Ir ao conteúdo
  • Cadastre-se
Paulo Passos

Sequestrador de navegador - Prizemediayou.com

Recommended Posts

Boa noite, eu estava navegando normalmente quando se abriu uma página no navegador como a seguinte mensagem: 

 

Viernes Julio 27, 2018 

Querido usuário do Google 

Parabéns Você é um dos 10 usuários que selecionamos para receber a chance de ganhar um Movie Card Streaming, Samsung Galaxy S9 ou iPad pro  (pedindo pra clicar no OK ) 

 

Na aba do navegador estava escrito : Programa de recompensas do cliente Google 

 

A barra de endereço : https://prizemediayou.com/ptmoviegoo/index.php?Ipkey=156a32b873be94d870&uclick=j2usa8q5# ( Não Clique ! ) 

 

Obs: Fechei a guia e pesquisei a respeito e descobrir tratar de um vírus...por isso busquei ajuda aqui..agradeço desde já se for possível um solução, ou me certificar que não a perigo. 

 

 

 

ZA-Scan.txt

  • Curtir 3

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Paulo Passos

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.nicolascoolman.com/download/zhpcleaner/


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

  • Curtir 4

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite @Elias Pereira

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 28/07/18
Hora da análise: 23:08
Arquivo de registro: 4736aac2-92d4-11e8-8028-843497d79e3c.json
Administrador: Sim

-Informação do software-
Versão: 3.5.1.2522
Versão de componentes: 1.0.391
Versão do pacote de definições: 1.0.6113
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 10 (Build 17134.165)
CPU: x64
Sistema de arquivos: NTFS
Usuário: PAULO\pauloroberto

-Resumo da análise-
Tipo de análise: Análise Customizada
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 427186
Ameaças detectadas: 3
Ameaças em quarentena: 3
Tempo decorrido: 6 hr, 21 min, 51 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 3
PUP.Optional.InstallCore.Generic, C:\USERS\PAULOROBERTO\DOWNLOADS\ATUBE_CATCHER_3590607532.EXE, Quarentena, [6190], [512134],1.0.6113
PUP.Optional.InstallCore.Generic, C:\USERS\PAULOROBERTO\DOWNLOADS\ATUBE_CATCHER_1818833799.EXE, Quarentena, [6190], [512134],1.0.6113
PUP.Optional.InstallCore.Generic, C:\USERS\PAULOROBERTO\DOWNLOADS\ATUBE_CATCHER_3780311126.EXE, Quarentena, [6190], [512134],1.0.6113

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build:    07-17-2018
# Database: 2018-07-25.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-29-2018
# Duration: 00:00:25
# OS:       Windows 10 Home Single Language
# Scanned:  41737
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

 

~ ZHPCleaner v2018.7.27.154 by Nicolas Coolman (2018/07/27)
~ Run by pauloroberto (Administrator)  (29/07/2018 20:40:41)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\pauloroberto\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\pauloroberto\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 17134)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (18)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.


---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 94672
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of search in 00h05mn48s
ZHPCleaner--29072018-20_46_29.txt

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Paulo Passos

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x64) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Quando a janela da Eula aparecer, clique em Accept.
  • Selecione a aba SCAN
  • Clique em START SCAN
  • Aguarde ate que o scan termine...
  • Clique no botão OPEN REPORT
  • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
  • Clique em OK e feche o RogueKiller.


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta
  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde @Elias Pereira

 

RogueKiller V12.12.29.0 (x64) [Jul 30 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 10 (10.0.17134) 64 bits version
Iniciou : Modo normal
Usuário : pauloroberto [Administrador]
Started from : C:\Users\pauloroberto\Desktop\RogueKiller_portable64.exe
Modo : Escanear -- Data : 08/03/2018 13:12:09 (Duration : 01:04:45)

¤¤¤ Processos : 0 ¤¤¤

¤¤¤ Registro : 0 ¤¤¤

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 0 ¤¤¤

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++
--- User ---
[MBR] 567e446face4702c7757505e6ab30a89
[BSP] 31b7c25a3ac5211e3515d8f3bb8f5aa6 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 695351 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1425696768 | Size: 910 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1427560448 | Size: 350 MB
6 - [SYSTEM] Basic data partition | Offset (sectors): 1428277248 | Size: 18003 MB
User = LL1 ... OK
User = LL2 ... OK

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Paulo Passos

 

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em VRIfczU.png .
Aceite o contrato e depois clique no botão Scan/Examinar.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite @Elias Pereira    

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 02.08.2018
Executado por pauloroberto (administrador) em PAULO (05-08-2018 15:23:26)
Executando a partir de C:\Users\pauloroberto\Desktop
Perfis Carregados: pauloroberto (Perfis Disponíveis: pauloroberto)
Platform: Windows 10 Home Single Language Versão 1803 17134.165 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-07-17] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd)
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Policies\system: [DisableChangePassword] 0
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2013-01-09] (EasyBits Software Corp.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{3640073b-a834-4b34-85e2-dede8965b1d5}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{8220c711-64d8-4bf8-a5c4-2cb4a983693d}: [DhcpNameServer] 192.168.15.1

Internet Explorer:
==================
HKU\S-1-5-21-722139864-351113054-575651663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/hpcon13/3
SearchScopes: HKU\S-1-5-21-722139864-351113054-575651663-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-722139864-351113054-575651663-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Sem Nome -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Nenhum Arquivo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKU\S-1-5-21-722139864-351113054-575651663-1001 -> Sem Nome - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Nenhum Arquivo
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect125.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -  Nenhum Arquivo

FireFox:
========
FF ProfilePath: C:\Users\pauloroberto\AppData\Roaming\Mozilla\Firefox\Profiles\lc8r4j3l.default [2018-07-28]
FF Extension: (Sem Nome) - C:\Program Files\VDownloader\Addons\FireFox [não encontrado (a)]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll [2018-07-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-06-28] ()
FF Plugin HKU\S-1-5-21-722139864-351113054-575651663-1001: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll [Nenhum Arquivo]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\pauloroberto\AppData\Local\Google\Chrome\User Data\Default [2018-08-05]
CHR Extension: (Documentos) - C:\Users\pauloroberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\pauloroberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\pauloroberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\pauloroberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Documentos Google off-line) - C:\Users\pauloroberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (HP Network Check Launcher) - C:\Users\pauloroberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-01-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\pauloroberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\pauloroberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\pauloroberto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-25]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-28] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
S4 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [Arquivo não assinado]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-07-31] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-07-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2018-04-11] (MediaTek Inc.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-07-31] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-31] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-07-31] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-14] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-08-05 15:23 - 2018-08-05 15:24 - 000017016 _____ C:\Users\pauloroberto\Desktop\FRST.txt
2018-08-05 15:22 - 2018-08-05 15:23 - 000000000 ____D C:\FRST
2018-08-05 14:24 - 2018-08-05 14:24 - 000000000 ___HD C:\OneDriveTemp
2018-08-04 19:35 - 2018-08-04 19:35 - 002412544 _____ (Farbar) C:\Users\pauloroberto\Desktop\FRST64.exe
2018-08-03 14:19 - 2018-08-03 14:19 - 000003070 _____ C:\Users\pauloroberto\Desktop\RogueKiller.txt
2018-08-03 11:56 - 2018-08-03 11:56 - 027088440 _____ (Adlice Software) C:\Users\pauloroberto\Desktop\RogueKiller_portable64.exe
2018-07-29 20:46 - 2018-07-29 20:46 - 000001423 _____ C:\Users\pauloroberto\Desktop\ZHPCleaner.txt
2018-07-29 20:38 - 2018-07-29 20:46 - 000000000 ____D C:\Users\pauloroberto\AppData\Roaming\ZHP
2018-07-29 20:38 - 2018-07-29 20:38 - 000000917 _____ C:\Users\pauloroberto\Desktop\ZHPCleaner.lnk
2018-07-29 20:38 - 2018-07-29 20:38 - 000000000 ____D C:\Users\pauloroberto\AppData\Local\ZHP
2018-07-29 20:37 - 2018-07-29 20:37 - 003261824 _____ C:\Users\pauloroberto\Desktop\ZHPCleaner.exe
2018-07-29 20:32 - 2018-07-29 20:33 - 000000000 ____D C:\AdwCleaner
2018-07-29 20:17 - 2018-07-29 20:20 - 007417040 _____ (Malwarebytes) C:\Users\pauloroberto\Desktop\adwcleaner_7.2.2.exe
2018-07-28 23:05 - 2018-07-28 23:05 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-28 23:05 - 2018-07-28 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-28 23:05 - 2018-07-28 23:05 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-28 23:05 - 2018-06-19 14:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-28 23:02 - 2018-07-28 23:02 - 077210640 _____ (Malwarebytes ) C:\Users\pauloroberto\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.391-1.0.6101.exe
2018-07-28 21:30 - 2018-07-28 21:30 - 000001399 _____ C:\Users\Public\Desktop\Music Search MP3.lnk
2018-07-28 21:30 - 2018-07-28 21:30 - 000001255 _____ C:\Users\Public\Desktop\aTube Catcher.lnk
2018-07-28 21:30 - 2018-07-28 21:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2018-07-28 21:30 - 2008-08-18 19:18 - 000077824 _____ (Fox Magic Software) C:\WINDOWS\SysWOW64\fmcodec.DLL
2018-07-27 23:52 - 2018-07-27 23:52 - 000012412 _____ C:\ZA-Scan.txt
2018-07-27 23:45 - 2018-07-27 23:45 - 000000000 ____D C:\zoek_backup
2018-07-27 23:29 - 2018-07-29 01:23 - 000000000 ____D C:\Users\pauloroberto\Desktop\zoek
2018-07-27 23:28 - 2018-07-27 23:29 - 006102389 _____ C:\Users\pauloroberto\Desktop\zoek.zip
2018-07-27 00:23 - 2018-08-03 16:19 - 000002274 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-07-27 00:23 - 2018-08-02 14:39 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-07-27 00:23 - 2018-07-27 00:23 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-27 00:23 - 2018-07-27 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-07-27 00:23 - 2018-07-27 00:23 - 000000000 ____D C:\Program Files\CCleaner
2018-07-26 23:26 - 2018-07-26 23:26 - 016625464 _____ (Piriform Ltd) C:\Users\pauloroberto\Downloads\ccsetup545.exe
2018-07-19 21:47 - 2018-07-19 21:47 - 000251621 _____ C:\Users\pauloroberto\Documents\vivoinv_802680315718.pdf
2018-07-10 23:47 - 2018-06-28 22:13 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-07-10 23:47 - 2018-06-28 22:13 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-10 20:24 - 2018-07-06 08:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-10 20:24 - 2018-07-06 04:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-10 20:24 - 2018-07-06 04:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-10 20:24 - 2018-06-15 02:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-10 20:24 - 2018-06-15 02:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-10 20:23 - 2018-07-06 10:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-10 20:23 - 2018-07-06 10:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-10 20:23 - 2018-07-06 08:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-10 20:23 - 2018-07-06 04:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-10 20:23 - 2018-07-06 04:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-10 20:23 - 2018-07-06 04:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-10 20:23 - 2018-07-06 04:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-10 20:23 - 2018-07-06 04:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-10 20:23 - 2018-07-06 03:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-10 20:23 - 2018-07-06 03:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-10 20:23 - 2018-07-06 03:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-10 20:23 - 2018-06-15 14:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-10 20:23 - 2018-06-15 14:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-10 20:23 - 2018-06-15 12:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-10 20:23 - 2018-06-15 02:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-10 20:23 - 2018-06-15 02:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-10 20:23 - 2018-06-15 02:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-10 20:23 - 2018-06-15 02:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-10 20:23 - 2018-06-15 02:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-10 20:23 - 2018-06-15 02:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-10 20:23 - 2018-06-15 02:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-10 20:23 - 2018-06-15 02:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-10 20:23 - 2018-06-15 02:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-10 20:23 - 2018-06-15 02:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-10 20:23 - 2018-06-15 02:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-10 20:23 - 2018-06-15 02:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-10 20:23 - 2018-06-15 02:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-10 20:23 - 2018-06-15 02:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-10 20:23 - 2018-06-15 02:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-10 20:23 - 2018-06-15 01:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-10 20:23 - 2018-06-15 01:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-10 20:22 - 2018-07-06 11:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-10 20:22 - 2018-07-06 11:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-10 20:22 - 2018-07-06 11:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-10 20:22 - 2018-07-06 11:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-10 20:22 - 2018-07-06 11:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-10 20:22 - 2018-07-06 11:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-10 20:22 - 2018-07-06 11:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-10 20:22 - 2018-07-06 10:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-10 20:22 - 2018-07-06 10:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-10 20:22 - 2018-07-06 10:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-10 20:22 - 2018-07-06 09:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-10 20:22 - 2018-07-06 04:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-10 20:22 - 2018-07-06 04:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-10 20:22 - 2018-07-06 04:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-10 20:22 - 2018-07-06 04:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-10 20:22 - 2018-07-06 04:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-10 20:22 - 2018-07-06 04:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-10 20:22 - 2018-07-06 04:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-10 20:22 - 2018-07-06 04:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-10 20:22 - 2018-07-06 04:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-10 20:22 - 2018-07-06 04:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-10 20:22 - 2018-07-06 04:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-10 20:22 - 2018-07-06 04:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-10 20:22 - 2018-07-06 04:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-10 20:22 - 2018-07-06 04:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-10 20:22 - 2018-07-06 04:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-10 20:22 - 2018-07-06 04:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-10 20:22 - 2018-07-06 03:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-10 20:22 - 2018-07-06 03:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-10 20:22 - 2018-07-06 03:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-10 20:22 - 2018-07-06 03:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-10 20:22 - 2018-07-06 03:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-10 20:22 - 2018-07-06 03:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-10 20:22 - 2018-07-06 03:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-10 20:22 - 2018-07-06 03:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-10 20:22 - 2018-07-06 03:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-10 20:22 - 2018-07-06 03:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-10 20:22 - 2018-07-06 03:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-10 20:22 - 2018-07-06 03:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-10 20:22 - 2018-07-06 03:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-10 20:22 - 2018-07-06 03:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-10 20:22 - 2018-07-06 03:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-10 20:22 - 2018-07-06 03:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-10 20:22 - 2018-07-06 03:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-10 20:22 - 2018-06-15 14:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-10 20:22 - 2018-06-15 14:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-10 20:22 - 2018-06-15 14:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-10 20:22 - 2018-06-15 14:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-10 20:22 - 2018-06-15 14:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-10 20:22 - 2018-06-15 14:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-10 20:22 - 2018-06-15 12:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-10 20:22 - 2018-06-15 12:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-10 20:22 - 2018-06-15 12:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-10 20:22 - 2018-06-15 02:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-10 20:22 - 2018-06-15 02:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-10 20:22 - 2018-06-15 02:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-10 20:22 - 2018-06-15 02:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-10 20:22 - 2018-06-15 02:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-10 20:22 - 2018-06-15 02:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-10 20:22 - 2018-06-15 02:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-10 20:22 - 2018-06-15 02:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-10 20:22 - 2018-06-15 02:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-10 20:22 - 2018-06-15 02:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-10 20:22 - 2018-06-15 02:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-10 20:22 - 2018-06-15 02:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-10 20:22 - 2018-06-15 02:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-10 20:22 - 2018-06-15 02:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-10 20:22 - 2018-06-15 02:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-10 20:22 - 2018-06-15 01:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-10 20:22 - 2018-06-15 01:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-10 20:22 - 2018-06-15 01:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-10 20:22 - 2018-06-15 01:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-10 20:22 - 2018-06-15 01:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-10 20:22 - 2018-06-15 01:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-10 20:22 - 2018-06-15 01:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-10 20:22 - 2018-06-15 01:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-10 20:22 - 2018-06-15 01:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-10 20:22 - 2018-06-15 01:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-10 20:22 - 2018-06-15 01:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-10 20:22 - 2018-06-15 01:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-10 20:22 - 2018-06-15 01:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-10 20:22 - 2018-06-15 01:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-10 20:22 - 2018-06-15 01:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-10 20:22 - 2018-06-15 01:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-10 20:22 - 2018-06-15 01:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-10 20:22 - 2018-06-15 01:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-10 20:21 - 2018-07-06 11:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-10 20:21 - 2018-07-06 11:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-10 20:21 - 2018-07-06 11:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-10 20:21 - 2018-07-06 11:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-10 20:21 - 2018-07-06 10:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-10 20:21 - 2018-07-06 10:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-10 20:21 - 2018-07-06 10:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-10 20:21 - 2018-07-06 10:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-10 20:21 - 2018-07-06 08:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-10 20:21 - 2018-07-06 08:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-10 20:21 - 2018-07-06 08:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-10 20:21 - 2018-07-06 08:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-10 20:21 - 2018-07-06 08:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-10 20:21 - 2018-07-06 04:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-10 20:21 - 2018-07-06 04:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-10 20:21 - 2018-07-06 04:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-10 20:21 - 2018-07-06 04:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-10 20:21 - 2018-07-06 04:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-10 20:21 - 2018-07-06 04:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-10 20:21 - 2018-07-06 04:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-10 20:21 - 2018-07-06 04:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-10 20:21 - 2018-07-06 04:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-10 20:21 - 2018-07-06 04:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-10 20:21 - 2018-07-06 04:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-10 20:21 - 2018-07-06 04:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-10 20:21 - 2018-07-06 04:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-10 20:21 - 2018-07-06 04:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-10 20:21 - 2018-07-06 04:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-10 20:21 - 2018-07-06 04:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-10 20:21 - 2018-07-06 04:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-10 20:21 - 2018-07-06 04:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-10 20:21 - 2018-07-06 04:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-10 20:21 - 2018-07-06 04:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-10 20:21 - 2018-07-06 04:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-10 20:21 - 2018-07-06 04:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-10 20:21 - 2018-07-06 04:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-10 20:21 - 2018-07-06 03:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-10 20:21 - 2018-07-06 03:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-10 20:21 - 2018-07-06 03:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-10 20:21 - 2018-07-06 03:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-10 20:21 - 2018-07-06 03:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-10 20:21 - 2018-07-06 03:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-10 20:21 - 2018-07-06 03:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-10 20:21 - 2018-07-06 03:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-10 20:21 - 2018-07-06 03:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-10 20:21 - 2018-07-06 03:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-10 20:21 - 2018-07-06 03:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-10 20:21 - 2018-07-06 03:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-10 20:21 - 2018-07-06 03:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-10 20:21 - 2018-07-06 03:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-10 20:21 - 2018-07-06 03:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-10 20:21 - 2018-07-06 03:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-10 20:21 - 2018-07-06 03:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-10 20:21 - 2018-07-06 03:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-10 20:21 - 2018-07-06 03:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-10 20:21 - 2018-07-06 03:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-10 20:21 - 2018-07-06 03:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-10 20:21 - 2018-07-06 03:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-10 20:21 - 2018-07-06 03:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-10 20:21 - 2018-07-06 03:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-10 20:21 - 2018-07-06 03:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-10 20:21 - 2018-07-06 03:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-10 20:21 - 2018-07-06 03:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-10 20:21 - 2018-07-06 03:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-10 20:21 - 2018-07-06 03:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-10 20:21 - 2018-07-06 03:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-10 20:21 - 2018-07-06 03:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-10 20:21 - 2018-07-06 03:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-10 20:21 - 2018-07-06 03:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-10 20:21 - 2018-07-06 03:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-10 20:21 - 2018-07-06 03:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-10 20:21 - 2018-07-06 03:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-10 20:21 - 2018-07-06 03:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-10 20:21 - 2018-07-06 03:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-10 20:21 - 2018-07-06 03:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-10 20:21 - 2018-07-06 03:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-10 20:21 - 2018-07-06 03:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-10 20:21 - 2018-06-15 14:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-10 20:21 - 2018-06-15 14:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-10 20:21 - 2018-06-15 14:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-10 20:21 - 2018-06-15 14:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-10 20:21 - 2018-06-15 14:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-10 20:21 - 2018-06-15 14:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-10 20:21 - 2018-06-15 14:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-10 20:21 - 2018-06-15 14:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-10 20:21 - 2018-06-15 14:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-10 20:21 - 2018-06-15 14:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-10 20:21 - 2018-06-15 14:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-10 20:21 - 2018-06-15 14:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-10 20:21 - 2018-06-15 14:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-10 20:21 - 2018-06-15 14:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-10 20:21 - 2018-06-15 14:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-10 20:21 - 2018-06-15 12:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-10 20:21 - 2018-06-15 12:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-10 20:21 - 2018-06-15 12:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-10 20:21 - 2018-06-15 12:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-10 20:21 - 2018-06-15 12:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-10 20:21 - 2018-06-15 10:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-10 20:21 - 2018-06-15 04:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-10 20:21 - 2018-06-15 04:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-10 20:21 - 2018-06-15 04:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-10 20:21 - 2018-06-15 02:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-10 20:21 - 2018-06-15 02:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-10 20:21 - 2018-06-15 02:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-10 20:21 - 2018-06-15 02:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-10 20:21 - 2018-06-15 02:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-10 20:21 - 2018-06-15 02:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-10 20:21 - 2018-06-15 02:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-10 20:21 - 2018-06-15 02:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-10 20:21 - 2018-06-15 02:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-10 20:21 - 2018-06-15 02:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-10 20:21 - 2018-06-15 02:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-10 20:21 - 2018-06-15 02:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-10 20:21 - 2018-06-15 02:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-10 20:21 - 2018-06-15 02:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-10 20:21 - 2018-06-15 02:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-10 20:21 - 2018-06-15 02:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-10 20:21 - 2018-06-15 02:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-10 20:21 - 2018-06-15 02:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-10 20:21 - 2018-06-15 02:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-10 20:21 - 2018-06-15 02:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-10 20:21 - 2018-06-15 02:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-10 20:21 - 2018-06-15 02:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-10 20:21 - 2018-06-15 02:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-10 20:21 - 2018-06-15 02:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-10 20:21 - 2018-06-15 02:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-10 20:21 - 2018-06-15 02:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-10 20:21 - 2018-06-15 02:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-10 20:21 - 2018-06-15 02:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-10 20:21 - 2018-06-15 02:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-10 20:21 - 2018-06-15 02:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-10 20:21 - 2018-06-15 02:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-10 20:21 - 2018-06-15 02:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-10 20:21 - 2018-06-15 02:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-10 20:21 - 2018-06-15 02:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-10 20:21 - 2018-06-15 02:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-10 20:21 - 2018-06-15 02:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-10 20:21 - 2018-06-15 02:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-10 20:21 - 2018-06-15 02:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-10 20:21 - 2018-06-15 02:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-10 20:21 - 2018-06-15 02:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-10 20:21 - 2018-06-15 02:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-10 20:21 - 2018-06-15 02:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-10 20:21 - 2018-06-15 02:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-10 20:21 - 2018-06-15 02:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-10 20:21 - 2018-06-15 02:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-10 20:21 - 2018-06-15 02:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-10 20:21 - 2018-06-15 02:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-10 20:21 - 2018-06-15 02:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-10 20:21 - 2018-06-15 02:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-10 20:21 - 2018-06-15 01:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-10 20:21 - 2018-06-15 01:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-10 20:21 - 2018-06-15 01:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-10 20:21 - 2018-06-15 01:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-10 20:21 - 2018-06-15 01:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-10 20:21 - 2018-06-15 01:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 20:21 - 2018-06-15 01:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-10 20:21 - 2018-06-15 01:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-10 20:21 - 2018-06-15 01:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-10 20:21 - 2018-06-15 01:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-10 20:21 - 2018-06-15 01:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-10 20:21 - 2018-06-15 01:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-10 20:21 - 2018-06-15 01:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-10 20:21 - 2018-06-15 01:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-10 20:21 - 2018-06-15 01:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-10 20:21 - 2018-06-15 01:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-10 20:21 - 2018-06-15 01:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-10 20:21 - 2018-06-15 01:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-10 20:21 - 2018-06-15 01:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-10 20:21 - 2018-06-15 01:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-10 20:21 - 2018-06-15 01:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-10 20:21 - 2018-06-15 01:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-10 20:21 - 2018-06-15 01:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-10 20:21 - 2018-06-15 01:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-10 20:21 - 2018-06-15 01:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-10 20:21 - 2018-06-15 01:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-10 20:21 - 2018-06-15 01:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-10 20:21 - 2018-06-15 01:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-10 20:21 - 2018-06-15 01:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-10 20:21 - 2018-06-15 01:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-10 20:21 - 2018-06-15 01:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-10 20:21 - 2018-06-15 01:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-10 20:21 - 2018-06-15 01:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-10 20:21 - 2018-06-15 01:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-10 20:21 - 2018-06-15 01:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-10 20:21 - 2018-06-15 01:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-10 20:21 - 2018-06-15 01:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-10 20:21 - 2018-06-15 01:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-10 20:21 - 2018-06-15 01:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-10 20:21 - 2018-06-15 01:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-10 20:21 - 2018-06-15 01:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-10 20:21 - 2018-06-15 01:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-10 20:21 - 2018-06-15 01:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-10 20:21 - 2018-06-15 01:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-10 20:21 - 2018-06-15 01:37 - 001069056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-07-10 20:21 - 2018-06-15 01:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-10 20:20 - 2018-07-06 10:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-10 20:20 - 2018-07-06 10:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-10 20:20 - 2018-07-06 10:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-10 20:20 - 2018-07-06 10:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-10 20:20 - 2018-07-06 08:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-10 20:20 - 2018-07-06 08:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-10 20:20 - 2018-07-06 08:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-10 20:20 - 2018-07-06 08:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-10 20:20 - 2018-07-06 08:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-10 20:20 - 2018-07-06 04:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-10 20:20 - 2018-07-06 04:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-10 20:20 - 2018-07-06 04:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-10 20:20 - 2018-07-06 04:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-10 20:20 - 2018-07-06 04:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-10 20:20 - 2018-07-06 04:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-10 20:20 - 2018-07-06 04:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-10 20:20 - 2018-07-06 04:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-10 20:20 - 2018-07-06 03:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-10 20:20 - 2018-07-06 03:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-10 20:20 - 2018-07-06 03:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-10 20:20 - 2018-07-06 03:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-10 20:20 - 2018-07-06 03:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-10 20:20 - 2018-07-06 03:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-10 20:20 - 2018-07-06 03:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-10 20:20 - 2018-07-06 03:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-10 20:20 - 2018-07-06 03:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-10 20:20 - 2018-07-06 03:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-10 20:20 - 2018-07-06 03:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-10 20:20 - 2018-07-06 03:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-10 20:20 - 2018-07-06 03:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-10 20:20 - 2018-07-06 03:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-10 20:20 - 2018-07-06 03:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-10 20:20 - 2018-07-06 03:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-10 20:20 - 2018-07-06 03:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-10 20:20 - 2018-07-06 03:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-10 20:20 - 2018-07-06 03:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-10 20:20 - 2018-07-06 02:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-10 20:20 - 2018-06-29 01:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-10 20:20 - 2018-06-15 14:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-10 20:20 - 2018-06-15 14:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-10 20:20 - 2018-06-15 14:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-10 20:20 - 2018-06-15 14:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-10 20:20 - 2018-06-15 14:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-10 20:20 - 2018-06-15 14:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-10 20:20 - 2018-06-15 14:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-10 20:20 - 2018-06-15 14:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-10 20:20 - 2018-06-15 14:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-10 20:20 - 2018-06-15 12:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-10 20:20 - 2018-06-15 12:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-10 20:20 - 2018-06-15 12:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-10 20:20 - 2018-06-15 12:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-10 20:20 - 2018-06-15 01:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-10 20:20 - 2018-06-15 01:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-10 20:20 - 2018-06-15 01:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-10 20:20 - 2018-06-15 01:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-10 20:20 - 2018-06-15 01:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-10 20:20 - 2018-06-15 01:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-10 20:20 - 2018-06-15 01:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-10 20:20 - 2018-06-15 01:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-10 20:20 - 2018-06-15 01:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-10 20:20 - 2018-06-15 01:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-10 20:20 - 2018-06-15 01:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-10 20:20 - 2018-06-15 01:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-10 20:20 - 2018-06-15 01:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-10 20:20 - 2018-06-15 01:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-10 20:20 - 2018-06-15 01:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-10 20:20 - 2018-06-15 01:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-10 20:20 - 2018-06-15 01:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-10 20:20 - 2018-06-15 01:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-10 20:20 - 2018-06-15 01:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-10 20:20 - 2018-06-15 01:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-10 20:20 - 2018-06-15 01:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-10 20:20 - 2018-06-15 01:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-10 20:20 - 2018-06-15 01:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-10 20:20 - 2018-06-15 01:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-10 20:20 - 2018-06-01 02:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-09 23:37 - 2018-08-02 16:10 - 000000000 ____D C:\Users\Todos os Usuários\Packages
2018-07-09 23:37 - 2018-08-02 16:10 - 000000000 ____D C:\ProgramData\Packages

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-08-05 15:23 - 2017-07-14 11:35 - 001691309 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-08-05 15:16 - 2018-04-11 20:38 - 000000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2018-08-05 15:16 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-05 14:26 - 2018-06-02 00:04 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FDA9F6B-C881-4E18-9F5C-9C15DFC66B56}
2018-08-05 14:24 - 2015-07-29 03:05 - 000000000 ___RD C:\Users\pauloroberto\OneDrive
2018-08-05 14:22 - 2014-06-04 09:17 - 000000000 __SHD C:\Users\pauloroberto\IntelGraphicsProfiles
2018-08-04 18:40 - 2018-06-01 23:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-04 18:03 - 2013-04-04 16:10 - 000000000 ____D C:\Users\pauloroberto\AppData\Local\CrashDumps
2018-08-04 15:38 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-04 14:44 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-04 02:48 - 2013-03-10 16:18 - 000000000 ____D C:\Users\pauloroberto\Documents\Youcam
2018-08-03 21:13 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-03 13:12 - 2017-07-11 15:07 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-08-01 00:14 - 2018-06-02 00:04 - 000003292 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForpauloroberto
2018-08-01 00:14 - 2016-07-08 10:22 - 000000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForpauloroberto.job
2018-07-31 21:06 - 2018-02-25 19:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-31 21:06 - 2014-08-05 20:30 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-31 21:06 - 2014-08-05 20:30 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-31 15:56 - 2017-12-06 12:47 - 000000000 ____D C:\Users\pauloroberto\AppData\Local\PlaceholderTileLogoFolder
2018-07-31 15:56 - 2017-12-06 10:53 - 000000000 ____D C:\Users\pauloroberto\AppData\Local\Packages
2018-07-29 05:36 - 2018-06-02 00:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-28 23:05 - 2013-05-25 00:03 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2018-07-28 23:05 - 2013-05-25 00:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-28 21:30 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-28 21:30 - 2013-12-10 15:46 - 000000000 ____D C:\Program Files (x86)\DsNET Corp
2018-07-28 20:44 - 2018-06-01 23:29 - 001932698 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-28 20:44 - 2018-04-12 13:41 - 000819910 _____ C:\WINDOWS\system32\prfh0416.dat
2018-07-28 20:44 - 2018-04-12 13:41 - 000177852 _____ C:\WINDOWS\system32\prfc0416.dat
2018-07-28 20:38 - 2018-04-11 18:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-07-27 16:34 - 2013-04-14 17:42 - 000000000 ____D C:\Users\pauloroberto\Documents\RESTAURAÇAO CCLEANER
2018-07-27 09:13 - 2018-06-01 16:00 - 000000000 ___DC C:\WINDOWS\Panther
2018-07-27 09:13 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-07-27 09:13 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-19 01:49 - 2014-10-15 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-07-19 01:49 - 2014-10-15 01:37 - 000000000 ____D C:\Program Files (x86)\Java
2018-07-19 01:47 - 2014-10-15 01:37 - 000098680 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-07-16 21:17 - 2013-05-05 18:17 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-13 20:56 - 2018-06-02 00:04 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-722139864-351113054-575651663-1001
2018-07-13 20:56 - 2018-06-01 23:30 - 000002421 _____ C:\Users\pauloroberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-11 09:19 - 2017-12-30 00:57 - 000001375 _____ C:\Users\Public\Desktop\Skype.lnk
2018-07-11 09:19 - 2017-12-30 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-07-10 23:49 - 2015-07-29 09:26 - 000000000 ___RD C:\Users\pauloroberto\3D Objects
2018-07-10 23:49 - 2013-03-06 11:16 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-10 23:47 - 2018-06-01 23:21 - 000423848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-10 23:43 - 2018-04-12 13:45 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-10 23:43 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-10 23:43 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-10 23:42 - 2018-04-11 20:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-10 23:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-10 23:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-10 20:52 - 2013-07-12 00:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 20:47 - 2013-03-08 12:20 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 10:33 - 2018-06-02 00:04 - 000004654 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-10 10:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-07-10 10:33 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\Macromed

==================== Arquivos na raiz de alguns diretórios =======

2013-12-26 14:00 - 2018-07-03 21:12 - 000028160 _____ () C:\Users\pauloroberto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-09 10:43 - 2017-12-06 02:07 - 000007626 _____ () C:\Users\pauloroberto\AppData\Local\resmon.resmoncfg

Alguns arquivos em TEMP:
====================
2018-08-03 13:08 - 2018-07-06 04:25 - 001945784 _____ (Microsoft Corporation) C:\Users\pauloroberto\AppData\Local\Temp\dllnt_dump.dll
2018-07-27 23:45 - 2009-11-10 20:09 - 000157184 _____ () C:\Users\pauloroberto\AppData\Local\Temp\virustotal.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2018-06-01 23:21

==================== Fim de FRST.txt ============================

 

 

 

 

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 02.08.2018
Executado por pauloroberto (05-08-2018 15:25:48)
Executando a partir de C:\Users\pauloroberto\Desktop
Windows 10 Home Single Language Versão 1803 17134.165 (X64) (2018-06-02 03:06:30)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-722139864-351113054-575651663-500 - Administrator - Disabled)
Convidado (S-1-5-21-722139864-351113054-575651663-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-722139864-351113054-575651663-503 - Limited - Disabled)
pauloroberto (S-1-5-21-722139864-351113054-575651663-1001 - Administrator - Enabled) => C:\Users\pauloroberto
WDAGUtilityAccount (S-1-5-21-722139864-351113054-575651663-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.45 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WTA-338436fb-43d6-4c47-902a-6d15355381a7) (Version: 2.2.0.95 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dolby PCEE Drivers (HKLM\...\{758CEA50-8CE3-4F3B-89A5-5A90D513FA88}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dream Chronicles (HKLM-x32\...\WTA-d0412b56-0419-4926-9164-af73b0fac277) (Version: 2.2.0.95 - WildTangent) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (HKLM-x32\...\WTA-2a0090eb-018c-4b30-9df9-1360e91c0b7c) (Version: 2.2.0.98 - WildTangent) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Heartwild Solitaire (HKLM-x32\...\WTA-ee2e67ca-e046-4e43-a507-59e31c08184f) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{3C0714E4-D8F9-46A8-924E-D19D4FE46F64}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-722139864-351113054-575651663-1001\...\HPConnectedMusic) (Version: 1.1 (build 128) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3AD2C353-825B-47E6-9396-3C2F78D194FE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{230D401C-7342-46E4-BF7C-885B5B55AFB1}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.6.18.11 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F58E2607-024E-4E05-8016-6948B24D40F8}) (Version: 12.9.24.3 - Hewlett-Packard Company)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Jewel Quest II (HKLM-x32\...\WTA-58f86f34-7f54-44d0-96ce-a7fd3f309845) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (HKLM-x32\...\WTA-8775c9e2-2d4e-4b0c-b594-60cc3ee25383) (Version: 2.2.0.95 - WildTangent) Hidden
Jogos da WildTangent (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
JoJo's Fashion Show (HKLM-x32\...\WTA-2b86865e-1bba-4d27-8f28-5381bf07e48e) (Version: 2.2.0.95 - WildTangent) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mahjongg Artifacts (HKLM-x32\...\WTA-f9b9dff7-4c3a-4c27-8a3e-4428abbaf81d) (Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes versão 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-722139864-351113054-575651663-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\WTA-f6193c2f-e377-4107-8d24-99245b2092f7) (Version: 2.2.0.98 - WildTangent) Hidden
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4454.1513 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4454.1513 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0416-0000-0000000FF1CE}) (Version: 15.0.4454.1513 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Nome da empresa:)
Ralink RT2860  802.11 WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
SketchUp 8 (HKLM-x32\...\{E8E7C464-4E8D-4673-B10D-77B1D4E679BB}) (Version: 3.0.16955 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype versão 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Wedding Dash (HKLM-x32\...\WTA-0d943446-13f0-4bef-8a6d-c768f9ad72c1) (Version: 2.2.0.95 - WildTangent) Hidden
Westward (HKLM-x32\...\WTA-0911a3c5-5b0f-42ea-84df-fa7f4ddb6ef7) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
Zuma Deluxe (HKLM-x32\...\WTA-85812de0-f4b0-44f6-ae68-681af7ad2db8) (Version: 2.2.0.95 - WildTangent) Hidden

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-722139864-351113054-575651663-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  -> Nenhum Arquivo
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-21] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-05-21] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Nenhum Arquivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {0CF3C0F9-9CAA-4046-8DB7-68A81B130197} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {0D3F7099-A963-4EA7-A62C-622F9A4116A0} - \Microsoft\Windows\UNP\RunCampaignManager -> Nenhum Arquivo <==== ATENÇÃO
Task: {1469C4D1-F30C-4CFA-B0E5-864C28179ED1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {17F04ED6-5567-4B0E-977E-8F7D5B0075C7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-07-20] (Piriform Ltd)
Task: {1CFCF0F7-F683-4387-94CF-0B7693358245} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-07-10] (Microsoft Corporation)
Task: {23CE8949-A86C-4641-8A87-E7073A1269EA} - System32\Tasks\HPCeeScheduleForpauloroberto => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {274CD862-5C77-405A-86CA-F0ED6F0AC078} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {295AF7F3-FC6A-4F68-96CF-69D42C48A0EE} - \MirageAgent -> Nenhum Arquivo <==== ATENÇÃO
Task: {34819ED1-5C44-4C87-9238-4DCE728DCA01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {36200B79-5DB9-4B4B-9266-15E4DE0A35DC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {3C5EE241-46C8-43C2-89EF-831F67AFF882} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {3CCBEE92-3BED-47A6-98F5-17E50AF83D66} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-722139864-351113054-575651663-1001 -> Nenhum Arquivo <==== ATENÇÃO
Task: {3E6B9BCE-BCFA-45D2-83EF-53935AD02A15} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-17] ()
Task: {44247878-03C2-4FAD-A15E-17A4ED6A0F70} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {50421048-56B3-45E9-BE82-0609C4E7C294} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {5119D491-1835-4035-8279-2DA6259E8865} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO
Task: {51483F9D-FF2F-43CA-BE25-D6A6BA193409} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {54286C89-C1BC-47B1-8C3A-A4D3E3DC6DDF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {58613CE2-78EF-41E2-8E21-EED93FE32812} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {5A3640B4-7D1F-4BEC-AB97-A87E1F96F749} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {5D0E0E63-DCAE-4874-B722-FDCFB4308D71} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {5E18D0ED-3EA2-4D65-A834-60B576E560A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {652EC9F2-404F-4171-8438-5355F1158C76} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-722139864-351113054-575651663-1001
Task: {65335345-5C71-4AF3-A4A1-B0205FBE9F0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {663A435F-19B0-40F1-BEA5-61A370ED9F1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {6765E685-C13F-4569-B1B1-E7AE0C7CA449} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {69C1112C-C1FF-49F8-A1B3-6F9D32CC25B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-06-27] (HP Inc.)
Task: {7C82703C-ADA6-4583-B62D-0759B866EC07} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-07-20] (Piriform Ltd)
Task: {7CAE23BB-69E1-4786-95B7-F1E7CA2C6337} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {8CD0137F-FF09-493B-979B-2E5330A734B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO
Task: {9CB36B42-11C1-4591-A774-6494C104BC96} - \WPD\SqmUpload_S-1-5-21-722139864-351113054-575651663-1001 -> Nenhum Arquivo <==== ATENÇÃO
Task: {9E3D159E-3BE4-477F-8E58-4E002DA2BF75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {9FF6021C-526C-41AB-8979-DD5B16F6DA42} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {AC06BD3B-332A-42E9-98DA-C7714B793B4C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {AD2C4F5D-15E2-4828-85BC-80690BF6D9EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {AE1E1894-FB15-4B3F-8B87-81892E1150F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B4A8CC48-8D4B-4762-931C-9DDECA321D85} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {BA2F0526-BBB2-4A3E-AC2A-48A25F96C389} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {D38B7CBF-0275-4378-AA58-C689F93148C1} - System32\Tasks\S-1-5-21-722139864-351113054-575651663-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {DF98A37F-B668-4B30-8FA6-B6DA1EFF9D8E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {F0ECF106-4CEF-48AE-A99E-2FC06DCA5885} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForpauloroberto.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)


==================== Módulos Carregados (Whitelisted) ==============

2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-10 20:22 - 2018-07-06 03:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-10 20:22 - 2018-06-15 14:30 - 001308672 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2018-07-10 20:21 - 2018-06-15 14:55 - 000542888 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 001348664 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2018-05-01 18:18 - 2018-05-01 18:18 - 031061504 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1712.1141.0_x64__8wekyb3d8bbwe\PilotshubApp.dll
2018-05-01 18:18 - 2018-05-01 18:18 - 000502272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1712.1141.0_x64__8wekyb3d8bbwe\Helper.dll
2013-01-09 07:01 - 2012-06-25 15:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-05-21 18:01 - 2012-06-08 00:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)


==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2012-07-26 02:26 - 2013-08-18 23:31 - 000000707 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-722139864-351113054-575651663-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pauloroberto\Pictures\ANIMAIS\2338.jpg
DNS Servers: 192.168.15.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

MSCONFIG\Services: IconMan_R => 2
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKLM\...\StartupApproved\Run32: => "HP CoolSense"
HKLM\...\StartupApproved\Run32: => "Del36443515"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\StartupApproved\StartupFolder: => "Enviar para o OneNote.lnk"
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\StartupApproved\StartupFolder: => "Facebook Messenger.lnk"
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\StartupApproved\Run: => "Facebook Update"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [UDP Query User{93BF7082-42DB-463B-A207-BE6D1FD0F8E1}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [TCP Query User{DDE9915B-EBA5-4C38-8257-D7871B25C424}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{F8196263-43B8-467F-B3DF-19BF62DD48BE}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{ACA010FB-F0B4-44A9-A6AB-6F6A071850D8}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{AF6E10EE-334A-4F7A-B30D-425AA5440EBF}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{CE227CCC-4F03-42D8-90DD-6E74E605CF47}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{FC87F217-4610-4E06-A1F4-664A6F9BB2E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{573B9C63-8463-457A-8B20-559B82DAF759}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F9EC533D-BBA2-403B-B190-995D3BB6C2E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EDC6E823-7774-4940-8DDD-9FF8088F7E9F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{918F9341-6AF7-4D50-99FF-6941BD945376}] => (Allow) LPort=1900
FirewallRules: [{A93A6F3E-9F92-42A2-AF03-C5D02E6ACA40}] => (Allow) LPort=2869
FirewallRules: [{56648402-337A-4E86-A7B5-366BB50D835D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2F85DC94-6038-4230-8672-62037AF3783B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{E3D67341-01CA-4EF5-82AD-226420182468}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{9D3348DE-26DC-4A58-8F39-B781BAF71B0E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{ED1D94AC-DCCB-4F83-90A3-D4170ED43A1B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{1D30C7C6-0129-45AC-9C91-4CDF0D6EB364}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{BE4A99F5-54A1-47DB-A2DF-894F0786CAA2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{A6024B0E-9A5B-4A8A-A573-FD7C9C79AE5B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{059EEC37-B323-4FF1-828B-681E6EA5DFF5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Pontos de Restauração =========================

20-07-2018 15:05:32 Ponto de Verificação Agendado
01-08-2018 23:16:36 Instalador de Módulos do Windows
03-08-2018 11:37:41 Instalador de Módulos do Windows
04-08-2018 15:38:02 Instalador de Módulos do Windows

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (08/05/2018 02:22:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Paulo.local already in use; will try Paulo-2.local instead

Error: (08/05/2018 02:22:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 Paulo.local. AAAA FE80:0000:0000:0000:EC4B:D011:1B48:BD85

Error: (08/05/2018 02:22:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:EC4B:D011:1B48:BD85:5353   16 Paulo.local. AAAA 2804:01B2:0081:72B8:EC4B:D011:1B48:BD85

Error: (08/05/2018 02:22:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 Paulo.local. AAAA FE80:0000:0000:0000:EC4B:D011:1B48:BD85

Error: (08/05/2018 02:22:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:EC4B:D011:1B48:BD85:5353   16 Paulo.local. AAAA 2804:01B2:0081:72B8:EC4B:D011:1B48:BD85

Error: (08/04/2018 06:03:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: HPPU.exe, versão: 1.0.0.0, carimbo de data/hora: 0x50079e34
Nome do módulo com falha: d2d1.dll, versão: 10.0.17134.112, carimbo de data/hora: 0x47f48e23
Código de exceção: 0xc0000005
Deslocamento da falha: 0x002e1ffa
ID do processo com falha: 0x2d30
Hora de início do aplicativo com falha: 0x01d42c369f67fe72
Caminho do aplicativo com falha: C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\d2d1.dll
ID do Relatório: b113f931-c103-4b9d-a168-bd40f94da333
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (08/04/2018 02:43:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Paulo.local already in use; will try Paulo-2.local instead

Error: (08/04/2018 02:43:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister   16 Paulo.local. AAAA 2804:01B2:0081:2C4F:EC4B:D011:1B48:BD85


Erros de Sistema:
=============
Error: (08/05/2018 02:49:16 PM) (Source: DCOM) (EventID: 10016) (User: PAULO)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao usuário Paulo\pauloroberto SID (S-1-5-21-722139864-351113054-575651663-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (08/05/2018 02:25:27 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (08/05/2018 02:25:23 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: O servidor {784E29F4-5EBE-4279-9948-1E8FE941646D} não se registrou no DCOM dentro do tempo limite necessário.

Error: (08/05/2018 02:22:23 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 e APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (08/05/2018 02:22:23 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 e APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (08/05/2018 02:22:23 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (08/04/2018 03:15:06 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (08/04/2018 03:13:27 PM) (Source: DCOM) (EventID: 10016) (User: PAULO)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao usuário Paulo\pauloroberto SID (S-1-5-21-722139864-351113054-575651663-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.


Windows Defender:
===================================
Date: 2018-08-04 18:40:18.037
Description: 
O exame do Windows Defender Antivirus foi interrompido antes da conclusão.
ID do Exame: {F20CCA93-C629-4C18-9B0D-F933DC67859F}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2018-08-04 18:22:22.591
Description: 
O exame do Windows Defender Antivirus foi interrompido antes da conclusão.
ID do Exame: {66ED6AA1-9161-4EFE-ACD4-9DBFCB7FBF97}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2018-08-03 23:48:35.269
Description: 
O exame do Windows Defender Antivirus foi interrompido antes da conclusão.
ID do Exame: {8AE1811D-F665-41FB-80B0-46E76C71048A}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2018-08-03 23:10:46.076
Description: 
O exame do Windows Defender Antivirus foi interrompido antes da conclusão.
ID do Exame: {88276C51-8D4F-424C-A0E4-B670BA94270E}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2018-08-02 16:45:01.154
Description: 
O exame do Windows Defender Antivirus foi interrompido antes da conclusão.
ID do Exame: {131002C9-975E-425B-9E92-FD2602ACF758}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

CodeIntegrity:
===================================

Date: 2018-07-31 16:06:33.630
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-07-29 04:40:01.745
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-29 04:38:58.450
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-29 04:38:58.406
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-29 04:33:41.740
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-29 04:33:05.452
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-29 04:32:51.120
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-07-29 04:32:50.463
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentagem de memória em uso: 52%
RAM física total: 3988.27 MB
RAM física disponível: 1882.61 MB
Virtual Total: 6072.31 MB
Virtual disponível: 3788 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:679.05 GB) (Free:561.78 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.58 GB) (Free:2.17 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]

\\?\Volume{b68c0b32-fdd9-4a1b-b96c-95e1b33d0afe}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.13 GB) NTFS
\\?\Volume{493a25e3-ab79-4cde-932c-0aebf7138156}\ () (Fixed) (Total:0.89 GB) (Free:0.32 GB) NTFS
\\?\Volume{a94ab6a8-38ae-42a3-8080-b17d4e30d56b}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{795a0991-84cc-4b3c-bfde-54edb5f1492d}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: EE8312BD)

Partition: GPT.

==================== Fim de Addition.txt ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Paulo Passos

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-07-17] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd)
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Policies\system: [DisableChangePassword] 0
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2013-01-09] (EasyBits Software Corp.)
HKU\S-1-5-21-722139864-351113054-575651663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/hpcon13/3
SearchScopes: HKU\S-1-5-21-722139864-351113054-575651663-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-722139864-351113054-575651663-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Sem Nome -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Nenhum Arquivo
Toolbar: HKU\S-1-5-21-722139864-351113054-575651663-1001 -> Sem Nome - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Nenhum Arquivo
FF ProfilePath: C:\Users\pauloroberto\AppData\Roaming\Mozilla\Firefox\Profiles\lc8r4j3l.default [2018-07-28]
FF Extension: (Sem Nome) - C:\Program Files\VDownloader\Addons\FireFox [não encontrado (a)]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [Nenhum Arquivo]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-06-28] ()
FF Plugin HKU\S-1-5-21-722139864-351113054-575651663-1001: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll [Nenhum Arquivo]
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Nenhum Arquivo
Task: {0D3F7099-A963-4EA7-A62C-622F9A4116A0} - \Microsoft\Windows\UNP\RunCampaignManager -> Nenhum Arquivo <==== ATENÇÃO
Task: {295AF7F3-FC6A-4F68-96CF-69D42C48A0EE} - \MirageAgent -> Nenhum Arquivo <==== ATENÇÃO
Task: {34819ED1-5C44-4C87-9238-4DCE728DCA01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {36200B79-5DB9-4B4B-9266-15E4DE0A35DC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {3CCBEE92-3BED-47A6-98F5-17E50AF83D66} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-722139864-351113054-575651663-1001 -> Nenhum Arquivo <==== ATENÇÃO
Task: {44247878-03C2-4FAD-A15E-17A4ED6A0F70} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {5119D491-1835-4035-8279-2DA6259E8865} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO
Task: {54286C89-C1BC-47B1-8C3A-A4D3E3DC6DDF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {663A435F-19B0-40F1-BEA5-61A370ED9F1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {7CAE23BB-69E1-4786-95B7-F1E7CA2C6337} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {8CD0137F-FF09-493B-979B-2E5330A734B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO
Task: {9CB36B42-11C1-4591-A774-6494C104BC96} - \WPD\SqmUpload_S-1-5-21-722139864-351113054-575651663-1001 -> Nenhum Arquivo <==== ATENÇÃO
Task: {B4A8CC48-8D4B-4762-931C-9DDECA321D85} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {BA2F0526-BBB2-4A3E-AC2A-48A25F96C389} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {DF98A37F-B668-4B30-8FA6-B6DA1EFF9D8E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST.EXE, depois clique em VRIfczU.png.

Clique no botão 0h0YlDEzRbKP9R7xLrUlzA.png

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia @Elias Pereira

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 02.08.2018
Executado por pauloroberto (09-08-2018 09:43:39) Run:1
Executando a partir de C:\Users\pauloroberto\Desktop
Perfis Carregados: pauloroberto (Perfis Disponíveis: pauloroberto)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-07-17] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18534016 2018-07-20] (Piriform Ltd)
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-722139864-351113054-575651663-1001\...\Policies\system: [DisableChangePassword] 0
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2013-01-09] (EasyBits Software Corp.)
HKU\S-1-5-21-722139864-351113054-575651663-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/hpcon13/3
SearchScopes: HKU\S-1-5-21-722139864-351113054-575651663-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-722139864-351113054-575651663-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Sem Nome -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Nenhum Arquivo
Toolbar: HKU\S-1-5-21-722139864-351113054-575651663-1001 -> Sem Nome - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Nenhum Arquivo
FF ProfilePath: C:\Users\pauloroberto\AppData\Roaming\Mozilla\Firefox\Profiles\lc8r4j3l.default [2018-07-28]
FF Extension: (Sem Nome) - C:\Program Files\VDownloader\Addons\FireFox [n�o encontrado (a)]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [Nenhum Arquivo]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-06-28] ()
FF Plugin HKU\S-1-5-21-722139864-351113054-575651663-1001: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll [Nenhum Arquivo]
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Nenhum Arquivo
Task: {0D3F7099-A963-4EA7-A62C-622F9A4116A0} - \Microsoft\Windows\UNP\RunCampaignManager -> Nenhum Arquivo <==== ATEN��O
Task: {295AF7F3-FC6A-4F68-96CF-69D42C48A0EE} - \MirageAgent -> Nenhum Arquivo <==== ATEN��O
Task: {34819ED1-5C44-4C87-9238-4DCE728DCA01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATEN��O
Task: {36200B79-5DB9-4B4B-9266-15E4DE0A35DC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATEN��O
Task: {3CCBEE92-3BED-47A6-98F5-17E50AF83D66} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-722139864-351113054-575651663-1001 -> Nenhum Arquivo <==== ATEN��O
Task: {44247878-03C2-4FAD-A15E-17A4ED6A0F70} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATEN��O
Task: {5119D491-1835-4035-8279-2DA6259E8865} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATEN��O
Task: {54286C89-C1BC-47B1-8C3A-A4D3E3DC6DDF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATEN��O
Task: {663A435F-19B0-40F1-BEA5-61A370ED9F1A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATEN��O
Task: {7CAE23BB-69E1-4786-95B7-F1E7CA2C6337} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATEN��O
Task: {8CD0137F-FF09-493B-979B-2E5330A734B2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATEN��O
Task: {9CB36B42-11C1-4591-A774-6494C104BC96} - \WPD\SqmUpload_S-1-5-21-722139864-351113054-575651663-1001 -> Nenhum Arquivo <==== ATEN��O
Task: {B4A8CC48-8D4B-4762-931C-9DDECA321D85} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATEN��O
Task: {BA2F0526-BBB2-4A3E-AC2A-48A25F96C389} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATEN��O
Task: {DF98A37F-B668-4B30-8FA6-B6DA1EFF9D8E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATEN��O
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SecurityHealth" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SynTPEnh" => removido (a) com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Easybits Recovery" => removido (a) com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Quick Launch" => removido (a) com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10" => removido (a) com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Dolby Home Theater v4" => removido (a) com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => removido (a) com sucesso.
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removido (a) com sucesso.
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removido (a) com sucesso.
"HKU\S-1-5-21-722139864-351113054-575651663-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress8" => removido (a) com sucesso.
"HKU\S-1-5-21-722139864-351113054-575651663-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring" => removido (a) com sucesso.
"HKU\S-1-5-21-722139864-351113054-575651663-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation" => removido (a) com sucesso.
"HKU\S-1-5-21-722139864-351113054-575651663-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword" => removido (a) com sucesso.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E54729E8-BB3D-4270-9D49-7389EA579090}" => removido (a) com sucesso.
"HKLM\SOFTWARE\WOW6432Node\Classes\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}" => removido (a) com sucesso.
HKU\S-1-5-21-722139864-351113054-575651663-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
"HKU\S-1-5-21-722139864-351113054-575651663-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removido (a) com sucesso.
"HKU\S-1-5-21-722139864-351113054-575651663-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => não encontrado (a)
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => não encontrado (a)
"HKU\S-1-5-21-722139864-351113054-575651663-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removido (a) com sucesso.
"HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removido (a) com sucesso.
C:\Users\pauloroberto\AppData\Roaming\Mozilla\Firefox\Profiles\lc8r4j3l.default => movido com sucesso
C:\Users\pauloroberto\AppData\Roaming\Mozilla\Firefox\Profiles\lc8r4j3l.default => caminho removido (a) com sucesso.
"C:\Program Files\VDownloader\Addons\FireFox" => não encontrado (a)
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => removido (a) com sucesso.
"HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0" => removido (a) com sucesso.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll => movido com sucesso
"HKU\S-1-5-21-722139864-351113054-575651663-1001\Software\MozillaPlugins\vitzo.com/VDownloader" => removido (a) com sucesso.
"C:\Program Files\VDownloader\Addons\npVDownloader.dll" => não encontrado (a)
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7} => não encontrado (a)
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE} => não encontrado (a)
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => não encontrado (a)
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => não encontrado (a)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D3F7099-A963-4EA7-A62C-622F9A4116A0}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D3F7099-A963-4EA7-A62C-622F9A4116A0}" => removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => não encontrado (a)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{295AF7F3-FC6A-4F68-96CF-69D42C48A0EE}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{295AF7F3-FC6A-4F68-96CF-69D42C48A0EE}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MirageAgent" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34819ED1-5C44-4C87-9238-4DCE728DCA01}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34819ED1-5C44-4C87-9238-4DCE728DCA01}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36200B79-5DB9-4B4B-9266-15E4DE0A35DC}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36200B79-5DB9-4B4B-9266-15E4DE0A35DC}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CCBEE92-3BED-47A6-98F5-17E50AF83D66}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CCBEE92-3BED-47A6-98F5-17E50AF83D66}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-722139864-351113054-575651663-1001" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44247878-03C2-4FAD-A15E-17A4ED6A0F70}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44247878-03C2-4FAD-A15E-17A4ED6A0F70}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5119D491-1835-4035-8279-2DA6259E8865}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5119D491-1835-4035-8279-2DA6259E8865}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54286C89-C1BC-47B1-8C3A-A4D3E3DC6DDF}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54286C89-C1BC-47B1-8C3A-A4D3E3DC6DDF}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{663A435F-19B0-40F1-BEA5-61A370ED9F1A}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{663A435F-19B0-40F1-BEA5-61A370ED9F1A}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CAE23BB-69E1-4786-95B7-F1E7CA2C6337}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CAE23BB-69E1-4786-95B7-F1E7CA2C6337}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CD0137F-FF09-493B-979B-2E5330A734B2}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CD0137F-FF09-493B-979B-2E5330A734B2}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CB36B42-11C1-4591-A774-6494C104BC96}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CB36B42-11C1-4591-A774-6494C104BC96}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-722139864-351113054-575651663-1001" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4A8CC48-8D4B-4762-931C-9DDECA321D85}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4A8CC48-8D4B-4762-931C-9DDECA321D85}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA2F0526-BBB2-4A3E-AC2A-48A25F96C389}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA2F0526-BBB2-4A3E-AC2A-48A25F96C389}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF98A37F-B668-4B30-8FA6-B6DA1EFF9D8E}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF98A37F-B668-4B30-8FA6-B6DA1EFF9D8E}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removido (a) com sucesso.

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-722139864-351113054-575651663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-722139864-351113054-575651663-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.


========= Fim de RemoveProxy: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 259730938 B
Java, Flash, Steam htmlcache => 1102 B
Windows/system/drivers => 374175544 B
Edge => 53135312 B
Chrome => 833008436 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1924 B
LocalService => 0 B
NetworkService => 25012 B
NetworkService => 0 B
pauloroberto => 188445751 B

RecycleBin => 71448718 B
EmptyTemp: => 1.7 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 09:49:18 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×