Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Maikon Carrasco

malware ou adware pipechannels

Recommended Posts

Boa noite galera, tudo certo?

Cara, vocês são minha ultima esperança pra remover essa desgraça do computador. Não sei mais o que fazer na vida pra tirar isso. O pipeschannels é um site que abre como popup (mesmo com adblock e bloqueio de anuncios do opera ligado) e fica me redirecionando pra outros sites, como duckduckgo, uploadocean, digitaldsp, cracxpro, liveadexchanger, waudeesestew, entre VARIOS E VARIOS outros...

Ja tentei Malwarebytes (as 2 ferramentas, inclusive a especifica pra malware), Ja deletei o opera e instalei de novo, ja passei o spyhunter 4, ja passei o windows defender, ja passei ccleaner, ja deletei as entradas no registro, ja tentei combofix (mas não roda em win 10 parece), ja passei o adwcleaner, ja verifiquei se existem extensões, addons, e tudo a mais...

Coisas que achei suspeitas:
1- Na minhas opções da internet, quando clico em Conexões e, em seguida, Configuração de LAN, tinha um script setado pra ser executar. Tirei o set dele, mas o link pernace la... deixei marcado somente Detectar configurações automaticamente. O script é esse link (http://unstopnet.com/wpad.dat?746ff3c23e469e8fce25f69a7204956637745857);

2- Nas minhas exceções, tava marcado automaticamente para NÃO BLOQUEAR: Baidu.com, yandex.com, duckduckgo.com, google.com, facebook.com. Tirei todos tambem pra bloquear propaganda de tudo;

3- Se clico algumas vezes entre a barra url e a pagina do site, no google, aparece uma Secure Search bar, como se fosse pra mim digitar a pesquisa. Se dou botão direito, não vira nada, é como se fosse invisivel. Além disso, quando fecho a barra, ela fecha a aba e abre uma aba em branco (speed dial do opera)

4- As vezes, faço uma pesquisa no google ou na própria barra URL e ao invés de pesquisar no google, pesquisa no Yahoo, sendo que está setado todas as pequisas no google;

Bom, isso é o que fiz até agora. Pode ser que tenha esquecido algo, mas é que to tiltado 100000% chateado com isso, por não conseguir resolver. 

POR FAVOR, REPITO, POR FAVOR ALGUEM ME AJUDE!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Maikon Carrasco

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.


NOTA: Faça o download de acordo com sua arquitetura (32 bits ou 64 bits)
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em VRIfczU.png .
Aceite o contrato e depois clique no botão Scan.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Olá @Elias Pereira
    Segue o FRST.txt:

     

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 17.01.2018 01
    Executado por bolic (administrador) em DESKTOP-GF6LAKC (18-01-2018 17:03:04)
    Executando a partir de C:\Users\bolic\Desktop
    Perfis Carregados: bolic (Perfis Disponíveis: bolic)
    Platform: Windows 10 Pro Versão 1709 16299.192 (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Opera)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Discord Inc.) C:\Users\bolic\AppData\Local\Discord\app-0.0.300\Discord.exe
    (Discord Inc.) C:\Users\bolic\AppData\Local\Discord\app-0.0.300\Discord.exe
    (Microsoft Corporation) C:\Windows\System32\slui.exe
    (Spotify Ltd) C:\Users\bolic\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Discord Inc.) C:\Users\bolic\AppData\Local\Discord\app-0.0.300\Discord.exe
    (Spotify Ltd) C:\Users\bolic\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe
    (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera_crashreporter.exe
    (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe
    (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe
    (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe
    (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe
    (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registro (Whitelisted) ===========================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
    HKLM\...\Run: [IgfxTray] => "C:\Windows\system32\igfxtray.exe"
    HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
    HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-22] (Oracle Corporation)
    HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Run: [Discord] => C:\Users\bolic\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
    HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Run: [Spotify] => C:\Users\bolic\AppData\Roaming\Spotify\Spotify.exe [21099408 2018-01-17] (Spotify Ltd)
    HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Run: [Spotify Web Helper] => C:\Users\bolic\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-01-17] (Spotify Ltd)
    Startup: C:\Users\bolic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk [2017-12-08]
    ShortcutTarget: WO Mic Client.lnk -> C:\Program Files (x86)\WOMic\WOMicClient.exe (Nenhum Arquivo)
    BootExecute: autocheck autochk * sh4native Sh4Removal

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{233688dd-2099-4712-b0c8-157a1811b762}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{4645323d-b041-43f5-be35-92295dfd39a0}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-01-15] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-04] (Oracle Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-04] (Oracle Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-10-04] (Oracle Corporation)
    BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-04] (Oracle Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-04] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-04] (Oracle Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-04] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-04] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-14] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-14] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-11-14] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-11-14] (NVIDIA Corporation)

    Chrome: 
    =======
    CHR Profile: C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default [2018-01-17]
    CHR Extension: (Docs) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-16]
    CHR Extension: (Google Drive) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-16]
    CHR Extension: (YouTube) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-16]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-16]
    CHR Extension: (Gmail) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-16]
    CHR Extension: (Chrome Media Router) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-16]

    Opera: 
    =======
    OPR StartupUrls: "hxxp://www.google.com.br/"
    OPR Extension: (AdBlock) - C:\Users\bolic\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2018-01-17]
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-08] ()
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761576 2018-01-02] (Microsoft Corporation)
    R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
    S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [X]
    S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone - Backup&Restore(iOS)\Library\DriverInstaller\DriverInstall.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [43400 2017-03-02] (Advanced Micro Devices, Inc)
    R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (Advanced Micro Devices, Inc)
    S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. )
    R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31112 2017-10-10] (Advanced Micro Devices)
    R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. )
    R2 AMDRyzenMasterDriver1.0.0; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [70312 2017-03-27] (Advanced Micro Devices)
    S3 avssamp; C:\WINDOWS\system32\DRIVERS\avssamp.sys [45320 2017-09-27] ()
    R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.)
    R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2018-01-16] (Malwarebytes)
    S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2018-01-16] (Malwarebytes)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
    R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
    R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
    R3 wovad_micarray; C:\WINDOWS\system32\drivers\womic.sys [37984 2017-05-21] (Windows (R) Win 7 DDK provider)
    S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2017-12-06] (Wellbia.com Co., Ltd.)
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
    S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Um Mês Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2018-01-18 17:03 - 2018-01-18 17:03 - 000014862 _____ C:\Users\bolic\Desktop\FRST.txt
    2018-01-18 17:02 - 2018-01-18 17:03 - 000000000 ____D C:\FRST
    2018-01-18 17:01 - 2018-01-18 17:01 - 002393088 _____ (Farbar) C:\Users\bolic\Desktop\FRST64.exe
    2018-01-18 16:58 - 2018-01-18 16:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-01-17 22:27 - 2018-01-17 22:29 - 000000000 ____D C:\AdwCleaner
    2018-01-17 21:14 - 2018-01-17 22:02 - 000000000 ____D C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
    2018-01-17 20:02 - 2018-01-17 20:02 - 000000000 _____ C:\autoexec.bat
    2018-01-16 22:48 - 2018-01-16 22:48 - 000003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1516150118
    2018-01-16 22:48 - 2018-01-16 22:48 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
    2018-01-16 22:34 - 2018-01-16 22:40 - 000176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2018-01-16 22:32 - 2018-01-16 22:40 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
    2018-01-16 22:32 - 2018-01-16 22:40 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-01-16 22:32 - 2018-01-16 22:38 - 000091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2018-01-16 21:54 - 2018-01-16 21:54 - 000000000 ____D C:\Users\Todos os Usuários\BitDefender
    2018-01-16 21:54 - 2018-01-16 21:54 - 000000000 ____D C:\ProgramData\BitDefender
    2018-01-16 21:41 - 2018-01-16 21:41 - 000000000 ____D C:\Users\bolic\AppData\Local\AdAwareDesktop
    2018-01-16 21:35 - 2018-01-16 21:35 - 000000000 ____D C:\Users\bolic\AppData\Local\AdAwareUpdater
    2018-01-16 21:14 - 2018-01-16 21:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3771028101-2572381435-3112059945-1001
    2018-01-16 19:24 - 2018-01-16 19:24 - 000004662 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2018-01-16 18:01 - 2018-01-16 18:30 - 000000000 ____D C:\Program Files (x86)\Google
    2018-01-16 18:01 - 2018-01-16 18:02 - 000000000 ____D C:\Users\bolic\AppData\Local\Google
    2018-01-16 00:44 - 2018-01-16 00:44 - 000000000 ____D C:\Users\bolic\Documents\My Games
    2018-01-12 18:06 - 2018-01-12 18:06 - 000926261 _____ C:\Users\bolic\Desktop\264y Skull-Cdm [PangyaLife].xlsx
    2018-01-11 11:28 - 2018-01-11 11:28 - 000083230 _____ C:\Users\bolic\Desktop\35180109116143000138550010000048751000060901-nfe.pdf
    2018-01-11 11:24 - 2018-01-11 11:34 - 000027455 _____ C:\Users\bolic\Desktop\Reembolso dia 02-01-18.xlsx
    2018-01-11 03:30 - 2018-01-16 00:12 - 001380864 _____ C:\Users\bolic\Desktop\266 matin [PangyaLife].xls
    2018-01-11 01:52 - 2018-01-18 01:59 - 001387008 _____ C:\Users\bolic\Desktop\262+0 By MaTiN [PangyaLife].xls
    2018-01-08 17:02 - 2018-01-08 17:03 - 000000000 ____D C:\Users\bolic\AppData\Roaming\stremio
    2018-01-08 17:02 - 2018-01-08 17:02 - 000000000 ____D C:\Users\bolic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio
    2018-01-04 18:41 - 2018-01-01 15:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2018-01-04 18:41 - 2018-01-01 10:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-01-04 18:41 - 2018-01-01 10:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-01-04 18:41 - 2018-01-01 10:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
    2018-01-04 18:41 - 2018-01-01 10:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-01-04 18:41 - 2018-01-01 10:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-01-04 18:41 - 2018-01-01 10:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-01-04 18:41 - 2018-01-01 10:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
    2018-01-04 18:41 - 2018-01-01 10:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
    2018-01-04 18:41 - 2018-01-01 10:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2018-01-04 18:41 - 2018-01-01 10:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2018-01-04 18:41 - 2018-01-01 10:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
    2018-01-04 18:41 - 2018-01-01 10:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-01-04 18:41 - 2018-01-01 10:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-01-04 18:41 - 2018-01-01 10:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2018-01-04 18:41 - 2018-01-01 10:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2018-01-04 18:41 - 2018-01-01 10:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2018-01-04 18:41 - 2018-01-01 10:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2018-01-04 18:41 - 2018-01-01 10:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2018-01-04 18:41 - 2018-01-01 10:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2018-01-04 18:41 - 2018-01-01 10:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2018-01-04 18:41 - 2018-01-01 10:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
    2018-01-04 18:41 - 2018-01-01 10:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-01-04 18:41 - 2018-01-01 10:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-01-04 18:41 - 2018-01-01 10:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2018-01-04 18:41 - 2018-01-01 10:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2018-01-04 18:41 - 2018-01-01 10:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2018-01-04 18:41 - 2018-01-01 10:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2018-01-04 18:41 - 2018-01-01 10:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
    2018-01-04 18:41 - 2018-01-01 10:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-01-04 18:41 - 2018-01-01 10:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2018-01-04 18:41 - 2018-01-01 10:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
    2018-01-04 18:41 - 2018-01-01 10:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2018-01-04 18:41 - 2018-01-01 10:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2018-01-04 18:41 - 2018-01-01 10:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2018-01-04 18:41 - 2018-01-01 10:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2018-01-04 18:41 - 2018-01-01 10:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
    2018-01-04 18:41 - 2018-01-01 10:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-01-04 18:41 - 2018-01-01 10:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2018-01-04 18:41 - 2018-01-01 10:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2018-01-04 18:41 - 2018-01-01 10:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-01-04 18:41 - 2018-01-01 10:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2018-01-04 18:41 - 2018-01-01 10:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-01-04 18:41 - 2018-01-01 10:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2018-01-04 18:41 - 2018-01-01 10:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2018-01-04 18:41 - 2018-01-01 10:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
    2018-01-04 18:41 - 2018-01-01 10:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2018-01-04 18:41 - 2018-01-01 10:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2018-01-04 18:41 - 2018-01-01 10:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2018-01-04 18:41 - 2018-01-01 10:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2018-01-04 18:41 - 2018-01-01 10:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
    2018-01-04 18:41 - 2018-01-01 10:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2018-01-04 18:41 - 2018-01-01 10:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2018-01-04 18:41 - 2018-01-01 10:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2018-01-04 18:41 - 2018-01-01 10:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
    2018-01-04 18:41 - 2018-01-01 10:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2018-01-04 18:41 - 2018-01-01 10:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
    2018-01-04 18:41 - 2018-01-01 10:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
    2018-01-04 18:41 - 2018-01-01 10:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2018-01-04 18:41 - 2018-01-01 10:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
    2018-01-04 18:41 - 2018-01-01 10:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-01-04 18:41 - 2018-01-01 10:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2018-01-04 18:41 - 2018-01-01 10:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-01-04 18:41 - 2018-01-01 10:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2018-01-04 18:41 - 2018-01-01 10:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-01-04 18:41 - 2018-01-01 10:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2018-01-04 18:41 - 2018-01-01 10:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-01-04 18:41 - 2018-01-01 10:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2018-01-04 18:41 - 2018-01-01 10:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2018-01-04 18:41 - 2018-01-01 10:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2018-01-04 18:41 - 2018-01-01 10:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2018-01-04 18:41 - 2018-01-01 10:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
    2018-01-04 18:41 - 2018-01-01 10:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2018-01-04 18:41 - 2018-01-01 10:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2018-01-04 18:41 - 2018-01-01 10:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-01-04 18:41 - 2018-01-01 10:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2018-01-04 18:41 - 2018-01-01 10:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2018-01-04 18:41 - 2018-01-01 10:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2018-01-04 18:41 - 2018-01-01 10:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-01-04 18:41 - 2018-01-01 10:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2018-01-04 18:41 - 2018-01-01 10:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-01-04 18:41 - 2018-01-01 10:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2018-01-04 18:41 - 2018-01-01 09:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2018-01-04 18:41 - 2018-01-01 09:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2018-01-04 18:41 - 2018-01-01 09:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
    2018-01-04 18:41 - 2018-01-01 09:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2018-01-04 18:41 - 2018-01-01 09:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2018-01-04 18:41 - 2018-01-01 09:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-01-04 18:41 - 2018-01-01 09:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2018-01-04 18:41 - 2018-01-01 09:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-01-04 18:41 - 2018-01-01 09:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2018-01-04 18:41 - 2018-01-01 09:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-01-04 18:41 - 2018-01-01 09:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-01-04 18:41 - 2018-01-01 09:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-01-04 18:41 - 2018-01-01 09:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2018-01-04 18:41 - 2018-01-01 09:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2018-01-04 18:41 - 2018-01-01 09:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2018-01-04 18:41 - 2018-01-01 09:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2018-01-04 18:41 - 2018-01-01 09:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2018-01-04 18:41 - 2018-01-01 09:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2018-01-04 18:41 - 2018-01-01 09:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-01-04 18:41 - 2018-01-01 09:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2018-01-04 18:41 - 2018-01-01 09:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-01-04 18:41 - 2018-01-01 09:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2018-01-04 18:41 - 2018-01-01 09:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
    2018-01-04 18:41 - 2018-01-01 09:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-01-04 18:41 - 2018-01-01 09:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
    2018-01-04 18:41 - 2018-01-01 09:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-01-04 18:41 - 2018-01-01 09:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
    2018-01-04 18:41 - 2018-01-01 09:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2018-01-04 18:41 - 2018-01-01 09:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2018-01-04 18:41 - 2018-01-01 09:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2018-01-04 18:41 - 2018-01-01 09:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2018-01-04 18:41 - 2018-01-01 09:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2018-01-04 18:41 - 2018-01-01 09:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-01-04 18:41 - 2018-01-01 09:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
    2018-01-04 18:41 - 2018-01-01 09:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2018-01-04 18:41 - 2018-01-01 09:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
    2018-01-04 18:41 - 2018-01-01 09:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2018-01-04 18:41 - 2018-01-01 09:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
    2018-01-04 18:41 - 2018-01-01 09:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2018-01-04 18:41 - 2018-01-01 09:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
    2018-01-04 18:41 - 2018-01-01 09:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
    2018-01-04 18:41 - 2018-01-01 09:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
    2018-01-04 18:41 - 2018-01-01 09:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
    2018-01-04 18:41 - 2018-01-01 09:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2018-01-04 18:41 - 2018-01-01 09:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
    2018-01-04 18:41 - 2018-01-01 09:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
    2018-01-04 18:41 - 2018-01-01 09:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2018-01-04 18:41 - 2018-01-01 09:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
    2018-01-04 18:41 - 2018-01-01 09:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
    2018-01-04 18:41 - 2018-01-01 09:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2018-01-04 18:41 - 2018-01-01 09:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
    2018-01-04 18:41 - 2018-01-01 09:21 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2018-01-04 18:41 - 2018-01-01 09:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
    2018-01-04 18:41 - 2018-01-01 09:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
    2018-01-04 18:41 - 2018-01-01 09:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2018-01-04 18:41 - 2018-01-01 09:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2018-01-04 18:41 - 2018-01-01 09:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2018-01-04 18:41 - 2018-01-01 09:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2018-01-04 18:41 - 2018-01-01 09:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
    2018-01-04 18:41 - 2018-01-01 09:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2018-01-04 18:41 - 2018-01-01 09:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
    2018-01-04 18:41 - 2018-01-01 09:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2018-01-04 18:41 - 2018-01-01 09:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2018-01-04 18:41 - 2018-01-01 09:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
    2018-01-04 18:41 - 2018-01-01 09:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2018-01-04 18:41 - 2018-01-01 09:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-01-04 18:41 - 2018-01-01 09:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-01-04 18:41 - 2018-01-01 09:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-01-04 18:41 - 2018-01-01 09:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
    2018-01-04 18:41 - 2018-01-01 09:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2018-01-04 18:41 - 2018-01-01 09:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2018-01-04 18:41 - 2018-01-01 09:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2018-01-04 18:41 - 2018-01-01 09:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2018-01-04 18:41 - 2018-01-01 09:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-01-04 18:41 - 2018-01-01 09:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-01-04 18:41 - 2018-01-01 09:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
    2018-01-04 18:41 - 2018-01-01 09:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-01-04 18:41 - 2018-01-01 09:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2018-01-04 18:41 - 2018-01-01 09:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-01-04 18:41 - 2018-01-01 09:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2018-01-04 18:41 - 2018-01-01 09:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2018-01-04 18:41 - 2018-01-01 09:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2018-01-04 18:41 - 2018-01-01 09:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-01-04 18:41 - 2018-01-01 09:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2018-01-04 18:41 - 2018-01-01 09:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-01-04 18:41 - 2018-01-01 09:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2018-01-04 18:41 - 2018-01-01 09:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2018-01-04 18:41 - 2018-01-01 09:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2018-01-04 18:41 - 2018-01-01 09:11 - 001955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2018-01-04 18:41 - 2018-01-01 09:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2018-01-04 18:41 - 2018-01-01 09:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2018-01-04 18:41 - 2018-01-01 09:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2018-01-04 18:41 - 2018-01-01 09:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
    2018-01-04 18:41 - 2018-01-01 09:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2018-01-04 18:41 - 2018-01-01 09:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2018-01-04 18:41 - 2018-01-01 09:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
    2018-01-04 18:41 - 2018-01-01 09:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2018-01-04 18:41 - 2018-01-01 09:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2018-01-04 18:41 - 2018-01-01 09:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2018-01-04 18:41 - 2018-01-01 09:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2018-01-04 18:41 - 2018-01-01 09:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
    2018-01-04 18:41 - 2018-01-01 09:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
    2018-01-04 18:41 - 2018-01-01 09:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2018-01-04 18:41 - 2018-01-01 09:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2018-01-04 18:41 - 2018-01-01 09:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
    2018-01-02 12:09 - 2018-01-02 12:14 - 000000000 ____D C:\Users\bolic\Desktop\rosa
    2017-12-27 17:07 - 2017-12-27 17:08 - 000089467 _____ C:\Users\bolic\Documents\GerarPDF_27122017170745.pdf
    2017-12-27 17:01 - 2017-12-27 17:01 - 000234486 _____ C:\Users\bolic\Documents\CENTRO UNIVERSITÁRIO DE ADAMANTINA.pdf
    2017-12-23 20:30 - 2017-12-23 20:30 - 000001404 _____ C:\Users\bolic\Desktop\Forza Horizon 3.lnk
    2017-12-23 01:13 - 2017-12-30 16:07 - 000000000 ____D C:\Users\bolic\AppData\Local\PlaceholderTileLogoFolder
    2017-12-20 23:21 - 2017-12-20 23:21 - 000001240 _____ C:\Users\bolic\Desktop\AngleViewPro - Atalho.lnk
    2017-12-20 22:10 - 2017-12-27 23:54 - 000229376 _____ C:\Users\bolic\Desktop\268 (PangyaLife).xls
    2017-12-20 22:09 - 2010-11-18 17:29 - 000000000 ____D C:\Users\bolic\Documents\AngleView
    2017-12-20 22:07 - 2017-12-20 22:07 - 000000000 ____D C:\Users\bolic\AppData\Local\Deployment
    2017-12-20 22:07 - 2017-12-20 22:07 - 000000000 ____D C:\Users\bolic\AppData\Local\Apps\2.0

    ==================== Um Mês Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2018-01-18 17:02 - 2017-11-18 09:06 - 002278164 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-01-18 17:02 - 2017-09-30 12:30 - 000899986 _____ C:\WINDOWS\system32\prfh0416.dat
    2018-01-18 17:02 - 2017-09-30 12:30 - 000260240 _____ C:\WINDOWS\system32\prfc0416.dat
    2018-01-18 17:01 - 2017-07-22 12:35 - 000000000 ____D C:\Users\bolic\AppData\Local\Spotify
    2018-01-18 17:00 - 2017-07-17 23:35 - 000000000 ____D C:\Users\bolic\AppData\Local\LogMeIn Hamachi
    2018-01-18 16:58 - 2017-11-18 09:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-01-18 16:58 - 2017-07-22 12:34 - 000000000 ____D C:\Users\bolic\AppData\Roaming\Spotify
    2018-01-18 16:58 - 2017-07-17 01:03 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
    2018-01-18 16:58 - 2017-07-17 01:03 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-01-18 04:08 - 2017-09-29 06:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-01-18 03:24 - 2017-11-18 08:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-01-17 23:28 - 2017-11-18 09:01 - 000004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{227BB1C1-E6B8-4D0A-98C4-68FEF8A49C62}
    2018-01-17 22:59 - 2017-07-17 23:33 - 000000000 ____D C:\Users\bolic\AppData\Local\CrashDumps
    2018-01-17 22:42 - 2017-11-18 08:58 - 000000000 ____D C:\Users\bolic\AppData\Local\Packages
    2018-01-17 22:35 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2018-01-17 22:29 - 2017-11-18 08:58 - 000000000 ____D C:\Users\bolic
    2018-01-17 22:29 - 2017-07-18 00:00 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2018-01-17 22:02 - 2017-11-02 18:17 - 000000000 ____D C:\WINDOWS\system32\appmgmt
    2018-01-17 22:01 - 2017-07-17 22:12 - 000000000 ____D C:\Users\bolic\AppData\Roaming\discord
    2018-01-17 20:26 - 2017-07-17 21:48 - 000000000 ____D C:\Program Files\Opera
    2018-01-17 17:26 - 2017-09-29 11:46 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-01-17 17:26 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-01-17 17:22 - 2017-07-21 00:13 - 000000000 ____D C:\Users\bolic\AppData\Roaming\uTorrent
    2018-01-17 04:06 - 2017-07-19 22:41 - 000000000 ____D C:\Program Files (x86)\Steam
    2018-01-16 19:25 - 2017-07-19 22:49 - 000000000 ____D C:\Users\bolic\AppData\Local\Adobe
    2018-01-16 19:24 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-01-16 19:24 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-01-16 18:32 - 2017-11-02 17:31 - 000000000 ____D C:\Users\Todos os Usuários\Apple
    2018-01-16 18:32 - 2017-11-02 17:31 - 000000000 ____D C:\ProgramData\Apple
    2018-01-16 18:32 - 2017-09-29 11:44 - 000000000 ____D C:\WINDOWS\INF
    2018-01-16 18:04 - 2017-11-16 14:57 - 000000000 ___DC C:\WINDOWS\Panther
    2018-01-15 20:30 - 2017-09-29 11:46 - 000000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
    2018-01-15 20:30 - 2017-09-29 11:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-01-15 20:29 - 2017-07-27 21:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2018-01-12 11:05 - 2017-07-19 22:43 - 000000000 ____D C:\Users\bolic\Desktop\Checklists
    2018-01-11 17:37 - 2017-07-17 22:55 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-01-11 17:36 - 2017-10-10 21:11 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2018-01-11 17:36 - 2017-09-29 11:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-01-11 17:36 - 2017-07-17 22:55 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-01-11 03:30 - 2017-12-03 21:16 - 000000000 ____D C:\Users\bolic\Desktop\Pack Calculadoras Pangya
    2018-01-09 00:43 - 2017-07-17 22:11 - 000000000 ____D C:\Users\bolic\AppData\Local\Discord
    2018-01-08 22:19 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\rescache
    2018-01-08 16:42 - 2017-11-18 09:03 - 000000000 ___RD C:\Users\bolic\3D Objects
    2018-01-08 16:42 - 2017-07-17 00:45 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-01-08 16:41 - 2017-11-18 08:56 - 000385608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ___SD C:\WINDOWS\system32\F12
    2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\TextInput
    2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\system32\oobe
    2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\Provisioning
    2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2018-01-08 16:40 - 2017-09-29 06:45 - 000000000 ____D C:\WINDOWS\system32\Dism
    2018-01-04 18:42 - 2017-09-29 11:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2018-01-04 18:42 - 2017-09-29 11:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-01-04 18:42 - 2017-09-29 11:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2018-01-02 11:58 - 2017-11-02 17:46 - 000000000 ____D C:\Users\bolic\AppData\Roaming\Apple Computer
    2017-12-22 11:45 - 2017-09-29 11:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-12-22 11:45 - 2017-09-29 11:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-12-21 18:39 - 2017-10-13 00:25 - 000000000 ____D C:\Users\bolic\AppData\Local\UnrealEngine
    2017-12-21 18:39 - 2017-07-17 22:52 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
    2017-12-21 18:39 - 2017-07-17 22:52 - 000000000 ____D C:\ProgramData\Package Cache
    2017-12-20 23:22 - 2017-12-04 01:12 - 000000000 ____D C:\Users\bolic\AppData\Local\AngleViewPro
    2017-12-20 21:19 - 2017-10-12 14:38 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk

    Alguns arquivos em TEMP:
    ====================
    2018-01-17 01:58 - 2018-01-17 01:58 - 000000000 _____ () C:\Users\bolic\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
    2018-01-17 01:58 - 2018-01-17 01:58 - 000000017 _____ () C:\Users\bolic\AppData\Local\Temp\5609c9b79db4463ae0118079c8aa7f39.dll

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2018-01-08 22:18

    ==================== Fim de FRST.txt ============================

    adicionado 1 minuto depois

    Agora, segue o Addition.txt :

     

    Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 17.01.2018 01
    Executado por bolic (18-01-2018 17:03:35)
    Executando a partir de C:\Users\bolic\Desktop
    Windows 10 Pro Versão 1709 16299.192 (X64) (2017-11-18 11:03:04)
    Modo da Inicialização: Normal
    ==========================================================


    ==================== Contas: =============================

    Administrador (S-1-5-21-3771028101-2572381435-3112059945-500 - Administrator - Disabled)
    bolic (S-1-5-21-3771028101-2572381435-3112059945-1001 - Administrator - Enabled) => C:\Users\bolic
    Convidado (S-1-5-21-3771028101-2572381435-3112059945-501 - Limited - Disabled)
    DefaultAccount (S-1-5-21-3771028101-2572381435-3112059945-503 - Limited - Disabled)
    WDAGUtilityAccount (S-1-5-21-3771028101-2572381435-3112059945-504 - Limited - Disabled)

    ==================== Central de Segurança ========================

    (Se uma entrada for incluída na fixlist, será removida.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Programas Instalados ======================

    (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

    µTorrent (HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
    Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
    AMD Ryzen Master (HKLM\...\{03213877-8001-4F2C-8917-26B127DE1540}) (Version: 1.0.1.0239 - Advanced Micro Devices, Inc.)
    Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
    CPUID HWMonitor 1.34 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.34 - )
    Discord (HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
    Dragon Nest Brasil versão 88 (HKLM-x32\...\{E6C1B8AD-4135-4E55-97DB-753931B9755E}_is1) (Version: 88 - DNBR)
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
    IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
    Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
    Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
    Little Fighter (HKLM-x32\...\Little Fighter) (Version:  - )
    LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
    Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.8730.2175 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
    NVIDIA Driver de áudio HD 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
    NVIDIA Driver de controle do 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
    NVIDIA Driver de gráficos 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.31 - NVIDIA Corporation)
    NVIDIA Driver do 3D Vision 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.31 - NVIDIA Corporation)
    NVIDIA Software do sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden
    Opera Stable 50.0.2762.58 (HKLM-x32\...\Opera 50.0.2762.58) (Version: 50.0.2762.58 - Opera Software)
    Painel de controle da NVIDIA 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.31 - NVIDIA Corporation) Hidden
    PangYa_BR (NtreevSoft) (HKLM-x32\...\PangYa) (Version:  - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
    Spotify (HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Stremio (HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Stremio) (Version: 3.6.5 - Smart Code Ltd.)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
    Torchlight 2 (HKLM-x32\...\Torchlight 2_is1) (Version:  - )
    Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
    WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
    Yonder: The Cloud Catcher Chronicles Update 2 (HKLM\...\eW9uZGVydGhlY2xvdWRjYXRjaGVyY2hyb25pY2xlcw_is1) (Version: 1 - )

    ==================== Exame Personalizado CLSID (Whitelisted): ==========================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Nenhum Arquivo
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-18] ()
    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Nenhum Arquivo
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

    ==================== Tarefas Agendadas (Whitelisted) =============

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    Task: {02098CC0-56EC-4A1A-ACE4-C4144ED7CB06} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-15] (Microsoft Corporation)
    Task: {0A5F337B-6765-44D8-B322-AD79F5058D1B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-15] (Microsoft Corporation)
    Task: {26FCC2FD-674A-4F98-AC21-FAC6C4E1BFB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
    Task: {33707FBD-22D2-4A38-9EC0-6ED0B74110B8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-14] (NVIDIA Corporation)
    Task: {3C058B8D-23CF-4ED2-9DA0-E63418489C51} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-16] (Adobe Systems Incorporated)
    Task: {44DAB95A-926C-4020-B2B2-0003CE6E36A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
    Task: {474A796C-331B-4814-A459-F98A617344C6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-14] (NVIDIA Corporation)
    Task: {4A33AEE9-0A5F-41C4-8E40-C198227765F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
    Task: {73B65C88-1BA1-49B2-805F-7B2D05374437} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-14] (NVIDIA Corporation)
    Task: {7978C2FB-F699-4CD5-BFE4-6120DA56524F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-15] (Microsoft Corporation)
    Task: {7BEED093-7B77-4A63-9A1D-0F5B6CFB8246} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-14] (NVIDIA Corporation)
    Task: {99A21FB3-A78F-4C41-8773-ED627A6CE256} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
    Task: {B7BD18C3-A2CC-4466-9294-C8B86DD33C0A} - System32\Tasks\S-1-5-21-3771028101-2572381435-3112059945-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
    Task: {C03DD9B6-A8A9-4CF6-8F34-E16470A93B95} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-14] (NVIDIA Corporation)
    Task: {C3C33711-3677-49C9-A14D-82BF862878F1} - System32\Tasks\Opera scheduled Autoupdate 1516150118 => C:\Program Files\Opera\launcher.exe [2018-01-10] (Opera Software)
    Task: {CEAD837B-DEC6-497F-A7FD-56AC5259A8CF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)
    Task: {CF1B6794-4E67-4616-B957-4E47B58B7AB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation)
    Task: {F8BD6E3A-50FD-460D-ABB8-32C384ED2076} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-15] (Microsoft Corporation)

    (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)


    ==================== Atalhos & WMI ========================

    (As entradas podem ser listadas para serem restauradas ou removidas.)


    ==================== Módulos Carregados (Whitelisted) ==============

    2017-09-29 11:41 - 2017-09-29 11:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-06-18 19:44 - 2017-06-18 19:44 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2017-12-12 22:05 - 2017-11-26 10:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-12-12 22:05 - 2017-11-26 10:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-12-12 22:05 - 2017-11-26 11:30 - 003657624 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
    2017-12-12 22:05 - 2017-11-26 11:31 - 002470296 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
    2018-01-16 22:48 - 2018-01-10 04:18 - 096342312 _____ () C:\Program Files\Opera\50.0.2762.58\opera_browser.dll
    2018-01-16 22:48 - 2018-01-10 04:18 - 004215592 _____ () C:\Program Files\Opera\50.0.2762.58\libglesv2.dll
    2018-01-16 22:48 - 2018-01-10 04:18 - 000108328 _____ () C:\Program Files\Opera\50.0.2762.58\libegl.dll
    2018-01-09 00:43 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\bolic\AppData\Local\Discord\app-0.0.300\ffmpeg.dll
    2018-01-09 03:14 - 2018-01-09 03:14 - 001780216 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node
    2018-01-09 00:43 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\bolic\AppData\Local\Discord\app-0.0.300\libglesv2.dll
    2018-01-09 00:43 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\bolic\AppData\Local\Discord\app-0.0.300\libegl.dll
    2018-01-09 03:14 - 2018-01-09 03:14 - 009804280 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node
    2018-01-09 03:14 - 2018-01-09 03:14 - 001505784 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node
    2018-01-09 03:14 - 2018-01-09 03:14 - 000513016 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node
    2018-01-09 03:14 - 2018-01-09 03:14 - 002662904 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node
    2018-01-09 03:14 - 2018-01-09 03:14 - 001517048 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node

    ==================== Alternate Data Streams (Whitelisted) =========

    (Se uma entrada for incluída na fixlist, somente o ADS será removido.)


    ==================== Modo de Segurança (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Associação (Whitelisted) ===============

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


    ==================== Internet Explorer confiável/restrito ===============

    (Se uma entrada for incluída na fixlist, será removida do Registro.)


    ==================== Hosts Conteúdo: ===============================

    (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

    2017-03-18 19:03 - 2017-03-18 19:01 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Outras Áreas ============================

    (Atualmente não há nenhuma correção automática para esta seção.)

    HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bolic\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    Firewall do Windows está habilitado.

    ==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

    HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\StartupApproved\StartupFolder: => "WO Mic Client.lnk"

    ==================== Regras do Firewall (Whitelisted) ===============

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    FirewallRules: [{49ABFD8B-2936-4F45-8E61-AFC7D2E8BE87}] => (Block) D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
    FirewallRules: [{B068DD78-7B43-4008-93B8-1CC021B10260}] => (Block) D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{B549EF9D-8265-4CA9-941E-78102FBDCE61}D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
    FirewallRules: [TCP Query User{CE0D60D8-2653-4156-A3C1-7799B47C60DF}D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
    FirewallRules: [{512F9175-1471-4E6F-BBB5-87E95D8E7F89}] => (Block) D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe
    FirewallRules: [{A26FA5D6-EA02-4D6E-8134-F1E9B84A650B}] => (Block) D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe
    FirewallRules: [UDP Query User{3B8FDB56-3342-4CAD-B7D0-23A6080E0FBD}D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe
    FirewallRules: [TCP Query User{428240D1-198D-4C11-8547-6A6B39846D6E}D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe
    FirewallRules: [{C890C183-75FC-445D-B037-0A7589D228F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{01588F31-7D60-44CF-AA36-FB067ED661CB}] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
    FirewallRules: [{8374E4C7-265D-44A5-B3A8-64EC1F9EBE21}] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
    FirewallRules: [UDP Query User{8F4774A6-A94B-4482-AA1B-C981E6AA7713}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
    FirewallRules: [TCP Query User{688873AE-5F30-4AE6-BCAC-7BDF97150F4D}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
    FirewallRules: [{A56185FC-993D-4766-92B7-AA421B8C2F7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
    FirewallRules: [{5BBC1839-A2D6-488E-BED2-2701BE2E2043}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
    FirewallRules: [{D16C0611-1089-458C-8FA9-FCA996C6F6CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{56EF4F5F-08D1-4067-A244-03C3D77F1796}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{0DFA0470-1B0E-49D7-A903-8ABCB606340B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{C319BA5F-FA3E-45F8-9882-729FD24D4B31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{20814E3F-015A-4568-A1A6-0FA75F3AECD0}] => (Block) C:\program files (x86)\runic games\torchlight 2\torchlight2.exe
    FirewallRules: [{7C4E6F85-DCB8-49A8-8D37-2C8B83A469F9}] => (Block) C:\program files (x86)\runic games\torchlight 2\torchlight2.exe
    FirewallRules: [UDP Query User{9A39B626-C9F8-44A4-A71F-A4BA7F4731E5}C:\program files (x86)\runic games\torchlight 2\torchlight2.exe] => (Allow) C:\program files (x86)\runic games\torchlight 2\torchlight2.exe
    FirewallRules: [TCP Query User{C8A154E9-B303-4858-9758-6BCA4158020D}C:\program files (x86)\runic games\torchlight 2\torchlight2.exe] => (Allow) C:\program files (x86)\runic games\torchlight 2\torchlight2.exe
    FirewallRules: [{4F7FAECC-B02E-4813-86BF-FC3010A67CF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\V\V.exe
    FirewallRules: [{E5DDEF7C-9950-4CE7-881D-CBAD73BADE07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\V\V.exe
    FirewallRules: [{F2F9FBFF-34EA-4C6C-B62D-FD7A08770512}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{3622C7A1-C840-4226-9E6D-A0C16252EEDD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{93951FF4-CC5E-4F8F-A9E5-0A9187C4FCD5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{AC51422B-DAEC-4311-AC93-943814E17C50}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{9B962948-64D1-4961-AF45-3DE1FC202904}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{C88A0843-463C-40B8-885F-C40EBF4228A8}] => (Block) C:\program files\yonder the cloud catcher chronicles\yonderccc.exe
    FirewallRules: [{26DC2F43-CB13-47FD-A258-D0E00B97F70E}] => (Block) C:\program files\yonder the cloud catcher chronicles\yonderccc.exe
    FirewallRules: [UDP Query User{9C9CFAD0-3426-4725-A1F9-93B7E5061A2F}C:\program files\yonder the cloud catcher chronicles\yonderccc.exe] => (Allow) C:\program files\yonder the cloud catcher chronicles\yonderccc.exe
    FirewallRules: [TCP Query User{66540456-65B3-4279-A8F7-F442A3578C2C}C:\program files\yonder the cloud catcher chronicles\yonderccc.exe] => (Allow) C:\program files\yonder the cloud catcher chronicles\yonderccc.exe
    FirewallRules: [{F99A60DB-F5BA-4B41-B50D-A35413E78C9A}] => (Block) C:\users\bolic\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{2618FED4-DBBE-45E9-ACBA-4E70A6DAD058}] => (Block) C:\users\bolic\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{573C0D20-7112-4C7B-8B2E-8A64407D703B}C:\users\bolic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bolic\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{877903CB-7DBE-4F52-8621-C5F851E3CBF7}C:\users\bolic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bolic\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{C7804552-3E59-4939-BA43-624EB39DE4E6}] => (Allow) C:\Users\bolic\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{D3C61DBB-C9B6-4253-BD57-FBA4266C5373}] => (Allow) C:\Users\bolic\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{987EABC3-3E80-4B5D-AFF9-3400E99E690F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{1C6F5BC6-489B-4C6F-B17B-91F8B8FE6B66}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{F77BBFA9-93B0-4268-B799-4E68D4124BFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{0AFDE99E-5746-4106-8D5E-7C58BE3D03FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [UDP Query User{B4C219FF-33BC-4AF4-81AD-0358EEF1007F}C:\program files (x86)\littlefighter\lf2.exe] => (Allow) C:\program files (x86)\littlefighter\lf2.exe
    FirewallRules: [TCP Query User{D122D8FB-20D0-4B0A-A557-921091F5F006}C:\program files (x86)\littlefighter\lf2.exe] => (Allow) C:\program files (x86)\littlefighter\lf2.exe
    FirewallRules: [{326174CE-C3F6-4F5D-9B53-FB6FD4E52DD0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{E7CEBB7F-92F5-4F6E-9CC3-DAEBDE77EDAA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C48FF6FD-2262-4E66-BBEB-410583F32211}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{23938E78-FD2C-4EF4-AF77-6D0B05616A64}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{74506E84-D741-432C-8DDC-0030A9D724E7}] => (Allow) D:\DNUS\DragonNest.exe
    FirewallRules: [{D98F9467-E8C7-4816-B9C4-611B238A4FE6}] => (Allow) D:\DNUS\DragonNest.exe
    FirewallRules: [{96FFF342-4365-492C-A6E4-CD1777DC4657}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe
    FirewallRules: [{7BCD76F5-E29A-4921-85C3-F9FE4D2682AB}] => (Allow) C:\Program Files\EZ mic\EZMicServer.exe
    FirewallRules: [{FF6B2330-7004-41B4-86D7-7F8554216396}] => (Allow) C:\Program Files\EZ mic\EZMicBroadcast.exe
    FirewallRules: [{2AD28AA8-2B6E-40D1-A3EE-218452A60FB1}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe
    FirewallRules: [TCP Query User{D84D4FF6-779F-49C9-9E51-38942F1F06A3}D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe] => (Allow) D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe
    FirewallRules: [UDP Query User{C7842A43-EC35-41D1-BDFC-868C106A58F8}D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe] => (Allow) D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe
    FirewallRules: [{803D170C-0925-42EC-BECD-E93278435C59}] => (Block) D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe
    FirewallRules: [{4F7D8F83-70BF-468F-B6BA-CC643870C238}] => (Block) D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe
    FirewallRules: [{BF5892CB-40EE-479B-9B60-F1B167E43092}] => (Allow) %ProgramFiles% (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame.exe
    FirewallRules: [TCP Query User{BAEE37B0-4520-43C7-BB69-748557234566}C:\users\bolic\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\bolic\appdata\local\programs\lnv\stremio\stremio.exe
    FirewallRules: [UDP Query User{EBF9485D-A305-4D5F-AB17-15D88BB66E27}C:\users\bolic\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\bolic\appdata\local\programs\lnv\stremio\stremio.exe
    FirewallRules: [{B3747EFE-634D-4692-930E-2F8FDCF91C75}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{575E7A9A-D9B7-4430-A388-2B2D1160A9F4}] => (Allow) C:\Program Files\Opera\50.0.2762.58\opera.exe

    ==================== Pontos de Restauração =========================

    ATENÇÃO: A Restauração do Sistema está desabilitada

    ==================== Dispositivos Apresentando Falhas No Gerenciador =============


    ==================== Erros no Log de eventos: =========================

    Erros em Aplicativos:
    ==================
    Error: (01/18/2018 04:59:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: Falha na Ativação de Licença (slui.exe). Código de erro:
    hr=0x80004005
    Argumento de linha de comando:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/18/2018 04:58:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: Falha na Ativação de Licença (slui.exe). Código de erro:
    hr=0x80004005
    Argumento de linha de comando:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/18/2018 04:58:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: Falha na Ativação de Licença (slui.exe). Código de erro:
    hr=0x80004005
    Argumento de linha de comando:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    Error: (01/18/2018 04:58:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: Falha na Ativação de Licença (slui.exe). Código de erro:
    hr=0x80004005
    Argumento de linha de comando:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/17/2018 10:59:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nome do aplicativo com falha: ProjectG.exe, versão: 5.0.0.2, carimbo de data/hora: 0x4d645cef
    Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
    Código de exceção: 0xc0000005
    Deslocamento da falha: 0xa01a47f9
    ID do processo com falha: 0x1778
    Hora de início do aplicativo com falha: 0x01d38ff7994164db
    Caminho do aplicativo com falha: D:\PANGYA\PangYa_BR\ProjectG.exe
    Caminho do módulo com falha: unknown
    ID do Relatório: f03f81d7-b0c6-4157-9592-cb869b6c3276
    Nome completo do pacote com falha: 
    ID do aplicativo relativo ao pacote com falha:

    Error: (01/17/2018 10:54:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nome do aplicativo com falha: ProjectG.exe, versão: 5.0.0.2, carimbo de data/hora: 0x4d645cef
    Nome do módulo com falha: wangreal.dll, versão: 1.0.0.1, carimbo de data/hora: 0x4d645bcb
    Código de exceção: 0xc0000005
    Deslocamento da falha: 0x0000762a
    ID do processo com falha: 0xf00
    Hora de início do aplicativo com falha: 0x01d38ff402e665cc
    Caminho do aplicativo com falha: D:\PANGYA\PangYa_BR\ProjectG.exe
    Caminho do módulo com falha: D:\PANGYA\PangYa_BR\wangreal.dll
    ID do Relatório: 290c564e-6163-4ada-afa1-eec8000e4527
    Nome completo do pacote com falha: 
    ID do aplicativo relativo ao pacote com falha:

    Error: (01/17/2018 10:33:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Nome do aplicativo com falha: ProjectG.exe, versão: 5.0.0.2, carimbo de data/hora: 0x4d645cef
    Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
    Código de exceção: 0xc0000005
    Deslocamento da falha: 0xa01a47f9
    ID do processo com falha: 0xf00
    Hora de início do aplicativo com falha: 0x01d38ff402e665cc
    Caminho do aplicativo com falha: D:\PANGYA\PangYa_BR\ProjectG.exe
    Caminho do módulo com falha: unknown
    ID do Relatório: 63ea78d2-e621-4ba7-8acb-4d006d8b6580
    Nome completo do pacote com falha: 
    ID do aplicativo relativo ao pacote com falha:

    Error: (01/17/2018 10:31:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: Falha na Ativação de Licença (slui.exe). Código de erro:
    hr=0x80004005
    Argumento de linha de comando:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (01/17/2018 10:29:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: Falha na Ativação de Licença (slui.exe). Código de erro:
    hr=0x80004005
    Argumento de linha de comando:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

    Error: (01/17/2018 10:29:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: Falha na Ativação de Licença (slui.exe). Código de erro:
    hr=0x80004005
    Argumento de linha de comando:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


    Erros de Sistema:
    =============
    Error: (01/18/2018 04:58:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF6LAKC)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     e APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     ao usuário DESKTOP-GF6LAKC\bolic SID (S-1-5-21-3771028101-2572381435-3112059945-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (01/18/2018 04:58:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF6LAKC)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     e APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     ao usuário DESKTOP-GF6LAKC\bolic SID (S-1-5-21-3771028101-2572381435-3112059945-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (01/18/2018 04:58:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Não foi possível iniciar o serviço WsDrvInst devido ao seguinte erro: 
    O sistema não pode encontrar o arquivo especificado.

    Error: (01/18/2018 04:58:28 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF6LAKC)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Iniciar para o aplicativo de Servidor COM com CLSID 
    {7022A3B3-D004-4F52-AF11-E9E987FEE25F}
     e APPID 
    {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
     ao usuário DESKTOP-GF6LAKC\bolic SID (S-1-5-21-3771028101-2572381435-3112059945-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (01/18/2018 04:58:27 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     e APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (01/18/2018 04:58:27 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     e APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (01/18/2018 04:58:27 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     e APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (01/18/2018 04:58:27 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
     e APPID 
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
     ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (01/18/2018 02:00:04 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF6LAKC)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     e APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     ao usuário DESKTOP-GF6LAKC\bolic SID (S-1-5-21-3771028101-2572381435-3112059945-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (01/18/2018 12:30:30 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF6LAKC)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     e APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     ao usuário DESKTOP-GF6LAKC\bolic SID (S-1-5-21-3771028101-2572381435-3112059945-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.


    CodeIntegrity:
    ===================================
      Date: 2018-01-16 22:39:51.770
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Opera\50.0.2762.58\opera.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

      Date: 2018-01-16 22:38:15.108
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Opera\50.0.2762.58\opera.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

      Date: 2018-01-16 22:34:19.737
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Opera\50.0.2762.58\opera.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

      Date: 2018-01-16 18:42:19.990
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

      Date: 2018-01-16 18:42:19.989
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

      Date: 2018-01-16 18:38:40.507
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

      Date: 2018-01-16 18:38:40.506
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

      Date: 2018-01-16 18:30:33.359
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

      Date: 2018-01-16 18:30:33.359
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

      Date: 2018-01-16 18:21:28.407
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


    ==================== Informações da Memória =========================== 

    Processador: AMD Ryzen 5 1600X Six-Core Processor 
    Percentagem de memória em uso: 31%
    RAM física total: 8124.08 MB
    RAM física disponível: 5599.11 MB
    Virtual Total: 14780.08 MB
    Virtual disponível: 12062.13 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.24 GB) (Free:50.39 GB) NTFS
    Drive d: (Disco Local) (Fixed) (Total:931.39 GB) (Free:821.22 GB) NTFS

    ==================== MBR & Tabela de Partições ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== Fim de Addition.txt ============================

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Maikon Carrasco

     

    Se você possui roteador ou modem wireless verifique as configurações de DNS e me informe quais valores estão configurados.

     

    Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

    CreateRestorePoint:
    CloseProcesses:
    BootExecute: autocheck autochk * sh4native Sh4Removal
    S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [X]
    S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone - Backup&Restore(iOS)\Library\DriverInstaller\DriverInstall.exe [X]
    S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2017-12-06] (Wellbia.com Co., Ltd.)
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
    S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
    CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Nenhum Arquivo
    CMD: ipconfig /flushdns
    RemoveProxy:
    EmptyTemp:
    CreateRestorePoint:


    Salve este arquivo na na sua área de trabalho com o nome fixlist

    OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

    ** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo FRST.EXE, depois clique em VRIfczU.png.

    Clique no botão 0h0YlDEzRbKP9R7xLrUlzA.png

    Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

    Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

     

    PRÓXIMA ETAPA

     

    Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
    roguekiller.exe (x64) << link

    • Feche todos os programas
    • Execute o RogueKiller.exe.
      ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
      Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
    • Quando a janela da Eula aparecer, clique em Accept.
    • Selecione a aba SCAN
    • Clique em START SCAN
    • Aguarde ate que o scan termine...
    • Clique no botão OPEN REPORT
    • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
    • Clique em OK e feche o RogueKiller.


    Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @Elias Pereira

    Fiz o passo a passo. Consultei no 192.168.0.1 as configurações de DNS, tanto o primario quanto o secundario estão setados em 0.0.0.0 no DHCP. Só pra constar, tenho um roteador TPLink - TL-WR741ND.
    Desculpe a ignorância, mas seria algum outro DNS a ser observado? (em configurações de LAN, ambos se encontram em Detectar Automaticamente.)

     

    ABAIXO, SEGUE LOG DO FRST 64:

     

    Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 17.01.2018 01
    Executado por bolic (19-01-2018 18:35:35) Run:1
    Executando a partir de C:\Users\bolic\Desktop
    Perfis Carregados: bolic (Perfis Disponíveis: bolic)
    Modo da Inicialização: Normal
    ==============================================

    fixlist Conteúdo:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    BootExecute: autocheck autochk * sh4native Sh4Removal
    S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [X]
    S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone - Backup&Restore(iOS)\Library\DriverInstaller\DriverInstall.exe [X]
    S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2017-12-06] (Wellbia.com Co., Ltd.)
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
    S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
    CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Nenhum Arquivo
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Nenhum Arquivo
    CMD: ipconfig /flushdns
    RemoveProxy:
    EmptyTemp:
    CreateRestorePoint:
    *****************

    Erro: (0) Falha ao criar um ponto de restauração.
    Processos fechados com sucesso.
    HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => valor restaurado com sucesso
    "HKLM\System\CurrentControlSet\Services\WsAppService" => removido (a) com sucesso.
    WsAppService => serviço removido (a) com sucesso.
    "HKLM\System\CurrentControlSet\Services\WsDrvInst" => removido (a) com sucesso.
    WsDrvInst => serviço removido (a) com sucesso.
    "HKLM\System\CurrentControlSet\Services\xhunter1" => removido (a) com sucesso.
    xhunter1 => serviço removido (a) com sucesso.
    "HKLM\System\CurrentControlSet\Services\esgiguard" => removido (a) com sucesso.
    esgiguard => serviço removido (a) com sucesso.
    "HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible" => removido (a) com sucesso.
    nvvad_WaveExtensible => serviço removido (a) com sucesso.
    "HKLM\System\CurrentControlSet\Services\nvvhci" => removido (a) com sucesso.
    nvvhci => serviço removido (a) com sucesso.
    "HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removido (a) com sucesso.
    "HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removido (a) com sucesso.
    "HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removido (a) com sucesso.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a)
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a)
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a)
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a)
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a)
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removido (a) com sucesso.
    HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => chave não encontrado (a)
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a)
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a)
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a)
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a)
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a)
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removido (a) com sucesso.
    HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => chave não encontrado (a)

    ========= ipconfig /flushdns =========


    Configura‡Æo de IP do Windows

    Libera‡Æo do Cache do DNS Resolver bem-sucedida.

    ========= Fim de CMD: =========


    ========= RemoveProxy: =========

    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
    "HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
    "HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.


    ========= Fim de RemoveProxy: =========

    Erro: (0) Falha ao criar um ponto de restauração.

    =========== EmptyTemp: ==========

    BITS transfer queue => 6053888 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 67486157 B
    Java, Flash, Steam htmlcache => 256632833 B
    Windows/system/drivers => 1338381 B
    Edge => 1718414 B
    Chrome => 152378 B
    Firefox => 0 B
    Opera => 402832941 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 10550 B
    NetworkService => 30808 B
    bolic => 74152715 B

    RecycleBin => 1425940 B
    EmptyTemp: => 774.2 MB de dados temporários Removidos.

    ================================


    O sistema precisou ser reiniciado.

    ==== Fim de Fixlog 18:36:13 ====

    adicionado 2 minutos depois



    A PARTIR DAQUI, SEGUE LOG DO ROGUE KILLER:
    NOTA: FORAM ENCONTRADAS 3 "AMEAÇAS" TIPO PUM


     

     

    RogueKiller V12.12.0.0 (x64) [Jan 15 2018] (Free) por Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Site : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Sistema Operacional : Windows 10 (10.0.16299) 64 bits version
    Iniciou : Modo normal
    Usuário : bolic [Administrador]
    Started from : C:\Users\bolic\Desktop\RogueKiller_portable64.exe
    Modo : Escanear -- Data : 01/19/2018 18:41:26 (Duration : 00:17:21)

    ¤¤¤ Processos : 0 ¤¤¤

    ¤¤¤ Registro : 2 ¤¤¤
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Encontrado
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Encontrado

    ¤¤¤ Tarefas : 0 ¤¤¤

    ¤¤¤ Arquivos : 1 ¤¤¤
    [PUP.Gen0][Arquivo] C:\Windows\SECOH-QAD.exe -> Encontrado

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Arquivos de hosts : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

    ¤¤¤ Navegadores : 0 ¤¤¤

    ¤¤¤ Verificação da MBR : ¤¤¤
    +++++ PhysicalDrive0: KINGSTON SV300S37A120G +++++
    --- User ---
    [MBR] c04a40d3a6a527a8f4dbc5de124b09e2
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB
    3 - Basic data partition | Offset (sectors): 1159168 | Size: 113907 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD10EZEX-21WN4A0 +++++
    --- User ---
    [MBR] 72d802927eba00916c896a4d2a5b29a4
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
    1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
    User = LL1 ... OK
    User = LL2 ... OK

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    @Maikon Carrasco

     

    Execute novamente o RogueKiller, marque as entradas e remova.

     

    Faça o download do Kaspersky Virus Removal Tool.
    http://devbuilds.kaspersky-labs.com/devbuilds/KVRT/latest/full/KVRT.exe

    Reinicie seu computador em modo seguro;
     

    Execute o Kaspersky Virus Removal Tool como Administrador;

    Aceite o "End user License Agreement" e aguarde a Inicialização;

    Clique em Change parameters e marque também a opção System drive;
    OBS: Caso tenha alguma midia removivel plugada no computador clique no botão + Add object... e a marque também;

    Clique em OK e depois em Start scan.

    Após o termino do scan, clique na opção Report (Abaixo do X de fechar o programa);
     

    Tire uma printscreen da aba Report e também da aba Quarantine. Anexe as printscreens no seu proximo post.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • @Elias Pereira

    Apesar de eu ter executado o RogueKiller, o arquivo 
     C:\Windows\SECOH-QAD.exe nao foi removido, pois, como verá no print, aparece no kaspersky.

    Seguem os anexos.

    A quarentena vai estar vazia pois nada foi movido pra ela.

    printquarentena.jpg

    printreport1.jpg

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Tópico Arquivado

     

    Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.

     

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×