Ir ao conteúdo
  • Cadastre-se
Newton Sandey

Não consigo remover XMRIG.EXE

Recommended Posts

Esse arquivo está na pasta C:\Users\Eu\AppData\Local\Temp

Meu antivirus e/ou o Malwarebytes encontram ele, removem, mas ele volta logo em seguida, sempre! 

E assim fica num loop infinito :/

Alguma solução?

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Newton Sandey

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.nicolascoolman.com/download/zhpcleaner/


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

Resultado do Malwarebytes:

 

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 11/03/18
Hora da análise: 17:38
Arquivo de registro: 2040575e-256c-11e8-be96-708bcde5520c.json
Administrador: Sim

-Informação do software-
Versão: 3.4.4.2398
Versão de componentes: 1.0.322
Versão do pacote de definições: 1.0.4302
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 10 (Build 14393.2068)
CPU: x64
Sistema de arquivos: NTFS
Usuário: NEWTON-PC\Newton

-Resumo da análise-
Tipo de análise: Análise Customizada
Resultado: Concluído
Objetos verificados: 459646
Ameaças detectadas: 1
Ameaças em quarentena: 1
Tempo decorrido: 1 hr, 37 min, 17 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 1
PUP.Optional.SlimCleanerPlus, C:\USERS\PUBLIC\DOCUMENTS\DOWNLOADED INSTALLERS\{746AB259-6474-4111-8966-1C62F9A6E063}\SETUP.MSI, Quarentena, [1018], [472306],1.0.4302

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

 

O alerta que fica pipocando no PC: https://puu.sh/zFwy0/6377d63b99.png

Outra coisa que notei é que agora todo executável que eu baixo (inclusive os indicados por você) o Chrome diz que pode ser malicioso, pode ter algo a ver com o problema? Chrome infectado?

adicionado 5 minutos depois

Resultado do AdwCleaner:

 

# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 11 22:27:47 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL
Deleted: C:\Users\newto\AppData\Roaming\Hola
Deleted: C:\Users\newto\AppData\Local\DriverToolkit
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\Users\newto\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\newto\AppData\Local\slimware utilities inc
Deleted: C:\Users\newto\AppData\Local\SlimWare Utilities Inc
Deleted: C:\Users\newto\AppData\Roaming\FastDataX
Deleted: C:\Program Files\Enigma Software Group
Deleted: C:\Users\newto\AppData\Roaming\Enigma Software Group
Deleted: C:\sh4ldr
Deleted: C:\sh4ldr
Deleted: C:\ProgramData\DreamScreen
Deleted: C:\Users\All Users\DreamScreen
Deleted: C:\Users\newto\AppData\Roaming\DreamScreen
Deleted: C:\Users\Todos os Usuários\DreamScreen
Deleted: C:\ProgramData\DreamCompress
Deleted: C:\Users\All Users\DreamCompress
Deleted: C:\Users\Todos os Usuários\DreamCompress


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1CC4815C-5561-4DCD-A4A2-1DC5ADA3B1DC}C:\users\newto\appdata\local\popcorn time community\nw.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{3A80A77C-6E77-4DFF-9E5F-B05B71B81877}C:\users\newto\appdata\local\popcorn time community\nw.exe
Deleted: [Key] - HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\PopWnd
Deleted: [Key] - HKCU\Software\PopWnd
Deleted: [Key] - HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\DriverToolkit
Deleted: [Key] - HKCU\Software\DriverToolkit
Deleted: [Key] - HKLM\SOFTWARE\Hola
Deleted: [Key] - HKU\.DEFAULT\Software\Hola
Deleted: [Key] - HKU\S-1-5-18\Software\Hola
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted: [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4809 B] - [2018/3/11 22:27:29]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

adicionado 16 minutos depois

Resultado do AdwCleaner:

 

# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 11 22:27:47 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL
Deleted: C:\Users\newto\AppData\Roaming\Hola
Deleted: C:\Users\newto\AppData\Local\DriverToolkit
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\Users\newto\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\newto\AppData\Local\slimware utilities inc
Deleted: C:\Users\newto\AppData\Local\SlimWare Utilities Inc
Deleted: C:\Users\newto\AppData\Roaming\FastDataX
Deleted: C:\Program Files\Enigma Software Group
Deleted: C:\Users\newto\AppData\Roaming\Enigma Software Group
Deleted: C:\sh4ldr
Deleted: C:\sh4ldr
Deleted: C:\ProgramData\DreamScreen
Deleted: C:\Users\All Users\DreamScreen
Deleted: C:\Users\newto\AppData\Roaming\DreamScreen
Deleted: C:\Users\Todos os Usuários\DreamScreen
Deleted: C:\ProgramData\DreamCompress
Deleted: C:\Users\All Users\DreamCompress
Deleted: C:\Users\Todos os Usuários\DreamCompress


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1CC4815C-5561-4DCD-A4A2-1DC5ADA3B1DC}C:\users\newto\appdata\local\popcorn time community\nw.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{3A80A77C-6E77-4DFF-9E5F-B05B71B81877}C:\users\newto\appdata\local\popcorn time community\nw.exe
Deleted: [Key] - HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\PopWnd
Deleted: [Key] - HKCU\Software\PopWnd
Deleted: [Key] - HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\DriverToolkit
Deleted: [Key] - HKCU\Software\DriverToolkit
Deleted: [Key] - HKLM\SOFTWARE\Hola
Deleted: [Key] - HKU\.DEFAULT\Software\Hola
Deleted: [Key] - HKU\S-1-5-18\Software\Hola
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted: [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4809 B] - [2018/3/11 22:27:29]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

Resultado do ZHPCleaner:

 

~ ZHPCleaner v2018.3.10.49 by Nicolas Coolman (2018/03/10)
~ Run by Newton (Administrator)  (11/03/2018 19:38:24)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\newto\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\newto\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 14393)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (23)
MOVED file: C:\Users\newto\Desktop\Popcorn Time Community.lnk  [Bad : C:\Users\newto\AppData\Local\Popcorn Time Community\nw.exe](..)  =>.SUP.PopcornTime
MOVED file: C:\Windows\Prefetch\DREAMCOMPRESS.SCR-D588B788.pf    =>Adware.DreamCompress
MOVED file: C:\Windows\Prefetch\DRIVERAGENTPLUSHELPER.EXE-6B6182E1.pf    =>.SUP.DriverAgentPlus
MOVED file: C:\Windows\Prefetch\FASTDATAX.EXE-6DCFFCE4.pf    =>Adware.FastDataX
MOVED file: C:\Windows\Prefetch\FASTDATAX.EXE-81C68C71.pf    =>Adware.FastDataX
MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.EXE-01325AB5.pf    =>PUP.Optional.OneSystemCare
MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.EXE-14BB5A1F.pf    =>PUP.Optional.OneSystemCare
MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.EXE-420009DF.pf    =>PUP.Optional.OneSystemCare
MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.TMP-121832C1.pf    =>PUP.Optional.OneSystemCare
MOVED file: C:\Windows\Prefetch\PCSULAUNCHER.EXE-02DD3733.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\PCSUNOTIFIER.EXE-25D38259.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\PCSUSD.EXE-27F3A46C.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\PCSUSERVICE.EXE-805CC30E.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\PCSUSPEEDTEST.EXE-EA24772E.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\PCSUUCC.EXE-2B43BF08.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\QUOTEEX.EXE-6844FE42.pf    =>PUP.Optional.Graftor
MOVED file: C:\Windows\Prefetch\SPEEDCHECKERSERVICE.EXE-7AC73C65.pf    =>PUP.Optional.InternetSpeedChecker
MOVED file: C:\Windows\Prefetch\YEADESKTOP.EXE-6C70B166.pf    =>Trojan.Zusy
MOVED folder*: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVED folder*: C:\Users\newto\AppData\Local\Popcorn Time  =>.SUP.PopcornTime
MOVED folder*: C:\Users\newto\AppData\Local\Popcorn Time Community  =>.SUP.PopcornTime
MOVED folder*: C:\Users\newto\AppData\Local\Popcorn-Time-Community  =>.SUP.PopcornTime
MOVED folder*: C:\Users\newto\AppData\Local\Microsoft Toolkit  =>HackTool.AutoKMS


---\\  Registry ( Key, Value, Data) (9)
DELETED key*: HKEY_USERS\S-1-5-21-2947653566-3263547115-4119004596-1001\SOFTWARE\eSupport.com []  =>PUP.Optional.eSupport
DELETED key: HKCU\Software\eSupport.com []  =>PUP.Optional.eSupport
DELETED key*: HKCU\Software\webservice []  =>PUP.Optional.BitCoinMiner
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\RZSURROUNDVADService []  =>Trojan.AdService
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QuoteexU []  =>PUP.Optional.Graftor
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E4C6D00564386418B357E6097ECF3E [02:\Software\Microleaves\ (Not File)]  =>.SUP.Microleaves
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AE9B3C0743B7184F8583F011120670B [02:\Software\Microleaves\Online.io Application\Version (Not File)]  =>.SUP.Microleaves
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn Time Community 0.3.8-6 [Popcorn Time Community]  =>.SUP.PopcornTime
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\QuoteexU []  =>PUP.Optional.Graftor


---\\  Summary of the elements found (15)
https://nicolascoolman.eu/2017/02/26/superfluous-popcorntime/  =>.SUP.PopcornTime
https://nicolascoolman.eu/2017/09/18/adware-dreamcompress/  =>Adware.DreamCompress
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.DriverAgentPlus
https://nicolascoolman.eu/2017/06/21/adware-fastdatax/  =>Adware.FastDataX
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.OneSystemCare
https://nicolascoolman.eu/2017/03/05/superfluous-pcspeeduppro/  =>.SUP.PCSpeedUp
https://nicolascoolman.eu/2017/03/30/adware-graftor/  =>PUP.Optional.Graftor
https://www.anti-malware.top/2016/05/02/pup-optional-internetspeedchecker/  =>PUP.Optional.InternetSpeedChecker
https://nicolascoolman.eu/2017/10/24/trojan-zusy/  =>Trojan.Zusy
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.eSupport
https://nicolascoolman.eu/2017/09/14/pup-optional-bitcoinminer/  =>PUP.Optional.BitCoinMiner
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Trojan.AdService
https://nicolascoolman.eu/2017/12/24/sup-microleaves/  =>.SUP.Microleaves


---\\  Other deletions. (40)
~ Registry Keys Tracing deleted (40)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 692
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h01mn01s

---\\  Reports (2)
ZHPCleaner--11032018-19_36_48.txt
ZHPCleaner-[R]-11032018-19_39_25.txt
 

adicionado 19 minutos depois

Resultado do AdwCleaner:

 

# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 11 22:27:47 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\\SSL
Deleted: C:\Windows\SysWOW64\\SSL
Deleted: C:\Users\newto\AppData\Roaming\Hola
Deleted: C:\Users\newto\AppData\Local\DriverToolkit
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\Users\newto\AppData\Local\AdvinstAnalytics
Deleted: C:\Users\newto\AppData\Local\slimware utilities inc
Deleted: C:\Users\newto\AppData\Local\SlimWare Utilities Inc
Deleted: C:\Users\newto\AppData\Roaming\FastDataX
Deleted: C:\Program Files\Enigma Software Group
Deleted: C:\Users\newto\AppData\Roaming\Enigma Software Group
Deleted: C:\sh4ldr
Deleted: C:\sh4ldr
Deleted: C:\ProgramData\DreamScreen
Deleted: C:\Users\All Users\DreamScreen
Deleted: C:\Users\newto\AppData\Roaming\DreamScreen
Deleted: C:\Users\Todos os Usuários\DreamScreen
Deleted: C:\ProgramData\DreamCompress
Deleted: C:\Users\All Users\DreamCompress
Deleted: C:\Users\Todos os Usuários\DreamCompress


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1CC4815C-5561-4DCD-A4A2-1DC5ADA3B1DC}C:\users\newto\appdata\local\popcorn time community\nw.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{3A80A77C-6E77-4DFF-9E5F-B05B71B81877}C:\users\newto\appdata\local\popcorn time community\nw.exe
Deleted: [Key] - HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\PopWnd
Deleted: [Key] - HKCU\Software\PopWnd
Deleted: [Key] - HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\DriverToolkit
Deleted: [Key] - HKCU\Software\DriverToolkit
Deleted: [Key] - HKLM\SOFTWARE\Hola
Deleted: [Key] - HKU\.DEFAULT\Software\Hola
Deleted: [Key] - HKU\S-1-5-18\Software\Hola
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted: [Key] - HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4809 B] - [2018/3/11 22:27:29]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

Resultado do ZHPCleaner:

 

~ ZHPCleaner v2018.3.10.49 by Nicolas Coolman (2018/03/10)
~ Run by Newton (Administrator)  (11/03/2018 19:38:24)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\newto\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\newto\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 14393)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (23)
MOVED file: C:\Users\newto\Desktop\Popcorn Time Community.lnk  [Bad : C:\Users\newto\AppData\Local\Popcorn Time Community\nw.exe](..)  =>.SUP.PopcornTime
MOVED file: C:\Windows\Prefetch\DREAMCOMPRESS.SCR-D588B788.pf    =>Adware.DreamCompress
MOVED file: C:\Windows\Prefetch\DRIVERAGENTPLUSHELPER.EXE-6B6182E1.pf    =>.SUP.DriverAgentPlus
MOVED file: C:\Windows\Prefetch\FASTDATAX.EXE-6DCFFCE4.pf    =>Adware.FastDataX
MOVED file: C:\Windows\Prefetch\FASTDATAX.EXE-81C68C71.pf    =>Adware.FastDataX
MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.EXE-01325AB5.pf    =>PUP.Optional.OneSystemCare
MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.EXE-14BB5A1F.pf    =>PUP.Optional.OneSystemCare
MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.EXE-420009DF.pf    =>PUP.Optional.OneSystemCare
MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.TMP-121832C1.pf    =>PUP.Optional.OneSystemCare
MOVED file: C:\Windows\Prefetch\PCSULAUNCHER.EXE-02DD3733.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\PCSUNOTIFIER.EXE-25D38259.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\PCSUSD.EXE-27F3A46C.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\PCSUSERVICE.EXE-805CC30E.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\PCSUSPEEDTEST.EXE-EA24772E.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\PCSUUCC.EXE-2B43BF08.pf    =>.SUP.PCSpeedUp
MOVED file: C:\Windows\Prefetch\QUOTEEX.EXE-6844FE42.pf    =>PUP.Optional.Graftor
MOVED file: C:\Windows\Prefetch\SPEEDCHECKERSERVICE.EXE-7AC73C65.pf    =>PUP.Optional.InternetSpeedChecker
MOVED file: C:\Windows\Prefetch\YEADESKTOP.EXE-6C70B166.pf    =>Trojan.Zusy
MOVED folder*: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVED folder*: C:\Users\newto\AppData\Local\Popcorn Time  =>.SUP.PopcornTime
MOVED folder*: C:\Users\newto\AppData\Local\Popcorn Time Community  =>.SUP.PopcornTime
MOVED folder*: C:\Users\newto\AppData\Local\Popcorn-Time-Community  =>.SUP.PopcornTime
MOVED folder*: C:\Users\newto\AppData\Local\Microsoft Toolkit  =>HackTool.AutoKMS


---\\  Registry ( Key, Value, Data) (9)
DELETED key*: HKEY_USERS\S-1-5-21-2947653566-3263547115-4119004596-1001\SOFTWARE\eSupport.com []  =>PUP.Optional.eSupport
DELETED key: HKCU\Software\eSupport.com []  =>PUP.Optional.eSupport
DELETED key*: HKCU\Software\webservice []  =>PUP.Optional.BitCoinMiner
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\RZSURROUNDVADService []  =>Trojan.AdService
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QuoteexU []  =>PUP.Optional.Graftor
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E4C6D00564386418B357E6097ECF3E [02:\Software\Microleaves\ (Not File)]  =>.SUP.Microleaves
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AE9B3C0743B7184F8583F011120670B [02:\Software\Microleaves\Online.io Application\Version (Not File)]  =>.SUP.Microleaves
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn Time Community 0.3.8-6 [Popcorn Time Community]  =>.SUP.PopcornTime
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\QuoteexU []  =>PUP.Optional.Graftor


---\\  Summary of the elements found (15)
https://nicolascoolman.eu/2017/02/26/superfluous-popcorntime/  =>.SUP.PopcornTime
https://nicolascoolman.eu/2017/09/18/adware-dreamcompress/  =>Adware.DreamCompress
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.DriverAgentPlus
https://nicolascoolman.eu/2017/06/21/adware-fastdatax/  =>Adware.FastDataX
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.OneSystemCare
https://nicolascoolman.eu/2017/03/05/superfluous-pcspeeduppro/  =>.SUP.PCSpeedUp
https://nicolascoolman.eu/2017/03/30/adware-graftor/  =>PUP.Optional.Graftor
https://www.anti-malware.top/2016/05/02/pup-optional-internetspeedchecker/  =>PUP.Optional.InternetSpeedChecker
https://nicolascoolman.eu/2017/10/24/trojan-zusy/  =>Trojan.Zusy
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.eSupport
https://nicolascoolman.eu/2017/09/14/pup-optional-bitcoinminer/  =>PUP.Optional.BitCoinMiner
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Trojan.AdService
https://nicolascoolman.eu/2017/12/24/sup-microleaves/  =>.SUP.Microleaves


---\\  Other deletions. (40)
~ Registry Keys Tracing deleted (40)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 692
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h01mn01s

---\\  Reports (2)
ZHPCleaner--11032018-19_36_48.txt
ZHPCleaner-[R]-11032018-19_39_25.txt
 

O xmrig.exe continua lá :/ (não sei porque está sublinhado)

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Newton Sandey

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Baixe o Farbar Recovery Scan do link abaixo de acordo com sua arquitetura e salve na sua área de trabalho.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:
PowerShell: Get-ChildItem -Path C:\ -Filter xmrig.exe -Recurse -ErrorAction SilentlyContinue -Force
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST.EXE, depois clique em VRIfczU.png.

Clique no botão 0h0YlDEzRbKP9R7xLrUlzA.png

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

 

PRÓXIMA ETAPA

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x64) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Quando a janela da Eula aparecer, clique em Accept.
  • Selecione a aba SCAN
  • Clique em START SCAN
  • Aguarde ate que o scan termine...
  • Clique no botão OPEN REPORT
  • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
  • Clique em OK e feche o RogueKiller.


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

Resultado do Farbar Recovery Scan:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 11.03.2018 01
Executado por Newton (12-03-2018 01:30:36) Run:1
Executando a partir de C:\Users\newto\Desktop
Perfis Carregados: Newton (Perfis Disponíveis: Newton)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
PowerShell: Get-ChildItem -Path C:\ -Filter xmrig.exe -Recurse -ErrorAction SilentlyContinue -Force
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.

========= Get-ChildItem -Path C:\ -Filter xmrig.exe -Recurse -ErrorAction SilentlyContinue -Force =========


========= Fim de Powershell: =========


========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.


========= Fim de RemoveProxy: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 1664636 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71252621 B
Java, Flash, Steam htmlcache => 293563090 B
Windows/system/drivers => 6425793 B
Edge => 399 B
Chrome => 423959533 B
Firefox => 19922362 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 7728 B
LocalService => 36164 B
NetworkService => 4030 B
newto => 271932295 B

RecycleBin => 70754530 B
EmptyTemp: => 1.1 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 01:31:40 ====

 

Resultado do RogueKiller:

 

RogueKiller V12.12.7.0 (x64) [Mar  5 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 10 (10.0.14393) 64 bits version
Iniciou : Modo normal
Usuário : Newton [Administrador]
Started from : C:\Users\newto\Desktop\RogueKiller_portable64.exe
Modo : Escanear -- Data : 03/12/2018 01:40:35 (Duration : 00:24:03)

¤¤¤ Processos : 1 ¤¤¤
[VT.Detected] xmrig.exe(10336) -- C:\Users\newto\AppData\Local\Temp\xmrig.exe[-] -> Encontrado

¤¤¤ Registro : 11 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\RK_Newton_ON_D_1938\Software\eSupport.com -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\RK_Newton_ON_D_1938\Software\ProgSense -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\RK_Newton_ON_D_1938\Software\SlimWare Utilities Inc -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\RK_Newton_ON_D_1938\Software\Softonic -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\RK_Newton_ON_D_1938\Software\eSupport.com -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\RK_Newton_ON_D_1938\Software\ProgSense -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\RK_Newton_ON_D_1938\Software\SlimWare Utilities Inc -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\RK_Newton_ON_D_1938\Software\Softonic -> Encontrado
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Encontrado
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Encontrado
[Adw.Eszjuxuan] (X64) HKEY_USERS\S-1-5-21-2947653566-3263547115-4119004596-1001\Control Panel\Desktop | SCRNSAVE.EXE : C:\ProgramData\DreamScreen\DreamCompress.scr [x] -> Encontrado

¤¤¤ Tarefas : 1 ¤¤¤
[Suspicious.Path] \Minecraft Checksum Validator -- D:\Users\newto\AppData\Roaming\.minecraft\MinecraftChecksumValidator.exe -> Encontrado

¤¤¤ Arquivos : 23 ¤¤¤
[PUP.Gen0][Pasta] C:\Users\newto\AppData\Roaming\System -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\newto\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Encontrado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Profile 4 [SecurePrefs] : session.startup_urls [chrome://newtab/?source=home|https://www.google.com/|https://www.google.com/] -> Encontrado

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A120G +++++
--- User ---
[MBR] 5db2ead6a9f062487eacf1db1cfe20f4
[BSP] dcae39acf93c83b7cc2756c8f0889e5e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114021 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233517056 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST31000528AS +++++
--- User ---
[MBR] 08a07b024ed6cfbd8b4d1bbb828c0c21
[BSP] d7525572800a9a8c6287b026ad488f54 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD10EZEX-00WN4A0 +++++
--- User ---
[MBR] d3ebc6e5ea0bf92fd5474bf825727294
[BSP] d2aa549a0f5a36875940d0bac0db0511 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Newton Sandey

 

Feche todos os programas

  • Execute RogueKiller.exe.
    ** Usuários do Windows Vista, 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png
  • Quando a Eula aparecer, clique em Accept.
  • Selecione a aba SCAN e clique em START SCAN
  • Aguarde ate que o scan termine.
  • >>>>>>> Navegue entre as abas e marque todas as entradas encontradas <<<<<<<
  • Clique em REMOVE SELECTED
  • Aguarde ate que o programa termine de deletar as infecções.
  • Clique no botão OPEN REPORT e depois em EXPORT TXT
  • Salve como report.txt na sua Área de Trabalho

Abra o arquivo report.txt salvo no sua Área de Trabalho, copie e cole todo o conteudo na sua próxima resposta.

 

PRÓXIMA ETAPA

 

Siga os procedimentos do link abaixo para mostrar as pastas ocultas.
Windows xp/7/vista: http://windows.microsoft.com/pt-br/windows/show-hidden-files#show-hidden-files=windows-7
Windows 8/8.1/10: http://www.tecmundo.com.br/como-fazer/26558-windows-8-como-exibir-arquivos-e-extensoes-ocultos.htm

Agora faça o download do SystemLook.exe de acordo com sua arquitetura e salve no seu desktop.
X64
X86

*** Usuários do Windows Vista, Windows 7 ou Windows 8 Clique com o direito sobre o arquivo SystemLook.exe, depois clique em VRIfczU.png.

Clique duas vezes no SystemLook.exe. Selecione, copie e cole o que está dentro do CODE na caixa de texto da ferramenta.

:filefind
xmrig.exe
:folderfind
xmrig
:regfind
xmrig.exe

Clique no botão Look e ao fim do exame um log se abrirá. Ele é salvo como SystemLook.txt no desktop.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

Resultado do RogueKiller:

 

RogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 10 (10.0.14393) 64 bits version
Iniciou : Modo normal
Usuário : Newton [Administrador]
Started from : C:\Users\newto\Desktop\RogueKiller_portable64.exe
Modo : Deletar -- Data : 03/12/2018 15:49:54 (Duration : 00:19:11)

¤¤¤ Processos : 2 ¤¤¤
[BitMiner.Gen0] explorer.exe(5308) -- C:\Windows\explorer.exe[7] -> Interrompido [TermProc]
[BitMiner.Gen0] mcicda64.dll(5308) -- C:\WINDOWS\system32\mcicda64.dll[-] -> Encontrado

¤¤¤ Registro : 13 ¤¤¤
[BitMiner.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{BFD98515-CD74-48A4-98E2-13D209E3EE4F} (C:\WINDOWS\system32\mcicda64.dll) -> Deletado
[PUP.Gen1] (X64) HKEY_USERS\RK_Newton_ON_D_BF4F\Software\eSupport.com -> Deletado
[PUP.Gen1] (X64) HKEY_USERS\RK_Newton_ON_D_BF4F\Software\ProgSense -> Deletado
[PUP.Gen1] (X64) HKEY_USERS\RK_Newton_ON_D_BF4F\Software\SlimWare Utilities Inc -> Deletado
[PUP.Gen1] (X64) HKEY_USERS\RK_Newton_ON_D_BF4F\Software\Softonic -> Deletado
[PUP.Gen1] (X86) HKEY_USERS\RK_Newton_ON_D_BF4F\Software\eSupport.com -> Deletado
[PUP.Gen1] (X86) HKEY_USERS\RK_Newton_ON_D_BF4F\Software\ProgSense -> Deletado
[PUP.Gen1] (X86) HKEY_USERS\RK_Newton_ON_D_BF4F\Software\SlimWare Utilities Inc -> Deletado
[PUP.Gen1] (X86) HKEY_USERS\RK_Newton_ON_D_BF4F\Software\Softonic -> Deletado
[BitMiner.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\{BFD98515-CD74-48A4-98E2-13D209E3EE4F} | (default) : {BFD98515-CD74-48A4-98E2-13D209E3EE4F} (C:\WINDOWS\system32\mcicda64.dll) [-] -> Deletado
[BitMiner.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {BFD98515-CD74-48A4-98E2-13D209E3EE4F} :  (C:\WINDOWS\system32\mcicda64.dll) [-] -> Deletado
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Substituído (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Substituído (2)

¤¤¤ Tarefas : 1 ¤¤¤
[Suspicious.Path] \Minecraft Checksum Validator -- D:\Users\newto\AppData\Roaming\.minecraft\MinecraftChecksumValidator.exe -> Deletado

¤¤¤ Arquivos : 1 ¤¤¤
[BitMiner.Gen0][Arquivo] C:\Windows\System32\mcicda64.dll -> Deletado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Profile 4 [SecurePrefs] : session.startup_urls [chrome://newtab/?source=home|https://www.google.com/|https://www.google.com/] -> Deletado

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: KINGSTON SV300S37A120G +++++
--- User ---
[MBR] 5db2ead6a9f062487eacf1db1cfe20f4
[BSP] dcae39acf93c83b7cc2756c8f0889e5e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114021 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 233517056 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST31000528AS +++++
--- User ---
[MBR] 08a07b024ed6cfbd8b4d1bbb828c0c21
[BSP] d7525572800a9a8c6287b026ad488f54 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD10EZEX-00WN4A0 +++++
--- User ---
[MBR] d3ebc6e5ea0bf92fd5474bf825727294
[BSP] d2aa549a0f5a36875940d0bac0db0511 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

adicionado 5 minutos depois

Resultado do SystemLook:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:14 on 12/03/2018 by Newton
Administrator - Elevation successful

========== filefind ==========

Searching for "xmrig.exe"
C:\Users\newto\AppData\Local\Temp\xmrig.exe    --a---- 749056 bytes    [04:33 12/03/2018]    [19:09 12/03/2018] 2D7696E09A2F41E6879A96A15720FCC3

========== folderfind ==========

Searching for "xmrig"
No folders found.

========== regfind ==========

Searching for "xmrig.exe"
No data found.

-= EOF =-

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Newton Sandey

 

Execute novamente o FRST.exe

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em VRIfczU.png .
Aceite o contrato e depois clique no botão Scan/Examinar.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

FRST:

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 13.03.2018
Executado por Newton (administrador) em NEWTON-PC (13-03-2018 00:45:20)
Executando a partir de C:\Users\newto\Desktop
Perfis Carregados: Newton (Perfis Disponíveis: Newton)
Platform: Windows 10 Pro Versão 1607 14393.2068 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Windows\System32\PnkBstrA.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() D:\Program Files (x86)\puush.exe
(Unified Intents AB) D:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Electronic Arts) D:\Program Files (x86)\Origin\Origin.exe
(Spotify Ltd) C:\Users\newto\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() D:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() D:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(TeamSpeak Systems GmbH) D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
() D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() D:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() D:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() D:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(NVIDIA Corporation) C:\Users\newto\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-12-12] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [393208 2016-06-02] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\Run: [SERVICE] => [X]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATENÇÃO
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\Run: [puush] => D:\Program Files (x86)\puush.exe [568904 2015-09-24] ()
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\Run: [Unified Remote V3] => D:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-07-06] (Unified Intents AB)
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\Run: [EADM] => D:\Program Files (x86)\Origin\Origin.exe [3100456 2018-02-14] (Electronic Arts)
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\Run: [Spotify Web Helper] => C:\Users\newto\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-02] (Spotify Ltd)
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\MountPoints2: {0647b637-66f2-11e6-9e85-4487fcbaafec} - "G:\NoAutoRun.exe" 
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\MountPoints2: {23c1951c-4ffa-11e5-9bc3-4487fcbaafec} - "H:\setup.exe" 
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\MountPoints2: {e689718d-9966-11e6-9f15-4487fcbaafec} - "I:\NoAutoRun.exe" 
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\MountPoints2: {e6897192-9966-11e6-9f15-4487fcbaafec} - "J:\NoAutoRun.exe" 
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\logon.scr
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nhook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nhook.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CheVolume.lnk [2017-10-25]
ShortcutTarget: CheVolume.lnk -> D:\Program Files (x86)\WellWeWeb\CheVolume\CheVolume.exe (Nenhum Arquivo)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4b323269-fd03-4e87-8812-2642b841f1c3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{4b323269-fd03-4e87-8812-2642b841f1c3}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{ef8c49fb-b648-4851-8274-b1331c7549e9}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-08-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-08-08] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-2947653566-3263547115-4119004596-1001 -> hxxp://hao.360.cn/?src=lm&ls=n4134a09b9b

FireFox:
========
FF DefaultProfile: 83xfjhb2.default-1513797741531
FF ProfilePath: C:\Users\newto\AppData\Roaming\Mozilla\Firefox\Profiles\83xfjhb2.default-1513797741531 [2018-03-12]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-15]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-09-27] [Legacy] [não assinado]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-07] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-08-08] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Nenhum Arquivo]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-07] ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> D:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-18] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-08-08] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-08] (Google Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2018-03-12]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\secure_cert.js [2018-03-10]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2018-03-12]

Chrome: 
=======
CHR DefaultProfile: Profile 4
CHR StartupUrls: Profile 4 -> "chrome://newtab/?source=home","hxxps://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-03-12]
CHR Extension: (Google Apresentações) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-04]
CHR Extension: (Flash Video Downloader) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-10-04]
CHR Extension: (Google Docs) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-04]
CHR Extension: (Google Drive) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-04]
CHR Extension: (Turn Off the Lights) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-10-04]
CHR Extension: (YouTube) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-04]
CHR Extension: (Planilhas do Google) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-04]
CHR Extension: (Stylish) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-10-04]
CHR Extension: (Documentos Google off-line) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-04]
CHR Extension: (AdBlock) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-04]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-04]
CHR Extension: (Marc Ecko) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2016-10-04]
CHR Extension: (Hover Zoom+) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-10-04]
CHR Extension: (Gmail) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-04]
CHR Extension: (Chrome Media Router) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-04]
CHR Profile: C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-03-12]
CHR Profile: C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-03-12]
CHR Profile: C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4 [2018-03-13]
CHR Extension: (Flash Video Downloader) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-02-24]
CHR Extension: (Documentos) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-10]
CHR Extension: (Google Drive) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-04]
CHR Extension: (Turn Off the Lights) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2018-03-10]
CHR Extension: (Galaxy-View) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dcbeddldohkakodfncjnkkjfojggbahp [2018-03-11]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2018-02-27]
CHR Extension: (Documentos Google off-line) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-04]
CHR Extension: (AdBlock) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-07]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Hover Zoom+) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2018-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\newto\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-23]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-05-08] (ASUSTeK Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-08] ()
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-08-10] (McAfee, Inc.)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [439800 2016-06-02] (Intel Corporation)
S3 Disc Soft Lite Bus Service; D:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Arquivo não assinado]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365048 2016-06-02] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-01-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [993256 2017-08-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [242640 2017-06-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [394704 2017-06-21] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [350160 2017-06-21] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1546904 2017-08-17] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [521608 2018-02-21] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [521608 2018-02-21] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2156864 2018-02-14] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [3026760 2018-02-14] (Electronic Arts)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1043864 2017-07-31] (Intel Security, Inc.)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2017-03-17] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-03-17] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [Arquivo não assinado]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-08-08] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-10-26] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-08] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77800 2017-06-26] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 DroidCam; C:\WINDOWS\system32\DRIVERS\droidcam.sys [33592 2015-05-24] (Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\system32\DRIVERS\droidcamvideo.sys [230712 2015-05-24] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-02-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-02-14] (Disc Soft Ltd)
S3 easytether; C:\WINDOWS\System32\drivers\easytthrx.sys [22728 2015-11-22] (Mobile Stream)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-08-07] (McAfee, Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-12-12] (REALiX(tm))
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [88448 2017-05-26] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487408 2017-06-26] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [355312 2017-06-26] (McAfee, Inc.)
U3 mfeavfk01; não ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84544 2017-06-26] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [506352 2017-06-26] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [933360 2017-06-26] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [504792 2017-06-27] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [108504 2017-06-27] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116208 2017-06-26] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [253424 2017-06-26] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvpcdi.inf_amd64_91b9e154ee4c4b99\nvlddmkm.sys [17524720 2018-02-26] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31624 2018-02-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59280 2018-02-21] (NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12384 2012-08-20] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [947712 2017-01-17] (Realtek )
R3 RTCore64; D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51288 2016-11-23] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [27064 2016-07-06] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WinRing0_1_2_0; D:\Program Files (x86)\TRIGONE\Remote System Monitor Server\RemoteSystemMonitorSensor.sys [14544 2017-11-09] (OpenLibSys.org)
R3 wovad_micarray; C:\WINDOWS\system32\drivers\womic.sys [33112 2016-07-08] (Windows (R) Win 7 DDK provider)
S1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2018-03-10] (GAS Tecnologia)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [47176 2016-06-21] (GAS Tecnologia)
S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [44624 2017-12-14] (GAS Tecnologia)
R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [43608 2017-12-14] (GAS Tecnologia)
U3 aswbdisk; não ImagePath
S3 DrvAgent64; \??\C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [X]
S3 GPCIDrv; \??\D:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-03-13 00:45 - 2018-03-13 00:45 - 000031528 _____ C:\Users\newto\Desktop\FRST.txt
2018-03-12 23:35 - 2018-03-12 23:35 - 002402816 _____ (Farbar) C:\Users\newto\Desktop\FRST64.exe
2018-03-12 16:14 - 2018-03-12 16:14 - 000000980 _____ C:\Users\newto\Desktop\SystemLook.txt
2018-03-12 01:40 - 2018-03-12 15:49 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-12 01:38 - 2018-03-12 01:38 - 000000000 ____D C:\Users\Todos os Usuários\RogueKiller
2018-03-12 01:38 - 2018-03-12 01:38 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-12 01:28 - 2018-03-13 00:45 - 000000000 ____D C:\FRST
2018-03-11 19:32 - 2018-03-11 19:39 - 000000000 ____D C:\Users\newto\AppData\Roaming\ZHP
2018-03-11 19:32 - 2018-03-11 19:32 - 000000000 ____D C:\Users\newto\AppData\Local\ZHP
2018-03-11 19:25 - 2018-03-11 19:27 - 000000000 ____D C:\AdwCleaner
2018-03-11 19:20 - 2018-03-11 19:20 - 000000000 ____D C:\Windows10Upgrade
2018-03-11 19:16 - 2018-03-11 19:16 - 000004088 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-11 17:29 - 2018-03-11 17:29 - 000000000 ____D C:\Program Files\UNP
2018-03-11 17:15 - 2018-03-11 17:19 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-03-11 05:55 - 2018-03-11 17:13 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2018-03-11 05:55 - 2018-03-11 05:55 - 000000000 ____D C:\Users\Todos os Usuários\GridinSoft
2018-03-11 05:55 - 2018-03-11 05:55 - 000000000 ____D C:\ProgramData\GridinSoft
2018-03-11 05:42 - 2018-03-11 05:42 - 000001568 _____ C:\EsgInstallerResumeAction_5618b9ca69eec88e719112da87672fda
2018-03-11 04:21 - 2018-03-12 01:33 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-10 20:35 - 2018-03-10 20:35 - 000003214 _____ C:\WINDOWS\System32\Tasks\qFbxfDUevnccZZ
2018-03-10 20:35 - 2018-03-10 20:35 - 000003034 _____ C:\WINDOWS\System32\Tasks\WlbBJSMcknvngxNxC2
2018-03-10 20:35 - 2018-03-10 20:35 - 000003026 _____ C:\WINDOWS\System32\Tasks\dIxshjfnsDsrepSSqPt2
2018-03-10 20:35 - 2018-03-10 20:35 - 000003008 _____ C:\WINDOWS\System32\Tasks\dTRRfHQjsHOvbdt2
2018-03-10 20:35 - 2018-03-10 20:35 - 000000000 ____D C:\Users\newto\AppData\LocalLow\HHbsGmflFYCDR
2018-03-10 20:32 - 2018-03-10 20:32 - 000000000 ____D C:\WINDOWS\Panther
2018-03-10 20:32 - 2018-03-10 20:32 - 000000000 ____D C:\Users\Todos os Usuários\System Native
2018-03-10 20:32 - 2018-03-10 20:32 - 000000000 ____D C:\ProgramData\System Native
2018-03-10 20:27 - 2018-03-10 20:27 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-03-10 20:27 - 2018-03-10 20:27 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-03-10 20:24 - 2018-03-11 04:37 - 000000000 ____D C:\Users\newto\AppData\Roaming\1337
2018-03-10 20:24 - 2018-03-10 20:28 - 019778560 _____ C:\Users\Todos os Usuários\mun.zip
2018-03-10 20:24 - 2018-03-10 20:28 - 019778560 _____ C:\ProgramData\mun.zip
2018-03-10 20:22 - 2018-03-10 21:02 - 000003646 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-03-10 20:22 - 2018-03-10 20:41 - 000000000 ____D C:\Users\Todos os Usuários\AVAST Software
2018-03-10 20:22 - 2018-03-10 20:41 - 000000000 ____D C:\ProgramData\AVAST Software
2018-03-10 20:22 - 2018-03-10 20:22 - 000000000 ____D C:\Program Files\My Program
2018-03-10 20:20 - 2018-03-10 20:20 - 000003300 _____ C:\WINDOWS\System32\Tasks\cmdsvr
2018-03-10 20:19 - 2018-03-11 04:28 - 000000000 ____D C:\WinSys
2018-03-10 20:18 - 2018-03-10 20:18 - 000003882 _____ C:\WINDOWS\System32\Tasks\updater
2018-03-10 07:23 - 2018-03-10 07:23 - 000037093 _____ C:\WINDOWS\uninstaller.dat
2018-02-26 19:45 - 2018-02-26 19:45 - 000000000 ____D C:\Users\newto\AppData\Roaming\NVIDIA
2018-02-26 19:38 - 2018-03-11 19:17 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 19:38 - 2018-03-11 19:17 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 19:38 - 2018-03-11 19:16 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-02-26 19:38 - 2018-02-21 04:51 - 002464656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-02-26 19:38 - 2018-02-21 04:51 - 002121608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-02-26 19:38 - 2018-02-21 04:51 - 001310608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-02-26 19:38 - 2018-02-21 04:51 - 000059280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-02-26 19:38 - 2017-12-21 13:20 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-02-26 19:35 - 2018-01-23 20:32 - 000190960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2018-02-26 19:35 - 2018-01-23 20:32 - 000153584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2018-02-26 19:35 - 2017-12-14 23:03 - 000059240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-02-26 16:45 - 2018-02-26 16:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-02-26 16:45 - 2018-02-23 16:28 - 000136536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-02-26 16:45 - 2018-02-23 16:22 - 005953096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-02-26 16:45 - 2018-02-23 16:22 - 002587992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-02-26 16:45 - 2018-02-23 16:22 - 001768008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-02-26 16:45 - 2018-02-23 16:22 - 000633984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-02-26 16:45 - 2018-02-23 16:22 - 000451144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-02-26 16:45 - 2018-02-23 16:22 - 000122896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-02-26 16:45 - 2018-02-23 16:22 - 000081752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-02-26 16:45 - 2018-02-16 11:48 - 008083703 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-02-26 16:45 - 2017-12-08 19:25 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-02-26 16:45 - 2017-12-08 19:25 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-02-26 16:45 - 2017-12-08 19:24 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-02-26 16:45 - 2017-12-08 19:24 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-02-26 16:43 - 2018-02-26 00:46 - 000997736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-02-26 16:43 - 2018-02-26 00:46 - 000949280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-02-26 16:43 - 2018-02-26 00:46 - 000625696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-02-26 16:43 - 2018-02-26 00:46 - 000516128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 019854816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 016496072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 013571008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 011131688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 004317160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 003717432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 001985384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439101.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 001684000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439101.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 001136944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 001065880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 000749416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-02-26 16:43 - 2018-02-26 00:44 - 000608344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-02-26 16:43 - 2018-02-26 00:43 - 040277488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-02-26 16:43 - 2018-02-26 00:43 - 035188640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-02-26 16:43 - 2018-02-26 00:43 - 001355408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-02-26 16:43 - 2018-02-26 00:43 - 001345944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-02-26 16:43 - 2018-02-26 00:43 - 001153752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-02-26 16:43 - 2018-02-26 00:43 - 001067368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-02-26 16:43 - 2018-02-26 00:43 - 000902280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-02-26 16:43 - 2018-02-26 00:43 - 000811992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-02-26 16:43 - 2018-02-26 00:43 - 000650424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-02-26 16:43 - 2018-02-26 00:43 - 000633040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-02-26 16:43 - 2018-02-26 00:42 - 012966216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-02-26 16:43 - 2018-02-26 00:42 - 011000480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-02-26 16:43 - 2018-02-26 00:42 - 004630848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-02-26 16:43 - 2018-02-26 00:42 - 003938208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-02-26 16:43 - 2018-02-26 00:42 - 001061352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-02-26 16:43 - 2018-02-25 19:11 - 001682288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-02-26 16:43 - 2018-02-25 19:11 - 000226760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-02-26 16:43 - 2018-02-25 19:11 - 000045600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-02-26 16:43 - 2018-02-24 01:36 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-02-17 05:35 - 2018-02-17 05:35 - 000000000 ____D C:\Users\newto\AppData\Local\Blizzard
2018-02-13 16:12 - 2018-02-10 02:00 - 002003288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-02-13 16:12 - 2018-02-10 02:00 - 001577816 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-13 16:12 - 2018-02-10 02:00 - 000758112 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-02-13 16:12 - 2018-02-10 02:00 - 000662872 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-13 16:12 - 2018-02-10 02:00 - 000613208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-13 16:12 - 2018-02-10 02:00 - 000387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-02-13 16:12 - 2018-02-10 02:00 - 000270680 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-13 16:12 - 2018-02-10 02:00 - 000138072 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-13 16:12 - 2018-02-10 01:58 - 000460632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-02-13 16:12 - 2018-02-10 01:58 - 000035160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-02-13 16:12 - 2018-02-10 01:56 - 000603480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-02-13 16:12 - 2018-02-10 01:55 - 000199000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-02-13 16:12 - 2018-02-10 01:54 - 007813464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-13 16:12 - 2018-02-10 01:54 - 001355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-02-13 16:12 - 2018-02-10 01:54 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-02-13 16:12 - 2018-02-10 01:53 - 002681712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2018-02-13 16:12 - 2018-02-10 01:53 - 000434520 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-13 16:12 - 2018-02-10 01:52 - 000376664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-13 16:12 - 2018-02-10 01:51 - 000764904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-02-13 16:12 - 2018-02-10 01:51 - 000484192 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-02-13 16:12 - 2018-02-10 01:51 - 000409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-02-13 16:12 - 2018-02-10 01:49 - 000328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-02-13 16:12 - 2018-02-10 01:48 - 007216560 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-02-13 16:12 - 2018-02-10 01:48 - 002760216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-13 16:12 - 2018-02-10 01:48 - 001859728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-02-13 16:12 - 2018-02-10 01:48 - 001739064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-02-13 16:12 - 2018-02-10 01:48 - 001293144 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-02-13 16:12 - 2018-02-10 01:48 - 001157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-02-13 16:12 - 2018-02-10 01:47 - 002916720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-02-13 16:12 - 2018-02-10 01:47 - 002447208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-02-13 16:12 - 2018-02-10 01:47 - 001267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-02-13 16:12 - 2018-02-10 01:47 - 001095008 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-02-13 16:12 - 2018-02-10 01:47 - 000987488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-02-13 16:12 - 2018-02-10 01:47 - 000688480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-02-13 16:12 - 2018-02-10 01:47 - 000318776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-02-13 16:12 - 2018-02-10 01:46 - 022222936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-02-13 16:12 - 2018-02-10 01:46 - 008175744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-13 16:12 - 2018-02-10 01:46 - 004260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-02-13 16:12 - 2018-02-10 01:46 - 001848576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-02-13 16:12 - 2018-02-10 01:46 - 001702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-02-13 16:12 - 2018-02-10 01:46 - 001454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-02-13 16:12 - 2018-02-10 01:46 - 001277816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-02-13 16:12 - 2018-02-10 01:46 - 001072240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-02-13 16:12 - 2018-02-10 01:46 - 000092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-02-13 16:12 - 2018-02-10 01:45 - 004675376 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-02-13 16:12 - 2018-02-10 01:45 - 001600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-02-13 16:12 - 2018-02-10 01:45 - 000241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-13 16:12 - 2018-02-10 01:44 - 002529120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-02-13 16:12 - 2018-02-10 01:36 - 002049512 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-02-13 16:12 - 2018-02-10 01:32 - 000263464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-02-13 16:12 - 2018-02-10 01:31 - 001504568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-02-13 16:12 - 2018-02-10 01:31 - 001431696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-02-13 16:12 - 2018-02-10 01:30 - 005726408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-02-13 16:12 - 2018-02-10 01:30 - 002262768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-02-13 16:12 - 2018-02-10 01:30 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-02-13 16:12 - 2018-02-10 01:30 - 000975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-02-13 16:12 - 2018-02-10 01:30 - 000861016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-02-13 16:12 - 2018-02-10 01:30 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-02-13 16:12 - 2018-02-10 01:29 - 002169848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-02-13 16:12 - 2018-02-10 01:29 - 000846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-02-13 16:12 - 2018-02-10 01:28 - 020969368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-02-13 16:12 - 2018-02-10 01:28 - 006677832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-13 16:12 - 2018-02-10 01:28 - 004023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-02-13 16:12 - 2018-02-10 01:28 - 001360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-02-13 16:12 - 2018-02-10 01:28 - 001344440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-02-13 16:12 - 2018-02-10 01:28 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-02-13 16:12 - 2018-02-10 01:28 - 000982400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-02-13 16:12 - 2018-02-10 01:28 - 000962760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-02-13 16:12 - 2018-02-10 01:27 - 004312752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-02-13 16:12 - 2018-02-10 01:23 - 022572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-02-13 16:12 - 2018-02-10 01:18 - 009130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-02-13 16:12 - 2018-02-10 01:18 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-02-13 16:12 - 2018-02-10 01:17 - 006288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-02-13 16:12 - 2018-02-10 01:16 - 000372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2018-02-13 16:12 - 2018-02-10 01:15 - 004615168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-02-13 16:12 - 2018-02-10 01:15 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-02-13 16:12 - 2018-02-10 01:14 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2018-02-13 16:12 - 2018-02-10 01:14 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-02-13 16:12 - 2018-02-10 01:13 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-13 16:12 - 2018-02-10 01:13 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-02-13 16:12 - 2018-02-10 01:13 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-02-13 16:12 - 2018-02-10 01:13 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-02-13 16:12 - 2018-02-10 01:13 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2018-02-13 16:12 - 2018-02-10 01:13 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2018-02-13 16:12 - 2018-02-10 01:13 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-02-13 16:12 - 2018-02-10 01:12 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2018-02-13 16:12 - 2018-02-10 01:12 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-02-13 16:12 - 2018-02-10 01:12 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2018-02-13 16:12 - 2018-02-10 01:12 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2018-02-13 16:12 - 2018-02-10 01:12 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2018-02-13 16:12 - 2018-02-10 01:12 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2018-02-13 16:12 - 2018-02-10 01:12 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2018-02-13 16:12 - 2018-02-10 01:12 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2018-02-13 16:12 - 2018-02-10 01:11 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2018-02-13 16:12 - 2018-02-10 01:11 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2018-02-13 16:12 - 2018-02-10 01:11 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 007627264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 003778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-02-13 16:12 - 2018-02-10 01:10 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2018-02-13 16:12 - 2018-02-10 01:10 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2018-02-13 16:12 - 2018-02-10 01:10 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2018-02-13 16:12 - 2018-02-10 01:10 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 018366976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 003307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 001639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 001589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-02-13 16:12 - 2018-02-10 01:09 - 000635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2018-02-13 16:12 - 2018-02-10 01:09 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 023676416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 019414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 012201984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 001790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 001321984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 001105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 000442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 000355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 000187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2018-02-13 16:12 - 2018-02-10 01:08 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2018-02-13 16:12 - 2018-02-10 01:07 - 001908736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2018-02-13 16:12 - 2018-02-10 01:07 - 001078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-02-13 16:12 - 2018-02-10 01:07 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-02-13 16:12 - 2018-02-10 01:07 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2018-02-13 16:12 - 2018-02-10 01:07 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-02-13 16:12 - 2018-02-10 01:07 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2018-02-13 16:12 - 2018-02-10 01:07 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-13 16:12 - 2018-02-10 01:07 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2018-02-13 16:12 - 2018-02-10 01:06 - 008077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-02-13 16:12 - 2018-02-10 01:06 - 007470592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-02-13 16:12 - 2018-02-10 01:06 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2018-02-13 16:12 - 2018-02-10 01:06 - 001217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-02-13 16:12 - 2018-02-10 01:06 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2018-02-13 16:12 - 2018-02-10 01:06 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2018-02-13 16:12 - 2018-02-10 01:06 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-02-13 16:12 - 2018-02-10 01:05 - 013101056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2018-02-13 16:12 - 2018-02-10 01:05 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 004749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 003521536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-02-13 16:12 - 2018-02-10 01:04 - 001779200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 001586688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 001221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 001081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2018-02-13 16:12 - 2018-02-10 01:04 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2018-02-13 16:12 - 2018-02-10 01:04 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 008128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 004596736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-02-13 16:12 - 2018-02-10 01:03 - 001247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 001184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 001146880 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 006065664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 001917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 001010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000968704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-02-13 16:12 - 2018-02-10 01:02 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2018-02-13 16:12 - 2018-02-10 01:02 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2018-02-13 16:12 - 2018-02-10 01:01 - 005611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-02-13 16:12 - 2018-02-10 01:01 - 005061632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-02-13 16:12 - 2018-02-10 01:01 - 004136960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-13 16:12 - 2018-02-10 01:01 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-02-13 16:12 - 2018-02-10 01:01 - 002800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2018-02-13 16:12 - 2018-02-10 01:01 - 001709568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-02-13 16:12 - 2018-02-10 01:01 - 001600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-02-13 16:12 - 2018-02-10 01:01 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2018-02-13 16:12 - 2018-02-10 01:01 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 004754432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 004476416 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 004149760 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 003369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 002998784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-02-13 16:12 - 2018-02-10 01:00 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 002896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 002852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 002695680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 002682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 002512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 002483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 002097664 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-02-13 16:12 - 2018-02-10 01:00 - 002030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-02-13 16:12 - 2018-02-10 01:00 - 001985024 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 001518080 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-02-13 16:12 - 2018-02-10 01:00 - 001359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 001328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 001013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000711168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 003736064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 003617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-02-13 16:12 - 2018-02-10 00:59 - 003542528 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 001577984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000709632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000693760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 000376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2018-02-13 16:12 - 2018-02-10 00:58 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-02-13 16:12 - 2018-02-10 00:58 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-02-13 16:12 - 2018-02-10 00:58 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2018-02-13 16:12 - 2018-02-10 00:41 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-02-13 16:12 - 2018-01-17 05:27 - 005691000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2018-02-13 16:12 - 2018-01-12 00:49 - 004756600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2018-02-13 16:12 - 2016-08-06 00:47 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-02-13 16:12 - 2016-08-06 00:45 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-02-13 16:12 - 2016-08-06 00:45 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-02-13 16:12 - 2016-08-06 00:44 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-02-13 16:11 - 2018-02-10 02:00 - 000245088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-02-13 16:11 - 2018-02-10 02:00 - 000069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-13 16:11 - 2018-02-10 01:58 - 000590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-02-13 16:11 - 2018-02-10 01:54 - 001051616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-02-13 16:11 - 2018-02-10 01:54 - 000894640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-02-13 16:11 - 2018-02-10 01:54 - 000191832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-02-13 16:11 - 2018-02-10 01:54 - 000100696 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2018-02-13 16:11 - 2018-02-10 01:54 - 000037720 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_0C_8086.dll
2018-02-13 16:11 - 2018-02-10 01:53 - 000485640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-02-13 16:11 - 2018-02-10 01:52 - 000468312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-02-13 16:11 - 2018-02-10 01:50 - 001000792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-02-13 16:11 - 2018-02-10 01:48 - 000360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-02-13 16:11 - 2018-02-10 01:48 - 000036696 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkPS.dll
2018-02-13 16:11 - 2018-02-10 01:47 - 000948568 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2018-02-13 16:11 - 2018-02-10 01:47 - 000812888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2018-02-13 16:11 - 2018-02-10 01:47 - 000342448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-02-13 16:11 - 2018-02-10 01:47 - 000144736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2018-02-13 16:11 - 2018-02-10 01:47 - 000130904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-02-13 16:11 - 2018-02-10 01:47 - 000070288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-02-13 16:11 - 2018-02-10 01:47 - 000022336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-02-13 16:11 - 2018-02-10 01:46 - 000534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-02-13 16:11 - 2018-02-10 01:46 - 000418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-13 16:11 - 2018-02-10 01:46 - 000369360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-02-13 16:11 - 2018-02-10 01:46 - 000244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-02-13 16:11 - 2018-02-10 01:45 - 000743216 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-02-13 16:11 - 2018-02-10 01:45 - 000523704 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2018-02-13 16:11 - 2018-02-10 01:45 - 000160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2018-02-13 16:11 - 2018-02-10 01:45 - 000089408 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-13 16:11 - 2018-02-10 01:31 - 000025432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFrameworkPS.dll
2018-02-13 16:11 - 2018-02-10 01:30 - 000272712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-02-13 16:11 - 2018-02-10 01:29 - 000139096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2018-02-13 16:11 - 2018-02-10 01:29 - 000059936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-02-13 16:11 - 2018-02-10 01:28 - 000487104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-02-13 16:11 - 2018-02-10 01:28 - 000382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-02-13 16:11 - 2018-02-10 01:28 - 000121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-02-13 16:11 - 2018-02-10 01:28 - 000076464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-02-13 16:11 - 2018-02-10 01:16 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2018-02-13 16:11 - 2018-02-10 01:16 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2018-02-13 16:11 - 2018-02-10 01:15 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2018-02-13 16:11 - 2018-02-10 01:15 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfp.dll
2018-02-13 16:11 - 2018-02-10 01:15 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-02-13 16:11 - 2018-02-10 01:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-02-13 16:11 - 2018-02-10 01:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-02-13 16:11 - 2018-02-10 01:14 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accountaccessor.dll
2018-02-13 16:11 - 2018-02-10 01:14 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2018-02-13 16:11 - 2018-02-10 01:14 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2018-02-13 16:11 - 2018-02-10 01:14 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-02-13 16:11 - 2018-02-10 01:13 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2018-02-13 16:11 - 2018-02-10 01:13 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-02-13 16:11 - 2018-02-10 01:13 - 000156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2018-02-13 16:11 - 2018-02-10 01:13 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2018-02-13 16:11 - 2018-02-10 01:13 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2018-02-13 16:11 - 2018-02-10 01:13 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2018-02-13 16:11 - 2018-02-10 01:13 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2018-02-13 16:11 - 2018-02-10 01:13 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-02-13 16:11 - 2018-02-10 01:13 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-02-13 16:11 - 2018-02-10 01:13 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000528896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\syncutil.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbeio.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbeio.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-13 16:11 - 2018-02-10 01:12 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-02-13 16:11 - 2018-02-10 01:11 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2018-02-13 16:11 - 2018-02-10 01:11 - 000363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2018-02-13 16:11 - 2018-02-10 01:11 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2018-02-13 16:11 - 2018-02-10 01:11 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-02-13 16:11 - 2018-02-10 01:11 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-02-13 16:11 - 2018-02-10 01:11 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2018-02-13 16:11 - 2018-02-10 01:11 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-13 16:11 - 2018-02-10 01:11 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2018-02-13 16:11 - 2018-02-10 01:11 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-02-13 16:11 - 2018-02-10 01:10 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2018-02-13 16:11 - 2018-02-10 01:10 - 000418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2018-02-13 16:11 - 2018-02-10 01:10 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-02-13 16:11 - 2018-02-10 01:10 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2018-02-13 16:11 - 2018-02-10 01:10 - 000185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2018-02-13 16:11 - 2018-02-10 01:10 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-02-13 16:11 - 2018-02-10 01:09 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2018-02-13 16:11 - 2018-02-10 01:09 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2018-02-13 16:11 - 2018-02-10 01:09 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2018-02-13 16:11 - 2018-02-10 01:09 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2018-02-13 16:11 - 2018-02-10 01:09 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-02-13 16:11 - 2018-02-10 01:09 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2018-02-13 16:11 - 2018-02-10 01:08 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2018-02-13 16:11 - 2018-02-10 01:07 - 000493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-02-13 16:11 - 2018-02-10 01:07 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2018-02-13 16:11 - 2018-02-10 01:07 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2018-02-13 16:11 - 2018-02-10 01:06 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2018-02-13 16:11 - 2018-02-10 01:05 - 000741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2018-02-13 16:11 - 2018-02-10 01:05 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-13 16:11 - 2018-02-10 01:05 - 000443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2018-02-13 16:11 - 2018-02-10 01:05 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2018-02-13 16:11 - 2018-02-10 01:05 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2018-02-13 16:11 - 2018-02-10 01:05 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-02-13 16:11 - 2018-02-10 01:05 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2018-02-13 16:11 - 2018-02-10 01:05 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-02-13 16:11 - 2018-02-10 01:05 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2018-02-13 16:11 - 2018-02-10 01:05 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2018-02-13 16:11 - 2018-02-10 01:04 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2018-02-13 16:11 - 2018-02-10 01:04 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2018-02-13 16:11 - 2018-02-10 01:04 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-02-13 16:11 - 2018-02-10 01:04 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSSessionUX.dll
2018-02-13 16:11 - 2018-02-10 01:03 - 001293312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2018-02-13 16:11 - 2018-02-10 01:03 - 001231360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2018-02-13 16:11 - 2018-02-10 01:03 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-02-13 16:11 - 2018-02-10 01:03 - 000441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2018-02-13 16:11 - 2018-02-10 01:03 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-02-13 16:11 - 2018-02-10 01:03 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFrameworkInternalPS.dll
2018-02-13 16:11 - 2018-02-10 01:02 - 000592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2018-02-13 16:11 - 2018-02-10 01:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-02-13 16:11 - 2018-02-10 01:02 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-02-13 16:11 - 2018-02-10 01:02 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-02-13 16:11 - 2018-02-10 01:00 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-02-13 16:11 - 2018-02-10 01:00 - 001266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-02-13 16:11 - 2018-02-10 01:00 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2018-02-13 16:11 - 2018-02-10 00:58 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2018-02-13 16:11 - 2018-02-10 00:58 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2018-02-13 16:11 - 2018-02-10 00:58 - 000322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-02-13 16:11 - 2018-02-10 00:57 - 000119808 ____R (Microsoft Corporation) C:\WINDOWS\system32\SecureAssessmentHandlers.dll
2018-02-13 16:11 - 2018-02-10 00:57 - 000096768 ____R (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.SecureAssessment.CfgProvider.dll
2018-02-13 16:11 - 2018-01-17 05:27 - 001341560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2018-02-13 16:11 - 2018-01-17 05:27 - 001049208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2018-02-13 16:11 - 2018-01-17 05:27 - 000934520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2018-02-13 16:11 - 2018-01-17 05:27 - 000078448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2018-02-13 16:11 - 2018-01-12 00:49 - 001007216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2018-02-13 16:11 - 2018-01-12 00:49 - 000854136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2018-02-13 16:11 - 2018-01-12 00:49 - 000694384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2018-02-13 16:11 - 2018-01-12 00:49 - 000066680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-03-13 00:45 - 2015-08-31 13:31 - 000000000 ____D C:\Users\newto\AppData\Roaming\NetSpeedMonitor
2018-03-13 00:43 - 2015-08-31 13:40 - 000000000 ____D C:\Users\newto\AppData\Roaming\TS3Client
2018-03-12 23:28 - 2017-03-22 05:06 - 000000000 ____D C:\Users\newto\AppData\Roaming\obs-studio
2018-03-12 19:58 - 2017-04-27 21:19 - 000000000 ____D C:\Users\newto\AppData\Local\Deployment
2018-03-12 19:42 - 2016-08-30 13:37 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
2018-03-12 19:42 - 2016-08-30 13:37 - 000000000 ____D C:\ProgramData\NVIDIA
2018-03-12 19:35 - 2016-08-04 14:42 - 000003316 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E2C5E6EE-86A8-44BB-A49D-889B5BF25DFE}
2018-03-12 19:25 - 2016-08-19 15:01 - 000000000 ____D C:\Users\Todos os Usuários\Unified Remote
2018-03-12 19:25 - 2016-08-19 15:01 - 000000000 ____D C:\ProgramData\Unified Remote
2018-03-12 19:18 - 2016-08-04 14:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-12 16:22 - 2016-07-16 08:45 - 000000000 ____D C:\WINDOWS\INF
2018-03-12 16:19 - 2018-02-01 17:33 - 000000000 ____D C:\Users\newto\AppData\Roaming\Origin
2018-03-12 16:19 - 2015-08-31 13:26 - 000000000 ____D C:\Users\Todos os Usuários\Origin
2018-03-12 16:19 - 2015-08-31 13:26 - 000000000 ____D C:\ProgramData\Origin
2018-03-12 16:18 - 2017-12-09 18:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-03-12 16:18 - 2017-01-30 16:22 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-12 16:18 - 2017-01-19 15:36 - 000000000 ____D C:\Temp
2018-03-12 15:46 - 2016-07-16 20:10 - 004731968 _____ C:\WINDOWS\system32\prfh0416.dat
2018-03-12 15:46 - 2016-07-16 20:10 - 004207942 _____ C:\WINDOWS\system32\prfc0416.dat
2018-03-12 15:46 - 2015-08-31 13:12 - 018973216 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-12 15:40 - 2016-08-04 14:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-12 06:00 - 2016-07-16 03:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-03-12 02:33 - 2016-07-31 15:56 - 000000000 ____D C:\Users\newto\AppData\Local\Spotify
2018-03-12 02:33 - 2016-07-31 15:54 - 000000000 ____D C:\Users\newto\AppData\Roaming\Spotify
2018-03-12 02:00 - 2015-09-11 17:27 - 000000000 ____D C:\Users\newto\AppData\Local\Adobe
2018-03-12 01:33 - 2015-10-10 04:29 - 009089024 ___SH C:\Users\newto\Desktop\Thumbs.db
2018-03-12 01:31 - 2015-10-20 16:04 - 000000000 ____D C:\Users\newto\AppData\LocalLow\Temp
2018-03-11 19:42 - 2016-08-10 15:44 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2018-03-11 19:42 - 2016-08-10 15:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-11 19:20 - 2018-01-26 16:01 - 000000822 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2018-03-11 19:19 - 2016-08-04 14:34 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-03-11 19:17 - 2016-08-04 14:34 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2018-03-11 19:17 - 2016-08-04 14:34 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-03-11 19:15 - 2017-12-20 15:32 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-11 19:15 - 2017-12-20 15:32 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-11 19:15 - 2017-12-20 15:32 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-11 19:15 - 2017-12-20 15:32 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-03-11 19:15 - 2016-08-04 14:34 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-03-11 17:37 - 2015-08-31 13:29 - 000000000 ____D C:\Users\newto\AppData\Roaming\uTorrent
2018-03-11 17:20 - 2015-09-01 14:49 - 000000000 ____D C:\WINDOWS\pss
2018-03-11 17:18 - 2015-12-22 19:58 - 000000000 ____D C:\Users\newto\AppData\Local\CrashDumps
2018-03-11 06:29 - 2015-08-31 13:49 - 000000000 ____D C:\Users\newto\AppData\Roaming\DAEMON Tools Lite
2018-03-11 05:57 - 2016-02-22 14:35 - 000002310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-11 05:57 - 2016-02-22 14:35 - 000002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-11 05:54 - 2016-11-21 08:10 - 000000000 ____D C:\Users\newto\AppData\LocalLow\Mozilla
2018-03-11 05:11 - 2016-08-04 14:37 - 000000000 ____D C:\Users\newto
2018-03-11 04:48 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-11 04:22 - 2015-09-12 17:14 - 000007595 _____ C:\Users\newto\AppData\Local\Resmon.ResmonCfg
2018-03-10 20:58 - 2017-05-22 18:27 - 000028376 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2018-03-10 20:45 - 2016-07-16 08:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-10 20:24 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-03-10 20:20 - 2015-08-31 13:07 - 000000000 ____D C:\Users\newto\AppData\Roaming\Adobe
2018-03-10 20:19 - 2017-12-20 16:22 - 000000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-03-10 20:19 - 2017-12-20 16:22 - 000000964 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-03-10 20:19 - 2015-07-10 08:04 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-03-10 19:17 - 2017-04-29 18:34 - 000000000 ____D C:\Users\newto\AppData\Roaming\MPC-HC
2018-03-10 18:35 - 2015-08-31 14:09 - 000226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2018-03-10 18:35 - 2015-08-31 14:09 - 000214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2018-03-09 21:47 - 2016-07-16 08:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-08 22:46 - 2015-11-03 18:30 - 000000000 ____D C:\Users\newto\AppData\Roaming\Free Download Manager
2018-02-26 19:40 - 2015-08-31 13:14 - 000000000 ____D C:\Users\newto\AppData\Local\NVIDIA Corporation
2018-02-26 19:38 - 2016-11-04 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-02-26 19:38 - 2016-07-06 18:06 - 000000000 ____D C:\Users\newto\AppData\Local\NVIDIA
2018-02-26 16:45 - 2017-12-20 15:20 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-26 16:45 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\Help
2018-02-21 23:19 - 2015-10-28 14:59 - 000000000 ____D C:\Users\newto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-02-21 21:39 - 2018-01-09 01:03 - 000000000 ____D C:\Users\newto\AppData\Local\FiveM
2018-02-21 04:11 - 2017-05-14 05:15 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-02-17 21:42 - 2016-02-26 18:42 - 000000000 ____D C:\Users\newto\AppData\Local\SKIDROW
2018-02-17 05:34 - 2015-09-25 22:36 - 000000000 ____D C:\Users\newto\AppData\Local\Ubisoft Game Launcher
2018-02-15 15:04 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\rescache
2018-02-14 10:56 - 2018-02-01 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-02-14 10:51 - 2018-02-01 17:33 - 000000000 ____D C:\Program Files (x86)\Origin
2018-02-13 17:18 - 2015-08-31 13:07 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-13 17:17 - 2016-08-04 14:32 - 004966960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ___RD C:\WINDOWS\MiracastView
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-02-13 17:14 - 2016-07-16 08:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-02-13 16:15 - 2015-09-01 14:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-13 16:13 - 2017-10-12 13:57 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-13 16:13 - 2015-09-01 14:10 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Arquivos na raiz de alguns diretórios =======

2015-09-29 17:46 - 2015-09-29 17:46 - 000000120 _____ () C:\Users\newto\AppData\Roaming\0da6f085.dat
2016-12-23 16:07 - 2016-12-23 17:07 - 000000132 _____ () C:\Users\newto\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-03-01 00:52 - 2018-01-31 19:42 - 000000132 _____ () C:\Users\newto\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-06 15:51 - 2016-08-06 15:51 - 000000040 _____ () C:\Users\newto\AppData\Roaming\cdr.ini
2017-01-19 18:19 - 2017-01-19 18:35 - 001307648 _____ () C:\Users\newto\AppData\Local\file__0.localstorage
2015-09-12 17:14 - 2018-03-11 04:22 - 000007595 _____ () C:\Users\newto\AppData\Local\Resmon.ResmonCfg
2017-02-03 17:17 - 2017-02-03 17:17 - 000000000 _____ () C:\Users\newto\AppData\Local\{46A30D05-DE21-4FD3-9F84-21D5CE7155E7}
2016-12-24 18:42 - 2016-12-24 18:42 - 000000000 _____ () C:\Users\newto\AppData\Local\{61C18640-9EA6-4F45-9E0C-64C09A78115A}

Alguns arquivos em TEMP:
====================
2018-03-12 19:38 - 2018-03-12 19:42 - 000000000 _____ () C:\Users\newto\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-03-12 19:38 - 2018-03-12 19:42 - 000000016 _____ () C:\Users\newto\AppData\Local\Temp\6de885680e05a350021e9e6243148e19.dll
2018-03-12 01:38 - 2017-09-07 03:03 - 001887408 _____ (Microsoft Corporation) C:\Users\newto\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2018-03-08 15:56

==================== Fim de FRST.txt ============================

 

Addition: 

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 13.03.2018
Executado por Newton (13-03-2018 00:45:59)
Executando a partir de C:\Users\newto\Desktop
Windows 10 Pro Versão 1607 14393.2068 (X64) (2016-08-04 17:45:26)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-2947653566-3263547115-4119004596-500 - Administrator - Disabled)
Convidado (S-1-5-21-2947653566-3263547115-4119004596-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-2947653566-3263547115-4119004596-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2947653566-3263547115-4119004596-1003 - Limited - Enabled)
Newton (S-1-5-21-2947653566-3263547115-4119004596-1001 - Administrator - Enabled) => C:\Users\newto

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\{FABB02D6-A7FD-4845-A6FA-60C565516712}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AIDA64 Extreme v5.80 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.80 - FinalWire Ltd.)
Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Atualizações da NVIDIA 31.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.1.0.0 - NVIDIA Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.00 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Dead Space Tradução BR v1.02 (HKLM-x32\...\Dead Space BR) (Version: 1.02 - Tribo dos Renegados Brasil®)
Dead Space™ (HKLM-x32\...\{4D87DC92-C328-46EC-A7B4-9C88129DC696}) (Version: 1.0.222.0 - Electronic Arts)
Discord (HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.01 - NVIDIA Corporation) Hidden
Far Cry (Patch 1) (HKLM-x32\...\{D792A069-B96B-40BA-BCB4-E5651A6E5926}) (Version: 1.00.0000 - Ubisoft) Hidden
Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.00.00 - Ubisoft)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeMouseAutoClicker 3.7 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Galeria de Fotos (HKLM-x32\...\{9EE1AE8B-4872-41CA-8C9A-C33D899523E0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
K-Lite Mega Codec Pack 13.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.1.0 - KLCP)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Legendas 3.5 (HKLM-x32\...\{461C0377-D2EC-4FB0-B038-847BC6455432}_is1) (Version: 3.5 - Legendas Brasil)
LEGO® Harry Potter™: Years 1-4 (HKLM-x32\...\{C5A8DF48-580B-44D3-B2B2-E965A9368F28}) (Version: 1.0.0.0 - WB Games)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version:  - )
Main Services (HKLM\...\{CCDF2023-BC8F-4A8E-A3EC-E2740C879398}) (Version: 2.0.13 - System Native) Hidden <==== ATENÇÃO
McAfee Total Protection  (HKLM-x32\...\MSC) (Version: 16.0.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Movie Maker (HKLM-x32\...\{C05F4139-CB6B-4272-A0BF-861FEB667F27}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.1 (x64 pt-BR) (HKLM\...\Mozilla Firefox 58.0.1 (x64 pt-BR)) (Version: 58.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.2 - Mozilla)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
MSI Afterburner 4.4.0 (HKLM-x32\...\Afterburner) (Version: 4.4.0 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Need for Speed™ (HKLM-x32\...\{F8643E83-A868-4EE8-A0B9-389386830453}) (Version: 1.3.0.0 - Electronic Arts)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA Driver de áudio HD 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Driver de gráficos 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.01 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.13.0.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.0.85 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
OpenIV (HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\OpenIV) (Version: 2.9.1.926 - .black/OpenIV Team)
Origin (HKLM-x32\...\Origin) (Version: 10.5.12.32066 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Painel de controle da NVIDIA 391.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.01 - NVIDIA Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Planet Coaster version 1.3.6.45104 (HKLM\...\Planet Coaster_is1) (Version: 1.3.6.45104 - STEAMPUNKS)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7945 - Realtek Semiconductor Corp.)
Restream Chat (HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\5574fe55cba0ac1f) (Version: 2.2.1.51 - Restream.io)
RivaTuner Statistics Server 7.0.0 (HKLM-x32\...\RTSS) (Version: 7.0.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
Software de dispositivo do Chipset Intel® (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Spotify (HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Sims 4: City Living (HKLM\...\dGhlc2ltczRjaXR5bGl2aW5n_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.25.136.1020 - Electronic Arts Inc.)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.10.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.21.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.20.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.21.0.0 - GOG.com)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.4.1 - Unified Intents AB)
Unravel (HKLM\...\Unravel_is1) (Version: 1.0.0.0 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{BF492E7F-BD3F-4F33-932A-1DD0891968B0}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{7C070E60-8769-4763-BBD8-7537A28A60D4}) (Version: 1.10.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Warsaw 2.3.0.83 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.3.0.83 - GAS Tecnologia)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-08-08] (McAfee, Inc.)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2015-07-18] (Florian Heidenreich)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-03] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-03] (Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2015-07-18] (Florian Heidenreich)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => D:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2015-07-18] (Florian Heidenreich)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-06-02] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-02-23] (NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-08-08] (McAfee, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-03] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-03] (Alexander Roshal)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {04B193A2-2467-43DF-B7C1-2F4197FD02C3} - System32\Tasks\klcp_update => d:\program files (x86)\k-lite codec pack\tools\codectweaktool.exe [2017-04-14] ()
Task: {0CAEA0D8-371B-443D-B5A0-553899D86D93} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {10EA1558-D0B4-466C-81FB-C9ABC89215D8} - System32\Tasks\Driver Booster SkipUAC (Newton) => D:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {13934761-2CB1-4BFE-8256-A094CFE0196C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-02-21] (NVIDIA Corporation)
Task: {28972C45-899D-491B-B450-9605A8DBCD16} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {2CB0F146-3240-46DA-8BA6-752D7A814AFB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-02-21] (NVIDIA Corporation)
Task: {345CB7AF-EE49-4161-91AD-5A02DA5B54BE} - System32\Tasks\WlbBJSMcknvngxNxC2 => rundll32 "C:\Program Files (x86)\mAUzXDPkZrvZtXzyunR\GyGqFKE.dll",#1
Task: {3C41AD63-A2A0-45ED-802E-3745CF529227} - System32\Tasks\dTRRfHQjsHOvbdt2 => rundll32 "C:\Program Files (x86)\LfFoujfjU\QPxQge.dll",#1
Task: {4DCD89B5-0C7B-40A0-96D8-B1DD406C24E5} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {519E8593-A50B-4F13-A3A6-CC950744CD7C} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock-storagesense => C:\Program Files\rempl\remsh.exe
Task: {5332E472-60A8-4914-99DF-A148D1AD8C03} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-02-21] (NVIDIA Corporation)
Task: {5730A436-1418-49AF-A96F-ECBA8DC123AB} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-02-21] (NVIDIA Corporation)
Task: {5FE24D1E-63DB-4D3B-83CD-8525975B318E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {60E8411E-8F0F-4069-9302-61079690CBA6} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe
Task: {69528118-7BE0-4C7E-A79F-4CA09CFD3CCF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {74916EE5-DF40-4F54-AE2E-5EF6E25ECD18} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-02-13] (Microsoft Corporation)
Task: {76AC8401-853E-4300-8195-1E08BEA5C32B} - System32\Tasks\AdobeGCInvoker-1.0-NEWTON-PC-Newton => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {883CCFEE-EB7D-4229-A0A9-45739CB1EFAC} - System32\Tasks\Microsoft\Windows\rempl\shell-maintenance => C:\Program Files\rempl\remsh.exe
Task: {8C49A600-2416-4966-AA7A-F79EF09C15AB} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-02-21] (NVIDIA Corporation)
Task: {8E0B4CD8-95F7-4B31-812E-940AD8471634} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-22] (Google Inc.)
Task: {92B61311-5B9F-4674-BB07-EA1460EDC866} - System32\Tasks\Start CorsairLink4 => D:\CorsairLink4.exe
Task: {95ED03B8-E6C6-494F-97D3-382A1FD89645} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe
Task: {99BCA662-7C3F-4BB0-B58A-243D79A4B947} - System32\Tasks\Microsoft\Windows\rempl\shell-restore => C:\Program Files\rempl\remsh.exe
Task: {9A70174C-AC9B-4D33-9767-493AD710AC2E} - System32\Tasks\{B068A1AE-4A85-4C06-989A-4015562C9463} => C:\Windows\system32\pcalua.exe -a F:\autorun.exe -d F:\
Task: {A3A45C4E-B040-44C5-B04B-A9534A179C8B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-07] (Adobe Systems Incorporated)
Task: {A4AF0B26-A876-4B9E-A925-C656F5DEF2A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {AF66ED68-2650-46CD-BFCF-61790AABC69D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-02-21] (NVIDIA Corporation)
Task: {B05A91AA-808E-4028-A6A2-6FCB0F4D9B40} - \Format Factory -> Nenhum Arquivo <==== ATENÇÃO
Task: {BB7E90EA-10A5-4ACD-9C46-AEA7F52B2110} - System32\Tasks\updater => C:\Program Files\System Native\Main Services\updater.exe <==== ATENÇÃO
Task: {BD127514-24F5-4FAE-BA32-C0F86F6F01C2} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock-sih => C:\Program Files\rempl\remsh.exe
Task: {C4A0B2B2-8C2F-43DC-9E93-4BB98CD07078} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-31] (McAfee, Inc.)
Task: {C6BDDE76-0345-4FFD-973A-7F729335F6E0} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {CEE21AC4-36E2-4AD9-8105-446BF9B493FC} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {CF7B1C7D-ED02-4FDD-9885-94B31C1EF480} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-01] (Piriform Ltd)
Task: {D7DF97BE-7D0B-4F0F-80A4-E5DF9AA98F79} - System32\Tasks\cmdsvr => C:\Disk\cmdsvr.exe
Task: {D904FF05-D100-44FD-A25D-CA7157E6CEA0} - System32\Tasks\{1B1A867A-D930-4C12-95B7-D7D51B568947} => C:\Windows\system32\pcalua.exe -a F:\autorun.exe -d F:\
Task: {DBEAFF72-A9E0-4B74-B7C2-ED679958AEB5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-02-21] (NVIDIA Corporation)
Task: {E1A72139-3BC4-4A2C-A4E1-84F05C5ECDEA} - System32\Tasks\AdobeAAMUpdater-1.0-NEWTON-PC-Newton => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {EB78C90F-8A54-491D-B0A9-56A67C8DDB4D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-02-21] (NVIDIA Corporation)
Task: {FA1631C5-A4C4-4B37-A488-C9718393335B} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {FB7DCE82-3E46-48B6-BC6C-3BD48B7A4EE8} - System32\Tasks\dIxshjfnsDsrepSSqPt2 => rundll32 "C:\Program Files (x86)\pidIvTaYsJowC\xmyRjeM.dll",#1
Task: {FF8C02F6-61EE-4EF8-8634-734CF52E9D37} - System32\Tasks\qFbxfDUevnccZZ => rundll32 "C:\Program Files (x86)\jzVqtpDsXbLU2\UQbPixMQrgIeL.dll",#1

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)


==================== Módulos Carregados (Whitelisted) ==============

2018-02-26 16:45 - 2018-02-24 01:36 - 000543248 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2017-02-24 18:41 - 2012-03-28 09:49 - 000140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2017-09-27 02:10 - 2017-08-08 13:30 - 001436912 _____ () C:\Program Files\McAfee\MSC\WscInteractionHandler.dll
2018-02-26 19:38 - 2018-02-21 04:51 - 001268616 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-08-31 18:14 - 2017-03-17 14:57 - 000076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2017-09-27 02:10 - 2017-08-11 14:08 - 000595608 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-09-27 02:10 - 2017-08-11 14:08 - 000586728 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2016-07-16 08:42 - 2016-07-16 08:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2018-02-13 16:12 - 2018-02-10 01:53 - 002681712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2018-02-26 16:45 - 2018-02-23 16:22 - 000133464 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-20 19:55 - 2017-10-31 03:07 - 000444008 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2016-08-04 14:48 - 2016-08-04 14:48 - 000959168 _____ () C:\Users\newto\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2017-12-18 15:07 - 2017-04-28 00:23 - 000086528 _____ () C:\Program Files (x86)\Legendas-3.5\ShellExtContextMenuHandler.dll
2016-09-15 22:13 - 2016-09-07 01:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-24 00:16 - 2017-03-04 03:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2012-01-10 14:41 - 2015-09-24 23:28 - 000568904 _____ () D:\Program Files (x86)\puush.exe
2018-02-14 10:56 - 2018-02-14 13:55 - 000021824 _____ () D:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2018-02-27 00:43 - 2018-02-27 00:43 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-02-27 00:43 - 2018-02-27 00:43 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-02-27 00:43 - 2018-02-27 00:43 - 021824000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-02-27 00:43 - 2018-02-27 00:43 - 002529792 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1807.264.0_x64__kzf8qxf38zg5c\skypert.dll
2015-08-04 04:54 - 2018-01-25 18:20 - 000174744 _____ () D:\Program Files\TeamSpeak 3 Client\quazip.dll
2018-03-11 19:15 - 2018-02-21 04:51 - 000020368 _____ () c:\program files\nvidia corporation\nvstreamsrv\detoured.dll
2017-01-11 20:47 - 2017-12-17 18:48 - 000020632 _____ () D:\Program Files\TeamSpeak 3 Client\libEGL.DLL
2017-01-11 20:47 - 2017-12-17 18:48 - 001981592 _____ () D:\Program Files\TeamSpeak 3 Client\libGLESv2.dll
2015-08-04 04:53 - 2018-01-25 18:20 - 000125592 _____ () D:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2015-08-04 04:54 - 2018-01-25 18:20 - 000150680 _____ () D:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2017-03-25 00:13 - 2017-07-21 18:22 - 000345880 _____ () C:\Users\newto\AppData\Roaming\TS3Client\plugins\clientquery_plugin_win64.dll
2017-02-15 01:16 - 2017-07-18 17:32 - 000157696 _____ () C:\Users\newto\AppData\Roaming\TS3Client\plugins\gamepad_joystick_win64.dll
2017-02-02 00:55 - 2017-02-02 00:55 - 000276992 _____ () C:\Users\newto\AppData\Roaming\TS3Client\plugins\ClownfishForTeamspeak_win64.dll
2017-10-31 06:05 - 2017-10-31 06:05 - 000722216 _____ () D:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2017-10-31 03:07 - 2017-10-31 03:07 - 000252008 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2017-10-31 03:07 - 2017-10-31 03:07 - 000035432 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2017-10-31 03:07 - 2017-10-31 03:07 - 000061032 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2018-02-13 16:12 - 2018-02-10 01:09 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 001402368 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-02-13 16:11 - 2018-02-10 00:59 - 000757760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2018-02-13 16:12 - 2018-02-10 00:59 - 001033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2018-02-13 16:12 - 2018-02-10 01:00 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2018-02-13 16:12 - 2018-02-10 01:03 - 004854272 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2018-02-23 02:54 - 2018-02-22 00:57 - 004433752 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libglesv2.dll
2018-02-23 02:54 - 2018-02-22 00:57 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\64.0.3282.186\libegl.dll
2014-04-07 11:31 - 2014-04-07 11:31 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2018-02-26 19:38 - 2018-02-21 04:51 - 001041800 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-20 19:55 - 2017-10-31 03:07 - 000410728 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2018-02-26 19:38 - 2018-02-21 04:51 - 071673736 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-02-14 10:56 - 2018-02-14 10:56 - 000015360 _____ () D:\Program Files (x86)\Origin\libEGL.DLL
2018-02-14 10:56 - 2018-02-14 10:56 - 003090944 _____ () D:\Program Files (x86)\Origin\libGLESv2.dll
2017-10-29 17:01 - 2017-10-29 17:01 - 000071680 _____ () D:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2017-10-29 17:00 - 2017-10-29 17:00 - 000056832 _____ () D:\Program Files (x86)\MSI Afterburner\RTFC.dll
2017-10-29 17:01 - 2017-10-29 17:01 - 000232448 _____ () D:\Program Files (x86)\MSI Afterburner\RTCore.dll
2017-10-29 17:01 - 2017-10-29 17:01 - 000357888 _____ () D:\Program Files (x86)\MSI Afterburner\RTUI.dll
2017-10-29 17:01 - 2017-10-29 17:01 - 000565760 _____ () D:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2018-03-11 19:15 - 2018-02-21 04:51 - 000020368 _____ () c:\program files (x86)\nvidia corporation\nvstreamsrv\detoured.dll
2017-10-10 15:51 - 2017-10-10 15:51 - 000055808 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
2017-10-10 15:52 - 2017-10-10 15:52 - 000353792 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2017-10-10 15:52 - 2017-10-10 15:52 - 000071680 _____ () D:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2015-10-28 10:27 - 2017-11-29 02:09 - 000781088 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2015-10-28 10:27 - 2016-08-31 22:02 - 004969248 _____ () D:\Program Files (x86)\Steam\v8.dll
2015-10-28 10:27 - 2017-12-15 16:59 - 002558752 _____ () D:\Program Files (x86)\Steam\video.dll
2017-12-14 14:03 - 2017-11-03 22:54 - 005137696 _____ () D:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-14 14:03 - 2017-11-03 22:54 - 000695584 _____ () D:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 14:03 - 2017-11-03 22:54 - 000351520 _____ () D:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 14:03 - 2017-11-03 22:54 - 000847136 _____ () D:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 14:03 - 2017-11-03 22:54 - 000783648 _____ () D:\Program Files (x86)\Steam\libswscale-4.dll
2015-10-28 10:27 - 2016-08-31 22:02 - 001563936 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2015-10-28 10:27 - 2016-08-31 22:02 - 001195296 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2015-10-28 10:27 - 2017-12-15 16:59 - 000904992 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-12 17:59 - 2016-07-04 19:17 - 000266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll
2017-06-08 19:27 - 2017-09-06 23:04 - 000678400 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-14 19:04 - 2017-10-31 01:44 - 071471904 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-10-28 10:27 - 2015-09-24 20:52 - 000119208 _____ () D:\Program Files (x86)\Steam\winh264.dll
2017-07-17 14:30 - 2017-07-17 14:30 - 000863744 _____ () C:\WINDOWS\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\bmb.com.br -> hxxps://bdu.bmb.com.br
IE trusted site: HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\bmb.com.br -> bdu.bmb.com.br
IE trusted site: HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\gastecnologia.com.br -> hxxps://cloud.gastecnologia.com.br
IE trusted site: HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\gastecnologia.com.br -> cloud.gastecnologia.com.br
IE trusted site: HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\mercantil.com.br -> hxxps://*.mercantil.com.br
IE trusted site: HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\mercantildobrasil.com.br -> hxxps://*.mercantildobrasil.com.br

==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-07-10 08:04 - 2017-05-22 18:27 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\newto\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-2947653566-3263547115-4119004596-1001\...\StartupApproved\Run: => "Discord"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{8092544C-92DF-4BA2-B9F0-FAF2C21DFD9B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{44413595-8CB6-4FE7-B795-288CF83EEBE6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{32811041-A145-4059-A6D3-E0F2C3BF212A}] => (Allow) LPort=1900
FirewallRules: [{D7B52BA5-10CD-4C16-92B1-AACF625621D6}] => (Allow) LPort=2869
FirewallRules: [{EDE8EEAE-1655-4CF6-95A1-798E4D442B9C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5DDAC103-AB6D-4835-B880-AD62F1B0E744}] => (Allow) LPort=27015
FirewallRules: [{27110E58-D3EB-435A-BE42-66925C361420}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9D21A2C4-2D91-4306-8472-52E42AE969F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{00756160-FE7A-411E-B20A-5A96211E786D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{986D9E9A-9637-471F-AA5B-FC8DFDB5AE2E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DEE75851-68DA-4E00-9800-45DF5EC316E5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{094F7080-B8B1-457B-9F29-7F2B622CEA04}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{9F467B46-AC87-4614-B29D-B840242592F9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{7B923052-1E71-4D88-99D3-1017E1ED59BD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{5DC1C1EF-3832-42F8-9589-5729961424EC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{2F8CE85C-69F2-4A2A-95FB-8DEDDB9B6E75}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{53282862-486B-488E-A905-FCA1472405CA}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{90BA0481-0FD9-4F06-AC63-9B028727751B}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [TCP Query User{BCE246F1-ACDF-42AE-AB6B-DCEDBB6060C6}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{32D053AF-35C2-4035-A2D6-612A4CC3EE81}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{CE537E33-3ED2-4D75-851D-A59BD9478157}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{DD4845B8-3F83-4515-A904-083BC82FADE0}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{9A42D762-6F11-442E-B6F7-79758DA755C2}] => (Allow) LPort=27015
FirewallRules: [TCP Query User{8CB49BC8-146B-4C3E-B423-DDA6BD87782F}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{A09B0DC2-D1C2-45A0-87AE-717B24572223}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{953946E6-C77A-4493-88C6-EBFBBD975F18}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B28135A4-6914-4F74-AEA0-E23DEF69DB7D}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{450EFC6D-BBE5-4430-9219-2692C418DE8E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{AC16A089-797F-41D6-93E0-7A6D6ECFAF2F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{A671484C-DACA-444B-8B1A-8F521B8AEDE4}D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{DCBEB44B-D11C-41D4-AFFF-2FA6ACFDEA68}D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{A0EB6BCC-7415-40F5-BDB3-183C88E43BA7}] => (Allow) LPort=80
FirewallRules: [{E69E207E-8A6A-43B1-B5C0-685F5BEA0668}] => (Allow) LPort=443
FirewallRules: [{881DFB34-0760-4091-9A81-BB00BB9B5350}] => (Allow) LPort=20010
FirewallRules: [{E6827DE1-7E29-4118-A814-AF76DE68C511}] => (Allow) LPort=3478
FirewallRules: [{75364995-BEE9-42A7-8D50-7C4CCC599E9C}] => (Allow) LPort=7850
FirewallRules: [{B33E6084-FE8A-401B-AED2-CA297A753A24}] => (Allow) LPort=7852
FirewallRules: [{6728B5FA-EE4F-490A-8A71-4021194D8257}] => (Allow) LPort=7853
FirewallRules: [{C6F62338-60A7-4157-B870-9AEEA3FF5454}] => (Allow) LPort=27022
FirewallRules: [{462EF69D-5D5E-40AD-971A-1CB4B2EE070E}] => (Allow) LPort=6881
FirewallRules: [{FA0D13ED-6CA9-43A2-894E-BBAAD97130B2}] => (Allow) LPort=33333
FirewallRules: [{5D8D36BA-D675-4C91-9BD1-54570E8BCFCF}] => (Allow) LPort=20443
FirewallRules: [{E7D7D2C0-CB53-4A68-A885-EB72F5B53210}] => (Allow) LPort=8090
FirewallRules: [{32A34A7F-D160-421A-90F7-8749C89F7DD7}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{834B9ED6-4356-436E-B941-A1BFD5F27F3A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{6E2FD900-2B98-4516-A9B4-630C05CD7818}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{D88AA820-53E4-43BB-8AA2-9A4CFA0312AE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{C22B4847-DB81-490E-BB8B-8C6FEDFDA2E2}] => (Allow) D:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{F845E618-CD02-4DB3-B1FD-95FF1D6F468C}] => (Allow) D:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{8F8D991A-B928-42EA-A3B4-60F9EE180FCD}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{697F76B2-915D-4756-8C9F-AC388C8BD5C3}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{5376E986-7147-4FF1-A90B-CA5893F9CA2B}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{26D924E9-87B0-460E-8C54-1C1C1B50D35C}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{95DDE86E-DBAF-48F8-ABFF-F99A77AB6768}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{862AFEBE-CFC6-40AA-8AEB-8F5C3E7B8B13}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{5F8613EB-A81C-4767-8931-57051969AED4}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{295D7D97-3E49-4B54-8772-9C08ABF8565B}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4181D021-8B32-4B3E-ACDE-8F1FC87EC486}] => (Allow) D:\Program Files\The Sims 4 City Living\Game\Bin\TS4.exe
FirewallRules: [{93D61893-8001-43F0-9407-0F831C73316D}] => (Allow) D:\Program Files\The Sims 4 City Living\Game\Bin\TS4.exe
FirewallRules: [{D60C8DBE-CB4B-4EEF-8FEC-AB18A36BBAFE}] => (Allow) D:\Program Files\The Sims 4 City Living\Game\Bin\TS4_x64.exe
FirewallRules: [{E0321DDF-3606-4493-B756-58573C4BB6C4}] => (Allow) D:\Program Files\The Sims 4 City Living\Game\Bin\TS4_x64.exe
FirewallRules: [{BD6FBAA9-FAFC-479E-86B7-F65F2F47BB05}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{4BC0AF57-2E54-4481-9A0B-FDAEAA8867DD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\RESIDENT EVIL 7 biohazard\re7.exe
FirewallRules: [{FF7133F9-9511-43F1-AFDC-E90979C1126B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{9B9DF50E-37BF-4C4A-AACB-E9FD604BCB79}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{F07E3317-C68E-4E6C-A8EF-414F2E96AB4A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{7910476A-3874-4B16-B081-84036A7868A6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{8271064B-52C0-4FA5-9BAC-724C17F82A2A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C20FE46F-718C-4E53-B363-AB8F25874D40}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4CB9C5C8-EE87-44AF-BA53-C431DE356C92}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F04788A1-B126-4698-BFC1-06F3842FD18A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7BDFDCD8-B8B3-481B-8800-DC897388F6AC}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe
FirewallRules: [{6A44690F-259E-42A6-BBE1-A894506725EE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe
FirewallRules: [{FADCC088-6C97-432D-AC9E-76FE46EA05EB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [{56059326-BEC1-43CD-8AB0-2436E1809896}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe
FirewallRules: [{79A2A3CD-74E8-43B6-99BB-CA528F0E0CCC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{75792572-D0AC-48E2-9BCA-369D8848E640}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\rainbowsix.exe
FirewallRules: [{0933A3CA-3390-483F-A5C4-243AF21D8351}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{951D61BD-66C9-4FF3-86D8-E1B0023D9022}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Need for Speed\NFS16.exe
FirewallRules: [{AF125AF0-D4B3-4F22-B788-9E5B3CD98EF4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Need for Speed\NFS16.exe
FirewallRules: [{122A8C85-24E3-499E-BAF9-8610700065D4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Need for Speed\NFS16_trial.exe
FirewallRules: [{611F97A0-924A-4D2E-BD56-30DB636AF528}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Need for Speed\NFS16_trial.exe
FirewallRules: [TCP Query User{7E4033FE-FE64-4FE3-B0AD-09EE56708BD3}C:\users\newto\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\newto\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{37CC2DEA-F829-4316-AD34-38D527B2DF33}C:\users\newto\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\newto\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D750B1AC-7C49-4CD1-89B6-40D64F0F4240}] => (Allow) D:\Program Files (x86)\DroidCam\DroidCamApp.exe
FirewallRules: [{6943C9F4-B8E2-4549-A9F3-5C15543EF2B9}] => (Allow) D:\Program Files (x86)\DroidCam\DroidCamApp.exe
FirewallRules: [{F03FE9EB-01BD-4352-9FE5-6A7DB746B4C0}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2CE11826-98C9-4945-98CB-21712EA7EBE3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{80CD2AFB-9D36-4A4B-8ACB-A4AF99BCE1C9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\SteamLauncher.exe
FirewallRules: [{86CDC928-9F73-4D18-B94A-9FDDE511C1FB}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{F247318A-E61D-4D80-8344-846223507522}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Watch_Dogs\bin\watch_dogs.exe
FirewallRules: [{F411C079-6EF6-4C76-8434-928BCDC2CC92}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{45366FDF-4D07-448D-9F29-EBBA86B3379D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B3DF3A7A-3C6D-4F66-B17A-54EA2788E767}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{4E92BE4B-C68E-47EA-A3C5-776AD0B4C6C9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{2871EAC1-76EE-43C1-881C-37FFB2626E98}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{FDF7DF49-756E-4F5B-8D3E-11DB2D2D54E7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win32\BlackSquadGame.exe
FirewallRules: [{5A21882B-4A15-42E5-B493-B41005236C8B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5317A23C-C279-4396-8336-9B925AC12B40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B41B5424-1F2B-40FF-9F52-628A599A96C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B9D326E8-B242-420B-8CC4-2060163A4678}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{1CFB53BB-DE53-4D2E-882F-0FC1E39854D3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{22A70F6B-AF87-4B7C-A7C5-892ADFD25944}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{7B42AD76-5C13-4D64-B949-8B68D9434B85}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{40F3E215-0862-43D7-BE6E-3BF602C265D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F6F23077-1FB7-4DD6-A989-FDA3F2A55503}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2369DD1C-08D0-407D-90C3-0F9B9B051382}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9FF374DB-7FB1-43F5-98FF-EF32DE85076F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Pontos de Restauração =========================


==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (03/12/2018 04:34:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NEWTON-PC)
Description: Falha na ativação do aplicativo Microsoft.BingNews_8wekyb3d8bbwe!AppexNews com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (03/12/2018 04:32:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NEWTON-PC)
Description: Falha na ativação do aplicativo Microsoft.BingNews_8wekyb3d8bbwe!AppexNews com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (03/12/2018 04:18:49 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: O mecanismo de regras não pôde executar uma ou mais ações agendadas.
Código de Erro:0x80070002
Caminho:<none>
Argumentos:<none>

Error: (03/12/2018 04:18:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: atieclxx.exe, versão: 6.14.11.1199, carimbo de data/hora: 0x563a76a9
Nome do módulo com falha: atieclxx.exe, versão: 6.14.11.1199, carimbo de data/hora: 0x563a76a9
Código de exceção: 0xc0000005
Deslocamento da falha: 0x00000000000425c6
ID do processo com falha: 0x5dc
Hora de início do aplicativo com falha: 0x01d3ba318d50501b
Caminho do aplicativo com falha: C:\WINDOWS\system32\atieclxx.exe
Caminho do módulo com falha: C:\WINDOWS\system32\atieclxx.exe
ID do Relatório: 93ecb679-fec6-4744-9ae2-ac05f8dff8a7
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (03/12/2018 04:09:02 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/12/2018 04:09:02 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/12/2018 04:08:53 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (03/12/2018 04:08:53 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000


Erros de Sistema:
=============
Error: (03/13/2018 12:46:00 AM) (Source: DCOM) (EventID: 10000) (User: AUTORIDADE NT)
Description: Não é possível iniciar o servidor DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. O erro:
"2"
Aconteceu ao iniciar este comando:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding

Error: (03/13/2018 12:45:00 AM) (Source: DCOM) (EventID: 10000) (User: AUTORIDADE NT)
Description: Não é possível iniciar o servidor DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. O erro:
"2"
Aconteceu ao iniciar este comando:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding

Error: (03/13/2018 12:44:00 AM) (Source: DCOM) (EventID: 10000) (User: AUTORIDADE NT)
Description: Não é possível iniciar o servidor DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. O erro:
"2"
Aconteceu ao iniciar este comando:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding

Error: (03/13/2018 12:43:00 AM) (Source: DCOM) (EventID: 10000) (User: AUTORIDADE NT)
Description: Não é possível iniciar o servidor DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. O erro:
"2"
Aconteceu ao iniciar este comando:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding

Error: (03/13/2018 12:42:00 AM) (Source: DCOM) (EventID: 10000) (User: AUTORIDADE NT)
Description: Não é possível iniciar o servidor DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. O erro:
"2"
Aconteceu ao iniciar este comando:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding

Error: (03/13/2018 12:41:00 AM) (Source: DCOM) (EventID: 10000) (User: AUTORIDADE NT)
Description: Não é possível iniciar o servidor DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. O erro:
"2"
Aconteceu ao iniciar este comando:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding

Error: (03/13/2018 12:40:00 AM) (Source: DCOM) (EventID: 10000) (User: AUTORIDADE NT)
Description: Não é possível iniciar o servidor DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. O erro:
"2"
Aconteceu ao iniciar este comando:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding

Error: (03/13/2018 12:39:00 AM) (Source: DCOM) (EventID: 10000) (User: AUTORIDADE NT)
Description: Não é possível iniciar o servidor DCOM: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. O erro:
"2"
Aconteceu ao iniciar este comando:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding


Windows Defender:
===================================
Date: 2017-09-20 18:49:14.714
Description: 
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {107F1D2F-00F1-4873-8F4B-9923EAE92529}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Completa
Usuário: NEWTON-PC\Newton

Date: 2017-09-26 13:48:13.962
Description: 
O Windows Defender encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura: 
Versão da Assinatura Anterior: 1.251.1202.0
Origem da Atualização: Servidor do Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão do Mecanismo Atual: 
Versão do Mecanismo Anterior: 1.1.14104.0
Código de erro: 0x8024401c
Descrição do erro: Erro inesperado ao verificar atualizações. Para obter informações sobre como instalar ou solucionar problemas de atualizações, consulte Ajuda e Suporte. 

Date: 2017-09-20 19:24:22.793
Description: 
O recurso de Proteção em Tempo Real do Windows Defender encontrou um erro e falhou.
Recurso: Monitoramento do Comportamento
Código do Erro: 0x80508023
Descrição do erro: O programa não encontrou malware e outros programas potencialmente indesejados neste computador. 
Motivo: A proteção em tempo real parou de funcionar por um motivo desconhecido. Reinicie o serviço para recuperar.

Date: 2017-09-20 19:24:21.924
Description: 
O recurso de Proteção em Tempo Real do Windows Defender encontrou um erro e falhou.
Recurso: Monitoramento do Comportamento
Código do Erro: 0x80508023
Descrição do erro: O programa não encontrou malware e outros programas potencialmente indesejados neste computador. 
Motivo: A proteção antimalware parou de funcionar por um motivo desconhecido. Em alguns casos, reiniciar o serviço pode resolver o problema.

Date: 2017-09-20 19:14:39.206
Description: 
O recurso de Proteção em Tempo Real do Windows Defender encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x8007043c
Descrição do erro: Não é possível compartilhar este serviço no modo de segurança 
Motivo: A proteção antimalware parou de funcionar por um motivo desconhecido. Em alguns casos, reiniciar o serviço pode resolver o problema.

Date: 2017-09-20 18:43:20.923
Description: 
O Windows Defender encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura: 
Versão da Assinatura Anterior: 0.0.0.0
Origem da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo de Assinatura: Sistema de Inspeção de Rede
Tipo de Atualização: Completa
Usuário: AUTORIDADE NT\SERVIÇO DE REDE
Versão do Mecanismo Atual: 
Versão do Mecanismo Anterior: 0.0.0.0
Código de erro: 0x80072742
Descrição do erro: Uma operação de soquete encontrou uma rede inoperante. 

CodeIntegrity:
===================================

Date: 2018-03-12 19:41:00.468
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-12 18:41:47.808
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-12 18:11:00.412
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-12 17:41:00.336
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-12 17:11:00.386
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-12 16:41:00.418
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-12 01:34:05.733
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-11 19:30:16.098
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentagem de memória em uso: 33%
RAM física total: 16306.92 MB
RAM física disponível: 10860.09 MB
Virtual Total: 25522.92 MB
Virtual disponível: 18200.68 MB

==================== Drives ================================

Drive c: (SSD (Win10)) (Fixed) (Total:111.35 GB) (Free:3.38 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]
Drive d: (HD 1TB (Docs e Programas)) (Fixed) (Total:931.51 GB) (Free:44.82 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]
Drive e: (HD 1TB (Downloads)) (Fixed) (Total:931.51 GB) (Free:9.14 GB) NTFS

\\?\Volume{5f1758d5-0000-0000-0000-60d61b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A494F232)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 58A4D5A5)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Newton Sandey

 

Em relação a malwares, não temos mais problemas.

Ultimas instruções.

Baixe o Delfix by Xplode do link abaixo e salve na sua área de trabalho.
http://www.bleepingcomputer.com/download/delfix/dl/281/

Dê dois cliques no delfix.exe para executá-lo. Marque as caixas conforme imagem.

*** Usuários do Windows Vista, 7, 8/8.1 e Windows 10clique com o direito sobre o arquivo delfix.exe, depois clique emVRIfczU.png

ipb9zl.png

Clique no botão Executar.

Ao final será gerado um log, mas não é necessário postar.

MANTENHA O SO ATUALIZADO:
Mantenha como "automatica" as atualizações do windows. Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações. Por isso é fundamental manter o seu sistema atualizado.

Se não tiver mais problema em relação a malwares, clique em Denunciar Post localizado no topo da pagina e diga que seu topico está RESOLVIDO. Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do CdH.

Att.
Elias Pereira

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×