Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:27-01-2016 Executado por Volkhadan (administrador) em VOLKHADAN-PC (06-02-2016 12:02:41) Executando a partir de C:\Users\Volkhadan\Desktop Perfis Carregados: Volkhadan (Perfis Disponíveis: Volkhadan) Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe () C:\Program Files (x86)\455A527F-1454169737-DE11-88E5-00262236F727\knsfF36F.tmp () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe () C:\Program Files (x86)\455A527F-1454169737-DE11-88E5-00262236F727\hnsj39B7.tmp () C:\Program Files (x86)\455A527F-1454169737-DE11-88E5-00262236F727\jnsp1A25.tmp (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Spotify Ltd) C:\Users\Volkhadan\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (BitTorrent Inc.) C:\Users\Volkhadan\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) C:\Users\Volkhadan\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe (BitTorrent Inc.) C:\Users\Volkhadan\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-21] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2978544 2013-05-22] (Synaptics Incorporated) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-11-21] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil) HKU\S-1-5-21-1084134890-3557609745-897204792-1001\...\Run: [Spotify Web Helper] => C:\Users\Volkhadan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-05] (Spotify Ltd) HKU\S-1-5-21-1084134890-3557609745-897204792-1001\...\Run: [Dropbox Update] => C:\Users\Volkhadan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.) HKU\S-1-5-21-1084134890-3557609745-897204792-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-04] () ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-06-25] () ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) Startup: C:\Users\Volkhadan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-15] ShortcutTarget: Dropbox.lnk -> C:\Users\Volkhadan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 201.17.128.71 201.17.128.76 Tcpip\..\Interfaces\{AE217F9A-F2B5-4795-A8C6-9104CA7D6CFA}: [DhcpNameServer] 10.20.196.5 Tcpip\..\Interfaces\{E389B653-5FA0-49F6-B7A5-A11A929CDBC8}: [DhcpNameServer] 201.17.128.71 201.17.128.76 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKU\S-1-5-21-1084134890-3557609745-897204792-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fs_16_04¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtB0C0AtD0AtDzytAzyyDtN0D0Tzu0StCyEzytDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyC0F0CyBtAyCyBtGtAyDtC0FtG0Azz0ByCtGtC0F0FtDtG0FtCyByBtByB0FyCzyyByDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzyzy0D0D0A0EtG0F0AyDzztGyEyD0D0AtG0AyC0AtCtG0FtB0B0CtC0F0EzztAyC0E0D2QtN0A0LzutB%26cr%3D1715449265%26a%3Dwncy_fs_16_04%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=211&b=3&installkey=5eHe7FARs4Dmn7zDLfTr HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1431952867&from=xtab&uid=3BE9345543FF46f183ACE716199DC35D HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1084134890-3557609745-897204792-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1084134890-3557609745-897204792-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1431952827&z=3c0c5854c81cdbc9854b076g6z4c3g7t0w0obb3o5q&from=ient05180&uid=TOSHIBAXMK3263GSX_99KEC2F0TXX99KEC2F0T&q={searchTerms} HKU\S-1-5-21-1084134890-3557609745-897204792-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=211&b=3&installkey=5eHe7FARs4Dmn7zDLfTr HKU\S-1-5-21-1084134890-3557609745-897204792-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=pt-BR&Src=MSE&Tid=0003446E&OHP=http%3A%2F%2Fwww.istartsurf.com%2F%3Ftype%3Dhppp%26ts%3D1431952867%26from%3Dxtab%26uid%3D3BE9345543FF46f183ACE716199DC35D&OSP=http%3A%2F%2Fwww.istartsurf.com%2Fweb%2F%3Ftype%3Ddspp%26ts%3D1431952867%26from%3Dxtab%26uid%3D3BE9345543FF46f183ACE716199DC35D%26q%3D%7BsearchTerms%7D SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_fs_16_04¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDtC0AtDyEtB0C0AtD0AtDzytAzyyDtN0D0Tzu0StCyEzytDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCyC0F0CyBtAyCyBtGtAyDtC0FtG0Azz0ByCtGtC0F0FtDtG0FtCyByBtByB0FyCzyyByDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtBzyzy0D0D0A0EtG0F0AyDzztGyEyD0D0AtG0AyC0AtCtG0FtB0B0CtC0F0EzztAyC0E0D2QtN0A0LzutB%26cr%3D1715449265%26a%3Dwncy_fs_16_04%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.globasearch.com/?serie=211&installkey=5eHe7FARs4Dmn7zDLfTr&b=3&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.globasearch.com/?serie=211&installkey=5eHe7FARs4Dmn7zDLfTr&b=3&q={searchTerms} SearchScopes: HKU\S-1-5-21-1084134890-3557609745-897204792-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=211&installkey=5eHe7FARs4Dmn7zDLfTr&b=3&q={searchTerms} SearchScopes: HKU\S-1-5-21-1084134890-3557609745-897204792-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=211&installkey=5eHe7FARs4Dmn7zDLfTr&b=3&q={searchTerms} SearchScopes: HKU\S-1-5-21-1084134890-3557609745-897204792-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1084134890-3557609745-897204792-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.globasearch.com/?serie=211&installkey=5eHe7FARs4Dmn7zDLfTr&b=3&q={searchTerms} SearchScopes: HKU\S-1-5-21-1084134890-3557609745-897204792-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-1084134890-3557609745-897204792-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-26] (RealDownloader) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Volkhadan\AppData\Roaming\Mozilla\Firefox\Profiles\quiwtv7q.default FF NewTab: hxxp://www.globasearch.com/?serie=211&b=2&installkey=5eHe7FARs4Dmn7zDLfTr&newtab FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-27] () FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-03] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-27] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo] FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-12-15] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-12-15] (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-03] (Adobe Systems) FF Plugin HKU\S-1-5-21-1084134890-3557609745-897204792-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Volkhadan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-1084134890-3557609745-897204792-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Volkhadan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1084134890-3557609745-897204792-1001: gastecnologia.com.br/sf/bb -> C:\Users\Volkhadan\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2015-03-06] (GAS Tecnologia) FF Plugin HKU\S-1-5-21-1084134890-3557609745-897204792-1001: gastecnologia.com.br/sf/bb64 -> C:\Users\Volkhadan\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [2015-03-06] (GAS Tecnologia) FF HKLM\...\Firefox\Extensions: [{181106AE-B9C7-4ACB-91B8-A08798BC4ED2}] - C:\Program Files\shopperz300120161524\Firefox\{181106AE-B9C7-4ACB-91B8-A08798BC4ED2}.xpi => não encontrado (a) FF HKLM\...\Firefox\Extensions: [{794D2E20-F319-4F6D-83F3-7A6899A0A3EE}] - C:\Program Files\shopperz310120161636\Firefox\{794D2E20-F319-4F6D-83F3-7A6899A0A3EE}.xpi => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-15] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [{181106AE-B9C7-4ACB-91B8-A08798BC4ED2}] - C:\Program Files\shopperz300120161524\Firefox\{181106AE-B9C7-4ACB-91B8-A08798BC4ED2}.xpi => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{794D2E20-F319-4F6D-83F3-7A6899A0A3EE}] - C:\Program Files\shopperz310120161636\Firefox\{794D2E20-F319-4F6D-83F3-7A6899A0A3EE}.xpi => não encontrado (a) Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => Nenhum Arquivo CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-30] CHR Extension: (YouTube) - C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-30] CHR Extension: (The Godfather: Five Families) - C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl [2016-01-30] CHR Extension: (Documentos Google off-line) - C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-30] CHR Extension: (AdBlock) - C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-05] CHR Extension: (TweetDeck by Twitter) - C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2016-01-30] CHR Extension: (WordPress.com) - C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2016-01-30] CHR Extension: (Google Maps) - C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-01-30] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Volkhadan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-30] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 qojyqokezbt; C:\Program Files (x86)\455A527F-1454169737-DE11-88E5-00262236F727\knsfF36F.tmp [185344 2016-02-05] () [Arquivo não assinado] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-12-15] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wucotusy; C:\Program Files (x86)\455A527F-1454169737-DE11-88E5-00262236F727\hnsj39B7.tmp [416256 2016-01-30] () [Arquivo não assinado] R2 zutuzuni; C:\Program Files (x86)\455A527F-1454169737-DE11-88E5-00262236F727\jnsp1A25.tmp [307712 2016-01-30] () [Arquivo não assinado] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2016-01-31] (Cherimoya Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-20] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-05] () R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-02-06] (GAS Tecnologia) R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-08-26] (GAS Tecnologia) R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-08-26] (GAS Tecnologia) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] () R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-22] (Synaptics Incorporated) S3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [409664 2012-02-13] (TASCAM) S3 TASCAM_US144_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31296 2012-02-13] (TASCAM) S3 TASCAM_US144_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [50240 2012-02-13] (TASCAM) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-01-20] (GAS Tecnologia LTDA) R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-06] (GAS Tecnologia) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-06 11:48 - 2016-02-06 11:56 - 2641235059 _____ C:\Users\Volkhadan\Downloads\Eden.2014.REPACK.WEBRip.x264.HORiZON-ArtSubs.mkv 2016-02-05 21:49 - 2016-02-05 21:49 - 00038283 _____ C:\ComboFix.txt 2016-02-05 20:46 - 2016-02-05 20:46 - 00000000 _____ C:\autoexec.bat 2016-02-05 20:44 - 2016-02-05 20:44 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-02-05 20:43 - 2016-02-05 20:55 - 00133751 _____ C:\Users\Volkhadan\Desktop\Shortcut.txt 2016-02-05 20:40 - 2016-02-05 20:43 - 00060688 _____ C:\Users\Volkhadan\Desktop\Addition.txt 2016-02-05 20:38 - 2016-02-05 20:38 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Volkhadan\Downloads\SpyHunter-Installer.exe 2016-02-05 20:36 - 2016-02-06 12:03 - 00032084 _____ C:\Users\Volkhadan\Desktop\FRST.txt 2016-02-05 20:35 - 2016-02-06 12:02 - 00000000 ____D C:\FRST 2016-02-05 20:33 - 2016-02-05 20:34 - 02370560 _____ (Farbar) C:\Users\Volkhadan\Desktop\FRST64.exe 2016-02-05 19:19 - 2016-02-05 21:51 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-02-05 19:18 - 2016-02-05 19:18 - 00022400 _____ C:\Windows\System32\Tasks\{0C0A0D47-0F7D-0F09-0811-0B7A080C110D} 2016-02-05 19:18 - 2016-02-05 19:18 - 00000000 ____D C:\Users\Todos os Usuários\f575047d-1297-0 2016-02-05 19:18 - 2016-02-05 19:18 - 00000000 ____D C:\ProgramData\f575047d-1297-0 2016-02-05 19:17 - 2016-02-05 19:17 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\Setup Wizard 2016-02-05 19:17 - 2016-02-05 19:17 - 00000000 ____D C:\Users\Todos os Usuários\f575047d-2545-1 2016-02-05 19:17 - 2016-02-05 19:17 - 00000000 ____D C:\ProgramData\f575047d-2545-1 2016-02-05 19:12 - 2016-02-05 19:12 - 00003034 _____ C:\Windows\System32\Tasks\ttwifi 2016-02-05 19:12 - 2016-02-05 19:12 - 00002974 _____ C:\Windows\System32\Tasks\Pritc 2016-02-05 19:12 - 2016-02-05 19:12 - 00002930 _____ C:\Windows\System32\Tasks\osTip 2016-02-05 19:12 - 2016-02-05 19:12 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-02-05 19:12 - 2016-02-05 19:12 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-02-05 18:35 - 2016-02-05 18:35 - 00006852 _____ C:\Users\Volkhadan\Documents\cc_20160205_183501.reg 2016-02-05 16:56 - 2016-02-05 16:56 - 00970898 _____ ( ) C:\Users\Volkhadan\Downloads\FlashPlayerPro.exe 2016-02-05 16:36 - 2016-02-05 16:36 - 00119704 _____ C:\Users\Volkhadan\Documents\cc_20160205_163626.reg 2016-02-05 16:30 - 2016-02-05 16:30 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\macpromosoft 2016-02-05 16:28 - 2016-02-05 16:28 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\UG 2016-02-05 16:27 - 2016-02-05 16:31 - 00000000 ____D C:\Program Files (x86)\UPCleaner 2016-02-04 20:12 - 2016-02-04 20:12 - 00041304 _____ C:\Users\Volkhadan\Downloads\captain.america.the.winter.soldier.(2014).pob.1cd.(5774123).zip 2016-02-04 20:12 - 2016-01-17 14:57 - 00006271 _____ C:\Users\Volkhadan\Downloads\captain.america.the.winter.(5774123).nfo 2016-02-03 18:42 - 2016-02-03 18:42 - 00000824 _____ C:\Users\Volkhadan\Desktop\Handbrake.lnk 2016-02-03 18:42 - 2016-02-03 18:42 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2016-02-03 18:42 - 2016-02-03 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake 2016-02-03 18:42 - 2016-02-03 18:42 - 00000000 ____D C:\Program Files\Handbrake 2016-02-03 18:41 - 2016-02-03 18:41 - 17253867 _____ C:\Users\Volkhadan\Downloads\HandBrake-0.10.3-x86_64-Win_GUI.exe 2016-02-03 18:06 - 2016-02-03 18:06 - 00039369 _____ C:\Users\Volkhadan\Downloads\contraCheque.pdf 2016-01-31 13:45 - 2016-01-31 13:45 - 00000000 ____D C:\Windows\system32\muht 2016-01-31 13:45 - 2016-01-31 13:45 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\TutofQesgifo 2016-01-31 13:44 - 2016-02-03 18:39 - 00000000 ____D C:\Program Files\shopperz310120161636 2016-01-31 13:15 - 2016-01-31 13:19 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support 2016-01-31 13:15 - 2016-01-31 13:15 - 00000000 ____D C:\Users\Volkhadan\Documents\DailyPCClean 2016-01-31 13:12 - 2016-01-31 13:12 - 00234712 _____ (Spotify Ltd) C:\Users\Volkhadan\Downloads\SpotifySetup.exe 2016-01-31 12:39 - 2016-01-31 13:45 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2016-01-30 16:21 - 2016-02-05 20:26 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\Baidu 2016-01-30 16:21 - 2016-02-05 20:26 - 00000000 ____D C:\Users\Todos os Usuários\baidu 2016-01-30 16:21 - 2016-02-05 20:26 - 00000000 ____D C:\ProgramData\baidu 2016-01-30 16:21 - 2016-01-30 16:21 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-01-30 14:58 - 2016-01-31 13:46 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\Tempfolder 2016-01-30 14:58 - 2016-01-30 15:18 - 00000000 ____D C:\Program Files\shopperz300120161524 2016-01-30 14:58 - 2016-01-30 14:58 - 00000000 ____D C:\Windows\system32\aso 2016-01-30 14:58 - 2016-01-30 14:58 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\DinweSur 2016-01-30 14:58 - 2016-01-30 14:58 - 00000000 ____D C:\Users\Volkhadan\AppData\LocalLow\Company 2016-01-30 14:58 - 2016-01-30 14:58 - 00000000 ____D C:\Users\Volkhadan\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-01-30 14:58 - 2016-01-30 14:58 - 00000000 ____D C:\uninst 2016-01-30 14:39 - 2016-01-30 14:39 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\Professional_Cleaning_Sof 2016-01-30 14:38 - 2016-01-30 14:40 - 00000000 ____D C:\Users\Volkhadan\Documents\ProfessionalCleaningSoftware 2016-01-30 14:37 - 2016-01-30 14:37 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\Setup723205 2016-01-30 14:37 - 2016-01-30 14:37 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\seno 2016-01-30 14:37 - 2016-01-30 14:37 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\{2741111D-03E9-7DA5-6E71-584D4A19A4D5} 2016-01-30 14:37 - 2016-01-30 14:37 - 00000000 ____D C:\Program Files (x86)\Pro PC Cleaner 2016-01-30 14:36 - 2016-01-30 14:36 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-01-30 14:30 - 2016-01-30 14:34 - 54561512 _____ (Free Time) C:\Users\Volkhadan\Downloads\formatfactory-3-6-0-0-multi-win.exe 2016-01-30 14:03 - 2016-01-30 14:01 - 00000170 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-01-30 14:02 - 2016-02-05 17:54 - 00000000 ____D C:\Program Files (x86)\455A527F-1454169737-DE11-88E5-00262236F727 2016-01-30 14:02 - 2016-01-30 14:36 - 00000000 _____ C:\Windows\SysWOW64\track 2016-01-30 13:45 - 2016-01-30 13:45 - 04506061 _____ (Free Time Inc ) C:\Users\Volkhadan\Downloads\FormatFactory-3.8.0.2.exe 2016-01-30 12:15 - 2016-01-27 16:39 - 00006922 _____ C:\Users\Volkhadan\Downloads\Ficha Shameless.txt 2016-01-30 10:00 - 2015-12-18 19:27 - 00045912 _____ C:\Users\Volkhadan\Downloads\American.Horror.Story.S05E10.She.Gets.Revenge.720p.WEB-DL.DD5.1.H.264-NTb.srt 2016-01-30 10:00 - 2015-12-18 19:27 - 00045912 _____ C:\Users\Volkhadan\Downloads\American.Horror.Story.S05E10.She.Gets.Revenge.1080p.WEB-DL.DD5.1.H.264-NTb.srt 2016-01-30 10:00 - 2015-12-18 19:22 - 00045912 _____ C:\Users\Volkhadan\Downloads\American.Horror.Story.S05E10.REPACK.HDTV.XviD-FUM.srt 2016-01-30 10:00 - 2015-12-18 19:22 - 00045912 _____ C:\Users\Volkhadan\Downloads\American.Horror.Story.S05E10.REPACK.HDTV.x264-KILLERS.srt 2016-01-30 10:00 - 2015-12-18 19:22 - 00045912 _____ C:\Users\Volkhadan\Downloads\American.Horror.Story.S05E10.REPACK.720p.HDTV.x264-KILLERS.srt 2016-01-30 10:00 - 2015-12-12 14:54 - 00023853 _____ C:\Users\Volkhadan\Downloads\American.Horror.Story.S05E09.HDTV.x264-FLEET.torrent 2016-01-30 10:00 - 2015-12-06 15:18 - 00003281 _____ C:\Users\Volkhadan\Downloads\American.Horror.Story.S05E08.HDTV.x264-KILLERS.torrent 2016-01-30 10:00 - 2015-11-20 13:59 - 00026290 _____ C:\Users\Volkhadan\Downloads\American.Horror.Story.S05E07.HDTV.x264-FLEET.torrent 2016-01-30 10:00 - 2015-11-20 11:25 - 00000118 _____ C:\Users\Volkhadan\Downloads\Só Legendas.url 2016-01-30 10:00 - 2015-11-13 07:48 - 00003486 _____ C:\Users\Volkhadan\Downloads\American.Horror.Story.S05E06.HDTV.x264-KILLERS.torrent 2016-01-30 09:59 - 2016-01-30 09:59 - 00088247 _____ C:\Users\Volkhadan\Downloads\American.Horror.Story.S05E10.rar 2016-01-30 09:59 - 2016-01-30 09:59 - 00042218 _____ C:\Users\Volkhadan\Downloads\AHS-S05-09.rar 2016-01-30 09:58 - 2016-01-30 09:58 - 00041703 _____ C:\Users\Volkhadan\Downloads\AHS-S05-07.rar 2016-01-30 09:58 - 2016-01-30 09:58 - 00021149 _____ C:\Users\Volkhadan\Downloads\AHS-S05-08.rar 2016-01-30 09:57 - 2016-01-30 09:57 - 00017992 _____ C:\Users\Volkhadan\Downloads\AHS-S05-06.rar 2016-01-30 09:55 - 2016-01-30 09:55 - 00150983 _____ C:\Users\Volkhadan\Downloads\The.X-Files.S10E02.rar 2016-01-30 09:54 - 2016-01-30 09:54 - 00136286 _____ C:\Users\Volkhadan\Downloads\The.XFiles.S10E01.rar 2016-01-30 09:52 - 2016-01-30 09:52 - 00025773 _____ C:\Users\Volkhadan\Downloads\TGW-S07-09.rar 2016-01-30 09:52 - 2015-12-06 15:17 - 00003097 _____ C:\Users\Volkhadan\Downloads\the.good.wife.709.hdtv-lol.torrent 2016-01-30 09:52 - 2015-11-28 18:50 - 00002507 _____ C:\Users\Volkhadan\Downloads\The.Good.Wife.S07E08.HDTV.x264-LOL.torrent 2016-01-30 09:51 - 2016-01-30 09:52 - 00026906 _____ C:\Users\Volkhadan\Downloads\TGW-S07-08.rar 2016-01-30 02:52 - 2016-01-30 02:52 - 00202684 _____ C:\Users\Volkhadan\Downloads\Shameless.US.S06E02.720p.HDTV.2CH.x265.HEVC-PSA.rar 2016-01-30 02:51 - 2016-01-30 02:51 - 00147531 _____ C:\Users\Volkhadan\Downloads\Shameless.US.S06E01.HDTV.rar 2016-01-30 02:51 - 2016-01-30 02:51 - 00130852 _____ C:\Users\Volkhadan\Downloads\Shameless.US.S06E03.720p.rar 2016-01-30 02:07 - 2015-12-11 16:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-01-30 02:07 - 2015-12-08 19:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2016-01-30 02:07 - 2015-12-08 19:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-30 02:07 - 2015-12-08 19:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-30 02:07 - 2015-12-08 19:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-30 02:07 - 2015-12-08 19:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-30 02:07 - 2015-12-08 19:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-30 02:07 - 2015-12-08 19:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2016-01-30 02:07 - 2015-12-08 19:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-30 02:07 - 2015-12-08 19:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-30 02:07 - 2015-12-08 19:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-30 02:07 - 2015-12-08 19:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-30 02:07 - 2015-12-08 19:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-30 02:07 - 2015-12-08 19:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-30 02:07 - 2015-12-08 19:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-30 02:07 - 2015-12-08 19:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-30 02:07 - 2015-12-08 19:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-30 02:07 - 2015-12-08 19:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-30 02:07 - 2015-12-08 19:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-30 02:07 - 2015-12-08 19:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-01-30 02:07 - 2015-12-08 19:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-30 02:07 - 2015-12-08 19:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-30 02:07 - 2015-12-08 19:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-01-30 02:07 - 2015-12-08 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2016-01-30 02:07 - 2015-12-08 19:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2016-01-30 02:07 - 2015-12-08 19:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll 2016-01-30 02:07 - 2015-12-08 19:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-30 02:07 - 2015-12-08 17:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-30 02:07 - 2015-12-08 17:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2016-01-30 02:07 - 2015-12-08 17:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll 2016-01-30 02:07 - 2015-12-08 17:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-30 02:07 - 2015-12-08 17:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2016-01-30 02:07 - 2015-12-08 17:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2016-01-30 02:07 - 2015-12-08 16:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2016-01-30 02:07 - 2015-12-08 16:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2016-01-30 02:07 - 2015-12-08 16:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2016-01-30 02:07 - 2015-12-08 15:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-01-30 02:07 - 2015-11-16 23:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-01-30 02:07 - 2015-11-16 23:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-01-30 02:07 - 2015-11-16 23:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-01-30 02:07 - 2015-11-16 23:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-01-30 02:07 - 2015-11-16 23:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-01-30 02:07 - 2015-11-16 23:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-01-30 02:07 - 2015-11-16 18:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-01-30 02:07 - 2015-11-13 21:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll 2016-01-30 02:07 - 2015-11-13 21:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2016-01-30 02:07 - 2015-11-13 21:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe 2016-01-30 02:07 - 2015-11-13 20:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll 2016-01-30 02:07 - 2015-11-13 20:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll 2016-01-30 02:07 - 2015-11-13 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe 2016-01-30 02:06 - 2015-12-23 21:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-01-30 02:06 - 2015-12-23 20:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-01-30 02:06 - 2015-12-12 16:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-01-30 02:06 - 2015-12-12 16:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-01-30 02:06 - 2015-12-12 16:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-01-30 02:06 - 2015-12-12 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-01-30 02:06 - 2015-12-12 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-01-30 02:06 - 2015-12-12 16:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-01-30 02:06 - 2015-12-12 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-01-30 02:06 - 2015-12-12 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-01-30 02:06 - 2015-12-12 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-01-30 02:06 - 2015-12-12 16:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-01-30 02:06 - 2015-12-12 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-01-30 02:06 - 2015-12-12 16:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-01-30 02:06 - 2015-12-12 16:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-01-30 02:06 - 2015-12-12 16:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-01-30 02:06 - 2015-12-12 16:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-01-30 02:06 - 2015-12-12 16:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-01-30 02:06 - 2015-12-12 16:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-01-30 02:06 - 2015-12-12 16:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-01-30 02:06 - 2015-12-12 15:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-01-30 02:06 - 2015-12-12 15:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-01-30 02:06 - 2015-12-12 15:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-01-30 02:06 - 2015-12-12 15:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-01-30 02:06 - 2015-12-12 15:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-01-30 02:06 - 2015-12-12 15:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-01-30 02:06 - 2015-12-12 15:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-01-30 02:06 - 2015-12-12 15:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-01-30 02:06 - 2015-12-12 15:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-01-30 02:06 - 2015-12-12 15:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-01-30 02:06 - 2015-12-12 15:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-01-30 02:06 - 2015-12-12 15:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-01-30 02:06 - 2015-12-12 15:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-01-30 02:06 - 2015-12-12 15:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-01-30 02:06 - 2015-12-12 15:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-01-30 02:06 - 2015-12-12 15:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-01-30 02:06 - 2015-12-12 15:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-01-30 02:06 - 2015-12-12 15:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-01-30 02:06 - 2015-12-12 15:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-01-30 02:06 - 2015-12-12 15:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-01-30 02:06 - 2015-12-12 15:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-01-30 02:06 - 2015-12-12 15:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-01-30 02:06 - 2015-12-12 15:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-01-30 02:06 - 2015-12-12 15:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-01-30 02:06 - 2015-12-12 15:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-01-30 02:06 - 2015-12-12 15:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-01-30 02:06 - 2015-12-12 15:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-01-30 02:06 - 2015-12-12 15:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-01-30 02:06 - 2015-12-12 15:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-01-30 02:06 - 2015-12-12 15:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-01-30 02:06 - 2015-12-12 15:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-01-30 02:06 - 2015-12-12 15:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-01-30 02:06 - 2015-12-12 15:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-01-30 02:06 - 2015-12-12 15:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-01-30 02:06 - 2015-12-12 15:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-01-30 02:06 - 2015-12-12 15:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-01-30 02:06 - 2015-12-12 15:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-01-30 02:06 - 2015-12-12 15:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-01-30 02:06 - 2015-12-12 15:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-01-30 02:06 - 2015-12-12 14:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-01-30 02:06 - 2015-12-12 14:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-01-30 02:06 - 2015-12-12 14:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-01-30 02:06 - 2015-12-12 14:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-01-30 02:06 - 2015-12-12 14:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-01-30 02:05 - 2015-12-30 17:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-01-30 02:05 - 2015-12-30 17:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-01-30 02:05 - 2015-12-30 17:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-01-30 02:05 - 2015-12-30 17:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-01-30 02:05 - 2015-12-30 17:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-01-30 02:05 - 2015-12-30 17:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-01-30 02:05 - 2015-12-30 17:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-01-30 02:05 - 2015-12-30 17:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-01-30 02:05 - 2015-12-30 17:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-01-30 02:05 - 2015-12-30 17:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-01-30 02:05 - 2015-12-30 17:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-01-30 02:05 - 2015-12-30 17:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-01-30 02:05 - 2015-12-30 17:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-01-30 02:05 - 2015-12-30 16:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-01-30 02:05 - 2015-12-30 16:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-01-30 02:05 - 2015-12-30 16:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-01-30 02:05 - 2015-12-30 16:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-01-30 02:05 - 2015-12-30 16:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-01-30 02:05 - 2015-12-30 16:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-01-30 02:05 - 2015-12-30 16:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-01-30 02:05 - 2015-12-30 16:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-01-30 02:05 - 2015-12-30 16:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-01-30 02:05 - 2015-12-30 16:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-01-30 02:05 - 2015-12-30 16:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-01-30 02:05 - 2015-12-30 16:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-01-30 02:05 - 2015-12-30 16:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-01-30 02:05 - 2015-12-30 16:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-01-30 02:05 - 2015-12-30 16:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-01-30 02:05 - 2015-12-30 16:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-01-30 02:05 - 2015-12-30 16:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-01-30 02:05 - 2015-12-30 16:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-01-30 02:05 - 2015-12-30 16:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-01-30 02:05 - 2015-12-30 16:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-01-30 02:05 - 2015-12-30 15:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-01-30 02:05 - 2015-12-30 15:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-01-30 02:05 - 2015-12-30 15:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-01-30 02:05 - 2015-12-08 19:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-01-30 02:05 - 2015-12-08 19:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-01-30 02:05 - 2015-12-08 17:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-01-30 02:05 - 2015-12-08 17:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-30 02:04 - 2015-12-30 17:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-01-30 02:04 - 2015-12-30 17:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-01-30 02:04 - 2015-12-30 17:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-01-30 02:04 - 2015-12-30 17:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-01-30 02:04 - 2015-12-30 17:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-01-30 02:04 - 2015-12-30 16:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-01-30 02:04 - 2015-12-30 16:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-01-30 02:04 - 2015-12-30 16:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-01-30 02:04 - 2015-12-30 16:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-01-30 02:04 - 2015-12-30 16:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-01-30 02:04 - 2015-12-30 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-01-30 02:04 - 2015-12-30 16:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-01-30 02:04 - 2015-12-30 16:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-01-30 02:04 - 2015-12-30 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 16:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 15:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-01-30 02:04 - 2015-12-30 15:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-01-30 02:04 - 2015-12-30 15:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-01-30 02:04 - 2015-12-30 15:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-01-30 02:04 - 2015-12-30 15:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-01-30 02:04 - 2015-12-30 15:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-01-30 02:04 - 2015-12-30 15:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-01-30 02:04 - 2015-12-30 15:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-01-30 02:04 - 2015-12-30 15:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-01-30 02:04 - 2015-12-30 15:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-01-30 02:04 - 2015-12-30 15:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-01-30 02:04 - 2015-12-30 15:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 15:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 15:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-01-30 02:04 - 2015-12-30 15:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-01-30 01:41 - 2016-01-30 01:41 - 00051767 _____ C:\Users\Volkhadan\Downloads\RK265015821CN.pdf 2016-01-30 01:35 - 2016-01-30 13:49 - 00001136 _____ C:\Users\Volkhadan\Documents\Carna Wall - Texto para midia.txt 2016-01-30 01:06 - 2016-01-30 01:06 - 00005765 _____ C:\Users\Volkhadan\AppData\Local\recently-used.xbel 2016-01-29 20:51 - 2016-01-29 20:51 - 01027637 _____ C:\Users\Volkhadan\Downloads\CarnaWall.xcf 2016-01-20 19:07 - 2016-01-20 19:07 - 00119245 _____ C:\Users\Volkhadan\Downloads\Scanned-image_20-01-2016-190659.pdf 2016-01-18 21:24 - 2016-01-18 21:24 - 01908689 _____ C:\Users\Volkhadan\Downloads\11955163_10153602622168829_1166954611_n.mp4 2016-01-12 12:39 - 2016-01-12 12:39 - 00018978 _____ C:\Users\Volkhadan\Downloads\the.hunger.(1983).pob.1cd.(6278355).zip 2016-01-12 12:39 - 2016-01-11 14:05 - 00006521 _____ C:\Users\Volkhadan\Downloads\the.hunger.(6278355).nfo 2016-01-11 22:31 - 2016-01-11 22:31 - 01025078 _____ C:\Users\Volkhadan\Downloads\flor-51572.bmp 2016-01-08 22:38 - 2016-01-08 22:38 - 00041439 _____ C:\Users\Volkhadan\Documents\helper.pdf ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-06 12:04 - 2014-06-14 21:12 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\uTorrent 2016-02-06 11:52 - 2015-06-21 17:46 - 00001046 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1084134890-3557609745-897204792-1001UA.job 2016-02-06 11:48 - 2016-01-03 19:35 - 00000000 ____D C:\Users\Volkhadan\AppData\LocalLow\uTorrent 2016-02-06 11:41 - 2014-07-17 00:36 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1084134890-3557609745-897204792-1001UA.job 2016-02-06 11:35 - 2009-07-14 02:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-06 11:35 - 2009-07-14 02:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-06 11:24 - 2014-07-29 19:44 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-02-06 11:23 - 2014-10-20 12:09 - 00000000 ___RD C:\Users\Volkhadan\Dropbox 2016-02-06 11:23 - 2014-10-20 12:03 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\Dropbox 2016-02-06 11:20 - 2015-11-19 21:40 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys 2016-02-06 11:20 - 2015-09-08 12:41 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-06 11:20 - 2015-09-02 22:38 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2016-02-06 11:20 - 2015-07-07 20:06 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2016-02-06 11:20 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-06 02:06 - 2015-09-08 12:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-06 01:12 - 2014-06-23 02:35 - 00000000 ____D C:\Users\Volkhadan\Documents\VirtualDJ 2016-02-05 22:30 - 2014-12-05 17:57 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\Spotify 2016-02-05 22:25 - 2014-12-05 17:56 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\Spotify 2016-02-05 21:55 - 2014-06-14 22:15 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\vlc 2016-02-05 21:50 - 2014-06-14 17:53 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\Apps\2.0 2016-02-05 21:49 - 2014-07-17 17:43 - 00000000 ____D C:\Qoobox 2016-02-05 21:34 - 2009-07-14 00:34 - 00000215 _____ C:\Windows\system.ini 2016-02-05 20:45 - 2014-06-14 17:11 - 00000000 ____D C:\Users\Volkhadan 2016-02-05 20:42 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf 2016-02-05 20:11 - 2015-09-08 12:48 - 00002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-05 20:11 - 2015-09-08 12:48 - 00002211 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-02-05 20:00 - 2015-07-07 20:06 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2016-02-05 20:00 - 2015-07-07 20:06 - 00000000 ____D C:\ProgramData\GbPlugin 2016-02-05 19:59 - 2009-07-14 00:34 - 91750400 _____ C:\Windows\system32\config\software.bak 2016-02-05 19:59 - 2009-07-14 00:34 - 21495808 _____ C:\Windows\system32\config\system.bak 2016-02-05 19:59 - 2009-07-14 00:34 - 00524288 _____ C:\Windows\system32\config\default.bak 2016-02-05 19:59 - 2009-07-14 00:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2016-02-05 19:59 - 2009-07-14 00:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2016-02-05 19:58 - 2014-07-17 17:42 - 00000000 ____D C:\Windows\erdnt 2016-02-05 19:23 - 2015-08-16 11:47 - 05657667 ____R (Swearware) C:\Users\Volkhadan\Desktop\ComboFix.exe 2016-02-05 19:15 - 2011-04-12 11:40 - 00708742 _____ C:\Windows\system32\prfh0416.dat 2016-02-05 19:15 - 2011-04-12 11:40 - 00148522 _____ C:\Windows\system32\prfc0416.dat 2016-02-05 19:15 - 2009-07-14 03:13 - 01642946 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-05 16:30 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-02-05 16:28 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2016-02-05 15:56 - 2014-06-17 13:28 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\Adobe 2016-02-03 18:00 - 2015-09-08 12:41 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-03 18:00 - 2015-09-08 12:41 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-02 23:41 - 2014-07-17 00:36 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1084134890-3557609745-897204792-1001Core.job 2016-02-01 04:48 - 2009-07-14 03:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-01-31 15:51 - 2015-06-21 17:46 - 00000994 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1084134890-3557609745-897204792-1001Core.job 2016-01-31 13:46 - 2014-06-14 17:12 - 00001695 _____ C:\Users\Volkhadan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-01-31 13:45 - 2014-07-02 14:32 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2016-01-31 13:45 - 2014-07-02 14:32 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2016-01-31 12:45 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\AppCompat 2016-01-30 14:59 - 2015-05-11 11:52 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\455A527F-1431352358-DE11-88E5-00262236F727 2016-01-30 09:48 - 2015-10-18 17:32 - 00000000 ____D C:\Windows\rescache 2016-01-30 03:46 - 2009-07-14 02:45 - 05076520 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-30 03:43 - 2015-04-16 11:40 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-01-30 03:43 - 2015-04-16 11:40 - 00000000 ____D C:\Windows\system32\appraiser 2016-01-30 03:26 - 2014-06-23 03:49 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2016-01-30 03:25 - 2009-07-14 00:34 - 00000478 _____ C:\Windows\win.ini 2016-01-30 03:23 - 2014-07-05 16:50 - 00000000 ____D C:\Windows\system32\MRT 2016-01-30 03:11 - 2014-07-05 16:50 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-01-30 01:33 - 2014-07-20 18:39 - 00000000 ____D C:\Users\Volkhadan\.gimp-2.8 2016-01-30 01:06 - 2014-07-20 18:43 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\gtk-2.0 2016-01-29 23:43 - 2015-09-07 23:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-01-29 18:49 - 2014-06-20 20:27 - 00000000 ____D C:\Users\Volkhadan\AppData\Local\NFS Underground 2 2016-01-29 17:13 - 2015-09-07 23:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-27 17:28 - 2014-07-29 19:44 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-01-27 17:28 - 2014-07-29 19:44 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-27 17:28 - 2014-07-29 19:44 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-01-26 16:42 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF 2016-01-26 16:23 - 2014-07-05 23:37 - 00000000 ____D C:\Users\Volkhadan\Downloads\Ibagens 2016-01-16 15:28 - 2014-08-17 14:56 - 00000000 ____D C:\Users\Volkhadan\AppData\Roaming\dvdcss 2016-01-15 13:42 - 2014-07-11 22:07 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-01-15 13:40 - 2014-06-14 17:54 - 00000414 _____ C:\Windows\Tasks\DriverEasy Scheduled Scan.job 2016-01-15 09:48 - 2014-12-27 21:14 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-01-15 09:47 - 2015-11-19 11:25 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Arquivos na raiz de alguns diretórios ======= 2015-03-09 19:30 - 2015-03-09 19:30 - 0005487 _____ () C:\Users\Volkhadan\AppData\Roaming\EAMLGBM 2015-07-07 20:04 - 2015-07-07 20:05 - 0017217 _____ () C:\Users\Volkhadan\AppData\Roaming\unins000.dat 2016-01-30 01:06 - 2016-01-30 01:06 - 0005765 _____ () C:\Users\Volkhadan\AppData\Local\recently-used.xbel ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-01-30 04:16 ==================== Fim de FRST.txt ============================