑡屡潒浡湩屧獳屮慳敶灵攮數
    StandardProfile\AuthorizedApplications: [C:\Users\Fernando\Desktop\AdsFix.exe] => Enabled:AdsFix
    C:\Users\Fernando\Desktop\AdsFix.exe
    StandardProfile\AuthorizedApplications: [C:\Users\Mae e Pai\Desktop\AdsFix.exe] => Enabled:AdsFix
    C:\Users\Mae e Pai\Desktop\AdsFix.exe
    FirewallRules: [{F99BAB0C-162B-458B-A315-C0338964828D}] => (Allow) C:\Program Files\HitmanPro\hitmanpro_x64.exe
    FirewallRules: [{EE20B98E-0B57-40F1-86E7-B5E92D6F738E}] => (Allow) C:\Program Files\HitmanPro\hitmanpro_x64.exe
    FirewallRules: [{D4D49BC3-D825-4854-8135-FD7B4FB52391}] => (Allow) C:\Program Files\HitmanPro\hitmanpro_x64.exe
    FirewallRules: [{39B2D594-0C47-438E-8659-9554598B26FF}] => (Allow) C:\Program Files\HitmanPro\hitmanpro_x64.exe
    FirewallRules: [{5BDD86DD-50FC-4B63-8DF5-B4D7E0D25789}] => (Allow) %ProgramFiles%\HitmanPro\hitmanpro_x64.exe
    FirewallRules: [{14A88C6A-CEF0-48E6-BDF6-FD479F8389B8}] => (Allow) %ProgramFiles%\HitmanPro\hitmanpro_x64.exe
    C:\Program Files\HitmanPro\hitmanpro_x64.exe
    RemoveProxy:
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    EmptyTemp:

     

    • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
    • Execute novamente o FRST e clique no botão Corrigir;
    • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Abraços :D

    Editado por diego_moicano

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Obrigado pelas respostas rápidas@diego_moicano .

     

     

    Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 10-07-2016
    Executado por Mae e Pai (2016-07-10 15:04:34) Run:1
    Executando a partir de C:\Users\Mae e Pai\Desktop
    Perfis Carregados: Fernandowski & Mae e Pai (Perfis Disponíveis: Fernandowski & Mae e Pai)
    Modo da Inicialização: Normal
    ==============================================

    fixlist Conteúdo:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    CMD: bitsadmin /util /setieproxy localsystem NO_PROXY RESET
    Firewall do Windows está desabilitado.
    ProxyServer: [S-1-5-21-2153180568-1299950508-860908323-1002] => http=127.0.0.1:8080;https=127.0.0.1:8080
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.br
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/?gws_rd=ssl
    HKU\S-1-5-21-2153180568-1299950508-860908323-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    SearchScopes: HKU\S-1-5-21-2153180568-1299950508-860908323-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    R0 88A07145; C:\Windows\System32\drivers\88A07145.sys [478392 2016-07-08] (Kaspersky Lab ZAO)
    R0 88A071456; C:\Windows\System32\drivers\88A071456.sys [478392 2016-07-05] (Kaspersky Lab ZAO)
    R0 88A0714561; C:\Windows\System32\drivers\88A0714561.sys [478392 2016-07-05] (Kaspersky Lab ZAO)
    2016-07-08 00:25 - 2016-07-08 00:25 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\88A07145.sys
    2016-07-05 23:11 - 2016-07-05 23:11 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\88A0714561.sys
    2016-07-05 23:06 - 2016-07-05 23:06 - 00478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\88A071456.sys
    S3 EverestDriver; não ImagePath
    S1 UGKrnlDrv; não ImagePath
    2016-06-06 09:32 - 2016-06-06 09:32 - 0000034 _____ () C:\Program Files\Common Files\9E3EC1B1.zq
    2016-01-17 18:41 - 2016-01-17 18:41 - 0000000 ___SH () C:\ProgramData\.rdata
    C:\Users\Fernando\AppData\Local\Temp\avgnt.exe
    C:\Users\Mae e Pai\AppData\Local\Temp\avgnt.exe
    C:\Users\Mae e Pai\AppData\Local\Temp\libeay32.dll
    C:\Users\Mae e Pai\AppData\Local\Temp\msvcr120.dll
    C:\Users\Mae e Pai\AppData\Local\Temp\sqlite3.dll
    Task: {BBBA083A-4DAC-4387-960A-ED9DE417FB37} - \AutoPico Daily Restart -> Nenhum Arquivo <==== ATENÇÃO
    Task: {C51D0B39-1927-45A7-B5FB-C85987E4FA6F} - \AutoKMS -> Nenhum Arquivo <==== ATENÇÃO
    Task: {EAC9582B-E88D-44D4-9125-661429227B5C} - \klcp_update -> Nenhum Arquivo <==== ATENÇÃO
    FirewallRules: [{C7E31308-2A5D-4955-AD63-75D1E0DECEF4}] => (Allow) 㩃啜敳獲䙜牥慮摮屯灁䑰瑡屡潒浡湩屧獳屮獳⹮硥e
    FirewallRules: [{4E09DA1C-8A06-4CE5-99BA-5D454FF0E9EC}] => (Allow) 㩃啜敳獲䙜牥慮摮屯灁䑰瑡屡潒浡湩屧獳屮慳敶灵攮數
    StandardProfile\AuthorizedApplications: [C:\Users\Fernando\Desktop\AdsFix.exe] => Enabled:AdsFix
    C:\Users\Fernando\Desktop\AdsFix.exe
    StandardProfile\AuthorizedApplications: [C:\Users\Mae e Pai\Desktop\AdsFix.exe] => Enabled:AdsFix
    C:\Users\Mae e Pai\Desktop\AdsFix.exe
    FirewallRules: [{F99BAB0C-162B-458B-A315-C0338964828D}] => (Allow) C:\Program Files\HitmanPro\hitmanpro_x64.exe
    FirewallRules: [{EE20B98E-0B57-40F1-86E7-B5E92D6F738E}] => (Allow) C:\Program Files\HitmanPro\hitmanpro_x64.exe
    FirewallRules: [{D4D49BC3-D825-4854-8135-FD7B4FB52391}] => (Allow) C:\Program Files\HitmanPro\hitmanpro_x64.exe
    FirewallRules: [{39B2D594-0C47-438E-8659-9554598B26FF}] => (Allow) C:\Program Files\HitmanPro\hitmanpro_x64.exe
    FirewallRules: [{5BDD86DD-50FC-4B63-8DF5-B4D7E0D25789}] => (Allow) %ProgramFiles%\HitmanPro\hitmanpro_x64.exe
    FirewallRules: [{14A88C6A-CEF0-48E6-BDF6-FD479F8389B8}] => (Allow) %ProgramFiles%\HitmanPro\hitmanpro_x64.exe
    C:\Program Files\HitmanPro\hitmanpro_x64.exe
    RemoveProxy:
    CMD: bitsadmin /reset /allusers
    CMD: ipconfig /flushdns
    EmptyTemp:
    *****************

    Ponto de Restauração criado com sucesso.
    Processos fechados com sucesso.

    ========= bitsadmin /util /setieproxy localsystem NO_PROXY RESET =========


    BITSADMIN version 3.0 [ 7.8.10586 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Internet proxy settings for account localsystem set to NO_PROXY.
    (connection = default)


    ========= Fim deCMD: =========

    Firewall do Windows está desabilitado. => Erro: Nenhuma correção automática foi encontrada para esta entrada.
    HKU\S-1-5-21-2153180568-1299950508-860908323-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => valor removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso.
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor removido (a) com sucesso.
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
    HKU\S-1-5-21-2153180568-1299950508-860908323-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    88A07145 => Não foi possível finalizar o serviço.
    88A07145 => serviço removido (a) com sucesso.
    88A071456 => Não foi possível finalizar o serviço.
    88A071456 => serviço removido (a) com sucesso.
    88A0714561 => Não foi possível finalizar o serviço.
    88A0714561 => serviço removido (a) com sucesso.
    C:\WINDOWS\system32\Drivers\88A07145.sys => movido com sucesso
    C:\WINDOWS\system32\Drivers\88A0714561.sys => movido com sucesso
    C:\WINDOWS\system32\Drivers\88A071456.sys => movido com sucesso
    EverestDriver => serviço removido (a) com sucesso.
    UGKrnlDrv => serviço removido (a) com sucesso.
    C:\Program Files\Common Files\9E3EC1B1.zq => movido com sucesso
    C:\ProgramData\.rdata => movido com sucesso
    C:\Users\Fernando\AppData\Local\Temp\avgnt.exe => movido com sucesso
    C:\Users\Mae e Pai\AppData\Local\Temp\avgnt.exe => movido com sucesso
    C:\Users\Mae e Pai\AppData\Local\Temp\libeay32.dll => movido com sucesso
    C:\Users\Mae e Pai\AppData\Local\Temp\msvcr120.dll => movido com sucesso
    C:\Users\Mae e Pai\AppData\Local\Temp\sqlite3.dll => movido com sucesso
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBBA083A-4DAC-4387-960A-ED9DE417FB37}" => chave removido (a) com sucesso.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBBA083A-4DAC-4387-960A-ED9DE417FB37}" => chave removido (a) com sucesso.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => chave removido (a) com sucesso.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C51D0B39-1927-45A7-B5FB-C85987E4FA6F}" => chave removido (a) com sucesso.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C51D0B39-1927-45A7-B5FB-C85987E4FA6F}" => chave removido (a) com sucesso.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => chave removido (a) com sucesso.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAC9582B-E88D-44D4-9125-661429227B5C}" => chave removido (a) com sucesso.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAC9582B-E88D-44D4-9125-661429227B5C}" => chave removido (a) com sucesso.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update" => chave removido (a) com sucesso.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7E31308-2A5D-4955-AD63-75D1E0DECEF4} => valor removido (a) com sucesso.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4E09DA1C-8A06-4CE5-99BA-5D454FF0E9EC} => valor removido (a) com sucesso.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Fernando\Desktop\AdsFix.exe => valor removido (a) com sucesso.
    "C:\Users\Fernando\Desktop\AdsFix.exe" => não encontrado (a).
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\Mae e Pai\Desktop\AdsFix.exe => valor removido (a) com sucesso.
    "C:\Users\Mae e Pai\Desktop\AdsFix.exe" => não encontrado (a).
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F99BAB0C-162B-458B-A315-C0338964828D} => valor removido (a) com sucesso.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE20B98E-0B57-40F1-86E7-B5E92D6F738E} => valor removido (a) com sucesso.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4D49BC3-D825-4854-8135-FD7B4FB52391} => valor removido (a) com sucesso.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39B2D594-0C47-438E-8659-9554598B26FF} => valor removido (a) com sucesso.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BDD86DD-50FC-4B63-8DF5-B4D7E0D25789} => valor removido (a) com sucesso.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14A88C6A-CEF0-48E6-BDF6-FD479F8389B8} => valor removido (a) com sucesso.
    C:\Program Files\HitmanPro\hitmanpro_x64.exe => movido com sucesso

    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
    HKU\S-1-5-21-2153180568-1299950508-860908323-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
    HKU\S-1-5-21-2153180568-1299950508-860908323-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
    HKU\S-1-5-21-2153180568-1299950508-860908323-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


    ========= Fim de RemoveProxy: =========


    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.8.10586 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    0 out of 0 jobs canceled.

    ========= Fim deCMD: =========


    ========= ipconfig /flushdns =========


    Configura��o de IP do Windows

    Libera��o do Cache do DNS Resolver bem-sucedida.

    ========= Fim deCMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 1134528 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68451075 B
    Java, Flash, Steam htmlcache => 858 B
    Windows/system/drivers => 22404 B
    Edge => 813728 B
    Chrome => 468701779 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 382392 B
    LocalService => 16678 B
    NetworkService => 28644 B
    Fernando => 26924073 B
    Mae e Pai => 352530253 B

    RecycleBin => 0 B
    EmptyTemp: => 876.4 MB de dados temporários Removidos.

    ================================


    O sistema precisou ser reiniciado.

    ==== Fim de Fixlog 15:11:09 ====

     

     

    No Google Chrome agora abrem novas guias com os endereços:

    Citação

     e  agora também aparecem propagandas no navegador da Offers4U

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @NandoStahelin79

     

    Baixe a Malwarebytes Anti-Malware (MBAM).
     
    Clique duas vezes no mbam-setup.exe para instalar o programa.

    • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
    • Se houver atualizações a serem feitas, serão baixadas e instaladas..
    • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
    • Volte ao Painel e por fim clique em Verificar agora.
    • Começará então o exame. Aguarde, pois pode demorar.
    • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
    • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
    • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
    • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
    • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
    • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

     

    NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Boa noite,@diego_moicano
     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Data da verificação: 11/07/2016
    Hora da verificação: 19:03
    Arquivo de registro: mbam log.txt
    Administrador: Sim

    Versão: 2.2.1.1043
    Banco de dados de malware: v2016.07.11.10
    Banco de dados de rootkit: v2016.05.27.01
    Licença: Gratuita
    Proteção contra malware: Desabilitado
    Proteção contra website malicioso: Desabilitado
    Autoproteção: Desabilitado

    Sistema operacional: Windows 10
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: Mae e Pai

    Tipo de verificação: Verificação da ameaça
    Resultado: Concluído
    Objetos verificados: 389311
    Tempo decorrido: 2 hr, 5 min, 5 seg

    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Aviso
    PUM: Aviso

    Processos: 1
    PUP.Optional.SafeGuard.ChrPRST, C:\Program Files (x86)\XBox\XBLive.exe, 2232, Excluir ao reiniciar, [7a4cad75990184b24800ede50cf6f60a]

    Módulos: 0
    (Nenhum item malicioso detectado)

    Chaves de registro: 4
    PUP.Optional.SearchEngage, HKLM\SOFTWARE\MICROSOFT\TRACING\saveup_RASMANCS, Quarentena, [12b45cc6940657df5fa440ba38cbb34d], 
    PUP.Optional.Navegaki.PrxySvrRST, HKLM\SOFTWARE\RELTEK, Quarentena, [547273af009a87afa40739b1719248b8], 
    PUP.Optional.Navegaki.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\RELTEK, Quarentena, [1bab09190397340277348e5c08fbba46], 
    PUP.Optional.SafeGuard.ChrPRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XBOX, Quarentena, [7a4cad75990184b24800ede50cf6f60a], 

    Valores de registro: 3
    PUP.Optional.Navegaki.PrxySvrRST, HKLM\SOFTWARE\RELTEK|channel, egg3, Quarentena, [547273af009a87afa40739b1719248b8]
    PUP.Optional.Navegaki.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\RELTEK|channel, 365br, Quarentena, [1bab09190397340277348e5c08fbba46]
    PUP.Optional.SafeGuard.ChrPRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XBOX|ImagePath, C:\Program Files (x86)\XBox\XBLive.exe, Quarentena, [7a4cad75990184b24800ede50cf6f60a]

    Dados de registro: 2
    PUP.Optional.Brotstation.ChrPRST, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg, Bom: (iexplore.exe), Ruim: (C:\Program Files\Internet Explorer\iexplore.exe http://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg),Substituído,[f7cf4bd7f6a4fb3bce35f78329dbea16]
    PUP.Optional.Brotstation.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg, Bom: (iexplore.exe), Ruim: (C:\Program Files\Internet Explorer\iexplore.exe http://nav.brotstation.com?uid={02dd927891c74911bb7ce3f3c61571db}&r=eg),Substituído,[dee8fb27d6c4181e0003f981d92bdf21]

    Pastas: 2
    PUP.Optional.XBLive.ChrPRST, C:\ProgramData\Microsoft\XBLive\Egg, Quarentena, [63630f13a4f61422b61607f0ba493ac6], 
    PUP.Optional.XBLive.ChrPRST, C:\ProgramData\Microsoft\XBLive, Quarentena, [63630f13a4f61422b61607f0ba493ac6], 

    Arquivos: 2
    PUP.Optional.XBLive.ChrPRST, C:\ProgramData\Microsoft\XBLive\Egg\{4X9BDO5ZB2CB48568D969B33C59067EA160706}.CONFIG, Quarentena, [63630f13a4f61422b61607f0ba493ac6], 
    PUP.Optional.SafeGuard.ChrPRST, C:\Program Files (x86)\XBox\XBLive.exe, Excluir ao reiniciar, [7a4cad75990184b24800ede50cf6f60a], 

    Setores físicos: 0
    (Nenhum item malicioso detectado)


    (end)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Amigo

     

    O Offers4U e as guias ainda aparecem no Chrome? Se sim, teria como me enviar alguns prints?

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @diego_moicano

    Aparentemente sumiu tudo, não tá abrindo mais nenhuma aba nem pop-up.

    O Avira Free Antivírus tava indicando que C:\ProgramData\Microsoft\XBLive\Egg\ e umas chaves aí era vírus, e excluiu.

     

    Se voltar a ocorrer te aviso

    Obrigado =D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @NandoStahelin79

     

    Ótimo, mas não terminamos ainda... ;)

     

    Faça um novo log com o FRST, porém antes de clicar no botão Examinar, marque a opção Addition.

     

    Anexe os logs, por favor.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @NandoStahelin79

     

    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe o Stinger e salve em sua Área de trabalho (Desktop).
    32 bit (x86) ou 64 bit (x64)

    • Execute o arquivo Stinger.exe
      • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
    • Clique no botão “I Accept”


    Stinger%20a.png

    Na nova janela clique em “Advanced” e depois “Settings”

    Stinger%20b.png

    Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

    9hnsyu.png

    Clique em “Customize my Scan”

    Stinger%20f.png

    Selecione as unidades do sistema e em seguida clique no botão “Scan”

    Stinger%20g.png

    Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
    Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @NandoStahelin79

     

    Desative temporariamente seu Antivírus

     

    • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
    • Clique neste botão: j9Byf.png?1
    • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
      • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
      • Duplo clique no ícone em seu desktop.
    • Marque "YES, I accept the Terms of Use."
    • Clique em Start.
    • Aceite qualquer aviso de segurança de seu browser.
    • Marque: "Enable detection of potentially unwanted applications"
    • Clique em Hide Advanced settings e marque o seguinte:
      • Remove found threats
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Clique Change e marque também a caixa Computador.
    • Clique em Start.
    • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
    • Quando o scan terminar, clique em List of found threats
    • Clique em Export to text file e salve o log na sua área de trabalho.
    • Clique em Back.
    • Clique em Finish.
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @NandoStahelin79

     

    Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

     

    Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

    • Aguarde enquanto a ferramenta faz o exame.
    • Ao final salve log como SecurityCheck.html
    • Abra o arquivo com o bloco de notas;
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @diego_moicano E aí cara, obrigado pela ajuda

     

    SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
    WebSite: www.safezone.cc
    DateLog: 23.07.2016 13:37:22
    Path starting: C:\Users\Fernando\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
    Log directory: C:\SecurityCheck\
    IsAdmin: True
    User: Fernandowski
    VersionXML: 3.24is-22.07.2016
    ___________________________________________________________________________

    Windows 10(6.3.10586) (x64) Professional Lang: Portuguese(0416)
    Installation date OS: 02.03.2016 12:30:46
    LicenseStatus: Windows(R), Professional edition Volume activation will expire : 53827 minutes
    Boot Mode: Normal
    Default Browser: Internet Explorer (iexplore.exe)
    SystemDrive: C: FS: [NTFS] Capacity: [146 Gb] Used: [109.2 Gb] Free: [36.8 Gb]
    ------------------------------- [ Windows ] -------------------------------
    Internet Explorer 11.494.10586.0
    User Account Control enabled
    Automatic Updates disabled (-1)
    Windows Update (wuauserv) - The service has stopped
    Central de Segurança (wscsvc) - The service is running
    Registro remoto (RemoteRegistry) - The service has stopped
    Descoberta SSDP (SSDPSRV) - The service is running
    Serviços de Área de Trabalho Remota (TermService) - The service has stopped
    Windows Remote Management (WS-Management) (WinRM) - The service has stopped
    ------------------------------ [ MS Office ] ------------------------------
    Microsoft Office 2010 x86 v.14.0.7015.1000
    ---------------------------- [ Antivirus_WMI ] ----------------------------
    Avira Antivirus (enabled and up to date)
    Windows Defender (disabled and up to date)
    --------------------------- [ FirewallWindows ] ---------------------------
    Firewall do Windows (MpsSvc) - The service is running
    --------------------------- [ AntiSpyware_WMI ] ---------------------------
    Avira Antivirus (enabled and up to date)
    Windows Defender (disabled and up to date)
    ---------------------- [ AntiVirusFirewallInstall ] -----------------------
    Avira Antivirus v.15.0.17.273
    -------------------------- [ SecurityUtilities ] --------------------------
    HijackThis 2.0.2 v.2.0.2
    Malwarebytes Anti-Malware versão 2.2.1.1043 v.2.2.1.1043
    --------------------------- [ OtherUtilities ] ----------------------------
    WinRAR 5.31 (64-bit) v.5.31.0
    TeamViewer 11 v.11.0.59131 Warning! Download Update
    VLC media player v.2.1.5 Warning! Download Update
    WinRAR archiver
    TeamViewer 11 (TeamViewer) - The service is running
    --------------------------------- [ IM ] ----------------------------------
    Skype™ 7.18 v.7.18.112 Warning! Download Update
    ^Optional update.^
    --------------------------------- [ P2P ] ---------------------------------
    µTorrent v.3.4.7.42330 Warning! P2P-client.
    -------------------------------- [ Java ] ---------------------------------
    Java 8 Update 71 v.8.0.710.15 Warning! Download Update
    Uninstall old version and install new one (jre-8u102-windows-i586.exe).
    --------------------------- [ AppleProduction ] ---------------------------
    Bonjour v.3.1.0.1
    iTunes v.12.3.2.35 Warning! Download Update
    ^Please use Apple Software Update tool.^
    QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
    Serviço do Bonjour (Bonjour Service) - The service has stopped
    --------------------------- [ AdobeProduction ] ---------------------------
    Adobe Reader XI - Português v.11.0.00 Warning! Download Update
    ^Please run Adobe Reader XI and go Help - Check for updates...^
    ------------------------------- [ Browser ] -------------------------------
    Google Chrome v.51.0.2704.103 Warning! Download Update
    --------------------------- [ RunningProcess ] ----------------------------
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.51.0.2704.103
    ------------------ [ AntivirusFirewallProcessServices ] -------------------
    Avira Agendamento (AntiVirSchedulerService) - The service is running
    C:\Program Files (x86)\Avira\Antivirus\sched.exe v.15.0.17.264
    Avira Real-Time Protection (AntiVirService) - The service is running
    C:\Program Files (x86)\Avira\Antivirus\avguard.exe v.15.0.17.264
    Avira Mail Protection (AntiVirMailService) - The service has stopped
    Avira Web Protection (AntiVirWebService) - The service has stopped
    Avira Service Host (Avira.ServiceHost) - The service has stopped
    C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe v.1.1.65.9690
    C:\Program Files (x86)\Avira\Antivirus\avshadow.exe v.15.0.17.273
    C:\Program Files (x86)\Avira\Antivirus\avgnt.exe v.15.0.17.264
    MBAMService (MBAMService) - The service has stopped
    McAfee Validation Trust Protection Service (mfevtp) - The service is running
    C:\Windows\System32\mfevtps.exe
    Serviço Windows Defender (WinDefend) - The service has stopped
    Serviço de Inspeção de Rede do Windows Defender (WdNisSvc) - The service has stopped
    ---------------------------- [ UnwantedApps ] -----------------------------
    Advanced SystemCare 8 v.8.4.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
    Surfing Protection v.1.3 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
    IObit Uninstaller v.4.3.0.5 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
    SpyHunter 4 v.4.21.18.4608 Warning! Suspected demo version of anti-spyware or optimization program - scareware or badware. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
    Auslogics DiskDefrag v.6.2.1.0 Warning! Suspected demo version of anti-spyware or optimization program - scareware or badware. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
    ----------------------------- [ End of Log ] ------------------------------
     

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro @NandoStahelin79

     

    # Etapa nº 1 #

     

    Baixe o Delfix by Xplode e salve na sua área de trabalho.

     

    Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

     

    ** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

     

    2mez6ld.png

     

    Clique no botão Executar.

     

    Ao final será gerado um log, mas não é necessário postar.
     
    # Etapa nº 2 #
     
    imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.
     
    Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).
     
    Basta clicar no Download Update de cada aviso, que irá para o site do desenvolvedor.

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

     

    # Etapa nº 3 #

     

    O Ccleaner é um excelente utilitário de limpeza para o computador.

     

    Faça o download dele aqui Ccleaner

     

    • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
    • Clique duas vezes nesta pasta;
    • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
    • Coloque o nome de backups.
    • Abra o programa e clique em Executar Limpeza;
    • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×