WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

After-Infection Advise - Untraceable KeyLoggers and Backdoors [Solved]

Started by LucasAlmeida , Jun 01 2016 11:02 AM

This topic is locked

7 replies to this topic

#1 LucasAlmeida

New Member

New Member
3 posts

Posted 01 June 2016 - 11:02 AM

Short Version

----------------------------------------------------------------------------------------------------------------------------------------

Hello, What the Tech community

As I wrote a gigantic post that probably prevents reading, this is the short version:

I have Windows 10 Pro, and my PC have been infected by malware via installation of software. I applied a large number of measures to clean the infection (see below).

Now my PC demonstrates no more visible traces of the infection and behaves normally, so my questions is if you (who might read) think that I may now resume usage of the PC or should still worry, as I heard multiple threats can go on untraceable through all means of scanning, like keyloggers and binnary backdoors.

Best regards to all,

----------------------------------------------------------------------------------------------------------------------------------------

Hello, What the Tech community

As this is my first post, and I couldn't find a more fit category for this kind of question, I hope this is not the wrong place for doing so, and if it is not, I thank in advance for advise on where I could be posting this kind of questio, if it is, indeed, permitted.

I'm using Windows 10 Pro (maybe that's where the issue starts) OS on my desktop PC. I was installing software and fell to the old "next-next-next" trap and ended up getting infected by malware.

*** In my defense, there were check boxes for installing the contamined software, and I unchecked them. It even went on prompting "yes or no" box stating that it would "compromise the system" if I would not install that software (yeah, sure). However, the boxes weren't uncheked after the prompt box, and I just assumed it was some kind of lag on the installer. Bummer...

When the anti-virus (I use Avast Premier) started warning, I looked for solutions, and these are the measures I took:

* Ran Avast Boot-time scan and prompted for every found issue to be sent to quarentine, and after logging in, ran another complete system scan;

*Ran Malwarebytes and Spybot - Search & Destroy scans and corrected all issues found, sending everything I could to quarentines, and when unable to, deleting the malignant files;

*Ran Kaspersky TDSSKiller and RKill;

* Verified manually the Running Processes, Registry, Hosts file, Services, Group Policies and Installed Programs and removes or deactivated or stopped anything suspicious (almost anything that had unknown sources and left only those with sources that I was ABSOLUTE certain of safe procedence and existence);

*Used CCleaner to deactivate any process that started with the system that seemed suspicious (same criteria as above);

*Did this all on normal mode (not safe mode);

*Verified manually all my browsers and corrected all settings and homepages and I even wanted to remove any suspicious add-ons and extensions, but there weren't any. (Obs.: Edge can't open any web page, but it already couldn't previously to the infection, and I cannot find why, even though no proxy are set).

*Ran again all scans I could.

Well, manually verifying, I couldn't find any more traces of the infection, and the PC is not behaving anormally (except for an exceptionally long time to boot up and shut down, but normal performance after logging in).

Of course, even running all scanners in the world, I know a PC may never be really safe, and there are always something nasty that can stay there hidden.

I think I tried anything the average user could (but I would gladly accept any more sugestions for more measures I could take to assure safety).

I read about decade lasting backdoors and absolutely untraceable keyloggers and was really worried about it, although I suspect this may be exageratting, like some "searched for flu symptoms on internet and found out I have cancer" sort of effect.

I just want some advice about, after all this measures and now finding nothing traceable about the infection, being able to assume that I can resume normal usage of the PC (of course critical websites, like online banking, will be done inside Avast SafeZone, that doesn't even allow me print files because it generates temporary files), or should I still be scared.

I really, really don't want to reinstall the OS or format the PC, as I have more than 600GB of data, and most of it is software, which would had to be installed all again...

With this ammount of data, I couldn't search for corrupting or locking ransomware, as it would require trying to open every single app and document, and that's a lot...

I thank you very, very much for your attention if you read until here and thank even more if you could advice if I'm safe or sould do something else.

Best regards to you all.

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 01 June 2016 - 04:38 PM

:welcome:

There are some infections going around that the best thing to do for your own security is to format the harddrive and reinstall windows nice and clean, on the other hand some malware is just annoying and can be removed. Since I dont see any logs from the programs you ran its best to start from square one and see whats going on and if there is anything to worry about . We have a saying on the forum " The absence of symptoms does not guarantee a clean computer " so lets do this

Please download aswMBR to your DESKTOP <<<<<

Right click the aswMBR icon and select Run as Administrator

XP users just Double Click it to run

If it says that this computer supports VIRTUALIZATION TECHNOLOGY do you want to use it say Yes

Click the Scan button to start scan.

Select Quickscan on the dropdown list

If you are asked to update the Avast Virus database please allow it to do so.

The scan could take 20 minutes or more , please be patient and let it finish

It will say Scan Finished when its done.

When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

I just want to see the report....Please Do Not Fix Anything

============================================================================

Please download Farbar Recovery Scan Tool and save it to your DESKTOP<<<<<<

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

A simple way to check your system: Start --> Computer (right click) --> Properties

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Just keep the defaults as in the picture checkmarked

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 LucasAlmeida

New Member

New Member
3 posts

Posted 01 June 2016 - 06:45 PM

Hello, ken545

Follows attached the logs. I have logs from other scans also that I will be attaching as well, if they might be of help. Some are in portuguese, which is the language of my system, but are intuitive, and I gues you might be used to these logs so you could extract information from them. I can also translate if needed.

It seems from the scans that your were right, and I'm not totally clean as I thought, even though I had no symptoms anymore. Too bad :/

P.S.: In any way I would want to insult you guys, as I'm requiring help from you, and so, I admire your work. I just want to be cautious when asking to keep any information found on these logs private, and used only for request-related purposes, and not disclosed in any other way. But I'm sure that is your policy already :).

Thank you for your attention and support.

Best regards

Attached Files

Addition.txt 51.38KB 259 downloads
aswMBR.txt 4.95KB 170 downloads
FRST.txt 109.81KB 211 downloads
malwarebytes.txt 1.99KB 199 downloads
Rkill.txt 5.3KB 235 downloads
roguekiller.txt 17.62KB 146 downloads
TDSSKiller.3.1.0.9_01.06.2016_20.14.20_log.txt 255.28KB 198 downloads
HitmanPro_20160601_2031.txt 117.65KB 173 downloads

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 01 June 2016 - 06:55 PM

Not to worry Lucas, no personal information is in any of the logs. The next logs I ask for can you kindly just copy and paste them in in lieu of attaching them, its easier for me diagnos. But I am able to see all the logs you posted, thank you so I am fine with them. I am going over your logs now, I will be back soon

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:01-06-2016

Executado por Lucas Almeida (administrador) em HOMEPC (01-06-2016 21:28:26)

Executando a partir de C:\Users\Lucas Almeida\Desktop

Perfis Carregados: Lucas Almeida & Nina & (Perfis Disponíveis: Lucas Almeida & Nina)

Platform: Windows 10 Pro Versão 1511 (X64) Idioma: Português (Brasil)

Internet Explorer Versão 11 (Navegador padrão: FF)

Modo da Inicialização: Normal

Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe

(AVAST Software) C:\Users\Lucas Almeida\Desktop\aswMBR.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-23] (AVAST Software)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-12] (Disc Soft Ltd)

HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)

HKU\S-1-5-21-3583417557-804918735-1488409585-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-23] (AVAST Software)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt

Tcpip\Parameters: [DhcpNameServer] 201.21.192.122 201.21.192.168

Tcpip\..\Interfaces\{6d66abcb-9db6-4f76-a220-a9d620f2a7aa}: [DhcpNameServer] 201.21.192.122 201.21.192.168

Internet Explorer:

==================

HKU\S-1-5-21-3583417557-804918735-1488409585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ncr

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-23] (AVAST Software)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-23] (Oracle Corporation)

BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> E:\Windows.old\Program Files\Microsoft Visual Studio\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-23] (AVAST Software)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-23] (Oracle Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Lucas Almeida\AppData\Roaming\Mozilla\Firefox\Profiles\mtpuid7e.default

FF Homepage: hxxp://www.google.com/ncr

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-23] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-23] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-23] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-23] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-23] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-23] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-16] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)

FF Plugin HKU\S-1-5-21-3583417557-804918735-1488409585-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucas Almeida\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-16] (Adobe Systems Inc.)

FF Extension: Greasemonkey - C:\Users\Lucas Almeida\AppData\Roaming\Mozilla\Firefox\Profiles\mtpuid7e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-06-01]

FF Extension: iMacros for Firefox - C:\Users\Lucas Almeida\AppData\Roaming\Mozilla\Firefox\Profiles\mtpuid7e.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2016-06-01]

FF Extension: Classic Theme Restorer - C:\Users\Lucas Almeida\AppData\Roaming\Mozilla\Firefox\Profiles\mtpuid7e.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-06-01]

FF Extension: MZ8 - C:\Users\Lucas Almeida\AppData\Roaming\Mozilla\Firefox\Profiles\mtpuid7e.default\Extensions\someone@somewhere.xpi [2016-06-01] [não assinado]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-23]

FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-23]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:

=======

CHR Profile: C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-23]

CHR Extension: (Google Docs) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-23]

CHR Extension: (Google Drive) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-23]

CHR Extension: (YouTube) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-23]

CHR Extension: (iMacros for Chrome) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2016-05-23]

CHR Extension: (Final Fantasy VII: Advent) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\deopkekicnbdjhdkgngnimdaljdhhmha [2016-05-23]

CHR Extension: (Google Sheets) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-23]

CHR Extension: (Google Docs Offline) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]

CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-05-25]

CHR Extension: (Avast Online Security) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-25]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-23]

CHR Extension: (Gmail) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-23]

CHR Profile: C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-30]

CHR Extension: (Google Docs) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-30]

CHR Extension: (Google Drive) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-30]

CHR Extension: (YouTube) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-30]

CHR Extension: (Avast SafePrice) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-05-30]

CHR Extension: (Google Sheets) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-30]

CHR Extension: (Google Docs Offline) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-01]

CHR Extension: (Avast Online Security) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-30]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-30]

CHR Extension: (Gmail) - C:\Users\Lucas Almeida\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-30]

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-23]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-23]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-23] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-05-23] (AVAST Software)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)

S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [Arquivo não assinado]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)

S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)

S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)

S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [502272 2013-08-07] () [Arquivo não assinado]

S4 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [Arquivo não assinado]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-23] (AVAST Software)

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-23] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-23] (AVAST Software)

S3 aswNetNd6; C:\Windows\system32\DRIVERS\aswNetNd6.sys [28312 2016-05-23] (AVAST Software)

R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-05-23] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-23] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-23] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-23] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-23] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-23] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-23] (AVAST Software)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-05-23] (Disc Soft Ltd)

R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-05-23] (Disc Soft Ltd)

R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)

S3 tsusbhub; C:\Windows\system32\drivers\tsusbhub.sys [117248 2010-11-21] (Microsoft Corporation) [Arquivo não assinado]

S1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation)

R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation)

S3 VSPerfDrv110; E:\Windows.old\Program Files\Microsoft Visual Studio\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

S3 WinRing0_1_2_0; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.sys [14544 2016-06-01] (OpenLibSys.org)

U3 aswMBR; C:\Users\Lucas Almeida\AppData\Local\Temp\aswMBR.sys [62728 2016-06-01] () [Arquivo não assinado]

U3 idsvc; não ImagePath

U3 wpcsvc; não ImagePath

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-01 21:28 - 2016-06-01 21:29 - 00020714 _____ C:\Users\Lucas Almeida\Desktop\FRST.txt

2016-06-01 21:27 - 2016-06-01 21:28 - 00000000 ____D C:\FRST

2016-06-01 21:27 - 2016-06-01 21:27 - 02383872 _____ (Farbar) C:\Users\Lucas Almeida\Desktop\FRST64.exe

2016-06-01 21:24 - 2016-06-01 21:24 - 00002432 _____ C:\Users\Lucas Almeida\Desktop\aswMBR.txt

2016-06-01 21:24 - 2016-06-01 21:24 - 00000512 _____ C:\Users\Lucas Almeida\Desktop\MBR.dat

2016-06-01 20:59 - 2016-06-01 20:59 - 05198336 _____ (AVAST Software) C:\Users\Lucas Almeida\Desktop\aswMBR.exe

2016-06-01 20:34 - 2016-06-01 20:34 - 00000000 ____D C:\MGtools

2016-06-01 20:17 - 2016-06-01 20:31 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro

2016-06-01 20:17 - 2016-06-01 20:31 - 00000000 ____D C:\ProgramData\HitmanPro

2016-06-01 20:16 - 2016-06-01 20:15 - 00261404 _____ C:\Users\Lucas Almeida\Desktop\TDSSKiller.3.1.0.9_01.06.2016_20.14.20_log.txt

2016-06-01 20:14 - 2016-06-01 20:15 - 00261404 _____ C:\TDSSKiller.3.1.0.9_01.06.2016_20.14.20_log.txt

2016-06-01 20:11 - 2016-06-01 20:11 - 00018044 _____ C:\Users\Lucas Almeida\Desktop\roguekiller.txt

2016-06-01 19:48 - 2016-06-01 19:48 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys

2016-06-01 19:47 - 2016-06-01 20:12 - 00000000 ____D C:\Users\Todos os Usuários\RogueKiller

2016-06-01 19:47 - 2016-06-01 20:12 - 00000000 ____D C:\ProgramData\RogueKiller

2016-06-01 19:44 - 2016-06-01 19:44 - 00002038 _____ C:\Users\Lucas Almeida\Desktop\malwarebytes.txt

2016-06-01 18:58 - 2016-06-01 18:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2016-06-01 18:35 - 2016-06-01 18:35 - 01993530 _____ C:\Users\Lucas Almeida\Desktop\MGtools.exe

2016-06-01 18:34 - 2016-06-01 18:34 - 11438608 _____ (SurfRight B.V.) C:\Users\Lucas Almeida\Desktop\hitmanpro_x64.exe

2016-06-01 18:32 - 2016-06-01 18:33 - 24125512 _____ C:\Users\Lucas Almeida\Desktop\RogueKillerX64.exe

2016-06-01 18:28 - 2016-06-01 18:28 - 00000000 ____D C:\Users\Lucas Almeida\Documents\ProcAlyzer Dumps

2016-06-01 18:25 - 2016-06-01 18:25 - 00841870 _____ C:\Users\Lucas Almeida\Desktop\ccleaner.txt

2016-06-01 07:46 - 2016-06-01 07:46 - 00452843 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt

2016-06-01 07:32 - 2016-06-01 07:37 - 00005424 _____ C:\Users\Lucas Almeida\Desktop\Rkill.txt

2016-06-01 07:32 - 2016-06-01 07:32 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Lucas Almeida\Desktop\iExplore.exe

2016-06-01 07:27 - 2016-06-01 07:30 - 00259422 _____ C:\TDSSKiller.3.1.0.9_01.06.2016_07.27.06_log.txt

2016-06-01 07:26 - 2016-06-01 07:26 - 00000000 ___HD C:\OneDriveTemp

2016-05-31 22:54 - 2016-05-31 23:08 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-05-31 20:31 - 2016-05-31 20:31 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Lucas Almeida\Desktop\tdsskiller.exe

2016-05-31 20:21 - 2016-06-01 19:34 - 00001148 _____ C:\Users\Todos os Usuários\Desktop\Rayman Origins.lnk

2016-05-31 20:21 - 2016-06-01 19:34 - 00001148 _____ C:\Users\Public\Desktop\Rayman Origins.lnk

2016-05-31 20:21 - 2016-06-01 19:34 - 00001148 _____ C:\ProgramData\Desktop\Rayman Origins.lnk

2016-05-31 20:21 - 2016-05-31 20:33 - 00000000 ____D C:\Program Files (x86)\Rayman Origins

2016-05-31 20:21 - 2016-05-31 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rayman Origins

2016-05-31 20:11 - 2016-05-31 20:11 - 00000000 ____D C:\Users\Lucas Almeida\AppData\LocalLow\BitTorrent

2016-05-30 20:41 - 2016-05-30 20:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2016-05-30 06:40 - 2016-05-29 13:04 - 00001259 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160530-064043.backup

2016-05-30 00:25 - 2016-06-01 19:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-05-30 00:24 - 2016-05-30 00:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2016-05-30 00:23 - 2016-06-01 19:34 - 00001171 _____ C:\Users\Todos os Usuários\Desktop\Malwarebytes Anti-Malware.lnk

2016-05-30 00:23 - 2016-06-01 19:34 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-05-30 00:23 - 2016-06-01 19:34 - 00001171 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2016-05-30 00:23 - 2016-05-30 00:23 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes

2016-05-30 00:23 - 2016-05-30 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-05-30 00:23 - 2016-05-30 00:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-05-30 00:23 - 2016-05-30 00:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-05-30 00:23 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2016-05-30 00:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2016-05-30 00:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2016-05-30 00:21 - 2016-05-30 01:22 - 00000000 ____D C:\Users\DefaultAppPool

2016-05-30 00:21 - 2016-05-30 00:21 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\Modelos

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\Meus Documentos

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\Menu Iniciar

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Minhas Músicas

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Minhas Imagens

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Meus Vídeos

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\Dados de Aplicativos

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\Configurações Locais

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programas

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Histórico

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Dados de Aplicativos

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\Ambiente de Rede

2016-05-30 00:21 - 2016-05-30 00:21 - 00000000 _SHDL C:\Users\DefaultAppPool\Ambiente de Impressão

2016-05-30 00:21 - 2016-05-29 11:43 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs

2016-05-30 00:21 - 2016-05-29 11:43 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia

2016-05-29 13:23 - 2016-05-29 13:23 - 00000000 ____D C:\WINDOWS\system32\ito

2016-05-29 13:21 - 2016-05-29 13:21 - 06859776 _____ C:\Users\Lucas Almeida\AppData\Roaming\agent.dat

2016-05-29 13:21 - 2016-05-29 13:21 - 00018432 _____ C:\Users\Lucas Almeida\AppData\Roaming\Main.dat

2016-05-29 13:10 - 2016-05-29 13:10 - 00008862 _____ C:\WINDOWS\System32\Tasks\Ghnadptsk

2016-05-29 13:10 - 2016-05-29 13:10 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\PeerDistRepub

2016-05-29 13:09 - 2016-05-30 06:27 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Fietsa

2016-05-29 13:08 - 2016-05-29 13:10 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Tempfolder

2016-05-29 13:08 - 2016-05-29 13:08 - 00128512 _____ C:\Users\Lucas Almeida\AppData\Roaming\Installer.dat

2016-05-29 13:08 - 2016-05-29 13:08 - 00000000 ____D C:\Users\Public\Documents\Tools

2016-05-29 13:08 - 2016-05-29 13:08 - 00000000 ____D C:\Users\Public\Documents\Guid

2016-05-29 13:08 - 2016-05-29 13:08 - 00000000 ____D C:\Users\Public\Documents\Baidu

2016-05-29 13:06 - 2016-05-29 13:04 - 00001259 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak

2016-05-29 13:03 - 2016-05-29 13:03 - 00003616 _____ C:\WINDOWS\System32\Tasks\PPI Update

2016-05-29 12:48 - 2016-05-29 12:48 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Deployment

2016-05-29 12:25 - 2016-05-29 12:26 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Comms

2016-05-29 12:21 - 2016-05-29 12:21 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\MicrosoftEdge

2016-05-29 12:14 - 2016-06-01 19:37 - 00000000 ___RD C:\Users\Lucas Almeida\OneDrive

2016-05-29 12:14 - 2016-06-01 19:34 - 00002429 _____ C:\Users\Lucas Almeida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-05-29 12:09 - 2016-05-29 12:09 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\ActiveSync

2016-05-29 12:06 - 2016-05-29 12:06 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Publishers

2016-05-29 12:01 - 2016-05-30 16:57 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Packages

2016-05-29 12:01 - 2016-05-29 12:01 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\TileDataLayer

2016-05-29 12:00 - 2016-05-29 12:00 - 00000020 ___SH C:\Users\Lucas Almeida\ntuser.ini

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\Modelos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\Meus Documentos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\Menu Iniciar

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Músicas

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Minhas Imagens

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\Documents\Meus Vídeos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\Dados de Aplicativos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\Configurações Locais

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programas

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Histórico

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\AppData\Local\Dados de Aplicativos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\Ambiente de Rede

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Usuário Padrão\Ambiente de Impressão

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\Modelos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\Meus Documentos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\Menu Iniciar

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Músicas

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\Documents\Minhas Imagens

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\Documents\Meus Vídeos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\Dados de Aplicativos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\Configurações Locais

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\AppData\Local\Histórico

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\Ambiente de Rede

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default\Ambiente de Impressão

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\Modelos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\Meus Documentos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\Menu Iniciar

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Músicas

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\Documents\Minhas Imagens

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\Documents\Meus Vídeos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\Dados de Aplicativos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\Configurações Locais

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Histórico

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Dados de Aplicativos

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\Ambiente de Rede

2016-05-29 11:57 - 2016-05-29 11:57 - 00000000 _SHDL C:\Users\Default User\Ambiente de Impressão

2016-05-29 11:55 - 2016-05-29 11:55 - 00022956 _____ C:\WINDOWS\system32\emptyregdb.dat

2016-05-29 11:43 - 2016-06-01 19:34 - 00001552 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2016-05-29 11:43 - 2016-05-29 11:43 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Roaming\Media Center Programs

2016-05-29 11:43 - 2016-05-29 11:43 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Roaming\Macromedia

2016-05-29 11:43 - 2016-05-29 11:43 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs

2016-05-29 11:43 - 2016-05-29 11:43 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia

2016-05-29 11:43 - 2016-05-29 11:43 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs

2016-05-29 11:43 - 2016-05-29 11:43 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

2016-05-29 11:34 - 2016-05-29 11:34 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines

2016-05-29 11:25 - 2016-06-01 19:33 - 00000000 ____D C:\Users\Lucas Almeida

2016-05-29 11:25 - 2016-05-29 11:53 - 00000000 ____D C:\Users\Nina

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\Modelos

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\Meus Documentos

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\Menu Iniciar

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\Documents\Minhas Músicas

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\Documents\Minhas Imagens

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\Documents\Meus Vídeos

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\Dados de Aplicativos

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\Configurações Locais

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programas

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\AppData\Local\Histórico

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\AppData\Local\Dados de Aplicativos

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\Ambiente de Rede

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Nina\Ambiente de Impressão

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\Modelos

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\Meus Documentos

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\Menu Iniciar

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\Documents\Minhas Músicas

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\Documents\Minhas Imagens

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\Documents\Meus Vídeos

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\Dados de Aplicativos

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\Configurações Locais

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\AppData\Roaming\Microsoft\Windows\Start Menu\Programas

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\AppData\Local\Histórico

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\AppData\Local\Dados de Aplicativos

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\Ambiente de Rede

2016-05-29 11:25 - 2016-05-29 11:25 - 00000000 _SHDL C:\Users\Lucas Almeida\Ambiente de Impressão

2016-05-29 11:24 - 2016-05-30 04:10 - 02100148 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-05-29 11:24 - 2016-05-29 11:24 - 02004266 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

2016-05-29 11:20 - 2016-06-01 19:30 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA

2016-05-29 11:20 - 2016-06-01 19:30 - 00000000 ____D C:\ProgramData\NVIDIA

2016-05-29 11:20 - 2016-05-29 11:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2016-05-29 11:20 - 2016-01-29 07:49 - 06791736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

2016-05-29 11:20 - 2016-01-29 07:49 - 03529152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll

2016-05-29 11:20 - 2016-01-29 07:49 - 02558328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll

2016-05-29 11:20 - 2016-01-29 07:49 - 00932728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe

2016-05-29 11:20 - 2016-01-29 07:49 - 00384888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll

2016-05-29 11:20 - 2016-01-29 07:49 - 00062512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll

2016-05-29 11:20 - 2016-01-28 13:29 - 06150607 _____ C:\WINDOWS\system32\nvcoproc.bin

2016-05-29 11:19 - 2016-05-29 11:35 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation

2016-05-29 11:19 - 2016-05-29 11:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2016-05-29 11:19 - 2016-05-29 11:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2016-05-29 11:11 - 2016-05-29 12:00 - 00000000 ___DC C:\WINDOWS\Panther

2016-05-29 11:06 - 2016-05-29 11:06 - 00000000 ____D C:\Windows.old

2016-05-29 11:04 - 2015-10-29 19:44 - 02455040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0011.dll

2016-05-29 11:04 - 2015-10-29 19:43 - 07702528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0011.dll

2016-05-29 11:04 - 2015-10-29 19:33 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70011.dll

2016-05-29 11:04 - 2015-10-29 19:30 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70011.dll

2016-05-29 11:04 - 2015-10-29 19:29 - 07563264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0011.dll

2016-05-29 11:04 - 2015-10-29 19:27 - 07338496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0011.dll

2016-05-29 11:04 - 2015-03-30 17:52 - 00002060 _____ C:\WINDOWS\system32\noise.jpn

2016-05-29 11:04 - 2015-03-30 17:36 - 00002060 _____ C:\WINDOWS\SysWOW64\noise.jpn

2016-05-29 11:02 - 2015-10-29 19:43 - 09893888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000a.dll

2016-05-29 11:02 - 2015-10-29 19:42 - 09893888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000a.dll

2016-05-29 11:02 - 2015-10-29 19:26 - 09687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000a.dll

2016-05-29 11:02 - 2015-10-29 19:24 - 09566208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000a.dll

2016-05-29 11:01 - 2015-10-29 19:43 - 05739520 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll

2016-05-29 11:01 - 2015-10-29 19:43 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll

2016-05-29 11:01 - 2015-10-29 19:41 - 02629632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll

2016-05-29 11:01 - 2015-10-29 19:25 - 06359040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll

2016-05-29 11:01 - 2015-10-29 19:24 - 04847616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll

2016-05-29 10:18 - 2016-05-29 10:18 - 00008192 _____ C:\WINDOWS\system32\config\userdiff

2016-05-29 10:16 - 2016-05-29 11:45 - 00000000 ____D C:\Program Files\MSBuild

2016-05-29 10:16 - 2016-05-29 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer

2016-05-29 10:16 - 2016-05-29 11:35 - 00000000 ____D C:\Program Files (x86)\MSBuild

2016-05-29 10:16 - 2016-05-29 10:16 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices

2016-05-29 10:16 - 2016-05-29 10:16 - 00000000 ____D C:\WINDOWS\system32\msmq

2016-05-29 10:16 - 2016-05-29 10:16 - 00000000 ____D C:\WINDOWS\system32\BestPractices

2016-05-29 10:16 - 2016-05-29 10:16 - 00000000 ____D C:\Program Files\Reference Assemblies

2016-05-29 10:16 - 2016-05-29 10:16 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2016-05-29 10:16 - 2016-05-29 10:16 - 00000000 ____D C:\inetpub

2016-05-29 10:14 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll

2016-05-29 10:14 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2016-05-29 10:14 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2016-05-29 10:14 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2016-05-29 10:14 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2016-05-29 10:14 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2016-05-29 10:13 - 2016-05-29 10:13 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2016-05-29 10:13 - 2016-05-29 10:13 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe

2016-05-29 10:13 - 2016-05-29 10:13 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2016-05-29 10:13 - 2016-05-29 10:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2016-05-29 09:13 - 2015-10-30 04:18 - 00000001 ___SH C:\BOOTNXT

2016-05-29 08:53 - 2016-05-29 11:56 - 00014259 _____ C:\WINDOWS\diagerr.xml

2016-05-29 08:53 - 2016-05-29 11:56 - 00013338 _____ C:\WINDOWS\diagwrn.xml

2016-05-29 00:06 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

2016-05-29 00:06 - 2016-05-29 00:07 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack

2016-05-29 00:06 - 2012-06-09 14:21 - 00178688 _____ C:\WINDOWS\SysWOW64\unrar.dll

2016-05-28 23:35 - 2016-05-28 23:35 - 00000364 _____ C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-HomePC-Lucas Almeida.job

2016-05-28 23:31 - 2016-06-01 19:34 - 00001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk

2016-05-28 23:31 - 2016-05-28 23:31 - 00000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe

2016-05-28 23:31 - 2016-05-28 23:31 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2016-05-28 23:29 - 2016-06-01 19:34 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk

2016-05-28 23:29 - 2016-06-01 19:34 - 00001392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk

2016-05-28 23:29 - 2016-06-01 19:34 - 00001380 _____ C:\Users\Todos os Usuários\Desktop\Adobe Application Manager.lnk

2016-05-28 23:29 - 2016-06-01 19:34 - 00001380 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk

2016-05-28 23:29 - 2016-06-01 19:34 - 00001380 _____ C:\ProgramData\Desktop\Adobe Application Manager.lnk

2016-05-28 23:21 - 2016-05-30 00:50 - 00211604 _____ C:\WINDOWS\ntbtlog.txt

2016-05-28 17:22 - 2016-05-28 17:22 - 00000000 ____D C:\Users\Nina\AppData\Roaming\AVAST Software

2016-05-28 15:16 - 2016-05-28 15:16 - 00000000 ____D C:\Users\Nina\AppData\Local\Adobe

2016-05-28 15:15 - 2016-05-28 15:15 - 00000000 ____D C:\Users\Nina\AppData\Local\NVIDIA Corporation

2016-05-28 15:13 - 2016-05-28 15:16 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Adobe

2016-05-28 14:22 - 2016-05-28 14:22 - 00000000 ____D C:\Users\Nina\AppData\Local\NVIDIA

2016-05-28 14:07 - 2016-05-28 14:07 - 00000000 ____D C:\Users\Nina\AppData\Local\Google

2016-05-28 13:52 - 2016-05-26 20:16 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Macromedia

2016-05-28 13:52 - 2011-04-12 11:20 - 00000000 ____D C:\Users\Nina\AppData\Roaming\Media Center Programs

2016-05-28 07:34 - 2016-05-28 07:34 - 00000000 ____D C:\Users\Lucas Almeida\Documents\WebMatrix Solutions

2016-05-28 07:31 - 2016-06-01 19:33 - 00001580 _____ C:\Users\Lucas Almeida\Desktop\Microsoft WebMatrix.lnk

2016-05-28 07:30 - 2016-05-28 07:30 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Microsoft Corporation

2016-05-28 07:29 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft WebMatrix

2016-05-28 07:29 - 2016-05-29 11:34 - 00000000 ____D C:\Program Files\IIS

2016-05-28 07:29 - 2016-05-28 07:29 - 00000000 ____D C:\Program Files (x86)\Microsoft WebMatrix

2016-05-28 07:29 - 2016-05-28 07:29 - 00000000 ____D C:\Program Files (x86)\IIS

2016-05-28 07:27 - 2016-06-01 19:34 - 00002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk

2016-05-28 07:16 - 2016-05-28 07:16 - 00000000 ____D C:\Users\Lucas Almeida\Documents\My Web Sites

2016-05-28 07:16 - 2016-05-28 07:16 - 00000000 ____D C:\Users\Lucas Almeida\Documents\IISExpress

2016-05-27 21:29 - 2016-05-29 01:34 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\MPC-HC

2016-05-27 21:28 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64

2016-05-27 21:28 - 2016-05-27 21:28 - 00000000 ____D C:\Program Files\MPC-HC

2016-05-27 20:17 - 2016-05-28 07:17 - 00000000 ____D C:\Users\Lucas Almeida\Documents\Visual Studio 2012

2016-05-27 20:11 - 2016-05-29 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK

2016-05-27 20:10 - 2016-05-29 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK

2016-05-27 20:03 - 2016-05-27 20:04 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2016-05-27 20:03 - 2016-05-27 20:03 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition

2016-05-27 20:00 - 2016-05-27 20:00 - 00000000 ____D C:\Program Files\Application Verifier

2016-05-27 20:00 - 2016-05-27 20:00 - 00000000 ____D C:\Program Files (x86)\Application Verifier

2016-05-27 19:59 - 2016-05-27 19:59 - 00000000 ____D C:\Users\Todos os Usuários\Windows App Certification Kit

2016-05-27 19:59 - 2016-05-27 19:59 - 00000000 ____D C:\ProgramData\Windows App Certification Kit

2016-05-27 19:55 - 2016-05-29 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits

2016-05-27 19:53 - 2016-05-27 19:53 - 00000000 ____D C:\Users\Todos os Usuários\PreEmptive Solutions

2016-05-27 19:53 - 2016-05-27 19:53 - 00000000 ____D C:\ProgramData\PreEmptive Solutions

2016-05-27 19:49 - 2016-05-27 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET

2016-05-27 19:48 - 2016-05-27 19:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools

2016-05-27 19:47 - 2016-05-27 19:47 - 00000000 ____D C:\Program Files\IIS Express

2016-05-27 19:47 - 2016-05-27 19:47 - 00000000 ____D C:\Program Files (x86)\IIS Express

2016-05-27 19:46 - 2016-05-27 19:46 - 00000000 ____D C:\Program Files (x86)\NuGet

2016-05-27 19:45 - 2016-05-27 19:45 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services

2016-05-27 19:26 - 2016-05-27 19:26 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop

2016-05-27 19:25 - 2016-05-27 19:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer

2016-05-27 06:32 - 2016-05-27 06:33 - 00410872 _____ C:\WINDOWS\system32\perfh011.dat

2016-05-27 06:32 - 2016-05-27 06:33 - 00122198 _____ C:\WINDOWS\system32\perfc011.dat

2016-05-27 06:32 - 2016-05-27 01:47 - 00141988 _____ C:\WINDOWS\system32\perfi011.dat

2016-05-27 06:32 - 2016-05-27 01:47 - 00031548 _____ C:\WINDOWS\system32\perfd011.dat

2016-05-27 06:24 - 2016-05-27 06:24 - 00000000 ____D C:\WINDOWS\SysWOW64\ja

2016-05-27 06:24 - 2016-05-27 06:24 - 00000000 ____D C:\WINDOWS\SysWOW64\0411

2016-05-27 06:23 - 2016-05-27 06:23 - 00000000 ____D C:\WINDOWS\system32\ja

2016-05-27 06:23 - 2016-05-27 06:23 - 00000000 ____D C:\WINDOWS\system32\0411

2016-05-27 00:27 - 2016-05-29 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\1033

2016-05-27 00:26 - 2016-05-27 20:06 - 00000000 ____D C:\Program Files\Microsoft SQL Server

2016-05-27 00:03 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012

2016-05-27 00:02 - 2016-05-29 11:45 - 00000000 ____D C:\WINDOWS\system32\1033

2016-05-27 00:01 - 2016-05-27 00:01 - 00000000 ____D C:\WINDOWS\symbols

2016-05-27 00:01 - 2016-05-27 00:01 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 11.0

2016-05-26 20:17 - 2016-06-01 19:34 - 00001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk

2016-05-26 20:17 - 2016-06-01 19:34 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

2016-05-26 20:16 - 2016-06-01 19:34 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk

2016-05-26 17:26 - 2016-05-26 17:26 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\GWX

2016-05-26 16:17 - 2016-05-27 06:32 - 00739550 _____ C:\WINDOWS\system32\perfh00A.dat

2016-05-26 16:17 - 2016-05-27 06:32 - 00158572 _____ C:\WINDOWS\system32\perfc00A.dat

2016-05-26 16:17 - 2016-05-26 15:06 - 00341432 _____ C:\WINDOWS\system32\perfi00A.dat

2016-05-26 16:17 - 2016-05-26 15:06 - 00041390 _____ C:\WINDOWS\system32\perfd00A.dat

2016-05-26 16:08 - 2016-05-26 16:08 - 00000000 ____D C:\WINDOWS\SysWOW64\es

2016-05-26 16:08 - 2016-05-26 16:08 - 00000000 ____D C:\WINDOWS\SysWOW64\0C0A

2016-05-26 16:08 - 2016-05-26 16:08 - 00000000 ____D C:\WINDOWS\system32\es

2016-05-26 16:08 - 2016-05-26 16:08 - 00000000 ____D C:\WINDOWS\system32\0C0A

2016-05-26 15:17 - 2010-08-12 11:46 - 00758272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\cohelper.dll

2016-05-26 15:17 - 2010-08-09 22:33 - 00011164 _____ C:\WINDOWS\system32\Drivers\nvphy.bin

2016-05-26 12:00 - 2016-05-26 12:00 - 00000000 ____D C:\Users\Lucas Almeida\Documents\Modelos Personalizados do Office

2016-05-25 20:51 - 2016-05-25 22:39 - 00000000 ____D C:\Users\Lucas Almeida\VirtualBox VMs

2016-05-25 20:41 - 2016-05-25 23:21 - 00000000 ____D C:\Users\Lucas Almeida\.VirtualBox

2016-05-25 20:00 - 2016-05-31 20:00 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForLucas Almeida.job

2016-05-25 20:00 - 2016-05-29 11:55 - 00003344 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLucas Almeida

2016-05-23 23:23 - 2016-06-01 19:34 - 00001076 _____ C:\Users\Todos os Usuários\Desktop\Oracle VM VirtualBox.lnk

2016-05-23 23:23 - 2016-06-01 19:34 - 00001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk

2016-05-23 23:23 - 2016-06-01 19:34 - 00001076 _____ C:\ProgramData\Desktop\Oracle VM VirtualBox.lnk

2016-05-23 23:23 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox

2016-05-23 23:23 - 2016-05-23 23:23 - 00000000 ____D C:\Program Files\Oracle

2016-05-23 23:23 - 2016-04-28 15:05 - 00916520 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys

2016-05-23 23:23 - 2016-04-28 15:05 - 00143568 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys

2016-05-23 19:28 - 2016-05-27 20:12 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs

2016-05-23 19:28 - 2016-05-27 19:36 - 00000000 ____D C:\Program Files (x86)\Windows Kits

2016-05-23 19:17 - 2016-05-23 19:17 - 00000000 ____D C:\Users\Lucas Almeida\AppData\LocalLow\Adobe

2016-05-23 19:16 - 2016-05-29 11:55 - 00003996 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2016-05-23 19:14 - 2016-06-01 19:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-05-23 19:14 - 2016-06-01 19:34 - 00002047 _____ C:\Users\Todos os Usuários\Desktop\Acrobat Reader DC.lnk

2016-05-23 19:14 - 2016-06-01 19:34 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

2016-05-23 19:14 - 2016-06-01 19:34 - 00002047 _____ C:\ProgramData\Desktop\Acrobat Reader DC.lnk

2016-05-23 19:14 - 2016-05-28 23:31 - 00000000 ____D C:\Program Files (x86)\Adobe

2016-05-23 18:54 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Storage Toolbox

2016-05-23 18:54 - 2016-05-23 18:54 - 00000000 ____D C:\Program Files (x86)\USBToolbox

2016-05-23 18:25 - 2016-05-28 23:29 - 00000000 ____D C:\Users\Todos os Usuários\Adobe

2016-05-23 18:25 - 2016-05-28 23:29 - 00000000 ____D C:\ProgramData\Adobe

2016-05-23 03:48 - 2016-06-01 19:33 - 00002822 _____ C:\Users\Lucas Almeida\Desktop\Outlook 2013.lnk

2016-05-23 03:47 - 2016-06-01 19:33 - 00002883 _____ C:\Users\Lucas Almeida\Desktop\Word 2013.lnk

2016-05-23 03:47 - 2016-06-01 19:33 - 00002803 _____ C:\Users\Lucas Almeida\Desktop\Excel 2013.lnk

2016-05-23 03:41 - 2016-05-30 00:14 - 00000000 ____D C:\Program Files\KMSpico

2016-05-23 03:41 - 2016-05-29 11:55 - 00003486 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart

2016-05-23 03:41 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico

2016-05-23 03:34 - 2016-05-23 03:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf

2016-05-23 03:34 - 2016-05-23 03:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf

2016-05-23 03:32 - 2016-06-01 19:34 - 00000967 _____ C:\Users\Todos os Usuários\Desktop\DS3 Tool.lnk

2016-05-23 03:32 - 2016-06-01 19:34 - 00000967 _____ C:\Users\Public\Desktop\DS3 Tool.lnk

2016-05-23 03:32 - 2016-06-01 19:34 - 00000967 _____ C:\ProgramData\Desktop\DS3 Tool.lnk

2016-05-23 03:32 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy

2016-05-23 03:32 - 2016-05-23 03:32 - 00000000 ____D C:\Program Files\MotioninJoy

2016-05-23 03:32 - 2012-05-12 12:31 - 00121416 _____ (MotioninJoy) C:\WINDOWS\system32\Drivers\MijXfilt.sys

2016-05-23 03:32 - 2011-12-07 19:42 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll

2016-05-23 03:32 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\WINDOWS\system32\MijFrc.dll

2016-05-23 03:32 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xusb21.sys

2016-05-23 03:30 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2016-05-23 03:28 - 2016-06-01 19:33 - 00000508 _____ C:\Users\Lucas Almeida\Desktop\Windows 7 ©.lnk

2016-05-23 03:28 - 2016-06-01 19:33 - 00000496 _____ C:\Users\Lucas Almeida\Desktop\Windows 10 (E).lnk

2016-05-23 03:28 - 2016-06-01 19:33 - 00000490 _____ C:\Users\Lucas Almeida\Desktop\Windows XP (D).lnk

2016-05-23 03:26 - 2016-05-27 20:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server

2016-05-23 03:24 - 2016-05-23 03:34 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help

2016-05-23 03:24 - 2016-05-23 03:24 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Microsoft Help

2016-05-23 03:24 - 2016-05-23 03:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

2016-05-23 03:23 - 2016-05-23 03:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2016-05-23 03:23 - 2016-05-23 03:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform

2016-05-23 03:22 - 2016-06-01 19:33 - 00001511 _____ C:\Users\Lucas Almeida\Desktop\Windows Media Player (2).lnk

2016-05-23 03:22 - 2016-05-23 03:22 - 00000000 ____D C:\Program Files\Microsoft Office

2016-05-23 03:20 - 2016-05-23 03:20 - 00000000 __RHD C:\MSOCache

2016-05-23 03:19 - 2016-05-23 03:19 - 00000000 ____D C:\WINDOWS\CSC

2016-05-23 03:17 - 2016-05-29 09:13 - 00008192 __RSH C:\BOOTSECT.BAK

2016-05-23 03:17 - 2015-10-30 04:09 - 00400228 __RSH C:\bootmgr

2016-05-23 03:12 - 2016-05-23 03:12 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images

2016-05-23 03:12 - 2016-05-23 03:12 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Disc_Soft_Ltd

2016-05-23 03:08 - 2016-05-23 03:08 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys

2016-05-23 03:07 - 2016-06-01 19:34 - 00001817 _____ C:\Users\Todos os Usuários\Desktop\DAEMON Tools Lite.lnk

2016-05-23 03:07 - 2016-06-01 19:34 - 00001817 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

2016-05-23 03:07 - 2016-06-01 19:34 - 00001817 _____ C:\ProgramData\Desktop\DAEMON Tools Lite.lnk

2016-05-23 03:07 - 2016-06-01 18:24 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\DAEMON Tools Lite

2016-05-23 03:07 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite

2016-05-23 03:07 - 2016-05-23 03:07 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys

2016-05-23 03:06 - 2016-05-23 03:08 - 00000000 ____D C:\Program Files\DAEMON Tools Lite

2016-05-23 03:06 - 2016-05-23 03:06 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite

2016-05-23 03:06 - 2016-05-23 03:06 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite

2016-05-23 03:02 - 2016-06-01 19:33 - 00001621 _____ C:\Users\Lucas Almeida\Desktop\Spybot - Search & Destroy.lnk

2016-05-23 03:01 - 2016-05-30 06:24 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy

2016-05-23 03:01 - 2016-05-30 06:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2016-05-23 03:00 - 2016-06-01 19:33 - 00000987 _____ C:\Users\Lucas Almeida\Desktop\Sonic Adventure 2.lnk

2016-05-23 02:58 - 2016-06-01 19:33 - 00001036 _____ C:\Users\Lucas Almeida\Desktop\Sonic the Hedgehog 4 - Episode II.lnk

2016-05-23 02:58 - 2016-05-23 02:58 - 00000000 ____D C:\Users\Todos os Usuários\RELOADED

2016-05-23 02:58 - 2016-05-23 02:58 - 00000000 ____D C:\ProgramData\RELOADED

2016-05-23 02:57 - 2016-06-01 19:33 - 00000930 _____ C:\Users\Lucas Almeida\Desktop\Sonic Lost World.lnk

2016-05-23 02:56 - 2016-06-01 19:33 - 00001766 _____ C:\Users\Lucas Almeida\Desktop\Sonic Heroes.lnk

2016-05-23 02:56 - 2016-05-23 02:56 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Steam

2016-05-23 02:51 - 2016-06-01 19:33 - 00001692 _____ C:\Users\Lucas Almeida\Desktop\Sonic Adventure DX.lnk

2016-05-23 02:49 - 2016-05-23 02:49 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\MotioninJoy

2016-05-23 02:47 - 2016-06-01 19:33 - 00001933 _____ C:\Users\Lucas Almeida\Desktop\ISIS.lnk

2016-05-23 02:47 - 2016-06-01 19:33 - 00001933 _____ C:\Users\Lucas Almeida\Desktop\ARES.lnk

2016-05-23 02:44 - 2016-05-23 02:44 - 00000000 ____D C:\Users\Public\Documents\Downloaded Data Sheets

2016-05-23 02:44 - 2016-05-23 02:44 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\NVIDIA

2016-05-23 02:44 - 2016-05-23 02:44 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Labcenter Electronics

2016-05-23 02:43 - 2016-06-01 19:33 - 00001801 _____ C:\Users\Lucas Almeida\Desktop\Media Player Classic.lnk

2016-05-23 02:43 - 2016-05-29 01:34 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Media Player Classic

2016-05-23 02:42 - 2016-06-01 19:33 - 00001055 _____ C:\Users\Lucas Almeida\Desktop\The Battle for Middle-earth.lnk

2016-05-23 02:37 - 2016-05-30 06:41 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2016-05-23 02:37 - 2016-05-23 02:38 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\My Battle for Middle-earth Files

2016-05-23 02:36 - 2016-06-01 19:33 - 00001698 _____ C:\Users\Lucas Almeida\Desktop\IFSCL 3.1.3.c.lnk

2016-05-23 02:36 - 2016-05-23 02:36 - 00000000 ____D C:\Users\Todos os Usuários\CyberLink

2016-05-23 02:36 - 2016-05-23 02:36 - 00000000 ____D C:\Users\Lucas Almeida\Documents\CyberLink

2016-05-23 02:36 - 2016-05-23 02:36 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\CyberLink

2016-05-23 02:36 - 2016-05-23 02:36 - 00000000 ____D C:\ProgramData\CyberLink

2016-05-23 02:34 - 2016-05-23 02:34 - 00000000 ____D C:\Users\Lucas Almeida\Documents\CodeLyokoGames

2016-05-23 02:34 - 2016-05-23 02:34 - 00000000 ____D C:\Users\Lucas Almeida\AppData\LocalLow\CodeLyokoGames

2016-05-23 02:20 - 2016-05-23 02:29 - 00206122 _____ C:\WINDOWS\hplj1010.hi2

2016-05-23 02:20 - 2016-05-23 02:29 - 00013471 _____ C:\WINDOWS\hplj1010.bu2

2016-05-23 02:17 - 2016-05-23 02:17 - 00000228 _____ C:\Users\Lucas Almeida\Desktop\The Legend of Heroes Trails in the Sky.url

2016-05-23 02:17 - 2016-05-23 02:17 - 00000228 _____ C:\Users\Lucas Almeida\Desktop\Mugen Souls.url

2016-05-23 02:16 - 2016-05-23 02:33 - 00113787 _____ C:\WINDOWS\hplj1010.hi1

2016-05-23 02:16 - 2016-05-23 02:33 - 00009109 _____ C:\WINDOWS\hplj1010.bu1

2016-05-23 02:15 - 2016-05-23 03:40 - 00045056 _____ (Northern Codeworks) C:\WINDOWS\NCUNINST.EXE

2016-05-23 02:11 - 2016-05-23 03:40 - 00208833 _____ C:\WINDOWS\hplj1010.his

2016-05-23 02:11 - 2016-05-23 03:40 - 00013579 _____ C:\WINDOWS\hplj1010.ini

2016-05-23 02:10 - 2016-05-23 02:10 - 00000000 ____D C:\lj1010seriesprintsys

2016-05-23 02:08 - 2016-05-31 20:33 - 00000000 ____D C:\Users\Lucas Almeida\Documents\My Games

2016-05-23 02:07 - 2016-05-23 02:07 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Steam

2016-05-23 02:07 - 2016-05-23 02:07 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\CEF

2016-05-23 02:05 - 2016-05-25 20:00 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Hewlett-Packard

2016-05-23 02:05 - 2016-05-23 02:05 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Hewlett-Packard

2016-05-23 02:04 - 2016-06-01 19:33 - 00001010 _____ C:\Users\Lucas Almeida\Desktop\Assasin's Creed Brotherhood.lnk

2016-05-23 02:04 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2016-05-23 02:04 - 2016-05-23 02:04 - 00000000 ____D C:\System.sav

2016-05-23 02:03 - 2016-06-01 19:33 - 00000970 _____ C:\Users\Lucas Almeida\Desktop\Assasin's Creed III.lnk

2016-05-23 02:03 - 2016-05-25 20:00 - 00000000 ____D C:\Users\Todos os Usuários\Hewlett-Packard

2016-05-23 02:03 - 2016-05-25 20:00 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2016-05-23 02:03 - 2016-05-23 18:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2016-05-23 02:03 - 2016-05-23 02:03 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\hpqLog

2016-05-23 02:01 - 2016-05-25 20:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard

2016-05-23 02:01 - 2016-05-23 02:01 - 00000000 ____D C:\Users\Lucas Almeida\Documents\Assassin's Creed III

2016-05-23 02:01 - 2016-05-23 02:01 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\storage

2016-05-23 02:00 - 2016-05-29 01:33 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\CrashDumps

2016-05-23 02:00 - 2016-05-23 03:40 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard

2016-05-23 01:59 - 2016-06-01 19:33 - 00001579 _____ C:\Users\Lucas Almeida\Desktop\Assassin's Creed.lnk

2016-05-23 01:58 - 2016-05-23 02:04 - 00000000 ____D C:\Users\Todos os Usuários\Ubisoft

2016-05-23 01:58 - 2016-05-23 02:04 - 00000000 ____D C:\ProgramData\Ubisoft

2016-05-23 01:58 - 2016-05-23 02:00 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Ubisoft

2016-05-23 01:55 - 2016-06-01 19:33 - 00001582 _____ C:\Users\Lucas Almeida\Desktop\MU C.A..lnk

2016-05-23 01:53 - 2016-06-01 19:34 - 00000856 _____ C:\Users\Todos os Usuários\Desktop\WinRAR.lnk

2016-05-23 01:53 - 2016-06-01 19:34 - 00000856 _____ C:\Users\Public\Desktop\WinRAR.lnk

2016-05-23 01:53 - 2016-06-01 19:34 - 00000856 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk

2016-05-23 01:53 - 2016-06-01 19:34 - 00000856 _____ C:\ProgramData\Desktop\WinRAR.lnk

2016-05-23 01:53 - 2016-05-29 11:45 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2016-05-23 01:53 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2016-05-23 01:51 - 2016-05-23 01:51 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\WinRAR

2016-05-23 01:49 - 2016-05-23 01:49 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\ElevatedDiagnostics

2016-05-23 01:45 - 2016-05-23 01:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2016-05-23 01:34 - 2016-06-01 19:34 - 00000866 _____ C:\Users\Todos os Usuários\Desktop\CCleaner.lnk

2016-05-23 01:34 - 2016-06-01 19:34 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-05-23 01:34 - 2016-06-01 19:34 - 00000866 _____ C:\ProgramData\Desktop\CCleaner.lnk

2016-05-23 01:34 - 2016-05-29 11:55 - 00002912 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2016-05-23 01:34 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2016-05-23 01:34 - 2016-05-23 01:34 - 00000000 ____D C:\Program Files\CCleaner

2016-05-23 01:33 - 2016-06-01 19:34 - 00002246 _____ C:\Users\Lucas Almeida\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk

2016-05-23 01:33 - 2016-06-01 19:33 - 00002302 _____ C:\Users\Lucas Almeida\Desktop\BitTorrent.lnk

2016-05-23 01:32 - 2016-06-01 18:24 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\BitTorrent

2016-05-23 01:31 - 2016-05-23 01:31 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Macromedia

2016-05-23 01:31 - 2016-05-23 01:31 - 00000000 ____D C:\Users\Lucas Almeida\AppData\LocalLow\Unity

2016-05-23 01:31 - 2016-05-23 01:31 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Unity

2016-05-23 01:31 - 2016-05-23 01:31 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Macromedia

2016-05-23 01:30 - 2016-05-23 01:30 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Sun

2016-05-23 01:30 - 2016-05-23 01:30 - 00000000 ____D C:\Users\Lucas Almeida\AppData\LocalLow\Sun

2016-05-23 01:30 - 2016-05-23 01:30 - 00000000 ____D C:\Users\Lucas Almeida\.oracle_jre_usage

2016-05-23 01:29 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-05-23 01:29 - 2016-05-23 01:30 - 00000000 ____D C:\Users\Todos os Usuários\Oracle

2016-05-23 01:29 - 2016-05-23 01:30 - 00000000 ____D C:\ProgramData\Oracle

2016-05-23 01:29 - 2016-05-23 01:29 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2016-05-23 01:29 - 2016-05-23 01:29 - 00000000 ____D C:\Program Files (x86)\Java

2016-05-23 01:28 - 2016-05-23 01:28 - 00000000 ____D C:\Users\Lucas Almeida\AppData\LocalLow\Oracle

2016-05-23 01:27 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-05-23 01:27 - 2016-05-23 01:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-05-23 01:27 - 2016-05-23 01:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2016-05-23 01:25 - 2016-05-28 23:35 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Adobe

2016-05-23 01:19 - 2016-05-23 01:19 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies

2016-05-23 01:18 - 2016-01-29 06:04 - 00614848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe

2016-05-23 01:17 - 2016-05-23 01:17 - 00000000 ____D C:\temp

2016-05-23 01:17 - 2016-01-29 09:08 - 00082488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll

2016-05-23 01:09 - 2016-06-01 19:34 - 00001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk

2016-05-23 01:09 - 2016-05-29 11:55 - 00004002 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1463976530

2016-05-23 01:07 - 2016-05-23 01:07 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

2016-05-23 01:06 - 2016-05-23 01:06 - 00000000 ____D C:\Users\Lucas Almeida\Documents\iMacros

2016-05-23 01:05 - 2016-05-23 01:20 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\NVIDIA Corporation

2016-05-23 01:04 - 2016-05-23 01:04 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\AVAST Software

2016-05-23 01:03 - 2016-06-01 19:34 - 00001966 _____ C:\Users\Todos os Usuários\Desktop\Avast Premier.lnk

2016-05-23 01:03 - 2016-06-01 19:34 - 00001966 _____ C:\Users\Public\Desktop\Avast Premier.lnk

2016-05-23 01:03 - 2016-06-01 19:34 - 00001966 _____ C:\ProgramData\Desktop\Avast Premier.lnk

2016-05-23 01:03 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2016-05-23 01:03 - 2016-05-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2016-05-23 01:03 - 2016-05-23 01:08 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\NVIDIA

2016-05-23 01:03 - 2016-05-02 02:39 - 01377800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll

2016-05-23 01:03 - 2016-05-02 02:39 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll

2016-05-23 01:03 - 2016-05-02 02:38 - 01767944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll

2016-05-23 01:03 - 2016-05-02 02:38 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll

2016-05-23 01:03 - 2016-05-02 02:38 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll

2016-05-23 01:01 - 2016-06-01 19:36 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update

2016-05-23 01:01 - 2016-05-29 12:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software

2016-05-23 01:01 - 2016-05-29 01:29 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache

2016-05-23 01:01 - 2016-05-29 01:29 - 00000000 ____D C:\ProgramData\Package Cache

2016-05-23 01:01 - 2016-05-23 01:19 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2016-05-23 01:01 - 2016-05-23 01:01 - 00000000 ____D C:\Program Files\Common Files\AV

2016-05-23 01:01 - 2016-04-14 02:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll

2016-05-23 01:01 - 2016-04-14 02:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

2016-05-23 01:01 - 2016-04-14 02:38 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

2016-05-23 01:00 - 2016-06-01 19:33 - 00000802 _____ C:\Users\Lucas Almeida\Desktop\Meus Documentos (old).lnk

2016-05-23 01:00 - 2016-05-23 01:00 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2016-05-23 01:00 - 2016-05-23 01:00 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2016-05-23 01:00 - 2016-05-23 01:00 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys

2016-05-23 01:00 - 2016-05-23 01:00 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2016-05-23 01:00 - 2016-05-23 01:00 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2016-05-23 01:00 - 2016-05-23 01:00 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2016-05-23 01:00 - 2016-05-23 01:00 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2016-05-23 01:00 - 2016-05-23 01:00 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2016-05-23 01:00 - 2016-05-23 01:00 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2016-05-23 01:00 - 2016-05-23 00:59 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2016-05-23 01:00 - 2016-05-23 00:59 - 00536312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys

2016-05-23 01:00 - 2015-05-15 20:00 - 00001787 _____ C:\Users\Lucas Almeida\Documents\license2016.avastlic

2016-05-23 00:59 - 2016-05-23 00:59 - 00028312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetNd6.sys

2016-05-23 00:58 - 2016-05-23 01:07 - 00000000 ____D C:\Program Files\AVAST Software

2016-05-23 00:57 - 2016-05-23 01:07 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software

2016-05-23 00:57 - 2016-05-23 01:07 - 00000000 ____D C:\ProgramData\AVAST Software

2016-05-23 00:50 - 2016-06-01 19:34 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-05-23 00:50 - 2016-06-01 19:34 - 00001147 _____ C:\Users\Todos os Usuários\Desktop\Mozilla Firefox.lnk

2016-05-23 00:50 - 2016-06-01 19:34 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2016-05-23 00:50 - 2016-06-01 19:34 - 00001147 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk

2016-05-23 00:50 - 2016-05-23 03:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-05-23 00:50 - 2016-05-23 00:56 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Mozilla

2016-05-23 00:50 - 2016-05-23 00:50 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Mozilla

2016-05-23 00:50 - 2016-05-23 00:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-05-23 00:48 - 2016-06-01 19:34 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-05-23 00:48 - 2016-06-01 19:34 - 00002253 _____ C:\Users\Todos os Usuários\Desktop\Google Chrome.lnk

2016-05-23 00:48 - 2016-06-01 19:34 - 00002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-05-23 00:48 - 2016-06-01 19:34 - 00002253 _____ C:\ProgramData\Desktop\Google Chrome.lnk

2016-05-23 00:47 - 2016-06-01 19:36 - 00001066 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-05-23 00:47 - 2016-06-01 18:59 - 00001070 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-05-23 00:47 - 2016-05-29 11:55 - 00004176 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2016-05-23 00:47 - 2016-05-29 11:55 - 00003924 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2016-05-23 00:47 - 2016-05-27 20:17 - 00113872 _____ C:\Users\Lucas Almeida\AppData\Local\GDIPFONTCACHEV1.DAT

2016-05-23 00:47 - 2016-05-26 13:31 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Google

2016-05-23 00:47 - 2016-05-23 00:48 - 00000000 ____D C:\Program Files (x86)\Google

2016-05-23 00:46 - 2016-05-30 06:27 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\Apps\2.0

2016-05-23 00:39 - 2016-05-28 23:35 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Adobe

2016-05-23 00:39 - 2016-05-23 00:39 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Local\VirtualStore

2016-05-23 00:39 - 2011-04-12 11:20 - 00000000 ____D C:\Users\Lucas Almeida\AppData\Roaming\Media Center Programs

2016-05-23 00:32 - 2016-05-31 22:54 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-05-23 00:32 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll

2016-05-23 00:32 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll

2016-05-23 00:32 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll

2016-05-23 00:32 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll

2016-05-23 00:32 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll

2016-05-23 00:32 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll

2016-05-23 00:32 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll

2016-05-23 00:32 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll

2016-05-23 00:32 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll

2016-05-23 00:32 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll

2016-05-23 00:32 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll

2016-05-23 00:32 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll

2016-05-23 00:32 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll

2016-05-23 00:32 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll

2016-05-23 00:32 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll

2016-05-23 00:32 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll

2016-05-23 00:32 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll

2016-05-23 00:32 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll

2016-05-23 00:32 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll

2016-05-23 00:32 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll

2016-05-23 00:32 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll

2016-05-23 00:32 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll

2016-05-23 00:32 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll

2016-05-23 00:32 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll

2016-05-23 00:32 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll

2016-05-23 00:32 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll

2016-05-23 00:32 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll

2016-05-23 00:32 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll

2016-05-23 00:32 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll

2016-05-23 00:32 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll

2016-05-23 00:32 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll

2016-05-23 00:32 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll

2016-05-23 00:32 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll

2016-05-23 00:32 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll

2016-05-23 00:32 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll

2016-05-23 00:32 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll

2016-05-23 00:32 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll

2016-05-23 00:32 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll

2016-05-23 00:32 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll

2016-05-23 00:32 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll

2016-05-23 00:32 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll

2016-05-23 00:32 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll

2016-05-23 00:32 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll

2016-05-23 00:32 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll

2016-05-23 00:32 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll

2016-05-23 00:32 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll

2016-05-23 00:32 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll

2016-05-23 00:32 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll

2016-05-23 00:32 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll

2016-05-23 00:32 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll

2016-05-23 00:32 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll

2016-05-23 00:32 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll

2016-05-23 00:32 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll

2016-05-23 00:32 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll

2016-05-23 00:32 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll

2016-05-23 00:32 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll

2016-05-23 00:32 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll

2016-05-23 00:32 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll

2016-05-23 00:32 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll

2016-05-23 00:32 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll

2016-05-23 00:32 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll

2016-05-23 00:32 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll

2016-05-23 00:32 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll

2016-05-23 00:32 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll

2016-05-23 00:32 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll

2016-05-23 00:32 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll

2016-05-23 00:32 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll

2016-05-23 00:32 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll

2016-05-23 00:32 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll

2016-05-23 00:32 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll

2016-05-23 00:32 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll

2016-05-23 00:32 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll

2016-05-23 00:32 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll

2016-05-23 00:32 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll

2016-05-23 00:32 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll

2016-05-23 00:32 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll

2016-05-23 00:32 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll

2016-05-23 00:32 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll

2016-05-23 00:32 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll

2016-05-23 00:32 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll

2016-05-23 00:32 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll

2016-05-23 00:32 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll

2016-05-23 00:32 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll

2016-05-23 00:32 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll

2016-05-23 00:32 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll

2016-05-23 00:32 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll

2016-05-23 00:32 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll

2016-05-23 00:32 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll

2016-05-23 00:32 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll

2016-05-23 00:32 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll

2016-05-23 00:32 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll

2016-05-23 00:32 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll

2016-05-23 00:32 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll

2016-05-23 00:32 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll

2016-05-23 00:32 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll

2016-05-23 00:32 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll

2016-05-23 00:32 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll

2016-05-23 00:32 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll

2016-05-23 00:32 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll

2016-05-23 00:32 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll

2016-05-23 00:32 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll

2016-05-23 00:32 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll

2016-05-23 00:32 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll

2016-05-23 00:32 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll

2016-05-23 00:32 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll

2016-05-23 00:32 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll

2016-05-23 00:32 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll

2016-05-23 00:32 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll

2016-05-23 00:32 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll

2016-05-23 00:32 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll

2016-05-23 00:31 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll

2016-05-23 00:31 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll

2016-05-23 00:31 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll

2016-05-23 00:31 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll

2016-05-23 00:31 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll

2016-05-23 00:31 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll

2016-05-23 00:31 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll

2016-05-23 00:31 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll

2016-05-23 00:31 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll

2016-05-23 00:31 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll

2016-05-23 00:31 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll

2016-05-23 00:31 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll

2016-05-23 00:31 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll

2016-05-23 00:31 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll

2016-05-23 00:31 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll

2016-05-23 00:31 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll

2016-05-23 00:31 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll

2016-05-23 00:31 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll

2016-05-23 00:31 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll

2016-05-23 00:31 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll

2016-05-23 00:31 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll

2016-05-23 00:31 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll

2016-05-23 00:31 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll

2016-05-23 00:31 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll

2016-05-23 00:31 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll

2016-05-23 00:31 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll

2016-05-23 00:31 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll

2016-05-23 00:31 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll

2016-05-23 00:31 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll

2016-05-23 00:31 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll

2016-05-23 00:31 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll

2016-05-23 00:31 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll

2016-05-23 00:31 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll

2016-05-23 00:31 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll

2016-05-23 00:31 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll

2016-05-23 00:31 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll

2016-05-23 00:31 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll

2016-05-23 00:31 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll

2016-05-23 00:31 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll

2016-05-23 00:31 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll

2016-05-23 00:31 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll

2016-05-23 00:31 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll

2016-05-23 00:31 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll

2016-05-23 00:31 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll

2016-05-23 00:31 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll

2016-05-23 00:31 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll

2016-05-23 00:31 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll

2016-05-23 00:31 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll

2016-05-23 00:31 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll

2016-05-23 00:31 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll

2016-05-23 00:31 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll

2016-05-23 00:31 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll

2016-05-23 00:31 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll

2016-05-23 00:31 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll

2016-05-23 00:31 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll

2016-05-23 00:31 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll

2016-05-23 00:31 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll

2016-05-23 00:31 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll

2016-05-23 00:31 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll

2016-05-23 00:31 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll

2016-05-23 00:31 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll

2016-05-23 00:31 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll

2016-05-23 00:31 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll

2016-05-23 00:31 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll

2016-05-23 00:31 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll

2016-05-23 00:31 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll

2016-05-23 00:31 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll

2016-05-23 00:31 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll

2016-05-23 00:31 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll

2016-05-23 00:31 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll

2016-05-23 00:31 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll

2016-05-23 00:31 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll

2016-05-23 00:28 - 2016-05-23 00:28 - 00400803 __RSH C:\ADEXJ

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Usuário Padrão

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Todos os Usuários\Modelos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Todos os Usuários\Menu Iniciar

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Todos os Usuários\Favoritos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Todos os Usuários\Documentos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Todos os Usuários\Dados de aplicativos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Todos os Usuários

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Public\Documents\Minhas músicas

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Public\Documents\Minhas imagens

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Public\Documents\Meus vídeos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\Modelos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\Meus documentos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\Menu Iniciar

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Minhas músicas

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Minhas imagens

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Meus vídeos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\Dados de aplicativos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\Configurações locais

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\Programas

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Local\Histórico

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Local\Dados de aplicativos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\Ambiente de rede

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Users\Default.migrated\Ambiente de impressão

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\ProgramData\Modelos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\ProgramData\Menu Iniciar

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\ProgramData\Favoritos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\ProgramData\Documentos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\ProgramData\Dados de aplicativos

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Program Files\Common Files\Sistema

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Program Files\Arquivos Comuns

2016-05-23 00:26 - 2016-05-23 00:26 - 00000000 _SHDL C:\Arquivos de Programas

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-01 20:10 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-06-01 19:30 - 2016-02-13 15:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-06-01 19:29 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2016-06-01 19:28 - 2015-10-30 03:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2016-06-01 18:57 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF

2016-06-01 18:32 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-05-31 20:10 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-05-30 19:36 - 2009-07-14 00:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy

2016-05-30 18:43 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\Performance

2016-05-30 18:43 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\InputMethod

2016-05-30 04:11 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\appcompat

2016-05-30 04:10 - 2016-02-13 14:35 - 00890110 _____ C:\WINDOWS\system32\prfh0416.dat

2016-05-30 04:10 - 2016-02-13 14:35 - 00193354 _____ C:\WINDOWS\system32\prfc0416.dat

2016-05-29 23:57 - 2016-02-13 09:10 - 00378312 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-05-29 12:07 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\rescache

2016-05-29 12:01 - 2016-02-13 15:20 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-05-29 11:57 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase

2016-05-29 11:57 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows NT

2016-05-29 11:56 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\Registration

2016-05-29 11:54 - 2015-10-30 04:24 - 00000000 __RSD C:\WINDOWS\Media

2016-05-29 11:54 - 2015-10-30 04:24 - 00000000 __RHD C:\Users\Public\Libraries

2016-05-29 11:45 - 2016-02-13 14:57 - 00000000 ____D C:\WINDOWS\ShellNew

2016-05-29 11:45 - 2015-10-30 04:24 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft

2016-05-29 11:45 - 2015-10-30 04:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-05-29 11:45 - 2015-10-30 03:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2016-05-29 11:43 - 2009-07-14 00:20 - 00000000 ____D C:\Users\Default.migrated

2016-05-29 11:36 - 2016-02-13 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm

2016-05-29 11:36 - 2016-02-13 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN

2016-05-29 11:36 - 2016-02-13 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep

2016-05-29 11:36 - 2016-02-13 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr

2016-05-29 11:36 - 2016-02-13 14:35 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts

2016-05-29 11:36 - 2016-02-13 14:35 - 00000000 ____D C:\WINDOWS\system32\winrm

2016-05-29 11:36 - 2016-02-13 14:35 - 00000000 ____D C:\WINDOWS\system32\WCN

2016-05-29 11:36 - 2016-02-13 14:35 - 00000000 ____D C:\WINDOWS\system32\slmgr

2016-05-29 11:36 - 2016-02-13 14:35 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts

2016-05-29 11:36 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe

2016-05-29 11:36 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI

2016-05-29 11:36 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz

2016-05-29 11:36 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME

2016-05-29 11:36 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-05-29 11:36 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\oobe

2016-05-29 11:36 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\MUI

2016-05-29 11:36 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\IME

2016-05-29 11:36 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

2016-05-29 11:36 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\system32\Dism

2016-05-29 11:35 - 2016-02-13 14:57 - 00000000 ____D C:\Program Files\Windows Journal

2016-05-29 11:35 - 2016-02-13 14:35 - 00000000 ____D C:\WINDOWS\DigitalLocker

2016-05-29 11:35 - 2015-10-30 04:24 - 00000000 __SHD C:\Program Files\Windows Sidebar

2016-05-29 11:35 - 2015-10-30 04:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar

2016-05-29 11:35 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\schemas

2016-05-29 11:35 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2016-05-29 11:35 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\IME

2016-05-29 11:35 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2016-05-29 11:35 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2016-05-29 11:35 - 2011-04-12 11:20 - 00000000 ___RD C:\Users\Public\Recorded TV

2016-05-29 11:34 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Common Files\System

2016-05-29 11:34 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2016-05-29 11:34 - 2009-07-14 02:32 - 00000000 ____D C:\Program Files\Microsoft Games

2016-05-29 11:34 - 2009-07-14 02:32 - 00000000 ____D C:\Program Files\DVD Maker

2016-05-29 11:23 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2016-05-29 11:20 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\Help

2016-05-29 11:11 - 2015-10-30 04:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template

2016-05-29 11:05 - 2016-02-13 14:40 - 00000000 ____D C:\WINDOWS\OCR

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\system32\F12

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\system32\dsc

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\MiracastView

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\migwiz

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Defender

2016-05-29 10:59 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2016-05-29 10:59 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\servicing

2016-05-29 10:16 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv

2016-05-29 10:16 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv

2016-05-29 10:16 - 2015-10-30 04:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll

2016-05-29 10:16 - 2015-10-30 04:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb

2016-05-29 10:16 - 2015-10-30 04:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb

2016-05-29 10:16 - 2015-10-30 04:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb

2016-05-29 10:16 - 2015-10-30 04:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb

2016-05-29 10:16 - 2015-10-30 04:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll

2016-05-29 10:16 - 2015-10-30 04:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll

2016-05-29 10:16 - 2015-10-30 04:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys

2016-05-29 10:16 - 2015-10-30 04:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll

2016-05-29 10:16 - 2015-10-30 04:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll

2016-05-29 10:16 - 2015-10-30 04:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe

2016-05-29 10:16 - 2015-10-30 04:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll

2016-05-29 10:16 - 2015-10-30 04:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll

2016-05-29 10:15 - 2015-10-30 04:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll

2016-05-29 10:15 - 2015-10-30 04:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll

2016-05-29 10:15 - 2015-10-30 04:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll

2016-05-29 10:15 - 2015-10-30 04:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll

2016-05-29 10:15 - 2015-10-30 04:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll

2016-05-29 10:15 - 2015-10-30 04:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll

2016-05-29 10:15 - 2015-10-30 04:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe

2016-05-29 10:15 - 2015-10-30 04:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll

2016-05-29 10:15 - 2015-10-30 04:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll

2016-05-29 10:15 - 2015-10-30 04:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof

2016-05-29 10:15 - 2015-10-30 04:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll

2016-05-29 10:15 - 2015-10-30 04:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll

2016-05-29 10:15 - 2015-10-30 04:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll

2016-05-29 10:15 - 2015-10-30 04:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll

2016-05-29 10:15 - 2015-10-30 04:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll

2016-05-29 10:15 - 2015-10-30 04:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll

2016-05-29 10:15 - 2015-10-30 04:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb

2016-05-29 10:15 - 2015-10-30 04:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb

2016-05-29 10:15 - 2015-10-30 04:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb

2016-05-29 10:15 - 2015-10-30 04:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe

2016-05-29 10:15 - 2015-10-30 04:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb

2016-05-29 10:15 - 2015-10-30 04:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe

2016-05-29 10:15 - 2015-10-30 04:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll

2016-05-29 10:15 - 2015-10-30 04:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof

2016-05-29 09:15 - 2009-07-14 01:45 - 00026576 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-05-29 09:15 - 2009-07-14 01:45 - 00026576 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-05-29 08:54 - 2016-02-13 17:50 - 00000000 ___HD C:\$WINDOWS.~BT

2016-05-23 03:25 - 2009-07-13 23:34 - 00000478 _____ C:\WINDOWS\win.ini

2016-05-11 16:57 - 2015-10-30 04:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-05-11 16:57 - 2015-10-30 04:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Arquivos na raiz de alguns diretórios =======

2016-05-29 13:21 - 2016-05-29 13:21 - 6859776 _____ () C:\Users\Lucas Almeida\AppData\Roaming\agent.dat

2016-05-29 13:08 - 2016-05-29 13:08 - 0128512 _____ () C:\Users\Lucas Almeida\AppData\Roaming\Installer.dat

2016-05-29 13:21 - 2016-05-29 13:21 - 0018432 _____ () C:\Users\Lucas Almeida\AppData\Roaming\Main.dat

Alguns arquivos em TEMP:

====================

C:\Users\Lucas Almeida\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente

C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente

C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente

C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente

C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente

C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente

C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente

C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente

C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente

C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente

C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente

C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente

C:\WINDOWS\system32\dnsapi.dll

[2015-10-30 04:18] - [2015-10-30 04:18] - 0686984 ____A (Microsoft Corporation) 2E658AFAC112E4B951AC81A7EBE849EC

C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente

C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2016-05-29 11:12

==================== Fim de FRST.txt ============================

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:01-06-2016

Executado por Lucas Almeida (2016-06-01 21:30:03)

Executando a partir de C:\Users\Lucas Almeida\Desktop

Windows 10 Pro Versão 1511 (X64) (2016-05-29 15:00:23)

Modo da Inicialização: Normal

==========================================================

==================== Contas: =============================

Administrador (S-1-5-21-3583417557-804918735-1488409585-500 - Administrator - Disabled)

Convidado (S-1-5-21-3583417557-804918735-1488409585-501 - Limited - Disabled)

DefaultAccount (S-1-5-21-3583417557-804918735-1488409585-503 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3583417557-804918735-1488409585-1002 - Limited - Enabled)

Lucas Almeida (S-1-5-21-3583417557-804918735-1488409585-1000 - Administrator - Enabled) => C:\Users\Lucas Almeida

Nina (S-1-5-21-3583417557-804918735-1488409585-1003 - Limited - Enabled) => C:\Users\Nina

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Dreamweaver CC 2015 (HKLM-x32\...\{F2321021-4348-11E4-B1DF-BDB415F23EC5}) (Version: 16.0 - Adobe Systems Incorporated)

Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

Atualizações da NVIDIA 2.11.3.5 (Version: 2.11.3.5 - NVIDIA Corporation) Hidden

Avast Premier (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)

BitTorrent (HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.)

Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden

Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)

DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0156 - Disc Soft Ltd)

Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden

Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)

Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden

HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)

HP Support Solutions Framework (HKLM-x32\...\{89A620D5-6D9C-4C31-994D-9FAEE2987E2A}) (Version: 12.4.18.7 - HP)

IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)

IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )

IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )

Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

K-Lite Codec Pack 8.9.2 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.9.2 - )

KMSpico 8.4 (HKLM\...\KMSpico v8.4_is1) (Version: 8.4 - )

LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden

LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden

Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 (PTB) (HKLM\...\{A4CA54C9-68EE-393F-B10F-9C44884312B0}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3146716) (HKLM\...\{E026AF51-E2EB-33CF-AC15-09308053FAA7}) (Version: 4.6.01078 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)

Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)

Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)

Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)

Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation)

Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{9600393b-6ede-469b-a522-689fce1461d1}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)

Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)

Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)

Microsoft WebMatrix 3 (HKLM-x32\...\{4B15EFE6-0F85-463A-B7E8-001DB99AAB96}) (Version: 2.0.1934 - Microsoft Corporation)

MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)

Mozilla Firefox 46.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 pt-BR)) (Version: 46.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)

MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)

NVIDIA Driver de controle do 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)

NVIDIA Driver de gráficos 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)

NVIDIA Driver do 3D Vision 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)

NVIDIA Software do sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)

Painel de controle da NVIDIA 341.95 (Version: 341.95 - NVIDIA Corporation) Hidden

PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden

Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)

Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden

SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden

Unity Web Player (HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)

Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

USB Mass Storage Toolbox (HKLM-x32\...\{62B002C5-1AB3-11D8-8092-00E018B21FC0}) (Version: - )

WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden

WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden

WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-3583417557-804918735-1488409585-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Lucas Almeida\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {055D428A-AF29-48EC-B7AC-FF4994645A6C} - System32\Tasks\SafeZone scheduled Autoupdate 1463976530 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)

Task: {1236D155-7F75-4915-844D-20986F0FB32A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)

Task: {15134C7F-72A7-4FA0-B9AC-719F56F90FEB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-23] (AVAST Software)

Task: {15D2E94A-EAB6-489C-8A93-9C2DDE5450CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)

Task: {17BCCA7D-821C-4C4B-B854-2688B4D07D47} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {19308BD6-BA95-4822-86FA-5BB0372EA11C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23] (Google Inc.)

Task: {1A99176B-DC54-463F-8FD6-0C6DB4C85B16} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {1D2C917F-795E-4F65-861C-AA0F2466B6BA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {2CCC9A77-4D60-47C1-9CF1-26311AA523B0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {31A76599-0E3C-4211-ADD1-AD723FBFF19B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {31EC0611-44FE-4162-92E9-0E4527DDEEA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-23] (Google Inc.)

Task: {34154DBC-C2A2-430F-8C14-A8137A73180C} - System32\Tasks\Ghnadptsk => C:\Program Files (x86)\Ghaneckugick\Ghnadptsk.exe

Task: {37A81B52-21C0-47BE-B8DF-97B22B9502EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {3D402B11-EA62-4FAA-A411-563944765346} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)

Task: {3D572009-6D84-4A6E-8B24-60BE06E02197} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {3F3E5E96-86B4-4075-A938-69DC20F457EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)

Task: {412AF6A5-F930-4B23-9703-C47D528054C3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {43A11193-6FFE-472E-B81A-ED3380553280} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {48B62035-3E98-4FF8-965C-419994840538} - System32\Tasks\PPI Update => "hxxp://insightlk.com/download/index.php?mn=9995"

Task: {4CB759CB-4EA5-4886-B9D3-6129019B4D86} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {53DD9B8F-53D1-412A-93B5-908038CF3229} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {5A1BE626-BC7A-40D0-8380-194DEC22D0BA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {5A463CAF-4599-4503-A239-92C13ED66FDE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO

Task: {5AA6DE2A-36BD-482A-B307-3CBB67626B8F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {5DB716DC-5429-49BF-B599-51A7E218842A} - System32\Tasks\HPCeeScheduleForLucas Almeida => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)

Task: {63786044-2F9F-4BF1-A37D-58268FCCB3E4} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {6D70E0AB-B820-4FD4-AADB-D4DD44EE1CCF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {7D2C22FE-ADC4-4241-BE07-920F8DF44811} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {7D98B47E-73B8-4623-91B3-D3752B2C41C7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {7DB08B9D-7091-449D-A493-B8E7651F8532} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)

Task: {806259A9-8196-468D-BEB4-250671F1225A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO

Task: {88E8D797-6AED-4CAD-B94D-F25CAD9FB403} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {8D4A0A04-84FC-48FD-BCA4-F60F94A990ED} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {911C4BBA-1926-4ED7-BAE3-BEA71B39E4A3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {95AD3ADD-856E-4FC9-80BB-0E98DAC58C88} - System32\Tasks\AutoPico Daily Restart => C:\Program

Task: {9B50E0D1-1608-41F2-BA1A-EA8938843E75} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO

Task: {A10AE48A-CCD0-4DF5-B3F3-79CE1F6B678F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {A222D0E2-C86E-47C0-8D94-D07822495FD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

Task: {B99E1E4D-1500-4758-BDA5-BD21BB94A6CC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {BE139CA9-61AF-4CF4-A9AC-6D0A2A687AFF} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {BF98C4AF-67DE-4469-AEDC-9A052AFC5564} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO

Task: {C32F848A-00D5-48DE-8632-0C1BBD2E9160} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

Task: {C74BA25E-97E5-4D8A-A461-72CB7560AEFD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {CD6A9E61-5BB1-49CD-B4D9-5F344B51F289} - \Microsoft\Windows\Setup\gwx\rundetector -> Nenhum Arquivo <==== ATENÇÃO

Task: {D3DA9773-7EDE-4DD9-9B56-565408D38435} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {DD49C72E-32EB-4C94-B38C-18715E0CA7B5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Nenhum Arquivo <==== ATENÇÃO

Task: {DE6F1F4F-EE38-4B1D-9B16-A8FD56C788C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

Task: {E1F912B6-025A-480C-9631-AE72C5AC765C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {E2ED4A9F-A302-4AF1-B5DB-460910500047} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {E3512771-0AE4-4927-94DB-FE1B938047F5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

Task: {E9A3AE46-0CEE-464B-89AC-94B1755DFADD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {EA5F628A-EE08-478D-9CBA-595680FDAEA1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

Task: {EB320B19-C5BD-486E-A33C-B5CBCF5FC6A8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {EC4948E9-4A36-47A5-902A-C89CC6194F79} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO

Task: {F72CBDEC-38BB-4161-A1F2-82E476EEAA2A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO

Task: {F81A9FE7-6718-44A0-BE22-E8CADB7674D9} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Nenhum Arquivo <==== ATENÇÃO

Task: {FF9990E2-8A05-417B-8712-F4F512719D2C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Nenhum Arquivo <==== ATENÇÃO

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-HomePC-Lucas Almeida.job => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForLucas Almeida.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-05-29 11:20 - 2016-01-29 07:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2016-02-13 14:38 - 2016-02-13 14:38 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-02-13 14:38 - 2016-02-13 14:38 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-05-29 12:15 - 2016-05-29 12:15 - 00959168 _____ () C:\Users\Lucas Almeida\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll

2016-05-29 13:03 - 2016-05-29 13:04 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

2016-02-13 14:39 - 2016-02-13 14:39 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-02-13 14:39 - 2016-02-13 14:39 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-02-13 14:39 - 2016-02-13 14:39 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-02-13 14:39 - 2016-02-13 14:39 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2016-02-13 14:39 - 2016-02-13 14:39 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-02-13 14:39 - 2016-02-13 14:39 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2016-05-23 01:00 - 2016-05-23 01:00 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2016-05-23 01:00 - 2016-05-23 01:00 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-06-01 07:24 - 2016-06-01 07:24 - 02984152 _____ () C:\Program Files\AVAST Software\Avast\defs\16060100\algo.dll

2016-05-23 01:00 - 2016-05-23 01:00 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2016-06-01 19:35 - 2016-06-01 19:35 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\16060107\algo.dll

2016-05-23 01:00 - 2016-05-23 01:00 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll

2016-05-29 13:03 - 2016-05-29 13:04 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

2016-05-29 13:03 - 2016-05-29 13:04 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

2016-05-23 01:02 - 2016-05-02 03:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2016-05-29 12:15 - 2016-05-29 12:15 - 00679624 _____ () C:\Users\Lucas Almeida\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll

2016-05-23 01:00 - 2016-05-23 01:00 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)

==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Existem ainda 7902 sites a mais.

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\123simsen.com -> www.123simsen.com

Existem ainda 7902 sites a mais.

==================== Hosts Conteúdo: ==========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-13 23:34 - 2016-05-30 06:40 - 00452993 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com

127.0.0.1 123.sogou.com

127.0.0.1 www.czzsyzgm.com

127.0.0.1 www.czzsyzxl.com

127.0.0.1 union.baidu2019.com127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

Existem ainda 15540 mais linhas.

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-3583417557-804918735-1488409585-1000\Control Panel\Desktop\\Wallpaper -> E:\Users\luky_\Pictures\Mystic_Clockwork_2_0_by_OrenBoder.jpg

HKU\S-1-5-21-3583417557-804918735-1488409585-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg

DNS Servers: 201.21.192.122 - 201.21.192.168

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Atualmente não há nenhuma correção automática para esta seção.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

HKLM\...\StartupApproved\Run32: => "WINCOM5N3"

HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\StartupApproved\Run: => "Caster"

HKU\S-1-5-21-3583417557-804918735-1488409585-1000\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [{2C411B26-1AA1-4B1E-8E17-C066A27A640B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe

FirewallRules: [{CACDFA0D-6E54-4C82-9C3B-E74DA8BF1D29}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe

FirewallRules: [{F1584FF9-5809-4D3C-9EDF-697224D1056C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe

FirewallRules: [{4411BDF7-1234-4FF6-B533-598A846E6203}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe

FirewallRules: [{A690AFD7-8AFD-4A16-BF5D-D75A3D26A35B}] => (Allow) E:\Windows.old\Program Files\Microsoft Visual Studio\Common7\IDE\devenv.exe

FirewallRules: [{C9341AFD-4511-4597-B2B9-605313F05F9B}] => (Allow) E:\Windows.old\Program Files\Microsoft Visual Studio\Common7\IDE\devenv.exe

FirewallRules: [{9F18E7A8-D628-4946-989D-CC7665BEF159}] => (Allow) E:\Windows.old\Program Files\Microsoft Visual Studio\Common7\IDE\devenv.exe

FirewallRules: [{860BEC2C-E552-4D00-B2FB-DC59168634C1}] => (Allow) E:\Windows.old\Program Files\Microsoft Visual Studio\Common7\IDE\devenv.exe

FirewallRules: [{7F620C51-4623-40E1-A074-BEE7C0B022CC}] => (Allow) E:\Windows.old\Program Files\Microsoft Visual Studio\Common7\IDE\devenv.exe

FirewallRules: [{9E8A1A1D-75B8-4EED-B263-8E556BB7F2E1}] => (Allow) E:\Windows.old\Program Files\Microsoft Visual Studio\Common7\IDE\devenv.exe

FirewallRules: [{74F26578-DFCD-4800-B039-CAFBDCD526CC}] => (Allow) E:\Windows.old\Program Files\Microsoft Visual Studio\Common7\IDE\devenv.exe

FirewallRules: [{A8A680C1-0893-4E0D-BE93-4090653A8804}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe

FirewallRules: [{3CC57800-B76D-44A5-83BA-52BC30DC6338}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe

FirewallRules: [{FCE4208F-03B4-4AC8-A482-1EE3BF264A14}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{AA76D53D-7796-46AC-9EF7-13D0244789FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{A649B58E-165E-42FC-800D-EA243FAF5C19}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe

FirewallRules: [{C6F85B75-9857-4B2C-8205-B7D60CDC7B03}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe

FirewallRules: [{922257D9-D983-4FE2-9AF9-E20DDF7AC560}] => (Allow) E:\Windows.old\Program Files\Steam\steamapps\common\Mugen Souls\MugenSouls.exe

FirewallRules: [{98E585FF-04C0-4EE9-982F-9F7B1B5CF77B}] => (Allow) E:\Windows.old\Program Files\Steam\steamapps\common\Mugen Souls\MugenSouls.exe

FirewallRules: [{73C39A80-6CE1-4F63-9C21-3BCDD7F0C970}] => (Allow) E:\Windows.old\Program Files\Steam\bin\steamwebhelper.exe

FirewallRules: [{2E77371C-469C-47CD-B72F-306571C7DBCA}] => (Allow) E:\Windows.old\Program Files\Steam\bin\steamwebhelper.exe

FirewallRules: [{E6B84C8C-F162-45FE-89DE-3AB5948C153B}] => (Allow) E:\Windows.old\Program Files\Steam\Steam.exe

FirewallRules: [{5A1CA236-EB66-40C1-A785-401BA3356A01}] => (Allow) E:\Windows.old\Program Files\Steam\Steam.exe

FirewallRules: [{33270999-39CA-41D0-8279-353A5B8B0997}] => (Allow) C:\Users\Lucas Almeida\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{661BCEB3-871E-414B-AB67-9F3C7753346A}] => (Allow) C:\Users\Lucas Almeida\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{D94D75C6-FCE5-4FEE-9D36-8430758D0A45}] => (Allow) C:\Users\Lucas Almeida\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{0D52F918-063A-4147-BF7D-F2058B504BA1}] => (Allow) C:\Users\Lucas Almeida\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{3E2B48E5-F0EA-4BA3-BF26-AD1B52A3DA3D}] => (Allow) C:\Users\Lucas Almeida\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{C2EBD131-4CA0-44F2-95D4-80D1CF788F0B}] => (Allow) C:\Users\Lucas Almeida\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{2D9A2D83-3251-4074-8055-FA85FB139C39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{D04366D7-5808-4CAC-B829-08E709EBDE77}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{6EC1862A-C90A-482E-9938-4FFF634B5B80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{2E3DFEDB-F954-48F9-80F3-ED15B2B3C8B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{C95FB3AC-3247-4616-8F3A-9399BA5B021E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{F4D18BC1-EC96-4D51-B04A-C94BDBBF3E9D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{D7358844-98D6-49F0-87F3-005D38DB6241}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{19938AE8-D70F-4533-8149-5617ABEC42A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C16BD904-4157-4288-A26F-6AD9C4E67169}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{D10570D5-9EA3-41AC-B06F-EC7BBBAA96F8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{49D8A133-A473-40A3-8A23-F8459901C455}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

FirewallRules: [{EC79854F-8870-480A-8BFB-00B4233121DB}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe

==================== Pontos de Restauração =========================

31-05-2016 20:28:47 Instalado Microsoft Visual C++ 2005 Redistributable

==================== Dispositivos Apresentando Falhas No Gerenciador =============

==================== Erros no Log de eventos: =========================

Erros em Aplicativos:

==================

Error: (06/01/2016 08:02:37 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: AUTORIDADE NT)

Description: O Windows não pode carregar o arquivo de Registro de classes.

DETALHE - O sistema não pode encontrar o arquivo especificado.

Error: (06/01/2016 08:02:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: IIS APPPOOL)

Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.

Error: (06/01/2016 08:02:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: IIS APPPOOL)

Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.

Error: (06/01/2016 08:02:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: IIS APPPOOL)

Description: O Windows não pode carregar o perfil armazenado localmente. As possíveis causas do erro são direitos de segurança insuficientes ou um perfil local corrompido.

DETALHE - O arquivo já está sendo usado por outro processo.

Error: (06/01/2016 08:02:31 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)

Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.

DETALHE - O arquivo já está sendo usado por outro processo.

para C:\Users\DefaultAppPool\ntuser.dat

Error: (06/01/2016 07:34:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HomePC)

Description: O pacote Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App foi terminado porque levou muito tempo para ser suspenso.

Error: (06/01/2016 06:29:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome do aplicativo com falha: SDTools.exe, versão: 2.4.40.157, carimbo de data/hora: 0x535a51a5

Nome do módulo com falha: SDLists.dll_unloaded, versão: 2.4.40.4, carimbo de data/hora: 0x535a5101

Código de exceção: 0xc0000005

Deslocamento da falha: 0x0001563a

ID do processo com falha: 0x1d98

Hora de início do aplicativo com falha: 0xSDTools.exe0

Caminho do aplicativo com falha: SDTools.exe1

Caminho do módulo com falha: SDTools.exe2

ID do Relatório: SDTools.exe3

Nome completo do pacote com falha: SDTools.exe4

ID do aplicativo relativo ao pacote com falha: SDTools.exe5

Error: (05/31/2016 11:08:05 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (05/31/2016 09:00:43 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: O programa Rayman Origins.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção.

ID do Processo: 15dc

Hora de Início: 01d1bb94d171e5ef

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files (x86)\Rayman Origins\Rayman Origins.exe

ID do Relatório: e186cb72-278b-11e6-b0cf-90e6bab58372

Nome completo do pacote com falha:

ID do aplicativo relativo ao pacote com falha:

Error: (05/31/2016 08:32:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome do aplicativo com falha: Rayman Origins.exe, versão: 0.0.0.0, carimbo de data/hora: 0x4f563e93

Nome do módulo com falha: Rayman Origins.exe, versão: 0.0.0.0, carimbo de data/hora: 0x4f563e93

Código de exceção: 0xc0000005

Deslocamento da falha: 0x002da8a4

ID do processo com falha: 0x1d88

Hora de início do aplicativo com falha: 0xRayman Origins.exe0

Caminho do aplicativo com falha: Rayman Origins.exe1

Caminho do módulo com falha: Rayman Origins.exe2

ID do Relatório: Rayman Origins.exe3

Nome completo do pacote com falha: Rayman Origins.exe4

ID do aplicativo relativo ao pacote com falha: Rayman Origins.exe5

Erros de Sistema:

=============

Error: (06/01/2016 08:21:00 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: HomePC)

Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (06/01/2016 07:37:00 PM) (Source: HTTP) (EventID: 15006) (User: )

Description: \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log

Error: (06/01/2016 07:32:20 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)

Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (06/01/2016 07:31:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço NvStreamSvc.

Error: (06/01/2016 07:31:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço MsDepSvc devido ao seguinte erro:

%%1053

Error: (06/01/2016 07:31:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço MsDepSvc.

Error: (06/01/2016 07:31:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: O serviço NetTcpActivator depende do serviço NetTcpPortSharing, mas não foi possível iniciá-lo devido ao seguinte erro:

%%1058

Error: (06/01/2016 07:30:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)

Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (06/01/2016 07:30:20 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: AUTORIDADE NT)

Description: Falha do Agendador de Tarefas ao carregar as tarefas na inicialização do serviço. Dados adicionais: Valor do Erro: 2147942402.

Error: (06/01/2016 07:28:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: O serviço Host de Sincronização_5ed23 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

CodeIntegrity:

===================================

Date: 2016-05-31 20:33:22.926

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-30 18:30:26.661

Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

Date: 2016-05-30 18:24:57.521

Date: 2016-05-30 18:24:57.424

Date: 2016-05-30 18:24:57.305

Date: 2016-05-30 18:24:57.237

Date: 2016-05-30 18:24:57.219

Date: 2016-05-30 18:22:59.678

Date: 2016-05-30 18:22:59.604

Date: 2016-05-30 18:22:59.515

==================== Informações da Memória ===========================

Processador: AMD Athlon™ II X2 240 Processor

Percentagem de memória em uso: 78%

RAM física total: 4095.29 MB

RAM física disponível: 870.55 MB

Virtual Total: 8191.29 MB

Virtual disponível: 5550.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:70.91 GB) (Free:9.89 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)]

Drive d: () (Fixed) (Total:130 GB) (Free:18.31 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]

Drive e: (Windows 10) (Fixed) (Total:333.73 GB) (Free:31.89 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 76.3 GB) (Disk ID: AEB1AEB1)

Partition 1: (Active) - (Size=70.9 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=449 MB) - (Type=27)

Partition 3: (Not Active) - (Size=5 GB) - (Type=1C)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CA7FCA7F)

Partition 1: (Active) - (Size=130 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=333.7 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 01 June 2016 - 07:10 PM

C:\Program Files\KMSpico\AutoPico.exe

This is an illegal activation tools for Microsoft Windows and Office products. It's quite common those files infect your system

Download CKScanner by askey127 from Here & save it to your Desktop.

Doubleclick CKScanner.exe then click Search For Files

When the cursor hourglass disappears, click Save List To File

A message box will verify the file saved

Please Run this program only once

Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#6 LucasAlmeida

New Member

New Member
3 posts

Posted 02 June 2016 - 08:42 AM

Good morning, ken545 (it is morning here)

I'm very sorry about this, as you've been working on the logs I sent to help solve the problem, but I won't keep you any longer on them.

I simultaneously requested help in some other tech forums and I'm currently going through a process advised elsewhere, so not to keep both working on a same issue and taking the time from you both and ending mixing the solutions and making things worse, I will stick to one method at a time.

Sorry again for going over the help you was providing. I didn't want to act with disregard towards it, and I thank you very, very much for the attention you provided to this request.

If any measure against my account should be taken in view of this, it would be fair and I would accept it.

I think this thread may be closed for now.

Best regards,

Admin Edit

http://www.bleepingc...-and-backdoors/

http://www.neowin.ne...-and-backdoors/

+1 at TSF which appears to have been removed.

Edited by tashi, 02 June 2016 - 09:15 AM.
Added links

#7 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 02 June 2016 - 10:56 AM

Thanks for letting me know, but this is what I think, I think your windows operating system and some programs have been downloaded and installed illegally . What people dont understand is that almost 100% of illegal software is infected.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 02 June 2016 - 10:56 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme

After-Infection Advise - Untraceable KeyLoggers and Backdoors [Solved]

#1 LucasAlmeida

Advertisements

Register to Remove

#2 ken545

#3 LucasAlmeida

Attached Files

#4 ken545

#5 ken545

#6 LucasAlmeida

#7 ken545

#8 ken545

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

After-Infection Advise - Untraceable KeyLoggers and Backdoors [Solved]

#1 LucasAlmeida

Advertisements Register to Remove

#2 ken545

#3 LucasAlmeida

Attached Files

#4 ken545

#5 ken545

#6 LucasAlmeida

#7 ken545

#8 ken545

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove