Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Rafael Kubaski

não consigo remover um trojan

Recommended Posts

Boa tarde, 

Estou há dois dias tentando remover o vírus TrojanSpy: Win32/Banker!rfn mas nada dá certo. Já tentei todos os programas possíveis, mas o defender continua detectando o mesmo e não consegue excluir.

zoek-results.log

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Rafael Kubaski

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito.
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta anexando o log do ZA-Scan, de acordo com essas instruções:

http://forum.clubedohardware.com.br/topic/1105783-como-criar-seu-t%C3%B3pico/

 

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Em 2017-5-30 às 14:36, Rafael Kubaski disse:

Já tentei todos os programas possíveis, 

 

Quais?

 

Baixe o RogueKiller e salve em sua Área de Trabalho (Desktop).
http://www.adlice.com/download/roguekiller/#download

Execute o arquivo RogueKiller.exe.

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique na aba Scan, depois Start Scan. Aguarde o exame finalizar.
  • Clique no botão Open Report, e seguida em Open TXT
  • Abrirá um bloco de notas com informações.
  • Copie e cole o conteúdo desse arquivo em sua próxima resposta.

OBS: não use o botão Remove Selected pois precisamos primeiro avaliar os itens encontrados.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Boa noite, utilizei malwarebytes, adwcleaner, ccleaner, zoesk, entre outros..

     

    segue o conteúdo do bloco de notas:

     

    RogueKiller V12.11.1.0 (x64) [Jun  4 2017] (Free) por Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Site : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Sistema Operacional : Windows 10 (10.0.15063) 64 bits version
    Iniciou : Modo normal
    Usuário : ALK [Administrador]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Modo : Escanear -- Data : 06/05/2017 23:52:24 (Duration : 00:40:16)

    ¤¤¤ Processos : 0 ¤¤¤

    ¤¤¤ Registro : 2 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-906007581-1094903313-3760833696-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Encontrado
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-906007581-1094903313-3760833696-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Encontrado

    ¤¤¤ Tarefas : 0 ¤¤¤

    ¤¤¤ Arquivos : 3 ¤¤¤
    [PUP.DownloadAssistant][Pasta] C:\Users\all_f\AppData\Roaming\DVDVideoSoft -> Encontrado
    [Tr.Gen0][Arquivo] C:\Users\all_f\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Encontrado
    [Tr.Gen0][Arquivo] C:\Users\all_f\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Encontrado

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Arquivos de hosts : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

    ¤¤¤ Navegadores : 0 ¤¤¤

    ¤¤¤ Verificação da MBR : ¤¤¤
    +++++ PhysicalDrive0: ST500LT0 ST500LT012-9WS1 +++++
    --- User ---
    [MBR] 1f295dd4a39aeebd55442a9bce908635
    [BSP] c7e1e984c1f70cfe7c63967f525f9a92 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 376441 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 770953216 | Size: 491 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 771960832 | Size: 100000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! NOT VALID!

    +++++ PhysicalDrive1: MZMPC032 MZMPC032HBCD-00 +++++
    --- User ---
    [MBR] 41faece0d52db66ea5a113702e56dd21
    [BSP] b09df01bd82db99f473fec953fa76eae : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 32 MB
    1 - Basic data partition | Offset (sectors): 67584 | Size: 8176 MB
    User = LL1 ... OK
    Error reading LL2 MBR! NOT VALID!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • recentemente começou a aparecer também janela de erro de aplicativo, referente a userinit.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Rafael Kubaski

     

    Baixe o 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR)

    Extraia o arquivos para sua área de trabalho

    • Acesse a pasta mbar e execute o arquivo mbar.exe
    • Clique no botão Next, depois em Update,
    • Clique novamente em Next, e em seguida em Scan.
    • Ao final, Não clique no Cleanup, basta apenas sair do programa.
    • Anexe os logs mbar-log.txt e system-log.txt , localizado na pasta mbar

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Rafael Kubaski

     

    Faça o download Zemana AntiMalware do seguinte local e salve-o em sua área de trabalho:
    https://www.bleepingcomputer.com/download/zemana-antimalware/
    1
    Uma vez baixado, feche todos os programas e janelas abertas no seu computador.

    2
     

    Agora clique duas vezes no ícone na área de trabalho Zemana.AntiMalware.Setup.exe
    Isto irá iniciar a instalação do Zemana AntiMalware em seu computador.

    3
     

    Quando a instalação começar, continue seguindo as instruções, a fim de continuar com o processo de instalação. Não faça quaisquer alterações nas configurações padrão e quando o programa estiver instalado, Zemana irá iniciar e exibir a tela principal automaticamente.

    4
     Clique no botão SCAN
    5
     Zemana AntiMalware vai agora começar a varredura de malware no computador. Este processo pode demorar um pouco, por isso sugerimos que você fazer outra coisa e verificar periodicamente sobre o estado da verificação para ver quando ele for concluído.
    6
     

    Quando Zemana terminar o scan ele irá exibir uma tela com os malwareres que foram detectados. Por favor, note que as infecções encontradas pode ser diferente do que é mostrado na imagem abaixo.

    Resultados da verificação Zemana Anti-Malware

    Verifique os resultados da verificação e, quando estiver pronto para continuar com o processo de limpeza, clique no seguinte botão para eliminar ou reparar todos os resultados selecionados. Depois de clicar no botão Avançar, Zemana irá remover quaisquer arquivos indesejados e corrigir quaisquer arquivos legítimos modificados. Se você receber um aviso de que Zemana precisa fechar seus browsers abertos, por favor, feche todos os navegadores da web que podem ser abertos e, em seguida, clique no OK botão para continuar.

    Zemana agora irá criar um ponto de restauração e remover os arquivos detectados e reparar quaisquer arquivos que foram modificados.

    Poste o resultado no seu proximo post.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @Turco Segue o resultado.

     

    Zemana AntiMalware 2.72.179.388 (instalado)

    -------------------------------------------------------
    Scan Result            : Concluído
    Scan Date              : 2017/6/8
    Operating System       : Windows 10 64-bit
    Processor              : 4X Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
    BIOS Mode              : Legacy
    CUID                   : 126D72D79CCFF7CF78903A
    Scan Type              : Análise do Sistema
    Duration               : 18m 29s
    Scanned Objects        : 154084
    Detected Objects       : 14
    Excluded Objects       : 0
    Read Level             : SCSI
    Auto Upload            : Activado
    Detect All Extensions  : Desactivado
    Scan Documents         : Desactivado
    Domain Info            : KUBANET,0,2

    Detected Objects
    -------------------------------------------------------

    Chrome Shortcut
    Status             : Analisados
    Object             : --profile-directory="Profile 3"
    MD5                : -
    Publisher          : -
    Size               : -
    Version            : -
    Detection          : Configuração do navegador suspeito
    Cleaning Action    : Reparar
    Related Objects    :
                    Configuração do navegador - Chrome Shortcut

    svchost.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\svchost.exe
    MD5                : 6BDB3091562E7DD2C877472286B6CC46
    Publisher          : Microsoft Windows Publisher
    Size               : 40904
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 7040 - C:\Windows\SysWOW64\svchost.exe
                    Arquivo - %systemroot%\syswow64\svchost.exe

    svchost.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\svchost.exe
    MD5                : 6BDB3091562E7DD2C877472286B6CC46
    Publisher          : Microsoft Windows Publisher
    Size               : 40904
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 4476 - C:\Windows\SysWOW64\svchost.exe
                    Arquivo - %systemroot%\syswow64\svchost.exe

    svchost.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\svchost.exe
    MD5                : 6BDB3091562E7DD2C877472286B6CC46
    Publisher          : Microsoft Windows Publisher
    Size               : 40904
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 5708 - C:\Windows\SysWOW64\svchost.exe
                    Arquivo - %systemroot%\syswow64\svchost.exe

    svchost.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\svchost.exe
    MD5                : 6BDB3091562E7DD2C877472286B6CC46
    Publisher          : Microsoft Windows Publisher
    Size               : 40904
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 6024 - C:\Windows\SysWOW64\svchost.exe
                    Arquivo - %systemroot%\syswow64\svchost.exe

    svchost.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\svchost.exe
    MD5                : 6BDB3091562E7DD2C877472286B6CC46
    Publisher          : Microsoft Windows Publisher
    Size               : 40904
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 7700 - C:\Windows\SysWOW64\svchost.exe
                    Arquivo - %systemroot%\syswow64\svchost.exe

    svchost.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\svchost.exe
    MD5                : 6BDB3091562E7DD2C877472286B6CC46
    Publisher          : Microsoft Windows Publisher
    Size               : 40904
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 5984 - C:\Windows\SysWOW64\svchost.exe
                    Arquivo - %systemroot%\syswow64\svchost.exe

    svchost.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\svchost.exe
    MD5                : 6BDB3091562E7DD2C877472286B6CC46
    Publisher          : Microsoft Windows Publisher
    Size               : 40904
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 8264 - C:\Windows\SysWOW64\svchost.exe
                    Arquivo - %systemroot%\syswow64\svchost.exe

    svchost.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\svchost.exe
    MD5                : 6BDB3091562E7DD2C877472286B6CC46
    Publisher          : Microsoft Windows Publisher
    Size               : 40904
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 5428 - C:\Windows\SysWOW64\svchost.exe
                    Arquivo - %systemroot%\syswow64\svchost.exe

    svchost.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\svchost.exe
    MD5                : 6BDB3091562E7DD2C877472286B6CC46
    Publisher          : Microsoft Windows Publisher
    Size               : 40904
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 7844 - C:\Windows\SysWOW64\svchost.exe
                    Arquivo - %systemroot%\syswow64\svchost.exe

    svchost.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\svchost.exe
    MD5                : 6BDB3091562E7DD2C877472286B6CC46
    Publisher          : Microsoft Windows Publisher
    Size               : 40904
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 6632 - C:\Windows\SysWOW64\svchost.exe
                    Arquivo - %systemroot%\syswow64\svchost.exe

    userinit.exe
    Status             : Analisados
    Object             : %systemroot%\syswow64\userinit.exe
    MD5                : 61E7F56A1C00894FCB212F25BB52EE68
    Publisher          : Microsoft Windows
    Size               : 27136
    Version            : 10.0.15063.0
    Detection          : Processo modificado
    Cleaning Action    : Reparar
    Related Objects    :
                    Processo - 4724 - C:\Windows\SysWOW64\userinit.exe
                    Arquivo - %systemroot%\syswow64\userinit.exe

    Trojan:Win32/Poweliks
    Status             : Analisados
    Object             : %systemroot%\system32\tasks\script_de_segurançax|mshta.exe
    MD5                : -
    Publisher          : -
    Size               : -
    Version            : -
    Detection          : Fileless Malware
    Cleaning Action    : Eliminar
    Related Objects    :
                    Tarefa agendada - C:\WINDOWS\System32\Tasks\Script_de_segurançaX

    HPDESKJEThwwn.log
    Status             : Analisados
    Object             : %programdata%\frameworksx\hpdeskjethwwn.log
    MD5                : 71CC68E695CD8E2B131417BFB5F95FFD
    Publisher          : -
    Size               : 351744
    Version            : -
    Detection          : BankerTrojan:Win32/Generic.MiTB
    Cleaning Action    : Quarentena
    Related Objects    :
                    Arquivo - %programdata%\frameworksx\hpdeskjethwwn.log
                    DLL - 6700 - C:\Windows\SysWOW64\regsvr32.exe
                    DLL - 3780 - C:\Windows\SysWOW64\regsvr32.exe
                    DLL - 6244 - C:\Windows\SysWOW64\regsvr32.exe
                    DLL - 4508 - C:\Windows\SysWOW64\regsvr32.exe
                    DLL - 5344 - C:\Windows\SysWOW64\regsvr32.exe
                    Entrada do registro - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Java_Plugin__HPDESKJETwwn.gif = regsvr32.exe /s "c:\ProgramData\FrameWorksx\HPDESKJEThwwn.log"


    Cleaning Result
    -------------------------------------------------------
    Cleaned               : 14
    Reported as safe      : 0
    Failed                : 0

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Rafael Kubaski

     

    Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


    32 bit (x86) ou 64 bit (x64)


    Clique duas vezes para executar a ferramenta.

    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

    Clique no botão Examinar.

    Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).

    Selecione, copie e cole o conteúdo do log FRST.txt em sua próxima resposta.

    Anexe o log Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @Turco  segue

     

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 12-06-2017
    Executado por ALK (administrador) em KUBA-INSPIRON (12-06-2017 18:12:04)
    Executando a partir de C:\Users\all_f\Desktop
    Perfis Carregados: ALK (Perfis Disponíveis: ALK)
    Platform: Windows 10 Home Single Language Versão 1703 (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Edge)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
    (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    () C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\userinit.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registro (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
    HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952824 2016-07-15] (Synaptics Incorporated)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [29246632 2017-05-30] (Dropbox, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51416 2017-06-01] (Copyright (c) 2017 Plays.tv, LLC)
    HKLM-x32\...\Run: [Raptr] => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
    HKU\S-1-5-21-906007581-1094903313-3760833696-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
    HKU\S-1-5-21-906007581-1094903313-3760833696-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
    HKU\S-1-5-21-906007581-1094903313-3760833696-1001\...\Run: [Java_Plugin__HPDESKJETwwn.gif] => regsvr32.exe /s "c:\ProgramData\FrameWorksx\HPDESKJEThwwn.log"
    ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-30] (Dropbox, Inc.)
    Startup: C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ini.google1.lnk [2017-06-08]
    ShortcutTarget: ini.google1.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
    Startup: C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inix.lnk [2017-06-08]
    ShortcutTarget: inix.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
    Tcpip\..\Interfaces\{4e4040d9-ce46-4595-bcf0-4f26bab32f95}: [DhcpNameServer] 192.168.100.1
    Tcpip\..\Interfaces\{6c500d2f-0e9c-4dc0-8de9-6b722a0c8d40}: [DhcpNameServer] 192.168.100.1
    Tcpip\..\Interfaces\{b8d470c7-24ca-407d-bc1d-95548e1861f5}: [DhcpNameServer] 192.168.15.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-906007581-1094903313-3760833696-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    SearchScopes: HKU\S-1-5-21-906007581-1094903313-3760833696-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-20] (Oracle Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-20] (Oracle Corporation)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
    Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Nenhum Arquivo]
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-20] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)

    Chrome: 
    =======
    CHR DefaultProfile: Profile 3
    CHR Profile: C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3 [2017-06-12]
    CHR Extension: (Google Apresentações) - C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-30]
    CHR Extension: (Google Docs) - C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-30]
    CHR Extension: (Google Drive) - C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-30]
    CHR Extension: (YouTube) - C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-30]
    CHR Extension: (Planilhas do Google) - C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-30]
    CHR Extension: (Documentos Google off-line) - C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-30]
    CHR Extension: (AdBlock) - C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-05-30]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-30]
    CHR Extension: (Gmail) - C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-30]
    CHR Extension: (Chrome Media Router) - C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-30]

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-30] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-30] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-05-30] (Dropbox, Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2016-09-22] (Dell Inc.)
    S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
    S2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-02-24] (Foxit Software Inc.)
    R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
    S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-06-01] (Copyright (c) 2017 Plays.tv, LLC)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [70368 2016-02-09] (Advanced Micro Devices, Inc.)
    R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2017-05-04] (Disc Soft Ltd)
    R1 MpKsl4296a5e8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4C64F38-5E47-450D-8EC2-39DDF922242D}\MpKsl4296a5e8.sys [44928 2017-06-12] (Microsoft Corporation)
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2016-07-15] (Synaptics Incorporated)
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-06-08] (Zemana Ltd.)
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Um Mês Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-06-12 18:12 - 2017-06-12 18:12 - 00020231 _____ C:\Users\all_f\Desktop\FRST.txt
    2017-06-12 18:11 - 2017-06-12 18:12 - 00000000 ____D C:\FRST
    2017-06-12 18:10 - 2017-06-12 18:10 - 02438656 _____ (Farbar) C:\Users\all_f\Desktop\FRST64.exe
    2017-06-10 01:09 - 2017-06-10 01:10 - 00000000 ____D C:\Users\all_f\AppData\Roaming\Raptr
    2017-06-09 12:39 - 2016-02-09 21:47 - 00070368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys
    2017-06-09 12:33 - 2017-06-10 01:08 - 00000000 ____D C:\Users\all_f\AppData\Roaming\PlaysTV
    2017-06-09 12:33 - 2017-06-09 12:33 - 00000000 ____D C:\Users\all_f\.Plays.tv
    2017-06-09 12:33 - 2017-06-09 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
    2017-06-09 12:33 - 2017-06-09 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
    2017-06-09 12:31 - 2017-06-09 12:50 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
    2017-06-09 12:31 - 2017-06-09 12:31 - 00000000 ____D C:\Users\all_f\AppData\Roaming\library_dir
    2017-06-09 12:30 - 2017-06-09 12:39 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2017-06-09 12:30 - 2017-06-09 12:31 - 00000000 ____D C:\Program Files (x86)\Raptr
    2017-06-09 12:29 - 2017-06-09 12:29 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
    2017-06-09 12:29 - 2017-06-09 12:29 - 00000000 ____D C:\ProgramData\Package Cache
    2017-06-09 12:20 - 2017-06-09 12:26 - 328369528 _____ (AMD Inc.) C:\Users\all_f\Downloads\non-whql-64bit-nieg-radeon-crimson-16.2.1-win10-win8.1-win7-feb27 (1).exe
    2017-06-09 12:20 - 2017-06-09 12:23 - 227981256 _____ (AMD Inc.) C:\Users\all_f\Downloads\amd-catalyst-15.7.1-win10-64bit.exe
    2017-06-08 23:49 - 2017-06-08 23:49 - 01005568 _____ (Microsoft Corporation) C:\Users\all_f\Downloads\dotNetFx45_Full_setup.exe
    2017-06-08 21:36 - 2017-06-12 18:02 - 00003976 _____ C:\WINDOWS\System32\Tasks\Script_de_segurançaX
    2017-06-08 21:30 - 2017-06-08 21:30 - 00030032 _____ C:\Users\Todos os Usuários\agent.uninstall.1496968221.bdinstall.bin
    2017-06-08 21:30 - 2017-06-08 21:30 - 00030032 _____ C:\ProgramData\agent.uninstall.1496968221.bdinstall.bin
    2017-06-08 21:21 - 2017-06-08 21:21 - 00370136 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\edrsensor.sys
    2017-06-08 21:05 - 2017-06-12 18:12 - 00033336 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-06-08 21:05 - 2017-06-09 12:52 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2017-06-08 21:05 - 2017-06-09 12:50 - 00058076 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-06-08 21:05 - 2017-06-08 21:05 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2017-06-08 21:04 - 2017-06-08 21:04 - 00000000 ____D C:\Users\all_f\AppData\Local\Zemana
    2017-06-08 21:00 - 2017-06-08 21:00 - 05774688 _____ (Zemana Ltd. ) C:\Users\all_f\Desktop\Zemana.AntiMalware.Setup.exe
    2017-06-08 20:51 - 2017-06-08 20:51 - 00029972 _____ C:\Users\Todos os Usuários\agent.update.1496965874.bdinstall.bin
    2017-06-08 20:51 - 2017-06-08 20:51 - 00029972 _____ C:\ProgramData\agent.update.1496965874.bdinstall.bin
    2017-06-08 20:49 - 2017-06-08 20:49 - 00001197 _____ C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
    2017-06-08 20:49 - 2017-06-08 20:49 - 00000000 ____D C:\Users\all_f\AppData\Local\Bitdefender Antivirus Free
    2017-06-08 20:47 - 2017-06-08 21:20 - 01612648 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
    2017-06-08 20:47 - 2017-06-08 20:47 - 00000000 ____D C:\Users\Todos os Usuários\Bitdefender
    2017-06-08 20:47 - 2017-06-08 20:47 - 00000000 ____D C:\ProgramData\Bitdefender
    2017-06-08 20:45 - 2017-06-08 21:32 - 00000000 ____D C:\Program Files\Bitdefender Antivirus Free
    2017-06-08 20:45 - 2017-06-08 20:45 - 00000000 ____D C:\Users\all_f\AppData\Roaming\QuickScan
    2017-06-08 20:42 - 2017-06-08 20:42 - 00047445 _____ C:\Users\Todos os Usuários\agent.1496965321.bdinstall.bin
    2017-06-08 20:42 - 2017-06-08 20:42 - 00047445 _____ C:\ProgramData\agent.1496965321.bdinstall.bin
    2017-06-08 20:42 - 2017-06-08 20:42 - 00000000 ____D C:\Users\Todos os Usuários\Bitdefender Agent
    2017-06-08 20:42 - 2017-06-08 20:42 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2017-06-07 23:51 - 2017-06-12 17:57 - 00000000 ____D C:\Users\all_f\AppData\Local\CrashDumps
    2017-06-07 16:11 - 2017-06-07 16:11 - 00000639 _____ C:\Users\all_f\Desktop\energia.txt
    2017-06-06 20:28 - 2017-06-06 20:53 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable)
    2017-06-06 20:28 - 2017-06-06 20:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-06-06 20:27 - 2017-06-06 20:53 - 00000000 ____D C:\Users\all_f\Desktop\mbar
    2017-06-06 20:26 - 2017-06-06 20:27 - 16563352 _____ (Malwarebytes Corp.) C:\Users\all_f\Desktop\mbar-1.09.3.1001.exe
    2017-06-06 19:47 - 2017-06-06 19:47 - 00013234 _____ C:\Users\all_f\Documents\cc_20170606_194745.reg
    2017-06-06 01:13 - 2017-06-06 01:20 - 00000000 ____D C:\Users\all_f\Downloads\Gotham.S03E21E22.HDTV.x264-LOL[rarbg]
    2017-06-06 01:11 - 2017-06-06 01:16 - 00000000 ____D C:\Users\all_f\Downloads\Gotham.S03E20.HDTV.x264-SVA[rarbg]
    2017-06-05 23:52 - 2017-06-05 23:52 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2017-06-05 23:51 - 2017-06-06 00:37 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller
    2017-06-05 23:51 - 2017-06-06 00:37 - 00000000 ____D C:\ProgramData\RogueKiller
    2017-06-05 23:47 - 2017-06-05 23:47 - 35426672 _____ (Adlice Software ) C:\Users\all_f\Desktop\setup.exe
    2017-06-05 21:05 - 2017-06-05 21:05 - 00012215 _____ C:\ZA-Scan.txt
    2017-06-05 21:02 - 2017-06-05 21:02 - 01370112 _____ C:\Users\all_f\Desktop\ZA-Scan.exe
    2017-06-05 16:33 - 2017-06-05 16:33 - 00000055 _____ C:\Users\all_f\Desktop\consulta psiquiatrica.txt
    2017-06-04 02:35 - 2017-06-04 02:35 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xwjudjsu.sys
    2017-06-03 04:45 - 2017-06-03 04:47 - 00000000 ____D C:\Users\all_f\Downloads\Kick-Ass 2 (2013)
    2017-05-31 16:38 - 2017-05-31 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-05-31 15:55 - 2017-05-31 15:55 - 00104254 _____ C:\Users\all_f\Desktop\fatura.pdf
    2017-05-30 15:31 - 2017-05-30 15:31 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\huhebonb.sys
    2017-05-30 14:57 - 2017-05-30 14:57 - 00478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\E670F893.sys
    2017-05-30 14:57 - 2017-05-30 14:57 - 00085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\34316808.sys
    2017-05-30 14:39 - 2017-05-30 14:39 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\oppdfhih.sys
    2017-05-30 13:47 - 2017-05-30 13:47 - 00000000 ____D C:\Users\all_f\AppData\Local\DBG
    2017-05-30 13:17 - 2017-05-30 13:27 - 00000000 ____D C:\zoek_backup
    2017-05-30 07:22 - 2017-05-30 07:22 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2017-05-30 00:18 - 2017-05-30 00:18 - 00000257 _____ C:\Users\all_f\Desktop\virus.txt
    2017-05-29 19:58 - 2017-05-30 10:28 - 00000000 ____D C:\KVRT_Data
    2017-05-29 19:43 - 2017-05-29 19:46 - 00139030 _____ C:\WINDOWS\ntbtlog.txt
    2017-05-29 18:42 - 2017-06-09 12:51 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
    2017-05-29 18:42 - 2017-06-09 12:51 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-05-29 17:10 - 2017-05-29 17:10 - 00004346 _____ C:\Users\all_f\Documents\cc_20170529_171026.reg
    2017-05-29 17:09 - 2017-05-29 17:10 - 00058368 _____ C:\Users\all_f\Documents\cc_20170529_170947.reg
    2017-05-29 17:06 - 2017-05-29 17:06 - 43370704 _____ (Microsoft Corporation) C:\Users\all_f\Downloads\Windows-KB890830-x64-V5.48.exe
    2017-05-28 01:10 - 2017-05-28 01:10 - 01048576 _____ C:\Users\all_f\Downloads\msert (1).exe
    2017-05-27 02:37 - 2017-05-27 03:34 - 00000000 ____D C:\Users\all_f\Downloads\Gotham.S03E19.REPACK.HDTV.x264-KILLERS[rarbg]
    2017-05-26 19:39 - 2017-05-26 19:39 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
    2017-05-26 00:11 - 2017-05-26 00:11 - 00001310 _____ C:\Users\all_f\Desktop\estágio.txt
    2017-05-25 23:02 - 2017-05-25 23:02 - 00000000 ____D C:\Users\all_f\Documents\Commandos - Behind Enemy Lines
    2017-05-25 17:42 - 2017-05-25 17:52 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
    2017-05-25 17:24 - 2017-05-25 17:24 - 00000529 _____ C:\Users\all_f\Downloads\Fatura20176195619.zip
    2017-05-25 17:24 - 2017-05-25 17:24 - 00000120 _____ C:\Users\all_f\Downloads\Fatura20176195619.html
    2017-05-25 16:15 - 2017-05-25 16:15 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-05-25 15:23 - 2017-06-08 21:36 - 00000000 ____D C:\Users\Todos os Usuários\FrameWorksx
    2017-05-25 15:23 - 2017-06-08 21:36 - 00000000 ____D C:\ProgramData\FrameWorksx
    2017-05-25 12:38 - 2017-05-25 20:29 - 00000000 ____D C:\Users\all_f\Downloads\Arrow.S05E23.HDTV.x264-SVA[ettv]
    2017-05-25 11:54 - 2017-05-25 11:54 - 00000106 _____ C:\Users\all_f\Desktop\gdgdgdgd.txt
    2017-05-24 23:54 - 2017-05-25 00:07 - 00000000 ____D C:\Users\all_f\Downloads\www.Torrenting.com - The.Flash.2014.S03E23.HDTV.x264-SVA
    2017-05-24 23:52 - 2017-05-25 00:56 - 00000000 ____D C:\Users\all_f\Downloads\The.Flash.2014.S03E23.PROPER.HDTV.x264-KILLERS[ettv]
    2017-05-24 20:52 - 2017-05-24 20:52 - 00119034 _____ C:\Users\all_f\Desktop\Diferenças-Conceituais.pdf
    2017-05-22 02:11 - 2017-05-23 02:21 - 00000000 ____D C:\Users\all_f\Downloads\Arrow.S05E22.HDTV.x264-SVA[rarbg]
    2017-05-21 15:51 - 2017-06-07 16:12 - 00000000 ____D C:\Users\all_f\Desktop\novoarea
    2017-05-21 15:41 - 2017-05-21 15:41 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
    2017-05-21 15:41 - 2017-05-21 15:41 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
    2017-05-21 15:38 - 2017-05-21 15:38 - 00000020 ___SH C:\Users\all_f\ntuser.ini
    2017-05-21 15:35 - 2017-05-21 15:36 - 00007623 _____ C:\WINDOWS\diagwrn.xml
    2017-05-21 15:35 - 2017-05-21 15:36 - 00007623 _____ C:\WINDOWS\diagerr.xml
    2017-05-21 15:32 - 2017-05-29 22:15 - 01910752 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-05-21 15:30 - 2017-06-12 17:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-05-21 15:30 - 2017-06-09 12:42 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
    2017-05-21 15:30 - 2017-05-25 17:35 - 00004720 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2017-05-21 15:30 - 2017-05-25 17:35 - 00004494 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2017-05-21 15:30 - 2017-05-21 15:44 - 00003282 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-05-21 15:30 - 2017-05-21 15:30 - 00022956 _____ C:\WINDOWS\system32\emptyregdb.dat
    2017-05-21 15:30 - 2017-05-21 15:30 - 00003560 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2017-05-21 15:30 - 2017-05-21 15:30 - 00003514 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-05-21 15:30 - 2017-05-21 15:30 - 00003336 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2017-05-21 15:30 - 2017-05-21 15:30 - 00003290 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-05-21 15:30 - 2017-05-21 15:30 - 00002996 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
    2017-05-21 15:30 - 2017-05-21 15:30 - 00002340 _____ C:\WINDOWS\System32\Tasks\{2DBFE53D-EBBE-4E41-8155-2C028AA45AF5}
    2017-05-21 15:30 - 2017-05-21 15:30 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2017-05-21 15:24 - 2017-05-21 15:24 - 00000000 ____D C:\Users\Todos os Usuários\USOShared
    2017-05-21 15:24 - 2017-05-21 15:24 - 00000000 ____D C:\ProgramData\USOShared
    2017-05-21 15:23 - 2017-05-21 15:23 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-05-21 15:19 - 2017-05-21 15:24 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2017-05-21 15:17 - 2017-06-10 01:04 - 00000000 ____D C:\Users\all_f
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\Modelos
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\Meus Documentos
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\Menu Iniciar
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\Documents\Minhas Músicas
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\Documents\Minhas Imagens
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\Documents\Meus Vídeos
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\Dados de Aplicativos
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\Configurações Locais
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\AppData\Local\Histórico
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\AppData\Local\Dados de Aplicativos
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\Ambiente de Rede
    2017-05-21 15:17 - 2017-05-21 15:17 - 00000000 _SHDL C:\Users\all_f\Ambiente de Impressão
    2017-05-21 15:16 - 2017-05-21 15:24 - 00000000 ____D C:\Program Files\AMD
    2017-05-21 15:16 - 2017-05-21 15:16 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
    2017-05-21 15:16 - 2017-05-21 15:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
    2017-05-21 15:16 - 2017-05-21 15:16 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
    2017-05-21 15:16 - 2017-05-21 15:16 - 00000000 ____D C:\Program Files\Common Files\Atheros
    2017-05-21 15:16 - 2017-05-21 15:16 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
    2017-05-21 15:16 - 2017-03-18 17:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2017-05-21 15:15 - 2017-05-21 15:20 - 00000000 ____D C:\Program Files\Intel
    2017-05-21 15:15 - 2017-05-21 15:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
    2017-05-21 15:15 - 2017-05-21 15:15 - 00000000 ____D C:\Program Files\Synaptics
    2017-05-21 15:13 - 2017-06-12 17:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-05-21 15:13 - 2017-05-29 17:19 - 00380208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-05-21 15:08 - 2017-05-21 15:08 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2017-05-21 15:08 - 2017-05-21 15:08 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2017-05-21 15:08 - 2017-05-21 15:08 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2017-05-21 15:08 - 2017-05-21 15:08 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2017-05-21 15:08 - 2017-05-21 15:08 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2017-05-21 15:08 - 2017-05-21 15:08 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
    2017-05-21 15:08 - 2017-05-21 15:08 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
    2017-05-21 15:08 - 2017-05-21 15:08 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
    2017-05-21 15:08 - 2017-05-21 15:08 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
    2017-05-21 15:08 - 2017-05-21 15:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
    2017-05-21 15:08 - 2017-05-21 15:08 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
    2017-05-21 15:08 - 2017-05-21 15:08 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
    2017-05-21 15:04 - 2017-03-17 22:00 - 05739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
    2017-05-21 15:04 - 2017-03-17 21:59 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
    2017-05-21 15:04 - 2017-03-17 21:48 - 06348288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
    2017-05-21 15:04 - 2017-03-17 21:43 - 02629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
    2017-05-21 15:04 - 2017-03-17 21:35 - 05484544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
    2017-05-21 15:03 - 2017-05-21 15:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
    2017-05-21 15:03 - 2017-05-21 15:03 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2017-05-21 15:01 - 2017-05-21 15:01 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
    2017-05-21 15:01 - 2017-05-21 15:01 - 00000000 ____D C:\Program Files\Reference Assemblies
    2017-05-21 15:01 - 2017-05-21 15:01 - 00000000 ____D C:\Program Files\MSBuild
    2017-05-21 15:01 - 2017-05-21 15:01 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2017-05-21 15:01 - 2017-05-21 15:01 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2017-05-21 15:01 - 2017-02-10 11:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2017-05-21 15:01 - 2017-02-10 11:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2017-05-21 15:01 - 2017-02-10 11:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2017-05-21 15:01 - 2017-02-10 11:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2017-05-21 15:01 - 2017-02-10 11:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2017-05-21 15:01 - 2017-02-10 11:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2017-05-21 14:51 - 2017-05-21 14:51 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
    2017-05-21 05:25 - 2017-05-29 17:13 - 00000000 ___DC C:\WINDOWS\Panther
    2017-05-18 02:33 - 2017-05-22 02:12 - 00000000 ____D C:\Users\all_f\Downloads\The.Flash.2014.S03E22.HDTV.x264-SVA[rarbg]
    2017-05-18 02:31 - 2017-05-18 02:34 - 00000000 ____D C:\Users\all_f\Downloads\The.Big.Bang.Theory.S10E24.720p.HDTV.x264-AVS[rarbg]
    2017-05-18 02:29 - 2017-05-18 02:34 - 00000000 ____D C:\Users\all_f\Downloads\Gotham.S03E18.HDTV.x264-KILLERS[rarbg]
    2017-05-17 19:00 - 2017-05-17 19:20 - 00000000 ____D C:\Users\all_f\Desktop\nath
    2017-05-13 01:10 - 2017-05-13 01:10 - 00001197 _____ C:\Users\all_f\Desktop\game.exe - Atalho.lnk
    2017-05-13 00:28 - 2017-05-21 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAPCOM
    2017-05-13 00:28 - 2017-05-13 00:28 - 00000000 ____D C:\Program Files (x86)\CAPCOM

    ==================== Um Mês Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-06-12 17:58 - 2017-03-18 08:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
    2017-06-10 09:55 - 2017-03-18 18:03 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-06-10 09:55 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-06-09 12:39 - 2017-03-18 18:01 - 00000000 ____D C:\WINDOWS\INF
    2017-06-09 00:35 - 2016-11-30 12:19 - 00000000 ____D C:\Users\all_f\AppData\Roaming\Skype
    2017-06-08 20:25 - 2016-11-30 14:46 - 00000000 ____D C:\AMD
    2017-06-06 01:27 - 2017-03-31 02:03 - 00000000 ____D C:\Users\all_f\AppData\Roaming\uTorrent
    2017-06-06 00:30 - 2016-07-16 08:47 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-06-04 01:49 - 2016-11-30 12:16 - 00000000 ____D C:\Users\all_f\AppData\Local\ConnectedDevicesPlatform
    2017-06-03 04:50 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-05-31 16:39 - 2016-11-30 14:56 - 00000000 ____D C:\Users\all_f\AppData\Local\Dropbox
    2017-05-31 16:38 - 2016-11-30 14:56 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2017-05-31 14:02 - 2016-11-30 15:07 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2017-05-30 13:09 - 2017-04-22 14:49 - 00000000 ____D C:\AdwCleaner
    2017-05-29 22:15 - 2017-03-20 01:00 - 00810932 _____ C:\WINDOWS\system32\prfh0416.dat
    2017-05-29 22:15 - 2017-03-20 01:00 - 00173214 _____ C:\WINDOWS\system32\prfc0416.dat
    2017-05-29 19:44 - 2017-02-01 18:10 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2017-05-29 19:34 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-05-29 17:13 - 2017-05-04 17:46 - 00000000 ____D C:\Users\all_f\AppData\Roaming\DAEMON Tools Lite
    2017-05-29 17:07 - 2016-12-01 21:01 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-05-29 13:50 - 2016-11-30 12:16 - 00000000 ____D C:\Users\all_f\AppData\Local\Packages
    2017-05-28 17:03 - 2017-02-01 00:28 - 00000000 ____D C:\Users\all_f\AppData\Local\ElevatedDiagnostics
    2017-05-26 19:39 - 2017-03-18 18:03 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
    2017-05-26 19:39 - 2017-03-18 18:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-05-26 19:39 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2017-05-26 19:37 - 2016-12-02 10:52 - 00000000 ____D C:\Program Files\Microsoft Office
    2017-05-26 18:42 - 2017-04-10 12:23 - 00000000 ____D C:\Users\all_f\AppData\Local\Adobe
    2017-05-25 17:35 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-05-25 17:35 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2017-05-25 15:49 - 2016-11-30 14:34 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
    2017-05-25 15:47 - 2017-03-25 17:52 - 00000000 ____D C:\Users\all_f\AppData\Local\PokerStars
    2017-05-22 22:24 - 2016-12-01 21:01 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-05-22 03:28 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\appcompat
    2017-05-21 23:39 - 2017-05-05 14:38 - 00002487 _____ C:\Users\all_f\Desktop\nba2k12.exe - Atalho.lnk
    2017-05-21 20:22 - 2017-03-18 17:51 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-05-21 15:50 - 2017-04-25 17:39 - 00000000 ____D C:\Users\all_f\Desktop\ppupppup
    2017-05-21 15:44 - 2016-11-30 12:18 - 00002374 _____ C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-05-21 15:44 - 2016-11-30 12:18 - 00000000 ___RD C:\Users\all_f\OneDrive
    2017-05-21 15:39 - 2017-03-18 18:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-05-21 15:39 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\rescache
    2017-05-21 15:39 - 2016-11-30 12:25 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
    2017-05-21 15:39 - 2016-11-30 12:16 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-05-21 15:37 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Windows NT
    2017-05-21 15:36 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2017-05-21 15:36 - 2017-03-18 08:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
    2017-05-21 15:35 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\Registration
    2017-05-21 15:35 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2017-05-21 15:30 - 2017-03-20 01:03 - 00000000 ____D C:\WINDOWS\HoloShell
    2017-05-21 15:29 - 2017-03-18 18:03 - 00000000 __RHD C:\Users\Public\Libraries
    2017-05-21 15:29 - 2016-11-30 13:15 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-05-21 15:24 - 2017-05-11 19:57 - 00000000 ____D C:\WINDOWS\system32\UNP
    2017-05-21 15:24 - 2017-05-10 22:29 - 00000000 ____D C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery Professional
    2017-05-21 15:24 - 2017-05-10 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
    2017-05-21 15:24 - 2017-05-04 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
    2017-05-21 15:24 - 2017-04-22 04:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2017-05-21 15:24 - 2017-04-21 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need For Speed 7
    2017-05-21 15:24 - 2017-04-20 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
    2017-05-21 15:24 - 2017-04-10 12:35 - 00000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe
    2017-05-21 15:24 - 2017-04-10 12:35 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2017-05-21 15:24 - 2017-03-28 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-05-21 15:24 - 2017-03-25 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
    2017-05-21 15:24 - 2017-03-18 18:03 - 00000000 ____D C:\Users\Todos os Usuários\USOPrivate
    2017-05-21 15:24 - 2017-03-18 18:03 - 00000000 ____D C:\ProgramData\USOPrivate
    2017-05-21 15:24 - 2017-03-07 16:20 - 00000000 ____D C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-05-21 15:24 - 2017-03-07 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-05-21 15:24 - 2017-03-06 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2017-05-21 15:24 - 2017-02-01 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2017-05-21 15:24 - 2017-02-01 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2017-05-21 15:24 - 2017-02-01 17:37 - 00000000 ____D C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
    2017-05-21 15:24 - 2016-12-02 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
    2017-05-21 15:24 - 2016-11-30 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2017-05-21 15:20 - 2017-05-04 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
    2017-05-21 15:20 - 2017-03-28 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
    2017-05-21 15:20 - 2017-03-25 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2017-05-21 15:20 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\spool
    2017-05-21 15:18 - 2017-05-05 14:35 - 00000000 ____D C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2K Sports
    2017-05-21 15:18 - 2017-05-04 16:31 - 00000000 ____D C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
    2017-05-21 15:18 - 2017-03-28 11:02 - 00000000 ____D C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017
    2017-05-21 15:16 - 2017-03-18 08:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2017-05-21 15:12 - 2017-03-18 18:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2017-05-21 15:09 - 2017-03-18 18:06 - 00000000 ____D C:\WINDOWS\Setup
    2017-05-21 15:09 - 2017-03-18 18:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-05-21 15:09 - 2017-03-18 18:03 - 00000000 ___SD C:\WINDOWS\system32\F12
    2017-05-21 15:09 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2017-05-21 15:09 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-05-21 15:09 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2017-05-21 15:09 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-05-21 15:09 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\Provisioning
    2017-05-21 15:09 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2017-05-21 15:09 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-05-21 15:09 - 2017-03-18 08:40 - 00000000 ____D C:\WINDOWS\system32\Dism
    2017-05-21 15:04 - 2017-03-20 01:02 - 00000000 ____D C:\WINDOWS\OCR
    2017-05-21 15:01 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
    2017-05-21 15:01 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\MUI
    2017-05-21 15:01 - 2017-03-18 17:56 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
    2017-05-21 15:01 - 2017-03-18 17:56 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
    2017-05-21 15:01 - 2017-03-18 17:56 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
    2017-05-21 15:01 - 2017-03-18 17:56 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
    2017-05-21 15:01 - 2017-03-18 17:56 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
    2017-05-21 14:48 - 2016-11-30 13:04 - 00008192 __RSH C:\BOOTSECT.BAK
    2017-05-20 03:19 - 2017-02-01 17:39 - 00000000 ____D C:\Program Files\Dell
    2017-05-15 22:56 - 2016-11-30 13:15 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-05-15 15:27 - 2017-04-10 15:20 - 00000000 ____D C:\Users\all_f\Desktop\digitales
    2017-05-13 00:28 - 2016-11-30 14:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-05-13 00:26 - 2017-05-10 23:11 - 3310321664 _____ C:\Users\all_f\Downloads\res.4-code.bh82220691119281.ISO

    ==================== Arquivos na raiz de alguns diretórios =======

    2017-01-31 17:15 - 2017-01-31 17:15 - 0000017 _____ () C:\Users\all_f\AppData\Local\resmon.resmoncfg
    2017-06-08 20:42 - 2017-06-08 20:42 - 0047445 _____ () C:\ProgramData\agent.1496965321.bdinstall.bin
    2017-06-08 21:30 - 2017-06-08 21:30 - 0030032 _____ () C:\ProgramData\agent.uninstall.1496968221.bdinstall.bin
    2017-06-08 20:51 - 2017-06-08 20:51 - 0029972 _____ () C:\ProgramData\agent.update.1496965874.bdinstall.bin

    Alguns arquivos em TEMP:
    ====================
    2017-06-05 23:51 - 2017-03-18 17:57 - 1930320 _____ (Microsoft Corporation) C:\Users\all_f\AppData\Local\Temp\dllnt_dump.dll
    2017-06-09 12:31 - 2017-06-09 12:32 - 116507672 _____ () C:\Users\all_f\AppData\Local\Temp\playstv_patch.exe
    2017-06-09 12:30 - 2017-06-09 12:39 - 0221632 _____ () C:\Users\all_f\AppData\Local\Temp\raptr_stub.exe

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2017-06-07 16:26

    ==================== Fim de FRST.txt ============================

    Addition.txt

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

     

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

     

    CreateRestorePoint:
    Startup: C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ini.google1.lnk [2017-06-08]
    ShortcutTarget: ini.google1.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
    Startup: C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inix.lnk [2017-06-08]
    ShortcutTarget: inix.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
    CMD: ipconfig /flushdns
    EmptyTemp:
    • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
    • Execute novamente o FRST e clique no botão Corrigir;
    • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @Turco segue:

     

    Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 12-06-2017
    Executado por ALK (12-06-2017 21:59:23) Run:1
    Executando a partir de C:\Users\all_f\Desktop
    Perfis Carregados: ALK (Perfis Disponíveis: ALK)
    Modo da Inicialização: Normal
    ==============================================

    fixlist Conteúdo:
    *****************
    CreateRestorePoint:
    Startup: C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ini.google1.lnk [2017-06-08]
    ShortcutTarget: ini.google1.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
    Startup: C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inix.lnk [2017-06-08]
    ShortcutTarget: inix.lnk -> C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
    CMD: ipconfig /flushdns
    EmptyTemp:
    *****************

    Ponto de Restauração criado com sucesso.
    C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ini.google1.lnk => movido com sucesso
    C:\Windows\System32\regsvr32.exe => movido com sucesso
    C:\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inix.lnk => movido com sucesso
    C:\Windows\System32\regsvr32.exe => não encontrado (a).

    ========= ipconfig /flushdns =========


    Configura‡Æo de IP do Windows

    Libera‡Æo do Cache do DNS Resolver bem-sucedida.

    ========= Fim de CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 6053888 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 306592742 B
    Java, Flash, Steam htmlcache => 259978927 B
    Windows/system/drivers => 13451203 B
    Edge => 22933566 B
    Chrome => 866130045 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 128 B
    LocalService => 9102 B
    NetworkService => 64090 B
    all_f => 212834376 B

    RecycleBin => 0 B
    EmptyTemp: => 1.6 GB de dados temporários Removidos.

    ================================


    O sistema precisou ser reiniciado.

    ==== Fim de Fixlog 22:00:49 ====

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Rafael Kubaski

     

    Desative temporariamente seu Antivírus

     

    • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
    • Clique neste botão SCAN NOW
    • Clique em Accept 
    • Clique em Start.
    • Marque: "Enable detection of potentially unwanted applications"
    • Clique em Hide Advanced settings e marque o seguinte:
      • Enable detection of potentially unsafe applications
      • Enable detection of suspicious applications
      • Scan archives
      • Enable Anti-Stealth technology
      • Clean threats automatically
    • Clique Change.. e marque também a caixa Computador.
    • Clique em Scan
    • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
    • Quando o scan terminar, clique em List of found threats
    • Clique em Export to text file e salve o log na sua área de trabalho.
    • Clique em Back.
    • Clique em Finish.
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @Turco segue:

     

    C:\FRST\Quarantine\C\Users\all_f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ini.google1.lnk.xBAD    LNK/TrojanDownloader.Agent.CK trojan    cleaned by deleting
    C:\Kuba\fotos\formatura krups\xaine\celu\app24073.jar    J2ME/SMSReg.AY potentially unsafe application    cleaned by deleting
    C:\Kuba\fotos\formatura krups\xaine\celu\app38306.jar    a variant of J2ME/SMSReg.AY potentially unsafe application    cleaned by deleting
    C:\Kuba\fotos\formatura krups\xaine\celu\Bikini_Pool_Summer.jar    a variant of J2ME/SMSReg.AY potentially unsafe application    cleaned by deleting
    C:\Kuba\fotos\formatura krups\xaine\celu\Street_Soccer_World_Tour.jar    a variant of J2ME/SMSReg.AY potentially unsafe application    cleaned by deleting
    C:\Kuba\fotos\fotosttt\jogos cell\California Chainsaw Massacre (240x320)-68670.jar    a variant of J2ME/SMSReg.AY potentially unsafe application    cleaned by deleting
    C:\ProgramData\FrameWorksx\FrameWorksxiwwn.log    a variant of Win32/Delf.TQW trojan    cleaned by deleting
    C:\ProgramData\FrameWorksx\HPDESKJEThwwn.log    a variant of Win32/Spy.Banker.ADXG trojan    cleaned by deleting
    C:\ProgramData\FrameWorksx\HPDESKJETiwwn.log    a variant of Win32/Delf.TQW trojan    cleaned by deleting
    C:\ProgramData\FrameWorksx\ini.google.lnk    LNK/TrojanDownloader.Agent.CK trojan    cleaned by deleting
    C:\ProgramData\FrameWorksx\ini.google1.lnk    LNK/TrojanDownloader.Agent.CK trojan    cleaned by deleting
    C:\Users\all_f\AppData\Local\Google\Chrome\User Data\Profile 3\File System\014\t\00\00000001    a variant of Win32/HackTool.Patcher.A potentially unsafe application    deleted
    C:\Users\all_f\Downloads\ccsetup529.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
    C:\Users\all_f\Downloads\Driverdoc_2017_Serial_Key_Generator_Crack_is_Here_-_Beta_Cracks.iso    a variant of Win32/Adware.YoBrowser.M application    deleted
    C:\Users\all_f\Downloads\Fatura20176195619.zip    LNK/TrojanDownloader.Agent.CK trojan    deleted
    C:\Users\all_f\Dropbox\SERVER\VarejoGratuito.16.8.1.0.exe    a variant of Win32/RemoteAdmin.AeroAdmin.A potentially unsafe application    cleaned by deleting
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Rafael Kubaski

     

    # Etapa nº 1 #
     
    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

     

    Clique duas vezes para executar o jrt.exe.
     

    Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

    • A ferramenta começará o exame do seu sistema.
    • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
    • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

     
    # Etapa nº 2 #
     
    Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

    Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

     

    Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

    • Clique no botão Scanner.
    • A ferramenta começara o exame do seu sistema.
    • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
    • Em seguida clique no botão Reparar.
    • Será gerado um log chamado ZHPCleaner.txt
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @Turco segue:

     

    etapa 1:

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.3 (04.10.2017)
    Operating System: Windows 10 Home Single Language x64 
    Ran by ALK (Administrator) on 20/06/2017 at  6:35:42,86
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    File System: 1 

    Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)

    Registry: 0 

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 20/06/2017 at  6:38:03,68
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    etapa 2:

     

    ~ ZHPCleaner v2017.6.17.100 by Nicolas Coolman (2017/06/17)
    ~ Run by ALK (Administrator)  (20/06/2017 06:50:46)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Reparo
    ~ Report : C:\Users\all_f\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\all_f\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Activate
    ~ Boot Mode : Normal (Normal boot)
    Windows 10 Home Single Language, 64-bit  (Build 15063)


    ---\\  Serviços (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Navegadores de Internet (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Arquivo hosts (1)
    ~ O arquivo hosts é legítimo (19)


    ---\\  Tarefas automáticas agendadas. (0)
    ~ Nenhum ítem malicioso o desnecessários foi encontrado.


    ---\\  Explorer ( Arquivos, Pastas) (38)
    MOVIDO pasta: C:\Windows\Installer\MSI8A6C.tmp    =>.Superfluous.MSIInstaller
    MOVIDO pasta: C:\Windows\Installer\MSIC1A7.tmp    =>.Superfluous.MSIInstaller
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\KUBA-INSPIRON-20170620-0633.log    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\KUBA-INSPIRON-20170620-0638.log    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\URL1D09.tmp    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\URL41E1.tmp    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\URLAF17.tmp    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\URLDF53.tmp    =>.Superfluous.Temporary.Empty
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\wct766E.tmp    =>.Superfluous.Temporary.Various
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\wctCF0.tmp    =>.Superfluous.Temporary.Various
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\wctD961.tmp    =>.Superfluous.Temporary.Various
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\wctDEDF.tmp    =>.Superfluous.Temporary.Various
    MOVIDO pasta: C:\Users\all_f\AppData\Local\Temp\{72B5D41B-B7CA-469A-83B8-53F5F2AB4FD2} - OProcSessId.dat    =>.Superfluous.Temporary.Empty
    MOVIDO arquivo: C:\Program Files (x86)\Webteh  =>.Superfluous.ABTeam
    MOVIDO arquivo: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
    MOVIDO arquivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI1D51.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI20FB.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI26F4.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI2B4E.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI2CFB.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI2F4F.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI4E38.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI4ED5.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI508E.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI5B4F.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI5CE8.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI5DD3.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI5EBE.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI5F6B.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI6A90.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI8154.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI8F14.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSI9232.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSIA86B.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSIB1A4.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSIB3E8.tmp-  =>.Superfluous.Empty
    MOVIDO arquivo: C:\WINDOWS\Installer\MSID1D6.tmp-  =>.Superfluous.Empty


    ---\\  Registro ( Chaves, Valores, Dados ) (7)
    SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-906007581-1094903313-3760833696-1001\SOFTWARE\Conduit []  =>.Superfluous.Conduit
    SUPRIMIDO chave: HKCU\Software\Conduit []  =>.Superfluous.Conduit
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B51C13962E8BF49BAFEA042FB2D4A6 [C:\?Program Files (x86)\Solvusoft\Tray\SuiteClient.dll (Not File)]  =>.Superfluous.Solvusoft
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\186D389D270858A4C8FADCDAC6035E94 [C:\?Program Files (x86)\Solvusoft\SuiteService.exe (Not File)]  =>.Superfluous.Solvusoft
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ED7E00B721712A4FA8BEAC0C097B2A6 [C:\ProgramData\Solvusoft\Programs Bar\ (Not File)]  =>.Superfluous.Solvusoft
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31036AD7276C7154FB17E0492323197E [C:\?Program Files (x86)\Solvusoft\MachineId.exe (Not File)]  =>.Superfluous.Solvusoft
    SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Webteh []  =>.Superfluous.ABTeam


    ---\\  Resumo dos elementos encontrados na sua estação de trabalho (8)
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.MSIInstaller
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Temporary.Empty
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Temporary.Various
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.ABTeam
    https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Empty
    https://nicolascoolman.eu/2017/02/06/superfluous-conduit/  =>.Superfluous.Conduit
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Solvusoft


    ---\\  Dodatkowe oczyszczenie. (12)
    ~ Chave de registro Tracing Supprimido (12)
    ~ Remover os relatórios antigos ZHPCleaner. (0)


    ---\\ Resultado de reparação
    Reparação efectuada com sucesso
    ~ Este navegador está faltando ! (Mozilla Firefox)
    ~ Este navegador está faltando ! (Opera Software)


    ---\\ Estatísticas
    ~ Items scan : 450
    ~ Items encontrado : 0
    ~ items cancelados : 0
    ~ Items réparo : 45


    ~ End of clean in 00h00mn25s
    ~====================
    ZHPCleaner-[R]-20062017-06_51_11.txt
    ZHPCleaner--20062017-06_49_50.txt
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Rafael Kubaski

     

    Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

     

    Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

    • Aguarde enquanto a ferramenta faz o exame.
    • Ao final abrirá um log: SecurityCheck.txt.
    • Este log é salvo em C: (Disco local) na pasta SecurityCheck que foi criada.
    • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @Turco segue:

     

    SecurityCheck by glax24 & Severnyj v.1.4.0.51 [13.06.17]
    WebSite: www.safezone.cc
    DateLog: 20.06.2017 22:44:25
    Path starting: C:\Users\all_f\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
    Log directory: C:\SecurityCheck\
    IsAdmin: True
    User: ALK
    VersionXML: 4.39is-20.06.2017
    ___________________________________________________________________________

    Windows 10(6.3.15063) (x64) CoreSingleLanguage Release: 1703 Lang: Portuguese(0416)
    Installation date OS: 21.05.2017 18:38:26
    LicenseStatus: Windows(R), CoreSingleLanguage edition The machine is permanently activated.
    LicenseStatus: Office 16, Office16ProPlusR_Retail edition The machine is permanently activated.
    Boot Mode: Normal
    Default Browser: Microsoft Edge (C:\WINDOWS\system32\LaunchWinApp.exe)
    SystemDrive: C: FS: [NTFS] Capacity: [367.6 Gb] Used: [209.6 Gb] Free: [158 Gb]
    ------------------------------- [ Windows ] -------------------------------
    Internet Explorer 11.296.15063.0 Warning! Download Update
    Online installation. Last version available when Windows update is enabled throught the Internet.
    User Account Control enabled
    Windows Update (wuauserv) - The service is running
    Central de Segurança (wscsvc) - The service is running
    Registro remoto (RemoteRegistry) - The service has stopped
    Descoberta SSDP (SSDPSRV) - The service is running
    Serviços de Área de Trabalho Remota (TermService) - The service has stopped
    Windows Remote Management (WS-Management) (WinRM) - The service has stopped
    ------------------------------- [ HotFix ] --------------------------------
    HotFix KB4022725 Warning! Download Update
    ---------------------------- [ Antivirus_WMI ] ----------------------------
    Windows Defender (enabled and up to date)
    --------------------------- [ FirewallWindows ] ---------------------------
    Firewall do Windows (MpsSvc) - The service is running
    --------------------------- [ AntiSpyware_WMI ] ---------------------------
    Windows Defender (enabled and up to date)
    --------------------------- [ OtherUtilities ] ----------------------------
    WinRAR 5.40 (64-bit) v.5.40.0
    Foxit Reader v.8.2.1.6871 Warning! Download Update
    --------------------------------- [ IM ] ----------------------------------
    Skype™ 7.33 v.7.33.105 Warning! Download Update
    ^Optional update.^
    --------------------------------- [ P2P ] ---------------------------------
    µTorrent v.3.5.0.43804 Warning! P2P-client.
    -------------------------------- [ Java ] ---------------------------------
    Java 8 Update 131 v.8.0.1310.11
    --------------------------- [ AppleProduction ] ---------------------------
    QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
    --------------------------- [ AdobeProduction ] ---------------------------
    Adobe Flash Player 26 PPAPI v.26.0.0.131
    ------------------------------- [ Browser ] -------------------------------
    Google Chrome v.58.0.3029.110 Warning! Download Update
    --------------------------- [ RunningProcess ] ----------------------------
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.58.0.3029.110
    ------------------ [ AntivirusFirewallProcessServices ] -------------------
    C:\Program Files\Windows Defender\MsMpEng.exe v.4.11.15063.0
    C:\Program Files\Windows Defender\NisSrv.exe v.4.11.15063.0
    C:\Program Files\Windows Defender\MSASCuiL.exe v.4.11.15063.0
    Serviço Windows Defender Antivirus (WinDefend) - The service is running
    Serviço de Inspeção de Rede do Windows Defender Antivirus (WdNisSvc) - The service is running
    ---------------------------- [ UnwantedApps ] -----------------------------
    Serviço de Cache de Fontes do Windows (FontCache) - The service is running
    ----------------------------- [ End of Log ] ------------------------------
     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Rafael Kubaski

     

    Para finalizar:

     

    # Etapa nº 1 #

     

    Baixe o Delfix by Xplode e salve na sua área de trabalho.

     

    Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

     

    ** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

     

    2mez6ld.png

     

    Clique no botão Executar.

     

    Ao final será gerado um log, mas não é necessário postar.
     
    # Etapa nº 2 #
     
    imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.
     
    Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).
     
    Basta clicar no Download Update de cada aviso, que irá para o site do desenvolvedor.

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Problema resolvido!

     

    Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança solicitando o desbloqueio.

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×