Ir ao conteúdo
  • Cadastre-se
gustavo kirjner

Possível malware nos browsers

Recommended Posts

Amigos do CdH, boa tarde

Depois de ficar algumas semanas sem acessar meu PC, que estava emprestado pra vó da minha esposa, percebi que tinha alguma infecção, pois a navegação do Chrome a todo momento abre páginas de propaganda e redireciona endereços digitados e links clicados. 

 

Se puderem verificar meu log do ZA Scan e dar dicas para remoção, agradeço imensamente!

runcheck.txt

zoek-results.log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @gustavo kirjner

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @diego_moicano, obrigado pela orientação. Seguem os logs:

 

AdCleaner:

# AdwCleaner v6.046 - Relatório criado 02/05/2017 às 22:30:52
# Atualizado em 24/04/2017 por Malwarebytes
# Banco de dados : 2017-05-02.1 [Servidor]
# Sistema operacional : Windows 10 Pro  (X64)
# Usuário : Gaspa - SUELLY-PC
# Executando de : C:\Users\Gaspa\Desktop\adwcleaner_6.046.exe
# Modo: Limpo
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

***** [ Pastas ] *****

***** [ Arquivos ] *****

[-] Arquivo excluído:C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.plusnetwork.com_0.localstorage
[-] Arquivo excluído:C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.plusnetwork.com_0.localstorage-journal


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Atividades agendadas ] *****

***** [ Registro ] *****

***** [ Verificando navegadores ... ] *****

[-] [C:\Users\Suelly\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:br.ask.com
[-] [C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:br.ask.com
[-] [C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:aol.com


*************************

:: Políticas do IE excluídas
:: Políticas do Chrome excluídas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1430 Bytes] - [02/05/2017 22:30:52]
C:\AdwCleaner\AdwCleaner[S0].txt - [1313 Bytes] - [23/04/2017 15:25:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [1896 Bytes] - [02/05/2017 22:29:35]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1649 Bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64 
Ran by Gaspa (Administrator) on 02/05/2017 at 22:39:08,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 1 

Successfully deleted: C:\Users\Gaspa\AppData\Roaming\productdata (Folder) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/05/2017 at 23:01:09,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

~ ZHPCleaner v2017.5.1.75 by Nicolas Coolman (2017/05/01)
~ Run by Gaspa (Administrator)  (02/05/2017 23:27:34)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Reparo
~ Report : C:\Users\Gaspa\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Gaspa\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 14393)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (59)
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\)aBe30JlS350VK!Q.tmp.dat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\7eLJZ9UTJ(JnoFSO.tmp.dat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\7za.exe    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\appdata.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\au-descriptor-1.8.0_131-b11.xml    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\chromium.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\databases.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\delregkeys.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\desktop.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\dMYf@wCf0DWaJ$Ck.tmp.dat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\downloads.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\extensions.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\extensions1.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\ffprofiles.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\hijackthis.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\HKEY_USERS.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\ho1ECWw8yR)4COXZ.tmp.dat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\iedefaults.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\JavaDeployReg.log    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\javafolders.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\localappdata.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\LocalStorage.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\log.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\log.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\otkdgF#NmQb@)ZfB.tmp.dat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\path.txt    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\PEVZ.EXE    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\regsearch.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\regsearch2.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\remove.exe    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\sample.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\search.ico    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\sed.exe    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\service.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\shortcut.exe [Optimum X - Creates, modifies or queries Windows shell]  =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\swreg.exe [SteelWerX - Freeware implementation of REG.EXE]  =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\swxcacls.exe [SteelWerX - Freeware implementation of XCACLS]  =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\TcYzydO2)GFIHZaY.tmp.dat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\tempfolders.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\test9.bat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\TKWk4jBPPeqh4sKr.tmp.dat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\tmp.log    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\urlzoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\users.zoek    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\Vbdhs1QT4pYQEIBz.tmp.dat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\wct18A8.tmp    =>.Superfluous.Temporary.Various
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\wct3C45.tmp    =>.Superfluous.Temporary.Various
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\wct4F61.tmp    =>.Superfluous.Temporary.Various
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\wct7171.tmp    =>.Superfluous.Temporary.Various
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\ZA-Scan    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\ZAscan    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\ZAScan.exe [E Dev - SplashLite]  =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\zoek-delete.exe    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\zoek.bat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\zoek.hta    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\zoekrun.bat    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Temp\zoekrun.hta    =>.Superfluous.Temporary.Empty
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage    =>.Superfluous.Atwola
MOVIDO pasta: C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage-journal    =>.Superfluous.Atwola


---\\  Registro ( Chaves, Valores, Dados ) (2)
SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{da59d1aa-2afe-437e-a0b6-bbb7d5d5646a}\\DhcpNameServer [Bad : 201.21.192.119 201.21.192.123]  =>Hijacker.Browser
SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 201.21.192.119 201.21.192.123]  =>Hijacker.Browser


---\\  Resumo dos elementos encontrados na sua estação de trabalho (4)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.Superfluous.Temporary.Various
https://nicolascoolman.eu/2017/02/04/superfluous-atwola/  =>.Superfluous.Atwola
https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/  =>Hijacker.Browser


---\\  Dodatkowe oczyszczenie. (6)
~ Chave de registro Tracing Supprimido (6)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 669
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 61


~ End of clean in 00h00mn41s
~====================
ZHPCleaner-[R]-02052017-23_28_15.txt
ZHPCleaner-[R]-23042017-15_21_20.txt
ZHPCleaner--02052017-23_26_01.txt
ZHPCleaner--23042017-14_04_49.txt
 

 

 

No aguardo, 

 

abç

Gustavo

 


 

Editado por gustavo kirjner

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @gustavo kirjner

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

 

  • Clique duas vezes para executar a ferramenta.
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
  • Anexe o log Addition.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @gustavo kirjner

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o arquivo (fixlist.txt) no anexo deste post e salve-o na Área de Trabalho (Desktop).

Execute o FRST.exe (ou FRST64.exe) e clique no botão Corrigir.

Aguarde... ao final será gerado o log Fixlog.txt  salvo em sua Área de Trabalho (Desktop).

Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

fixlist.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá @diego_moicano

 

Segue o fixlog, abaixo:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 05-05-2017 02
Executado por Gaspa (05-05-2017 21:54:31) Run:1
Executando a partir de C:\Users\Gaspa\Desktop
Perfis Carregados: Gaspa (Perfis Disponíveis: Suelly & UpdatusUser & Gaspa)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3163227827-1062642762-320800426-1033 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\242632640.js [2017-04-21] <==== ATENÇÃO (Aponta para arquivo *.cfg)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\242632640.cfg [2017-04-21] <==== ATENÇÃO
File: C:\Program Files (x86)\mozilla firefox\242632640.cfg
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
2017-04-22 17:43 - 2017-04-24 23:32 - 0388608 _____ (Trend Micro Inc.) C:\Users\Gaspa\AppData\Local\Temp\hijackthis.exe
2017-04-22 17:43 - 2017-04-24 23:32 - 0030720 _____ (NirSoft) C:\Users\Gaspa\AppData\Local\Temp\NirCmd.exe
2017-04-22 17:43 - 2017-04-24 23:32 - 0154232 _____ (Noël Danjou) C:\Users\Gaspa\AppData\Local\Temp\wget.exe
CHR HomePage: Default -> hxxp://intranet.tce.rs.gov.br/portal/page/portal/tcers/intranet
CHR StartupUrls: Default -> "hxxp://br-mg6.mail.yahoo.com/neo/launch?.rand=57vie9lln5okn","hxxp://intranet.tce.rs.gov.br/forms/frmservlet?config=JDK16_PROD","hxxps://portal.tce.rs.gov.br/portal/page/portal/det/det","hxxps://web.whatsapp.com/","hxxps://outlook.live.com/owa/","hxxp://simplenote.com/","hxxps://bay175.mail.live.com/default.aspx?id=64855&owa=1&owasuffix=owa%2f#n=26500655&fid=1&mid=bd77b661-adf9-11e2-b08c-00237de33968"
CMD:ipconfig /flushdns
EmptyTemp:

*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKU\S-1-5-21-3163227827-1062642762-320800426-1033\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
C:\Program Files (x86)\mozilla firefox\defaults\pref\242632640.js => movido com sucesso
C:\Program Files (x86)\mozilla firefox\242632640.cfg => movido com sucesso

========================= File: C:\Program Files (x86)\mozilla firefox\242632640.cfg ========================

"C:\Program Files (x86)\mozilla firefox\242632640.cfg" => não encontrado (a).
====== Fim de File: ======

HKLM\System\CurrentControlSet\Services\gbpddfac => chave removido (a) com sucesso.
gbpddfac => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\gbpddreg => chave removido (a) com sucesso.
gbpddreg => serviço removido (a) com sucesso.
C:\Users\Gaspa\AppData\Local\Temp\hijackthis.exe => movido com sucesso
C:\Users\Gaspa\AppData\Local\Temp\NirCmd.exe => movido com sucesso
C:\Users\Gaspa\AppData\Local\Temp\wget.exe => movido com sucesso
Chrome HomePage => removido (a) com sucesso.
Chrome StartupUrls => removido (a) com sucesso.

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 65393 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 368090842 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 9479019 B
Edge => 102141096 B
Chrome => 611152030 B
Firefox => 19093165 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 890317 B
LocalService => 788 B
NetworkService => 78014 B
Suelly => 44800567 B
UpdatusUser => 0 B
Gaspa => 146420707 B

RecycleBin => 6225344491 B
EmptyTemp: => 7 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 21:58:45 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @gustavo kirjner

 

Baixe a Malwarebytes Anti-Malware (MBAM).
 
Clique duas vezes no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas..
  • Clique em Configurações, clique em Detecção e proteção, marque Verificar por Rootkits.
  • Volte ao Painel e por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Registros do aplicativo na janela principal do programa.
  • Clique duas vezes no log (Registro de verificação). Utilize o formato .txt para exportar o log.
  • O log de Proteção é desnecessário para a análise, exporte sempre o log correto.
  • Selecione, copie e cole o conteúdo deste log em sua próxima resposta.

 

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

caro @diego_moicano ,

 

me parece que a versão do mbam (3.0.6) mudou um pouco os caminhos indicados na orientação, mas tentei efetuar os passos equivalentes. por gentileza, veja se o log correto é esse abaixo:

 

malwarebytes
www.malwarebytes.com

-detalhes de registro-
data da análise: 06/05/17
hora da análise: 18:53
arquivo de registro: log de análise mbam.txt
administrador: sim

-informação do software-
versão: 3.0.6.1469
versão de componentes: 1.0.103
versão do pacote de definições: 1.0.1883
licença: versão de avaliação

-informação do sistema-
sistema operacional: windows 10
cpu: x64
sistema de arquivos: ntfs
usuário: suelly-pc\gaspa

-resumo da análise-
tipo de análise: análise customizada
resultado: concluído
objetos verificados: 420429
tempo decorrido: 17 hr, 46 min, 5 seg

-opções da análise-
memória: habilitado
inicialização: habilitado
sistema de arquivos: habilitado
arquivos compactados: habilitado
rootkits: habilitado
heurística: habilitado
pup: habilitado
pum: habilitado

-detalhes da análise-
processo: 0
(nenhum item malicioso detectado)

módulo: 0
(nenhum item malicioso detectado)

chave de registro: 6
pup.optional.reimage, hku\s-1-5-21-3163227827-1062642762-320800426-1000\software\microsoft\windows\currentversion\ext\settings\{10ecce17-29b5-4880-a8f5-ead298611484}, quarentena, [1025], [327205],1.0.1883
pup.optional.reimage, hku\s-1-5-21-3163227827-1062642762-320800426-1000\software\reimage, quarentena, [1030], [357494],1.0.1883
pup.optional.reimage, hku\s-1-5-21-3163227827-1062642762-320800426-1000\software\local appwizard-generated applications\reimage - windows problem relief., quarentena, [1030], [327203],1.0.1883
pup.optional.reimage, hku\s-1-5-21-3163227827-1062642762-320800426-1000\software\reimage\pc repair, quarentena, [1030], [327204],1.0.1883
pup.optional.pastaleads, hku\s-1-5-21-3163227827-1062642762-320800426-1000_classes\local settings\software\microsoft\windows\currentversion\appcontainer\storage\microsoft.microsoftedge_8wekyb3d8bbwe\children\001\internet explorer\domstorage\nps.pastaleads.com, quarentena, [7367], [259182],1.0.1883
pup.optional.pastaleads, hku\s-1-5-21-3163227827-1062642762-320800426-1000_classes\local settings\software\microsoft\windows\currentversion\appcontainer\storage\microsoft.microsoftedge_8wekyb3d8bbwe\children\001\internet explorer\domstorage\pastaleads.com, quarentena, [7367], [259183],1.0.1883

valor de registro: 1
pup.optional.reimage, hku\s-1-5-21-3163227827-1062642762-320800426-1000\software\reimage\pc repair|quitmessage, quarentena, [1030], [327204],1.0.1883

dados de registro: 0
(nenhum item malicioso detectado)

fluxo de dados: 0
(nenhum item malicioso detectado)

pasta: 0
(nenhum item malicioso detectado)

arquivo: 67
pup.optional.advancedsystemcare, c:\program files (x86)\iobit\surfing protection\browerprotect\ascplugin_protection.dll, quarentena, [1482], [395260],1.0.1883
pup.optional.apntoolbar, c:\users\gaspa\appdata\roaming\zhp\quarantine\ares [1].exe, quarentena, [7178], [76243],1.0.1883
pup.optional.conduit, c:\users\gaspa\appdata\roaming\zhp\quarantine\translator_3.1.exe, quarentena, [560], [76403],1.0.1883
pup.optional.spigot, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\application updater\applicationupdater.exe.vir, quarentena, [629], [300859],1.0.1883
pup.optional.spigot, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\common files\spigot\gc\exthelper.exe.vir, quarentena, [629], [300859],1.0.1883
pup.optional.spigot, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\common files\spigot\search settings\wthx184.dll.vir, quarentena, [629], [300859],1.0.1883
pup.optional.spigot, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\common files\spigot\search settings\wth184.dll.vir, quarentena, [629], [300859],1.0.1883
pup.optional.spigot, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\common files\spigot\search settings\searchsettings.exe.vir, quarentena, [629], [300859],1.0.1883
pup.optional.spigot, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\common files\spigot\search settings\searchsettings64.exe.vir, quarentena, [629], [300859],1.0.1883
pup.optional.spigot, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\common files\spigot\slicksavings\slicksavingssetup.exe.vir, quarentena, [629], [300859],1.0.1883
pup.optional.somoto, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\filesfrog update checker\update_checker.exe.vir, quarentena, [361], [301181],1.0.1883
pup.optional.modgoog, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\globalupdate\update\googleupdate.exe.vir, quarentena, [6507], [64771],1.0.1883
pup.optional.modgoog, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\globalupdate\update\1.3.25.0\googleupdatebroker.exe.vir, quarentena, [6507], [64771],1.0.1883
pup.optional.modgoog, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\globalupdate\update\1.3.25.0\googleupdateondemand.exe.vir, quarentena, [6507], [64771],1.0.1883
pup.optional.modgoog, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\globalupdate\update\1.3.25.0\googlecrashhandler.exe.vir, quarentena, [6507], [64771],1.0.1883
pup.optional.modgoog, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\globalupdate\update\1.3.25.0\googleupdate.exe.vir, quarentena, [6507], [64771],1.0.1883
pup.optional.modgoog, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\globalupdate\update\1.3.25.0\goopdate.dll.vir, quarentena, [6507], [64771],1.0.1883
pup.optional.modgoog, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\globalupdate\update\1.3.25.0\goopdateres_en.dll.vir, quarentena, [6507], [64771],1.0.1883
pup.optional.modgoog, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\globalupdate\update\1.3.25.0\psuser.dll.vir, quarentena, [6507], [64771],1.0.1883
pup.optional.modgoog, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\globalupdate\update\1.3.25.0\npgoogleupdate4.dll.vir, quarentena, [6507], [64771],1.0.1883
pup.optional.modgoog, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\globalupdate\update\1.3.25.0\psmachine.dll.vir, quarentena, [6507], [64771],1.0.1883
pup.optional.spigot, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\iobit apps toolbar\widgihelper.exe.vir, quarentena, [629], [300859],1.0.1883
pup.optional.spigot, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\iobit apps toolbar\ie\9.4\iobitappstoolbarie64.dll.vir, quarentena, [629], [300859],1.0.1883
pup.optional.spigot, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\iobit apps toolbar\ie\9.4\iobitappstoolbarie.dll.vir, quarentena, [629], [300859],1.0.1883
pup.optional.downloader, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\mediaa_play_air_1.4\uninstall.exe.vir, quarentena, [682], [301036],1.0.1883
pup.optional.iepluginservice, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\suptab\rshp.exe.vir, quarentena, [7283], [76674],1.0.1883
pup.optional.skytech, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\suptab\dpinterface64.dll.vir, quarentena, [7408], [77225],1.0.1883
pup.optional.skytech, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\suptab\dpinterfacef32.dll.vir, quarentena, [7408], [77225],1.0.1883
pup.optional.skytech, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\suptab\spappsv64.dll.vir, quarentena, [7408], [77225],1.0.1883
pup.optional.skytech, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\suptab\dpinterface32.dll.vir, quarentena, [7408], [77225],1.0.1883
pup.optional.skytech, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\suptab\searchprotect64.dll.vir, quarentena, [7408], [77225],1.0.1883
pup.optional.skytech, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\suptab\searchprotect32.dll.vir, quarentena, [7408], [77225],1.0.1883
pup.optional.skytech, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\program files (x86)\suptab\spappsv32.dll.vir, quarentena, [7408], [77225],1.0.1883
pup.optional.elex, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\programdata\iepluginservices\pluginservice.exe.vir, quarentena, [8], [75878],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie2.1.32.zip.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\aapt.exe.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\crashrpt.dll.vir, quarentena, [1158], [361649],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\daemonprocess.exe.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\driverinstall_x64.exe.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\crashreport.exe.vir, quarentena, [1158], [110074],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\devcon_x64.exe.vir, quarentena, [1158], [361649],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\devcon_x86.exe.vir, quarentena, [1158], [361649],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\mgusb.exe.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\lsusb.exe.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\mgadb.exe.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\driverinstall_x86.exe.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\mobogenie.exe.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\outlookoperatorc.exe.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\newversion\mobogenie\updatemobogenie.exe.vir, quarentena, [1158], [117172],1.0.1883
adware.mobogenie, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\local\mobogenie\version\oldversion\mobogenie\aapt.exe.vir, quarentena, [1158], [117172],1.0.1883
pup.optional.conduittb.gen, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\users\suelly\appdata\roaming\opencandy\4b02e8805b77465c89c0cbcebbf8f71c\psafesetup.exe.vir, quarentena, [11565], [299293],1.0.1883
pup.optional.activeris, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\c\windows\system32\roboot64.exe.vir, quarentena, [9219], [390446],1.0.1883
pup.optional.reimage, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\files\snudmhnexposfbzyfexxmwdlomevrmeq.back, quarentena, [1026], [331559],1.0.1883
pup.optional.browsefox, c:\users\gaspa\downloads\malware scan\adwcleaner\quarantine\files\pizkjlgwikvlneaoqeznxnwhdzwmingt\adf4119ca0eb447bbc1c5d0ae8ccfbe2\setup.exe, quarentena, [1703], [92986],1.0.1883
pup.optional.pricemoon, c:\users\suelly\appdata\local\google\chrome\user data\default\local storage\http_pstatic.pricemoon.co_0.localstorage-journal, quarentena, [15386], [255333],1.0.1883
pup.optional.yontoo, c:\users\suelly\appdata\local\google\chrome\user data\default\local storage\https_luckybright-a.akamaihd.net_0.localstorage-journal, quarentena, [51], [252577],1.0.1883
pup.optional.yontoo, c:\programdata\ntuser.pol, quarentena, [51], [-1],0.0.0
pup.optional.yontoo, c:\users\suelly\appdata\local\google\chrome\user data\default\local storage\http_pstatic.kingtopdeals.com_0.localstorage-journal, quarentena, [51], [185648],1.0.1883
pup.optional.yontoo, c:\users\suelly\appdata\local\google\chrome\user data\default\local storage\http_pstatic.kingtopdeals.com_0.localstorage, quarentena, [51], [185648],1.0.1883
pup.optional.yontoo, c:\users\suelly\appdata\local\google\chrome\user data\default\local storage\https_luckybright-a.akamaihd.net_0.localstorage, quarentena, [51], [252577],1.0.1883
pup.optional.pricemoon, c:\users\suelly\appdata\local\google\chrome\user data\default\local storage\http_pstatic.pricemoon.co_0.localstorage, quarentena, [15386], [255333],1.0.1883
pup.optional.winyahoo, c:\users\suelly\appdata\locallow\microsoft\internet explorer\services\wincy.ico, quarentena, [88], [246865],1.0.1883
pup.optional.apntoolbar, c:\users\suelly\desktop\atalhos\atubecatcher.exe, quarentena, [7178], [76243],1.0.1883
pup.optional.apntoolbar, c:\users\suelly\documents\apnsetup1.exe, quarentena, [7178], [76242],1.0.1883
pup.optional.advancedsystemcare, c:\users\suelly\downloads\advanced-systemcare-installer.exe, quarentena, [1482], [395260],1.0.1883
pup.optional.bundleinstaller, c:\users\suelly\downloads\itunes_setup.exe, quarentena, [25], [22050],1.0.1883
pup.optional.downloader.zyl, c:\users\suelly\pictures\backup\pc\appdata\local\zylom games\bookworm deluxe\bookworm.exe, quarentena, [7828], [86017],1.0.1883

setor físico: 0
(nenhum item malicioso detectado)


(end)

 

 

 

Screenshot_2.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite, @diego_moicano

Seguem os logs

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 08-05-2017
Executado por Gaspa (administrador) em SUELLY-PC (08-05-2017 23:22:00)
Executando a partir de C:\Users\Gaspa\Desktop
Perfis Carregados: Gaspa (Perfis Disponíveis: Suelly & UpdatusUser & Gaspa)
Platform: Windows 10 Pro Versão 1607 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1802424 2015-11-22] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-01-18] (GAS Tecnologia LTDA)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2017-04-17] (Banco do Brasil)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2016-10-21] (Caixa Economica Federal)
HKU\S-1-5-21-3163227827-1062642762-320800426-1033\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-3163227827-1062642762-320800426-1033\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-3163227827-1062642762-320800426-1033\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1903328 2016-10-21] (Caixa Economica Federal)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2017-04-17] (Banco do Brasil)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 201.21.192.119 201.21.192.123
Tcpip\..\Interfaces\{26db0ecb-76a1-4e5d-b1b4-a959870720f5}: [DhcpNameServer] 201.21.192.119 201.21.192.123
Tcpip\..\Interfaces\{da59d1aa-2afe-437e-a0b6-bbb7d5d5646a}: [DhcpNameServer] 201.21.192.119 201.21.192.123

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-04-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-21] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2017-04-17] (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2016-10-21] (Caixa Economica Federal)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-21] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 5t5p3p8o.default
FF ProfilePath: C:\Users\Gaspa\AppData\Roaming\Mozilla\Firefox\Profiles\5t5p3p8o.default [2017-05-05]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-21] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-04-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)

Chrome: 
=======
CHR HomePage: Default -> hxxp://intranet.tce.rs.gov.br/portal/page/portal/tcers/intranet
CHR StartupUrls: Default -> "hxxp://intranet.tce.rs.gov.br/forms/frmservlet?config=JDK16_PROD","hxxps://portal.tce.rs.gov.br/portal/page/portal/det/det","hxxp://simplenote.com/"
CHR Profile: C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default [2017-05-08]
CHR Extension: (Google Apresentações) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-22]
CHR Extension: (Bible) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf [2017-04-22]
CHR Extension: (Google Docs) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-22]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2017-05-02]
CHR Extension: (Google Drive) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-22]
CHR Extension: (YouTube) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-22]
CHR Extension: (http://intranet.tce.rs.gov.br/portal/page/por) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfbkcihejhikkcokfdgopagbdedemppo [2017-04-22]
CHR Extension: (Adblock Plus) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-22]
CHR Extension: (Planilhas do Google) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-22]
CHR Extension: (EditThisCookie) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-04-22]
CHR Extension: (Documentos Google off-line) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-22]
CHR Extension: (AdBlock) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-22]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-04-22]
CHR Extension: (Dropbox) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2017-04-22]
CHR Extension: (Pocket Website) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2017-04-22]
CHR Extension: (Certisign) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjoehgfmpefldljiipnmgnfmcbfjkaad [2017-04-22]
CHR Extension: (Teste de digitação - KeyHero) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2017-04-22]
CHR Extension: (Simplenote) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjoocpipbbafoimjgbkmfnjcjejdbjo [2017-04-22]
CHR Extension: (Google Maps) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-04-22]
CHR Extension: (OneDrive) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2017-04-22]
CHR Extension: (Save to Pocket) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2017-04-24]
CHR Extension: (Extensão Inscrição no RSS (do Google)) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2017-04-22]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-22]
CHR Extension: (Mercury Reader) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2017-04-22]
CHR Extension: (Outlook.com) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-04-22]
CHR Extension: (Gmail) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-22]
CHR Extension: (Chrome Media Router) - C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-22]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971776 2017-04-13] (Microsoft Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [631520 2016-10-21] (GAS Tecnologia)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-21] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [46736 2016-03-25] (VIA Technologies, Inc.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2017-01-18] (GAS Tecnologia LTDA)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 BCMH43XX; C:\WINDOWS\system32\DRIVERS\AE2500w764.sys [2576632 2016-12-03] (Broadcom Corporation)
R3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-03-25] (Cypress Semiconductor, Inc.)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia)
S3 huawei_cdcacm; C:\WINDOWS\System32\drivers\ew_jucdcacm.sys [110592 2015-08-04] (MBB Technologies Co., Ltd.)
S3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [92672 2015-08-04] (MBB Technologies Co., Ltd.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-11-07] (REALiX(tm))
R3 L1C; C:\WINDOWS\System32\drivers\L1C62x64.sys [129224 2015-04-16] (Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2014-05-11] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 pelmouse; C:\WINDOWS\System32\drivers\pelmouse.sys [23040 2012-11-28] (TPMX Electronics Ltd.)
S3 pelusblf; C:\WINDOWS\System32\drivers\pelusblf.sys [34816 2013-03-19] (TPMX Electronics Ltd.)
S3 pelvendr; C:\WINDOWS\System32\drivers\pelvendr.sys [11776 2009-11-02] (TPMX Electronics Ltd.)
S3 phidmice; C:\WINDOWS\System32\drivers\phidmice.sys [34816 2013-03-26] (TPMX Electronics Ltd.)
S3 pmouself; C:\WINDOWS\System32\drivers\pmouself.sys [23040 2013-03-26] (TPMX Electronics Ltd.)
S3 pvendrlf; C:\WINDOWS\System32\drivers\pvendrlf.sys [12288 2013-03-26] (TPMX Electronics Ltd.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2017-05-07] (GAS Tecnologia)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [47176 2016-06-21] (GAS Tecnologia)
R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [25184 2017-01-18] (GAS Tecnologia)
R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [25184 2017-01-18] (GAS Tecnologia)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-05-07 10:57 - 2017-05-07 10:57 - 01040099 _____ C:\Users\Gaspa\Downloads\Produtos.pdf
2017-05-06 11:42 - 2017-05-06 11:42 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\778D474B.sys
2017-05-06 11:14 - 2017-05-08 20:34 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-06 11:14 - 2017-05-07 19:12 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-06 11:14 - 2017-05-07 19:12 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-06 11:14 - 2017-05-06 11:14 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-06 11:13 - 2017-05-07 19:12 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-06 11:13 - 2017-05-06 11:13 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-06 11:13 - 2017-05-06 11:13 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2017-05-06 11:13 - 2017-05-06 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-06 11:13 - 2017-05-06 11:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-06 11:13 - 2017-05-06 11:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-06 11:13 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-06 11:11 - 2017-05-06 11:13 - 60107896 _____ (Malwarebytes ) C:\Users\Gaspa\Desktop\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-05 21:54 - 2017-05-05 21:58 - 00004169 _____ C:\Users\Gaspa\Desktop\Fixlog.txt
2017-05-05 21:53 - 2017-05-08 23:21 - 00000000 ____D C:\Users\Gaspa\Desktop\FRST-OlderVersion
2017-05-04 20:47 - 2017-05-04 20:47 - 00025097 _____ C:\Users\Gaspa\Downloads\Addition.txt
2017-05-03 22:14 - 2017-05-05 22:01 - 00000408 _____ C:\WINDOWS\Tasks\update-sys.job
2017-05-03 22:14 - 2017-05-05 22:01 - 00000408 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3163227827-1062642762-320800426-1033.job
2017-05-03 22:14 - 2017-05-03 22:14 - 00003396 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-3163227827-1062642762-320800426-1033
2017-05-03 22:14 - 2017-05-03 22:14 - 00003334 _____ C:\WINDOWS\System32\Tasks\update-sys
2017-05-03 22:14 - 2017-05-03 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-05-03 22:14 - 2017-05-03 22:14 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2017-05-03 22:13 - 2017-05-03 22:13 - 02732544 _____ (Skillbrains ) C:\Users\Gaspa\Downloads\setup-lightshot.exe
2017-05-03 22:08 - 2017-05-07 23:39 - 00000000 ____D C:\Users\Gaspa\Documents\Sempre Viva
2017-05-03 21:55 - 2017-05-03 21:56 - 00025097 _____ C:\Users\Gaspa\Desktop\Addition.txt
2017-05-03 21:51 - 2017-05-08 23:23 - 00019480 _____ C:\Users\Gaspa\Desktop\FRST.txt
2017-05-03 21:49 - 2017-05-08 23:21 - 02429440 _____ (Farbar) C:\Users\Gaspa\Desktop\FRST64.exe
2017-05-03 21:47 - 2017-05-03 21:47 - 00000000 ____D C:\Users\Gaspa\AppData\Roaming\ProductData
2017-05-02 23:26 - 2017-05-02 23:28 - 00008351 _____ C:\Users\Gaspa\Desktop\ZHPCleaner.txt
2017-05-02 23:17 - 2017-05-02 23:17 - 02764800 _____ C:\Users\Gaspa\Downloads\ZHPCleaner (1).exe
2017-05-02 23:13 - 2017-05-02 23:13 - 02764800 _____ C:\Users\Gaspa\Downloads\ZHPCleaner.exe
2017-05-02 23:10 - 2017-05-02 23:15 - 00000914 _____ C:\Users\Gaspa\Desktop\ZHPCleaner.lnk
2017-05-02 23:04 - 2017-05-02 23:09 - 02764800 _____ C:\Users\Gaspa\Desktop\ZHPCleaner.exe
2017-05-02 23:01 - 2017-05-02 23:01 - 00000622 _____ C:\Users\Gaspa\Desktop\JRT.txt
2017-05-02 22:37 - 2017-05-02 22:38 - 01663672 _____ (Malwarebytes) C:\Users\Gaspa\Desktop\JRT.exe
2017-05-02 22:25 - 2017-05-02 22:26 - 04102600 _____ C:\Users\Gaspa\Desktop\adwcleaner_6.046.exe
2017-04-24 23:32 - 2017-04-26 20:11 - 00000526 _____ C:\runcheck.txt
2017-04-23 15:27 - 2017-05-08 23:22 - 00000000 ____D C:\FRST
2017-04-23 15:23 - 2017-05-02 23:37 - 00000000 ____D C:\AdwCleaner
2017-04-23 13:56 - 2017-05-02 23:28 - 00000000 ____D C:\Users\Gaspa\AppData\Roaming\ZHP
2017-04-23 13:56 - 2017-05-02 23:18 - 00000000 ____D C:\Users\Gaspa\AppData\Local\ZHP
2017-04-22 23:22 - 2017-05-02 22:35 - 00000000 ____D C:\Users\Gaspa\Downloads\malware scan
2017-04-22 17:45 - 2017-04-22 17:52 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-04-22 17:43 - 2017-04-22 17:43 - 00000000 ____D C:\zoek_backup
2017-04-22 14:16 - 2017-04-22 14:16 - 00002360 _____ C:\Users\Gaspa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-22 14:16 - 2017-04-22 14:16 - 00002330 _____ C:\Users\Gaspa\Desktop\Google Chrome.lnk
2017-04-21 17:38 - 2017-04-21 17:38 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-04-21 16:54 - 2017-04-21 16:54 - 00892928 _____ C:\Users\Gaspa\Downloads\Microsoft_Office_2016_Professional_plus_Crack_Activator_64_Bit.iso
2017-04-19 23:53 - 2017-04-19 23:53 - 02826826 _____ C:\Users\Gaspa\Downloads\pdf-199551-Aula 03-LIMPADcurso-28484-aula-03-v2.pdf
2017-04-13 09:39 - 2017-04-13 09:39 - 00627440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-04-13 09:39 - 2017-04-13 09:39 - 00264448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-04-13 09:39 - 2017-04-13 09:39 - 00242968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-04-13 09:37 - 2017-04-13 09:37 - 00438000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-04-13 09:37 - 2017-04-13 09:37 - 00391424 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-04-13 09:37 - 2017-04-13 09:37 - 00332560 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-04-13 09:37 - 2017-04-13 09:37 - 00087280 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-04-13 09:37 - 2017-04-13 09:37 - 00083696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-04-11 22:30 - 2017-03-28 04:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-11 22:30 - 2017-03-28 04:10 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 22:30 - 2017-03-28 03:29 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 22:30 - 2017-03-28 03:21 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 22:30 - 2017-03-28 03:19 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 22:30 - 2017-03-28 03:18 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 22:30 - 2017-03-28 03:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 22:30 - 2017-03-28 03:10 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 22:30 - 2017-03-28 03:07 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-11 22:30 - 2017-03-28 03:05 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 22:30 - 2017-03-28 03:05 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 22:30 - 2017-03-28 03:05 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-11 22:30 - 2017-03-28 03:05 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-04-11 22:30 - 2017-03-28 03:05 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-11 22:30 - 2017-03-28 03:05 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 22:30 - 2017-03-28 03:05 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-11 22:30 - 2017-03-28 03:05 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-04-11 22:30 - 2017-03-28 03:04 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 22:30 - 2017-03-28 03:04 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 22:30 - 2017-03-28 03:04 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-11 22:30 - 2017-03-28 03:04 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-11 22:30 - 2017-03-28 03:04 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-11 22:30 - 2017-03-28 03:04 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-11 22:30 - 2017-03-28 03:04 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-11 22:30 - 2017-03-28 03:04 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-11 22:30 - 2017-03-28 03:02 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-04-11 22:30 - 2017-03-28 03:02 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-11 22:30 - 2017-03-28 03:02 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-04-11 22:30 - 2017-03-28 02:59 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 22:30 - 2017-03-28 02:59 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-04-11 22:30 - 2017-03-28 02:59 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-11 22:30 - 2017-03-28 02:58 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-11 22:30 - 2017-03-28 02:58 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-11 22:30 - 2017-03-28 02:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-11 22:30 - 2017-03-28 02:58 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-11 22:30 - 2017-03-28 02:58 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-11 22:30 - 2017-03-28 02:58 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-11 22:30 - 2017-03-28 02:58 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-11 22:30 - 2017-03-28 02:58 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 22:30 - 2017-03-28 02:53 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-11 22:30 - 2017-03-28 02:53 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 22:30 - 2017-03-28 02:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-11 22:30 - 2017-03-28 02:48 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-11 22:30 - 2017-03-28 02:42 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 22:30 - 2017-03-28 02:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-04-11 22:30 - 2017-03-28 02:41 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 22:30 - 2017-03-28 02:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-11 22:30 - 2017-03-28 02:40 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-11 22:30 - 2017-03-28 02:40 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 22:30 - 2017-03-28 02:39 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-11 22:30 - 2017-03-28 02:39 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-11 22:30 - 2017-03-28 02:38 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-11 22:30 - 2017-03-28 02:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-11 22:30 - 2017-03-28 02:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 22:30 - 2017-03-28 02:37 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2017-04-11 22:30 - 2017-03-28 02:37 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-11 22:30 - 2017-03-28 02:37 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-11 22:30 - 2017-03-28 02:37 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-11 22:30 - 2017-03-28 02:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-11 22:30 - 2017-03-28 02:37 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 22:30 - 2017-03-28 02:36 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-11 22:30 - 2017-03-28 02:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-11 22:30 - 2017-03-28 02:36 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-11 22:30 - 2017-03-28 02:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-11 22:30 - 2017-03-28 02:36 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-11 22:30 - 2017-03-28 02:36 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-11 22:30 - 2017-03-28 02:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 22:30 - 2017-03-28 02:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-11 22:30 - 2017-03-28 02:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-11 22:30 - 2017-03-28 02:35 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-11 22:30 - 2017-03-28 02:35 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-11 22:30 - 2017-03-28 02:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-11 22:30 - 2017-03-28 02:35 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 22:30 - 2017-03-28 02:35 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-11 22:30 - 2017-03-28 02:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-11 22:30 - 2017-03-28 02:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-11 22:30 - 2017-03-28 02:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-11 22:30 - 2017-03-28 02:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-11 22:30 - 2017-03-28 02:35 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-11 22:30 - 2017-03-28 02:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-11 22:30 - 2017-03-28 02:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-11 22:30 - 2017-03-28 02:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-11 22:30 - 2017-03-28 02:34 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-11 22:30 - 2017-03-28 02:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-11 22:30 - 2017-03-28 02:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-11 22:30 - 2017-03-28 02:33 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-11 22:30 - 2017-03-28 02:33 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-11 22:30 - 2017-03-28 02:33 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-11 22:30 - 2017-03-28 02:33 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 22:30 - 2017-03-28 02:33 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-11 22:30 - 2017-03-28 02:33 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-11 22:30 - 2017-03-28 02:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-04-11 22:30 - 2017-03-28 02:33 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-11 22:30 - 2017-03-28 02:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-11 22:30 - 2017-03-28 02:32 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 22:30 - 2017-03-28 02:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-11 22:30 - 2017-03-28 02:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-11 22:30 - 2017-03-28 02:31 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-04-11 22:30 - 2017-03-28 02:31 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-11 22:30 - 2017-03-28 02:30 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-11 22:30 - 2017-03-28 02:30 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-11 22:30 - 2017-03-28 02:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-11 22:30 - 2017-03-28 02:30 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-04-11 22:30 - 2017-03-28 02:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-11 22:30 - 2017-03-28 02:30 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-11 22:30 - 2017-03-28 02:29 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-11 22:30 - 2017-03-28 02:29 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-11 22:30 - 2017-03-28 02:29 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-11 22:30 - 2017-03-28 02:29 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-11 22:30 - 2017-03-28 02:29 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-11 22:30 - 2017-03-28 02:28 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 22:30 - 2017-03-28 02:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-11 22:30 - 2017-03-28 02:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-11 22:30 - 2017-03-28 02:28 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-11 22:30 - 2017-03-28 02:28 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-11 22:30 - 2017-03-28 02:28 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-11 22:30 - 2017-03-28 02:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-11 22:30 - 2017-03-28 02:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-11 22:30 - 2017-03-28 02:27 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-11 22:30 - 2017-03-28 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-04-11 22:30 - 2017-03-28 02:26 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-11 22:30 - 2017-03-28 02:26 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-11 22:30 - 2017-03-28 02:26 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-11 22:30 - 2017-03-28 02:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-11 22:30 - 2017-03-28 02:26 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-11 22:30 - 2017-03-28 02:25 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-11 22:30 - 2017-03-28 02:25 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-04-11 22:30 - 2017-03-28 02:25 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-04-11 22:30 - 2017-03-28 02:25 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-11 22:30 - 2017-03-28 02:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-04-11 22:30 - 2017-03-28 02:24 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-04-11 22:30 - 2017-03-28 02:24 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-11 22:30 - 2017-03-28 02:24 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-11 22:30 - 2017-03-28 02:24 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-11 22:30 - 2017-03-28 02:23 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 22:30 - 2017-03-28 02:23 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-11 22:30 - 2017-03-28 02:23 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-11 22:30 - 2017-03-28 02:23 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-11 22:30 - 2017-03-28 02:22 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-11 22:30 - 2017-03-28 02:22 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-11 22:30 - 2017-03-28 02:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-11 22:30 - 2017-03-28 02:21 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-04-11 22:30 - 2017-03-28 02:21 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-11 22:30 - 2017-03-28 02:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-11 22:30 - 2017-03-28 02:20 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-11 22:30 - 2017-03-28 02:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 22:30 - 2017-03-28 02:19 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 22:30 - 2017-03-28 02:19 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-11 22:30 - 2017-03-28 02:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-11 22:30 - 2017-03-28 02:19 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-11 22:30 - 2017-03-28 02:19 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-11 22:30 - 2017-03-28 02:19 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-04-11 22:30 - 2017-03-28 02:18 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 22:30 - 2017-03-28 02:17 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 22:30 - 2017-03-28 02:17 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-11 22:30 - 2017-03-28 02:17 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-11 22:30 - 2017-03-28 02:17 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 22:30 - 2017-03-28 02:16 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-04-11 22:30 - 2017-03-28 02:16 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-11 22:30 - 2017-03-28 02:16 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-11 22:30 - 2017-03-28 02:15 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-11 22:30 - 2017-03-28 02:14 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-04-11 22:30 - 2017-03-28 02:14 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-11 22:30 - 2017-03-28 02:14 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-11 22:30 - 2017-03-28 02:14 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-11 22:30 - 2017-03-28 02:14 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-11 22:30 - 2017-03-28 02:14 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-11 22:30 - 2017-03-28 02:14 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-11 22:30 - 2017-03-28 02:13 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-04-11 22:30 - 2017-03-28 02:13 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-04-11 22:30 - 2017-03-28 02:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-11 22:30 - 2017-03-28 02:13 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-11 22:30 - 2017-03-28 02:13 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-11 22:30 - 2017-03-28 02:13 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-04-11 22:30 - 2017-03-28 02:13 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-11 22:30 - 2017-03-28 02:12 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-11 22:30 - 2017-03-28 02:11 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-11 22:30 - 2017-03-28 02:11 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 22:30 - 2017-03-28 02:11 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-04-11 22:30 - 2017-03-28 02:11 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 22:30 - 2017-03-28 02:11 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-11 22:30 - 2017-03-28 02:11 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-11 22:30 - 2017-03-28 02:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-11 22:30 - 2017-03-28 02:10 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-04-11 22:30 - 2017-03-28 02:10 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 22:30 - 2017-03-28 02:10 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-11 22:30 - 2017-03-28 02:10 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-11 22:30 - 2017-03-28 02:10 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-11 22:30 - 2017-03-28 02:10 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-04-11 22:30 - 2017-03-28 02:09 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-11 22:30 - 2017-03-28 02:09 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-04-11 22:30 - 2017-03-28 02:09 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-11 22:30 - 2017-03-28 02:08 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 22:30 - 2017-03-28 02:08 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-11 22:30 - 2017-03-28 02:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-11 22:30 - 2017-03-28 01:48 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 22:30 - 2017-03-16 01:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-04-11 22:29 - 2017-03-28 03:32 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 22:29 - 2017-03-28 03:28 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-11 22:29 - 2017-03-28 03:28 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 22:29 - 2017-03-28 03:26 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-11 22:29 - 2017-03-28 03:26 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 22:29 - 2017-03-28 03:22 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 22:29 - 2017-03-28 03:20 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-11 22:29 - 2017-03-28 03:12 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-11 22:29 - 2017-03-28 03:11 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 22:29 - 2017-03-28 03:11 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-11 22:29 - 2017-03-28 03:11 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 22:29 - 2017-03-28 03:11 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 22:29 - 2017-03-28 03:11 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-11 22:29 - 2017-03-28 03:10 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 22:29 - 2017-03-28 03:10 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-04-11 22:29 - 2017-03-28 03:10 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-04-11 22:29 - 2017-03-28 03:09 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-11 22:29 - 2017-03-28 03:06 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 22:29 - 2017-03-28 03:05 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-04-11 22:29 - 2017-03-28 03:04 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 22:29 - 2017-03-28 03:04 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-11 22:29 - 2017-03-28 03:04 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-11 22:29 - 2017-03-28 02:58 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 22:29 - 2017-03-28 02:41 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2017-04-11 22:29 - 2017-03-28 02:41 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-11 22:29 - 2017-03-28 02:41 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2017-04-11 22:29 - 2017-03-28 02:38 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 22:29 - 2017-03-28 02:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-11 22:29 - 2017-03-28 02:37 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 22:29 - 2017-03-28 02:37 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-11 22:29 - 2017-03-28 02:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-11 22:29 - 2017-03-28 02:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-11 22:29 - 2017-03-28 02:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 22:29 - 2017-03-28 02:35 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-04-11 22:29 - 2017-03-28 02:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-04-11 22:29 - 2017-03-28 02:35 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-04-11 22:29 - 2017-03-28 02:35 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-11 22:29 - 2017-03-28 02:34 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 22:29 - 2017-03-28 02:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 22:29 - 2017-03-28 02:33 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 22:29 - 2017-03-28 02:33 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-11 22:29 - 2017-03-28 02:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-04-11 22:29 - 2017-03-28 02:32 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 22:29 - 2017-03-28 02:31 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-11 22:29 - 2017-03-28 02:31 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-11 22:29 - 2017-03-28 02:31 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-04-11 22:29 - 2017-03-28 02:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-11 22:29 - 2017-03-28 02:31 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-11 22:29 - 2017-03-28 02:31 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 22:29 - 2017-03-28 02:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 22:29 - 2017-03-28 02:31 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 22:29 - 2017-03-28 02:31 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-11 22:29 - 2017-03-28 02:31 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-11 22:29 - 2017-03-28 02:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-11 22:29 - 2017-03-28 02:30 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-11 22:29 - 2017-03-28 02:30 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-04-11 22:29 - 2017-03-28 02:30 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-11 22:29 - 2017-03-28 02:30 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-11 22:29 - 2017-03-28 02:30 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 22:29 - 2017-03-28 02:30 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-04-11 22:29 - 2017-03-28 02:29 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-11 22:29 - 2017-03-28 02:29 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-04-11 22:29 - 2017-03-28 02:29 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 22:29 - 2017-03-28 02:29 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-04-11 22:29 - 2017-03-28 02:29 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-11 22:29 - 2017-03-28 02:29 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 22:29 - 2017-03-28 02:29 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-11 22:29 - 2017-03-28 02:29 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-11 22:29 - 2017-03-28 02:29 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 22:29 - 2017-03-28 02:28 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 22:29 - 2017-03-28 02:28 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-11 22:29 - 2017-03-28 02:28 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-11 22:29 - 2017-03-28 02:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-11 22:29 - 2017-03-28 02:28 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 22:29 - 2017-03-28 02:27 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-11 22:29 - 2017-03-28 02:27 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-04-11 22:29 - 2017-03-28 02:27 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-11 22:29 - 2017-03-28 02:27 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-04-11 22:29 - 2017-03-28 02:27 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-04-11 22:29 - 2017-03-28 02:26 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-04-11 22:29 - 2017-03-28 02:26 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-11 22:29 - 2017-03-28 02:26 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-11 22:29 - 2017-03-28 02:25 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 22:29 - 2017-03-28 02:25 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-11 22:29 - 2017-03-28 02:25 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 22:29 - 2017-03-28 02:24 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 22:29 - 2017-03-28 02:24 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-04-11 22:29 - 2017-03-28 02:23 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 22:29 - 2017-03-28 02:23 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 22:29 - 2017-03-28 02:22 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-11 22:29 - 2017-03-28 02:21 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 22:29 - 2017-03-28 02:21 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-04-11 22:29 - 2017-03-28 02:21 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-11 22:29 - 2017-03-28 02:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-04-11 22:29 - 2017-03-28 02:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-04-11 22:29 - 2017-03-28 02:20 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-04-11 22:29 - 2017-03-28 02:20 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 22:29 - 2017-03-28 02:19 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-11 22:29 - 2017-03-28 02:19 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-04-11 22:29 - 2017-03-28 02:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-04-11 22:29 - 2017-03-28 02:18 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 22:29 - 2017-03-28 02:18 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 22:29 - 2017-03-28 02:18 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-11 22:29 - 2017-03-28 02:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-04-11 22:29 - 2017-03-28 02:17 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 22:29 - 2017-03-28 02:17 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-04-11 22:29 - 2017-03-28 02:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-11 22:29 - 2017-03-28 02:15 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-04-11 22:29 - 2017-03-28 02:15 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-11 22:29 - 2017-03-28 02:15 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 22:29 - 2017-03-28 02:15 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-04-11 22:29 - 2017-03-28 02:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-11 22:29 - 2017-03-28 02:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-04-11 22:29 - 2017-03-28 02:15 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-04-11 22:29 - 2017-03-28 02:14 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 22:29 - 2017-03-28 02:14 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-04-11 22:29 - 2017-03-28 02:14 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-04-11 22:29 - 2017-03-28 02:14 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-04-11 22:29 - 2017-03-28 02:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-11 22:29 - 2017-03-28 02:14 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-04-11 22:29 - 2017-03-28 02:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 22:29 - 2017-03-28 02:13 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 22:29 - 2017-03-28 02:13 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 22:29 - 2017-03-28 02:13 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 22:29 - 2017-03-28 02:13 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-11 22:29 - 2017-03-28 02:13 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-11 22:29 - 2017-03-28 02:13 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 22:29 - 2017-03-28 02:13 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-11 22:29 - 2017-03-28 02:13 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-11 22:29 - 2017-03-28 02:12 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-04-11 22:29 - 2017-03-28 02:12 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-11 22:29 - 2017-03-28 02:12 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 22:29 - 2017-03-28 02:12 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 22:29 - 2017-03-28 02:12 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-11 22:29 - 2017-03-28 02:11 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-11 22:29 - 2017-03-28 02:11 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-11 22:29 - 2017-03-28 02:10 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 22:29 - 2017-03-28 02:10 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 22:29 - 2017-03-28 02:10 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 22:29 - 2017-03-28 02:10 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-11 22:29 - 2017-03-28 02:10 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-04-11 22:29 - 2017-03-28 02:10 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-04-11 22:29 - 2017-03-28 02:09 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-11 22:29 - 2017-03-28 02:09 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-11 22:29 - 2017-03-28 02:09 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-04-11 22:29 - 2017-03-28 02:08 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 22:29 - 2017-03-28 02:08 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 22:29 - 2017-03-28 02:07 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 22:29 - 2017-03-28 02:07 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-11 22:29 - 2017-03-28 02:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-04-11 22:29 - 2017-03-28 02:06 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 22:29 - 2017-03-28 02:06 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-04-11 22:29 - 2017-03-28 02:06 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-11 22:29 - 2017-03-28 02:05 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 22:29 - 2017-03-28 02:04 - 00119808 ____R (Microsoft Corporation) C:\WINDOWS\system32\SecureAssessmentHandlers.dll
2017-04-11 22:29 - 2017-03-18 13:35 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-11 22:28 - 2017-03-28 03:36 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-11 22:28 - 2017-03-28 03:36 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-04-11 22:28 - 2017-03-28 03:36 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-04-11 22:28 - 2017-03-28 03:36 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-04-11 22:28 - 2017-03-28 03:36 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-11 22:28 - 2017-03-28 03:35 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 22:28 - 2017-03-28 03:26 - 00754528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-04-11 22:28 - 2017-03-28 03:26 - 00573280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-04-11 22:28 - 2017-03-28 03:20 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 22:28 - 2017-03-28 03:10 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-11 22:28 - 2017-03-28 03:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-11 22:28 - 2017-03-28 03:09 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-04-11 22:28 - 2017-03-28 03:09 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-04-11 22:28 - 2017-03-28 03:09 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-04-11 22:28 - 2017-03-28 03:08 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-04-11 22:28 - 2017-03-28 03:08 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-11 22:28 - 2017-03-28 03:08 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-11 22:28 - 2017-03-28 03:04 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 22:28 - 2017-03-28 03:00 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-11 22:28 - 2017-03-28 03:00 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 22:28 - 2017-03-28 02:58 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-11 22:28 - 2017-03-28 02:44 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-11 22:28 - 2017-03-28 02:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 22:28 - 2017-03-28 02:37 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-11 22:28 - 2017-03-28 02:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 22:28 - 2017-03-28 02:36 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 22:28 - 2017-03-28 02:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-04-11 22:28 - 2017-03-28 02:35 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-11 22:28 - 2017-03-28 02:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-11 22:28 - 2017-03-28 02:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 22:28 - 2017-03-28 02:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-11 22:28 - 2017-03-28 02:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-11 22:28 - 2017-03-28 02:33 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-11 22:28 - 2017-03-28 02:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-11 22:28 - 2017-03-28 02:33 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-11 22:28 - 2017-03-28 02:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-11 22:28 - 2017-03-28 02:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-11 22:28 - 2017-03-28 02:32 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-04-11 22:28 - 2017-03-28 02:32 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-11 22:28 - 2017-03-28 02:31 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-11 22:28 - 2017-03-28 02:31 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-11 22:28 - 2017-03-28 02:31 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-11 22:28 - 2017-03-28 02:30 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-11 22:28 - 2017-03-28 02:30 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-04-11 22:28 - 2017-03-28 02:30 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-11 22:28 - 2017-03-28 02:29 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-11 22:28 - 2017-03-28 02:29 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-04-11 22:28 - 2017-03-28 02:29 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 22:28 - 2017-03-28 02:29 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-11 22:28 - 2017-03-28 02:29 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-04-11 22:28 - 2017-03-28 02:29 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-04-11 22:28 - 2017-03-28 02:29 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 22:28 - 2017-03-28 02:29 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-04-11 22:28 - 2017-03-28 02:28 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-11 22:28 - 2017-03-28 02:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 22:28 - 2017-03-28 02:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-04-11 22:28 - 2017-03-28 02:27 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-04-11 22:28 - 2017-03-28 02:27 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-04-11 22:28 - 2017-03-28 02:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-04-11 22:28 - 2017-03-28 02:25 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-04-11 22:28 - 2017-03-28 02:25 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-11 22:28 - 2017-03-28 02:25 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 22:28 - 2017-03-28 02:24 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-11 22:28 - 2017-03-28 02:23 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-11 22:28 - 2017-03-28 02:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-11 22:28 - 2017-03-28 02:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-04-11 22:28 - 2017-03-28 02:17 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-04-11 22:28 - 2017-03-28 02:17 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-11 22:28 - 2017-03-28 02:16 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-04-11 22:28 - 2017-03-28 02:16 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 22:28 - 2017-03-28 02:15 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-11 22:28 - 2017-03-28 02:14 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-11 22:28 - 2017-03-28 02:14 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-11 22:28 - 2017-03-28 02:14 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-11 22:28 - 2017-03-28 02:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-11 22:28 - 2017-03-28 02:12 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-04-11 22:28 - 2017-03-28 02:11 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 22:28 - 2017-03-28 02:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-04-11 22:28 - 2017-03-28 02:09 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-11 22:28 - 2017-03-28 02:09 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-04-11 22:28 - 2017-03-28 02:08 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-04-11 22:28 - 2017-03-28 02:08 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-04-11 22:28 - 2017-03-18 13:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-11 22:28 - 2017-03-16 01:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-04-10 08:55 - 2017-04-10 08:58 - 00000000 ____D C:\Users\Gaspa\Documents\VLADIGSAFRFB
2017-04-10 08:55 - 2017-04-10 08:55 - 00000000 ____D C:\Users\Gaspa\Documents\TCE SC 2016
2017-04-10 08:54 - 2017-04-13 11:24 - 00000000 ____D C:\Users\Gaspa\Documents\Guilherme

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-05-08 23:10 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-08 23:10 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-08 23:03 - 2016-12-30 17:25 - 00000000 ___RD C:\Users\Gaspa\iCloudDrive
2017-05-07 23:39 - 2016-10-10 22:01 - 00000000 ____D C:\Users\Gaspa\AppData\Local\Packages
2017-05-07 19:12 - 2017-03-20 11:20 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-05-07 19:12 - 2017-03-20 11:20 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-07 19:12 - 2016-11-21 07:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-07 19:12 - 2016-05-24 09:29 - 00028376 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2017-05-07 19:12 - 2015-11-08 17:32 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-05-07 19:11 - 2016-07-16 03:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-07 19:11 - 2012-04-19 22:10 - 00000000 ____D C:\Users\Suelly\Desktop\ATALHOS
2017-05-07 18:44 - 2016-11-21 01:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-06 18:50 - 2017-03-20 11:24 - 00000000 ____D C:\Users\Gaspa
2017-05-05 21:57 - 2016-10-19 20:15 - 00000000 ____D C:\Users\Gaspa\AppData\LocalLow\Temp
2017-05-05 21:57 - 2015-11-09 20:09 - 00000000 ____D C:\Users\Suelly\AppData\LocalLow\Temp
2017-05-05 21:55 - 2016-11-21 18:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-04 22:05 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-04 22:05 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-03 22:14 - 2016-10-19 19:33 - 00000425 _____ C:\Users\Gaspa\AppData\Local\UserProducts.xml
2017-04-26 22:57 - 2016-10-11 19:32 - 00000000 ____D C:\Users\Gaspa\AppData\Local\Comms
2017-04-26 20:15 - 2017-03-20 11:24 - 00000000 ____D C:\Users\Suelly
2017-04-26 20:14 - 2016-05-24 09:28 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-04-26 20:14 - 2016-05-24 09:28 - 00000000 ____D C:\ProgramData\GbPlugin
2017-04-23 23:04 - 2015-11-05 20:02 - 00000000 ____D C:\Users\Suelly\AppData\Local\Packages
2017-04-23 22:52 - 2017-03-20 20:48 - 00000000 ____D C:\Users\Suelly\AppData\Local\ConnectedDevicesPlatform
2017-04-23 22:49 - 2015-12-13 15:03 - 00002411 _____ C:\Users\Suelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-23 22:49 - 2015-09-01 11:51 - 00000000 ___RD C:\Users\Suelly\OneDrive
2017-04-23 22:46 - 2016-11-21 08:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-23 15:33 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-22 18:23 - 2016-11-21 18:14 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-22 18:23 - 2015-11-07 07:19 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2017-04-22 18:23 - 2015-11-07 07:19 - 00000000 ____D C:\Users\Suelly\AppData\Roaming\IObit
2017-04-22 18:23 - 2015-11-07 07:19 - 00000000 ____D C:\ProgramData\IObit
2017-04-22 18:23 - 2014-04-27 10:17 - 00000000 ____D C:\Users\Suelly\AppData\LocalLow\IObit
2017-04-22 18:01 - 2016-11-21 07:59 - 01414812 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-22 18:01 - 2016-11-21 07:14 - 00412380 _____ C:\WINDOWS\system32\prfh0416.dat
2017-04-22 18:01 - 2016-11-21 07:14 - 00080698 _____ C:\WINDOWS\system32\prfc0416.dat
2017-04-22 17:54 - 2016-11-21 01:49 - 00235264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-22 14:30 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\rescache
2017-04-22 14:16 - 2016-10-10 22:01 - 00000000 ____D C:\Users\Gaspa\AppData\Local\Google
2017-04-22 14:09 - 2015-11-07 08:03 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-21 17:57 - 2016-10-17 17:10 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-21 17:38 - 2016-07-16 08:47 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2017-04-21 17:38 - 2016-07-16 08:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-21 17:38 - 2016-07-16 08:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-21 17:01 - 2016-11-21 18:15 - 00000000 ____D C:\Users\Gaspa\AppData\LocalLow\Mozilla
2017-04-19 22:12 - 2016-10-11 19:39 - 00000000 ____D C:\Users\Gaspa\Desktop\GABRIEL
2017-04-17 22:57 - 2016-07-16 08:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-17 22:57 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-17 22:56 - 2016-07-16 08:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-17 22:56 - 2016-07-16 08:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-17 22:56 - 2016-07-16 08:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-17 22:56 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-17 22:56 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-17 22:56 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-17 22:56 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-04-17 22:56 - 2016-07-16 08:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-17 22:56 - 2016-07-16 08:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-17 22:56 - 2016-07-16 08:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-17 22:56 - 2016-07-16 03:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-17 17:38 - 2016-10-10 22:02 - 00002408 _____ C:\Users\Gaspa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-17 17:38 - 2016-10-10 22:02 - 00000000 ___RD C:\Users\Gaspa\OneDrive
2017-04-14 19:04 - 2015-11-06 21:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-14 19:02 - 2015-11-06 21:33 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-09 09:40 - 2015-11-06 21:36 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Arquivos na raiz de alguns diretórios =======

2017-03-06 07:42 - 2017-02-07 20:46 - 120666032 _____ (Tracker Software Products (Canada) Ltd.) C:\Program Files\PDFXVE6.exe
2016-10-19 19:33 - 2016-10-19 19:33 - 0000003 _____ () C:\Users\Gaspa\AppData\Local\updater.log
2016-10-19 19:33 - 2017-05-03 22:14 - 0000425 _____ () C:\Users\Gaspa\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2017-04-30 09:41

==================== Fim de FRST.txt ============================

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 08-05-2017
Executado por Gaspa (08-05-2017 23:24:26)
Executando a partir de C:\Users\Gaspa\Desktop
Windows 10 Pro Versão 1607 (X64) (2017-03-20 14:55:40)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-3163227827-1062642762-320800426-500 - Administrator - Disabled)
Convidado (S-1-5-21-3163227827-1062642762-320800426-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3163227827-1062642762-320800426-503 - Limited - Disabled)
Gaspa (S-1-5-21-3163227827-1062642762-320800426-1033 - Administrator - Enabled) => C:\Users\Gaspa
HomeGroupUser$ (S-1-5-21-3163227827-1062642762-320800426-1003 - Limited - Enabled)
Suelly (S-1-5-21-3163227827-1062642762-320800426-1000 - Administrator - Enabled) => C:\Users\Suelly
UpdatusUser (S-1-5-21-3163227827-1062642762-320800426-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atualizações da NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CertiInstaller 1.4.0.3 (HKLM\...\{4E637561-3FE5-4464-A2C1-8E0C44940601}_is1) (Version: 1.4.0.3 - Certisign)
CertiPlugin 1.0.0.11 (HKU\S-1-5-21-3163227827-1062642762-320800426-1033\...\{E74B2E92-1570-41FB-AB75-1A618DD3FCE3}_is1) (Version: 1.0.0.11 - Certisign)
iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
Intel Driver Update Utility (HKLM-x32\...\{fe92d390-13ee-4660-a2f8-39a066fdffe0}) (Version: 2.2.0.5 - Intel)
Intel(R) Driver Update Utility 2.2.0.5 (x32 Version: 2.2.0.1 - Intel) Hidden
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes versão 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.8067.2018 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProplusRetail - pt-br) (Version: 16.0.8067.2018 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3163227827-1062642762-320800426-1033\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 pt-BR)) (Version: 50.0 - Mozilla)
NVIDIA Driver de áudio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Driver de gráficos 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.8067.2018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Painel de controle da NVIDIA 342.01 (Version: 342.01 - NVIDIA Corporation) Hidden
PDF-XChange Editor (HKLM-x32\...\{ef181afe-fc94-4320-b25e-940ae50c3d8b}) (Version: 6.0.320.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 6.0.320.1 - Tracker Software Products (Canada) Ltd.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Warsaw 1.15.1.61 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.15.1.61 - GAS Tecnologia)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {071D7404-2635-4A55-9FB4-EFF1AFF7458A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-13] (Microsoft Corporation)
Task: {1001B196-F3C0-4979-9A0A-E29CF2C04CC0} - System32\Tasks\update-S-1-5-21-3163227827-1062642762-320800426-1033 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {10D0CFCA-D3F6-4271-99AF-E7254CA63FA9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {10F7DAFE-41BA-498D-9955-C77C264D3799} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {7AD2DC06-0EF2-45EA-A79A-5596CEB7C4B7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-04-21] ()
Task: {BB8888BA-0D5C-454C-BF56-7B5748236280} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-04-21] (Microsoft Corporation)
Task: {E377F1E6-2229-4FF8-9A73-548E4C0542FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-04-21] (Microsoft Corporation)
Task: {FCE72119-35EE-4D9A-BE72-0B7E5F0672AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-13] (Microsoft Corporation)
Task: {FF1D7200-A931-4A7C-A824-7E6C829B794C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-04-21] ()

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3163227827-1062642762-320800426-1033.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\Gaspa\Music\HP Music.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.hp.com.br/musica"

==================== Módulos Carregados (Whitelisted) ==============

2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 22:29 - 2017-03-28 03:22 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-03-20 11:20 - 2016-11-14 08:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-04-11 22:29 - 2017-03-28 03:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 22:29 - 2017-03-28 03:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-21 07:20 - 2016-11-21 07:20 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-20 22:04 - 2017-03-04 03:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-20 22:17 - 2017-03-04 03:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-20 22:17 - 2017-03-04 03:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-20 22:17 - 2017-03-04 03:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 22:29 - 2017-03-28 02:07 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-04-11 22:29 - 2017-03-28 02:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 22:29 - 2017-03-28 02:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-22 18:14 - 2017-03-22 18:14 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-22 18:14 - 2017-03-22 18:14 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2015-11-07 07:21 - 2014-10-16 09:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2017-03-16 16:09 - 2017-03-16 16:09 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-04-03 21:58 - 2017-03-28 23:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-03 21:58 - 2017-03-28 23:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-04-22 14:24 - 2017-03-31 11:49 - 17778776 _____ () C:\Users\Gaspa\AppData\Local\Google\Chrome\User Data\PepperFlash\25.0.0.148\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\WINDOWS\System32:208C8228_Bb.gbp [2]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-3163227827-1062642762-320800426-1033\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br

==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-11-05 19:44 - 2015-11-05 19:41 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072017191254931\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05072017191255259\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3163227827-1062642762-320800426-1033\Control Panel\Desktop\\Wallpaper -> C:\Users\Gaspa\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{82e59990-9699-4038-aa6f-68f6505ac1fa}.JPG
DNS Servers: 201.21.192.119 - 201.21.192.123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{E93DFCF2-A1E9-480D-98C3-9EE94A991FD9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E14F28FA-6969-433A-8FA6-5AFD713843ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{010D9E46-456D-49B0-AA68-AC5348C5DCD5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{68E7B847-FFC9-493B-9B8A-B7861C75764C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EA6C4EC4-6DEA-4FB5-89B8-040002C2BCDC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6D5315B3-1736-48B7-AD45-6735BFF6FEFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B28AD95-62ED-4D29-9633-89896E2AB9E9}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{8C97F1E6-2D06-4C97-AEC0-0AE801303665}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B94B67BB-7908-4B34-B59B-8FA3B64064CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3CECFDA-6791-4144-BBAF-464564F93C61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E7B3BCFC-7AED-4789-80CF-9D05B7EE54E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D454CAD-60E0-4458-8F89-A120E1EA24E5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{2C39C744-65A8-41DE-A345-81D8EB069BD7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{89F3132A-FF23-40C9-A93F-A1CF03AE61D4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{706478F5-00BC-481F-9499-DE31388BF54E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{AF8EA4EC-89A3-4442-B40C-F084456BDF4A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{D7F7D64F-43FF-4B7E-B9DC-5F5CBDFCE63D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{25439569-0ECE-4663-A428-D94E6B5CA048}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{242B59E8-D9C1-44F7-9A0B-9272625A8331}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Pontos de Restauração =========================

07-05-2017 12:56:18 Ponto de Verificação Agendado

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (05/07/2017 06:45:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Suelly-PC)
Description: Falha na ativação do aplicativo Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (05/07/2017 06:45:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Suelly-PC)
Description: O pacote Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe+App foi terminado porque levou muito tempo para ser suspenso.

Error: (05/07/2017 06:44:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 10000017

Error: (05/07/2017 01:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12078

Error: (05/07/2017 01:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12078

Error: (05/07/2017 01:11:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/07/2017 01:11:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6891

Error: (05/07/2017 01:11:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6891

Error: (05/07/2017 01:11:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/07/2017 01:11:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4766


Erros de Sistema:
=============
Error: (05/08/2017 11:03:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/08/2017 11:03:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/08/2017 08:37:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/08/2017 08:37:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/07/2017 07:13:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/07/2017 07:13:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/07/2017 07:13:02 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 e APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (05/07/2017 07:13:02 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 e APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (05/07/2017 07:12:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (05/07/2017 07:12:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.


CodeIntegrity:
===================================
  Date: 2017-04-21 16:55:31.342
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-21 16:55:31.339
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentagem de memória em uso: 48%
RAM física total: 4078.81 MB
RAM física disponível: 2093.18 MB
Virtual Total: 7251.16 MB
Virtual disponível: 4969.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:201.79 GB) NTFS
Drive d: (030604_1715) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0DE8F6F4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== Fim de Addition.txt ============================

FRST.txt

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @gustavo kirjner

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Stinger e salve em sua Área de trabalho (Desktop).
32 bit (x86) ou 64 bit (x64)

  • Execute o arquivo Stinger.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Clique no botão “I Accept”


Stinger%20a.png

Na nova janela clique em “Advanced” e depois “Settings”

Stinger%20b.png

Na janela configurações deixe conforme imagem abaixo e clique no botão “Save”

9hnsyu.png

Clique em “Customize my Scan”

Stinger%20f.png

Selecione as unidades do sistema e em seguida clique no botão “Scan”

Stinger%20g.png

Ao final clique em “View log”, será aberto uma janela com o log em seu navegador.
Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, @diego_moicano

 

Depois de uma semana fora, em viagem, encaminho o log do stinger:

x-x-x-x-x--x-x

 

McAfee® Labs Stinger™ Version 12.1.0.2367 built on May 14 2017 at 22:33:18

Copyright© 2015, McAfee, Inc. All Rights Reserved.

 

AV Engine version v5900.7806 for Windows.

Virus data file v1000.0 created on May 15, 2017

Ready to scan for 10107 viruses, trojans and variants.

 

Custom scan initiated on segunda-feira, maio 15, 2017 08:54:49

 

Rootkit scan result : Not Scanned.

 

C:\Users\Gaspa\AppData\Roaming\ZHP\Quarantine\zoek-delete.exe [MD5:cc7aa7b42cf418fc3d926913490048f8] is infected with Artemis!CC7AA7B42CF4

C:\Users\Gaspa\AppData\Roaming\ZHP\Quarantine\zoek-delete.exe has been Deleted

 

Summary Report on C:

File(s)

                    TotalFiles:............ 757153

                    Clean:................. 407947

                    Not Scanned:........... 349205

                    Possibly Infected:..... 1

 

Time: 15:15:15 Scan completed on terça-feira, maio 16, 2017 00:10:04

 

x-x-x-x-x-x-x

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @gustavo kirjner

 

Baixe Security Check, by glax24 e salve em sua Área de trabalho (Desktop).

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Aguarde enquanto a ferramenta faz o exame.
  • Ao final salve log como SecurityCheck.html
  • Abra o arquivo com o bloco de notas;
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, @diego_moicano

 

Segue o log do Security Check by glax24:

 

x-x-x-x-x-x-x-x-x

SecurityCheck by glax24 & Severnyj v.1.4.0.49 [15.04.17]
WebSite: www.safezone.cc
DateLog: 18.05.2017 23:04:00
Path starting: C:\Users\Gaspa\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Gaspa
VersionXML: 4.25is-18.05.2017
___________________________________________________________________________

Windows 10(6.3.14393) (x64) Professional Release: 1607 Lang: Portuguese(0416)
Installation date OS: 20.03.2017 14:55:40
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
LicenseStatus: Office 16, Office16ProPlusR_Grace edition Windows is in Notification mode
LicenseStatus: Office 16, Office16ProPlusMSDNR_Retail edition Initial grace period ends :3986 minutes
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [268.2 Gb] Free: [197 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.1066.14393.0 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service is running
Central de Segurança (wscsvc) - The service is running
Registro remoto (RemoteRegistry) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
Serviços de Área de Trabalho Remota (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Firewall do Windows (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes versão 3.0.6.1469 v.3.0.6.1469
--------------------------- [ OtherUtilities ] ----------------------------
Picasa 3 v.3.9.141.259 Warning! This software is no longer supported.
TeamViewer 12 v.12.0.72365 Warning! Download Update
WinRAR 5.40 (32-bit) v.5.40.0
TeamViewer 12 (TeamViewer) - The service is running
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 111 v.8.0.1110.14 Warning! Download Update
Uninstall old version and install new one (jre-8u131-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.12.6.0.100 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour v.3.1.0.1
Serviço do Bonjour (Bonjour Service) - The service is running
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 50.0 (x86 pt-BR) v.50.0 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.57.0.2987.133
MicrosoftEdge.exe
------------------ [ AntivirusFirewallProcessServices ] -------------------
mbam.exe
Malwarebytes Service (MBAMService) - The service has stopped
McAfee Validation Trust Protection Service (mfevtp) - The service is running
C:\Windows\System32\mfevtps.exe
C:\Program Files\Windows Defender\MsMpEng.exe v.4.10.14393.1066
C:\Program Files\Windows Defender\NisSrv.exe v.4.10.14393.1066
C:\Program Files\Windows Defender\MSASCuiL.exe v.4.10.14393.1066
Serviço Windows Defender (WinDefend) - The service is running
Serviço de Inspeção de Rede do Windows Defender (WdNisSvc) - The service is running
----------------------------- [ End of Log ] ------------------------------
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @gustavo kirjner

 

Como está seu Windows?

 

# Etapa nº 1 #

 

Baixe o Delfix by Xplode e salve na sua área de trabalho.

 

Clique duas vezes no delfix.exe para executá-lo. Marque as caixas conforme imagem.

 

** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo delfix.exe, depois clique em execadmin.png.

 

2mez6ld.png

 

Clique no botão Executar.

 

Ao final será gerado um log, mas não é necessário postar.

# Etapa nº 2 #

imageproxy.php?img=http%3A%2F%2Fi65.tiny Versões antigas de programas têm vulnerabilidades que alguns malwares podem usar para infectar o seu sistema.

Por isso, é recomendável atualizar os programas que o Security Check apontou como desatualizados (os updates opcionais ficam ao seu critério).

Basta clicar no Download Update de cada aviso (post acima), que irá para o site do desenvolvedor.

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

 

# Etapa nº 3 #

 

O Ccleaner é um excelente utilitário de limpeza para o computador.

 

Faça o download dele aqui Ccleaner

 

  • Após a instalação vá até o local onde o programa foi instalado, geralmente em C:\Arquivos de programas\CCleaner.
  • Clique duas vezes nesta pasta;
  • Numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta;
  • Coloque o nome de backups.
  • Abra o programa e clique em Executar Limpeza;
  • Clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
  • Observação: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×