Ir ao conteúdo
  • Cadastre-se

Maikon Carrasco

Membros Juniores
  • Total de itens

    4
  • Registro em

  • Última visita

  • Qualificações

    N/D
  1. @Elias Pereira Apesar de eu ter executado o RogueKiller, o arquivo C:\Windows\SECOH-QAD.exe nao foi removido, pois, como verá no print, aparece no kaspersky. Seguem os anexos. A quarentena vai estar vazia pois nada foi movido pra ela.
  2. @Elias Pereira Fiz o passo a passo. Consultei no 192.168.0.1 as configurações de DNS, tanto o primario quanto o secundario estão setados em 0.0.0.0 no DHCP. Só pra constar, tenho um roteador TPLink - TL-WR741ND. Desculpe a ignorância, mas seria algum outro DNS a ser observado? (em configurações de LAN, ambos se encontram em Detectar Automaticamente.) ABAIXO, SEGUE LOG DO FRST 64: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 17.01.2018 01 Executado por bolic (19-01-2018 18:35:35) Run:1 Executando a partir de C:\Users\bolic\Desktop Perfis Carregados: bolic (Perfis Disponíveis: bolic) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: BootExecute: autocheck autochk * sh4native Sh4Removal S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [X] S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone - Backup&Restore(iOS)\Library\DriverInstaller\DriverInstall.exe [X] S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2017-12-06] (Wellbia.com Co., Ltd.) S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X] CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Nenhum Arquivo CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Erro: (0) Falha ao criar um ponto de restauração. Processos fechados com sucesso. HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => valor restaurado com sucesso "HKLM\System\CurrentControlSet\Services\WsAppService" => removido (a) com sucesso. WsAppService => serviço removido (a) com sucesso. "HKLM\System\CurrentControlSet\Services\WsDrvInst" => removido (a) com sucesso. WsDrvInst => serviço removido (a) com sucesso. "HKLM\System\CurrentControlSet\Services\xhunter1" => removido (a) com sucesso. xhunter1 => serviço removido (a) com sucesso. "HKLM\System\CurrentControlSet\Services\esgiguard" => removido (a) com sucesso. esgiguard => serviço removido (a) com sucesso. "HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible" => removido (a) com sucesso. nvvad_WaveExtensible => serviço removido (a) com sucesso. "HKLM\System\CurrentControlSet\Services\nvvhci" => removido (a) com sucesso. nvvhci => serviço removido (a) com sucesso. "HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removido (a) com sucesso. "HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removido (a) com sucesso. "HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removido (a) com sucesso. HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a) "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removido (a) com sucesso. HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a) "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removido (a) com sucesso. HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a) "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removido (a) com sucesso. HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a) "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removido (a) com sucesso. HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a) "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removido (a) com sucesso. HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => chave não encontrado (a) "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => removido (a) com sucesso. HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a) "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => removido (a) com sucesso. HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a) "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => removido (a) com sucesso. HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a) "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => removido (a) com sucesso. HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a) "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => removido (a) com sucesso. HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a) "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6" => removido (a) com sucesso. HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => chave não encontrado (a) ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. "HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Erro: (0) Falha ao criar um ponto de restauração. =========== EmptyTemp: ========== BITS transfer queue => 6053888 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 67486157 B Java, Flash, Steam htmlcache => 256632833 B Windows/system/drivers => 1338381 B Edge => 1718414 B Chrome => 152378 B Firefox => 0 B Opera => 402832941 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 10550 B NetworkService => 30808 B bolic => 74152715 B RecycleBin => 1425940 B EmptyTemp: => 774.2 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 18:36:13 ==== adicionado 2 minutos depois A PARTIR DAQUI, SEGUE LOG DO ROGUE KILLER: NOTA: FORAM ENCONTRADAS 3 "AMEAÇAS" TIPO PUM RogueKiller V12.12.0.0 (x64) [Jan 15 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 10 (10.0.16299) 64 bits version Iniciou : Modo normal Usuário : bolic [Administrador] Started from : C:\Users\bolic\Desktop\RogueKiller_portable64.exe Modo : Escanear -- Data : 01/19/2018 18:41:26 (Duration : 00:17:21) ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 2 ¤¤¤ [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Encontrado [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Encontrado ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 1 ¤¤¤ [PUP.Gen0][Arquivo] C:\Windows\SECOH-QAD.exe -> Encontrado ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 0 ¤¤¤ ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: KINGSTON SV300S37A120G +++++ --- User --- [MBR] c04a40d3a6a527a8f4dbc5de124b09e2 [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB 3 - Basic data partition | Offset (sectors): 1159168 | Size: 113907 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD10EZEX-21WN4A0 +++++ --- User --- [MBR] 72d802927eba00916c896a4d2a5b29a4 [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB 1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB User = LL1 ... OK User = LL2 ... OK
  3. Olá @Elias Pereira Segue o FRST.txt: Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 17.01.2018 01 Executado por bolic (administrador) em DESKTOP-GF6LAKC (18-01-2018 17:03:04) Executando a partir de C:\Users\bolic\Desktop Perfis Carregados: bolic (Perfis Disponíveis: bolic) Platform: Windows 10 Pro Versão 1709 16299.192 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Opera) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Discord Inc.) C:\Users\bolic\AppData\Local\Discord\app-0.0.300\Discord.exe (Discord Inc.) C:\Users\bolic\AppData\Local\Discord\app-0.0.300\Discord.exe (Microsoft Corporation) C:\Windows\System32\slui.exe (Spotify Ltd) C:\Users\bolic\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Discord Inc.) C:\Users\bolic\AppData\Local\Discord\app-0.0.300\Discord.exe (Spotify Ltd) C:\Users\bolic\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe (Opera Software) C:\Program Files\Opera\50.0.2762.58\opera.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [IgfxTray] => "C:\Windows\system32\igfxtray.exe" HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe" HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe" HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-22] (Oracle Corporation) HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Run: [Discord] => C:\Users\bolic\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.) HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Run: [Spotify] => C:\Users\bolic\AppData\Roaming\Spotify\Spotify.exe [21099408 2018-01-17] (Spotify Ltd) HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Run: [Spotify Web Helper] => C:\Users\bolic\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2018-01-17] (Spotify Ltd) Startup: C:\Users\bolic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk [2017-12-08] ShortcutTarget: WO Mic Client.lnk -> C:\Program Files (x86)\WOMic\WOMicClient.exe (Nenhum Arquivo) BootExecute: autocheck autochk * sh4native Sh4Removal ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{233688dd-2099-4712-b0c8-157a1811b762}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4645323d-b041-43f5-be35-92295dfd39a0}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/ BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-01-15] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-10-04] (Oracle Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-04] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-12-14] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-10-04] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-12-14] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-10-04] (Oracle Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-14] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-04] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-04] (Oracle Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-10-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-10-04] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-12-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-12-14] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-11-14] (NVIDIA Corporation) Chrome: ======= CHR Profile: C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default [2018-01-17] CHR Extension: (Docs) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-16] CHR Extension: (Google Drive) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-16] CHR Extension: (YouTube) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-16] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-16] CHR Extension: (Gmail) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-16] CHR Extension: (Chrome Media Router) - C:\Users\bolic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-16] Opera: ======= OPR StartupUrls: "hxxp://www.google.com.br/" OPR Extension: (AdBlock) - C:\Users\bolic\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2018-01-17] StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2017-12-08] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761576 2018-01-02] (Microsoft Corporation) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe [X] S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone - Backup&Restore(iOS)\Library\DriverInstaller\DriverInstall.exe [X] ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [43400 2017-03-02] (Advanced Micro Devices, Inc) R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2017-08-29] (Advanced Micro Devices, Inc) S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices, Inc. ) R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31112 2017-10-10] (Advanced Micro Devices) R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices, Inc. ) R2 AMDRyzenMasterDriver1.0.0; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [70312 2017-03-27] (Advanced Micro Devices) S3 avssamp; C:\WINDOWS\system32\DRIVERS\avssamp.sys [45320 2017-09-27] () R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2018-01-16] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2018-01-16] (Malwarebytes) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c791f781cd94491f\nvlddmkm.sys [16989296 2017-11-15] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] () R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] () S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation) R3 wovad_micarray; C:\WINDOWS\system32\drivers\womic.sys [37984 2017-05-21] (Windows (R) Win 7 DDK provider) S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2017-12-06] (Wellbia.com Co., Ltd.) S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2018-01-18 17:03 - 2018-01-18 17:03 - 000014862 _____ C:\Users\bolic\Desktop\FRST.txt 2018-01-18 17:02 - 2018-01-18 17:03 - 000000000 ____D C:\FRST 2018-01-18 17:01 - 2018-01-18 17:01 - 002393088 _____ (Farbar) C:\Users\bolic\Desktop\FRST64.exe 2018-01-18 16:58 - 2018-01-18 16:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-01-17 22:27 - 2018-01-17 22:29 - 000000000 ____D C:\AdwCleaner 2018-01-17 21:14 - 2018-01-17 22:02 - 000000000 ____D C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP 2018-01-17 20:02 - 2018-01-17 20:02 - 000000000 _____ C:\autoexec.bat 2018-01-16 22:48 - 2018-01-16 22:48 - 000003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1516150118 2018-01-16 22:48 - 2018-01-16 22:48 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk 2018-01-16 22:34 - 2018-01-16 22:40 - 000176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2018-01-16 22:32 - 2018-01-16 22:40 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2018-01-16 22:32 - 2018-01-16 22:40 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-01-16 22:32 - 2018-01-16 22:38 - 000091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-01-16 21:54 - 2018-01-16 21:54 - 000000000 ____D C:\Users\Todos os Usuários\BitDefender 2018-01-16 21:54 - 2018-01-16 21:54 - 000000000 ____D C:\ProgramData\BitDefender 2018-01-16 21:41 - 2018-01-16 21:41 - 000000000 ____D C:\Users\bolic\AppData\Local\AdAwareDesktop 2018-01-16 21:35 - 2018-01-16 21:35 - 000000000 ____D C:\Users\bolic\AppData\Local\AdAwareUpdater 2018-01-16 21:14 - 2018-01-16 21:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3771028101-2572381435-3112059945-1001 2018-01-16 19:24 - 2018-01-16 19:24 - 000004662 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-01-16 18:01 - 2018-01-16 18:30 - 000000000 ____D C:\Program Files (x86)\Google 2018-01-16 18:01 - 2018-01-16 18:02 - 000000000 ____D C:\Users\bolic\AppData\Local\Google 2018-01-16 00:44 - 2018-01-16 00:44 - 000000000 ____D C:\Users\bolic\Documents\My Games 2018-01-12 18:06 - 2018-01-12 18:06 - 000926261 _____ C:\Users\bolic\Desktop\264y Skull-Cdm [PangyaLife].xlsx 2018-01-11 11:28 - 2018-01-11 11:28 - 000083230 _____ C:\Users\bolic\Desktop\35180109116143000138550010000048751000060901-nfe.pdf 2018-01-11 11:24 - 2018-01-11 11:34 - 000027455 _____ C:\Users\bolic\Desktop\Reembolso dia 02-01-18.xlsx 2018-01-11 03:30 - 2018-01-16 00:12 - 001380864 _____ C:\Users\bolic\Desktop\266 matin [PangyaLife].xls 2018-01-11 01:52 - 2018-01-18 01:59 - 001387008 _____ C:\Users\bolic\Desktop\262+0 By MaTiN [PangyaLife].xls 2018-01-08 17:02 - 2018-01-08 17:03 - 000000000 ____D C:\Users\bolic\AppData\Roaming\stremio 2018-01-08 17:02 - 2018-01-08 17:02 - 000000000 ____D C:\Users\bolic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio 2018-01-04 18:41 - 2018-01-01 15:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2018-01-04 18:41 - 2018-01-01 10:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-01-04 18:41 - 2018-01-01 10:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-01-04 18:41 - 2018-01-01 10:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll 2018-01-04 18:41 - 2018-01-01 10:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-01-04 18:41 - 2018-01-01 10:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-01-04 18:41 - 2018-01-01 10:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-01-04 18:41 - 2018-01-01 10:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2018-01-04 18:41 - 2018-01-01 10:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys 2018-01-04 18:41 - 2018-01-01 10:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2018-01-04 18:41 - 2018-01-01 10:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2018-01-04 18:41 - 2018-01-01 10:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2018-01-04 18:41 - 2018-01-01 10:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-01-04 18:41 - 2018-01-01 10:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-01-04 18:41 - 2018-01-01 10:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2018-01-04 18:41 - 2018-01-01 10:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2018-01-04 18:41 - 2018-01-01 10:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2018-01-04 18:41 - 2018-01-01 10:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2018-01-04 18:41 - 2018-01-01 10:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-01-04 18:41 - 2018-01-01 10:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2018-01-04 18:41 - 2018-01-01 10:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2018-01-04 18:41 - 2018-01-01 10:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2018-01-04 18:41 - 2018-01-01 10:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-01-04 18:41 - 2018-01-01 10:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2018-01-04 18:41 - 2018-01-01 10:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2018-01-04 18:41 - 2018-01-01 10:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2018-01-04 18:41 - 2018-01-01 10:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2018-01-04 18:41 - 2018-01-01 10:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2018-01-04 18:41 - 2018-01-01 10:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2018-01-04 18:41 - 2018-01-01 10:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2018-01-04 18:41 - 2018-01-01 10:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2018-01-04 18:41 - 2018-01-01 10:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys 2018-01-04 18:41 - 2018-01-01 10:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2018-01-04 18:41 - 2018-01-01 10:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2018-01-04 18:41 - 2018-01-01 10:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-01-04 18:41 - 2018-01-01 10:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2018-01-04 18:41 - 2018-01-01 10:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys 2018-01-04 18:41 - 2018-01-01 10:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-01-04 18:41 - 2018-01-01 10:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2018-01-04 18:41 - 2018-01-01 10:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2018-01-04 18:41 - 2018-01-01 10:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-01-04 18:41 - 2018-01-01 10:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2018-01-04 18:41 - 2018-01-01 10:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-01-04 18:41 - 2018-01-01 10:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2018-01-04 18:41 - 2018-01-01 10:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-01-04 18:41 - 2018-01-01 10:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys 2018-01-04 18:41 - 2018-01-01 10:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2018-01-04 18:41 - 2018-01-01 10:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2018-01-04 18:41 - 2018-01-01 10:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2018-01-04 18:41 - 2018-01-01 10:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2018-01-04 18:41 - 2018-01-01 10:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys 2018-01-04 18:41 - 2018-01-01 10:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2018-01-04 18:41 - 2018-01-01 10:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2018-01-04 18:41 - 2018-01-01 10:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2018-01-04 18:41 - 2018-01-01 10:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe 2018-01-04 18:41 - 2018-01-01 10:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2018-01-04 18:41 - 2018-01-01 10:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll 2018-01-04 18:41 - 2018-01-01 10:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys 2018-01-04 18:41 - 2018-01-01 10:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2018-01-04 18:41 - 2018-01-01 10:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll 2018-01-04 18:41 - 2018-01-01 10:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-01-04 18:41 - 2018-01-01 10:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2018-01-04 18:41 - 2018-01-01 10:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2018-01-04 18:41 - 2018-01-01 10:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2018-01-04 18:41 - 2018-01-01 10:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2018-01-04 18:41 - 2018-01-01 10:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2018-01-04 18:41 - 2018-01-01 10:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2018-01-04 18:41 - 2018-01-01 10:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2018-01-04 18:41 - 2018-01-01 10:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2018-01-04 18:41 - 2018-01-01 10:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2018-01-04 18:41 - 2018-01-01 10:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2018-01-04 18:41 - 2018-01-01 10:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys 2018-01-04 18:41 - 2018-01-01 10:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2018-01-04 18:41 - 2018-01-01 10:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2018-01-04 18:41 - 2018-01-01 10:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-01-04 18:41 - 2018-01-01 10:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2018-01-04 18:41 - 2018-01-01 10:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2018-01-04 18:41 - 2018-01-01 10:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2018-01-04 18:41 - 2018-01-01 10:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2018-01-04 18:41 - 2018-01-01 10:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2018-01-04 18:41 - 2018-01-01 10:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2018-01-04 18:41 - 2018-01-01 10:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2018-01-04 18:41 - 2018-01-01 09:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2018-01-04 18:41 - 2018-01-01 09:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2018-01-04 18:41 - 2018-01-01 09:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2018-01-04 18:41 - 2018-01-01 09:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2018-01-04 18:41 - 2018-01-01 09:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2018-01-04 18:41 - 2018-01-01 09:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-01-04 18:41 - 2018-01-01 09:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2018-01-04 18:41 - 2018-01-01 09:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-01-04 18:41 - 2018-01-01 09:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2018-01-04 18:41 - 2018-01-01 09:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-01-04 18:41 - 2018-01-01 09:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-01-04 18:41 - 2018-01-01 09:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2018-01-04 18:41 - 2018-01-01 09:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2018-01-04 18:41 - 2018-01-01 09:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2018-01-04 18:41 - 2018-01-01 09:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2018-01-04 18:41 - 2018-01-01 09:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2018-01-04 18:41 - 2018-01-01 09:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2018-01-04 18:41 - 2018-01-01 09:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2018-01-04 18:41 - 2018-01-01 09:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-01-04 18:41 - 2018-01-01 09:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2018-01-04 18:41 - 2018-01-01 09:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-01-04 18:41 - 2018-01-01 09:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2018-01-04 18:41 - 2018-01-01 09:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2018-01-04 18:41 - 2018-01-01 09:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-01-04 18:41 - 2018-01-01 09:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe 2018-01-04 18:41 - 2018-01-01 09:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-01-04 18:41 - 2018-01-01 09:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll 2018-01-04 18:41 - 2018-01-01 09:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2018-01-04 18:41 - 2018-01-01 09:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2018-01-04 18:41 - 2018-01-01 09:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2018-01-04 18:41 - 2018-01-01 09:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2018-01-04 18:41 - 2018-01-01 09:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2018-01-04 18:41 - 2018-01-01 09:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-01-04 18:41 - 2018-01-01 09:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2018-01-04 18:41 - 2018-01-01 09:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2018-01-04 18:41 - 2018-01-01 09:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe 2018-01-04 18:41 - 2018-01-01 09:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2018-01-04 18:41 - 2018-01-01 09:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys 2018-01-04 18:41 - 2018-01-01 09:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2018-01-04 18:41 - 2018-01-01 09:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll 2018-01-04 18:41 - 2018-01-01 09:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2018-01-04 18:41 - 2018-01-01 09:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys 2018-01-04 18:41 - 2018-01-01 09:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll 2018-01-04 18:41 - 2018-01-01 09:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2018-01-04 18:41 - 2018-01-01 09:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll 2018-01-04 18:41 - 2018-01-01 09:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys 2018-01-04 18:41 - 2018-01-01 09:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2018-01-04 18:41 - 2018-01-01 09:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll 2018-01-04 18:41 - 2018-01-01 09:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys 2018-01-04 18:41 - 2018-01-01 09:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2018-01-04 18:41 - 2018-01-01 09:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2018-01-04 18:41 - 2018-01-01 09:21 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2018-01-04 18:41 - 2018-01-01 09:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll 2018-01-04 18:41 - 2018-01-01 09:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys 2018-01-04 18:41 - 2018-01-01 09:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2018-01-04 18:41 - 2018-01-01 09:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2018-01-04 18:41 - 2018-01-01 09:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2018-01-04 18:41 - 2018-01-01 09:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2018-01-04 18:41 - 2018-01-01 09:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2018-01-04 18:41 - 2018-01-01 09:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2018-01-04 18:41 - 2018-01-01 09:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll 2018-01-04 18:41 - 2018-01-01 09:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2018-01-04 18:41 - 2018-01-01 09:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2018-01-04 18:41 - 2018-01-01 09:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2018-01-04 18:41 - 2018-01-01 09:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2018-01-04 18:41 - 2018-01-01 09:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-01-04 18:41 - 2018-01-01 09:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-01-04 18:41 - 2018-01-01 09:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-01-04 18:41 - 2018-01-01 09:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2018-01-04 18:41 - 2018-01-01 09:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2018-01-04 18:41 - 2018-01-01 09:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2018-01-04 18:41 - 2018-01-01 09:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2018-01-04 18:41 - 2018-01-01 09:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2018-01-04 18:41 - 2018-01-01 09:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2018-01-04 18:41 - 2018-01-01 09:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-01-04 18:41 - 2018-01-01 09:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll 2018-01-04 18:41 - 2018-01-01 09:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-01-04 18:41 - 2018-01-01 09:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-01-04 18:41 - 2018-01-01 09:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-01-04 18:41 - 2018-01-01 09:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-01-04 18:41 - 2018-01-01 09:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2018-01-04 18:41 - 2018-01-01 09:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2018-01-04 18:41 - 2018-01-01 09:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-01-04 18:41 - 2018-01-01 09:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2018-01-04 18:41 - 2018-01-01 09:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-01-04 18:41 - 2018-01-01 09:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2018-01-04 18:41 - 2018-01-01 09:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2018-01-04 18:41 - 2018-01-01 09:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-01-04 18:41 - 2018-01-01 09:11 - 001955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-01-04 18:41 - 2018-01-01 09:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2018-01-04 18:41 - 2018-01-01 09:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2018-01-04 18:41 - 2018-01-01 09:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2018-01-04 18:41 - 2018-01-01 09:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll 2018-01-04 18:41 - 2018-01-01 09:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2018-01-04 18:41 - 2018-01-01 09:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2018-01-04 18:41 - 2018-01-01 09:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll 2018-01-04 18:41 - 2018-01-01 09:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2018-01-04 18:41 - 2018-01-01 09:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2018-01-04 18:41 - 2018-01-01 09:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-01-04 18:41 - 2018-01-01 09:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2018-01-04 18:41 - 2018-01-01 09:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll 2018-01-04 18:41 - 2018-01-01 09:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll 2018-01-04 18:41 - 2018-01-01 09:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2018-01-04 18:41 - 2018-01-01 09:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2018-01-04 18:41 - 2018-01-01 09:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2018-01-02 12:09 - 2018-01-02 12:14 - 000000000 ____D C:\Users\bolic\Desktop\rosa 2017-12-27 17:07 - 2017-12-27 17:08 - 000089467 _____ C:\Users\bolic\Documents\GerarPDF_27122017170745.pdf 2017-12-27 17:01 - 2017-12-27 17:01 - 000234486 _____ C:\Users\bolic\Documents\CENTRO UNIVERSITÁRIO DE ADAMANTINA.pdf 2017-12-23 20:30 - 2017-12-23 20:30 - 000001404 _____ C:\Users\bolic\Desktop\Forza Horizon 3.lnk 2017-12-23 01:13 - 2017-12-30 16:07 - 000000000 ____D C:\Users\bolic\AppData\Local\PlaceholderTileLogoFolder 2017-12-20 23:21 - 2017-12-20 23:21 - 000001240 _____ C:\Users\bolic\Desktop\AngleViewPro - Atalho.lnk 2017-12-20 22:10 - 2017-12-27 23:54 - 000229376 _____ C:\Users\bolic\Desktop\268 (PangyaLife).xls 2017-12-20 22:09 - 2010-11-18 17:29 - 000000000 ____D C:\Users\bolic\Documents\AngleView 2017-12-20 22:07 - 2017-12-20 22:07 - 000000000 ____D C:\Users\bolic\AppData\Local\Deployment 2017-12-20 22:07 - 2017-12-20 22:07 - 000000000 ____D C:\Users\bolic\AppData\Local\Apps\2.0 ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2018-01-18 17:02 - 2017-11-18 09:06 - 002278164 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-01-18 17:02 - 2017-09-30 12:30 - 000899986 _____ C:\WINDOWS\system32\prfh0416.dat 2018-01-18 17:02 - 2017-09-30 12:30 - 000260240 _____ C:\WINDOWS\system32\prfc0416.dat 2018-01-18 17:01 - 2017-07-22 12:35 - 000000000 ____D C:\Users\bolic\AppData\Local\Spotify 2018-01-18 17:00 - 2017-07-17 23:35 - 000000000 ____D C:\Users\bolic\AppData\Local\LogMeIn Hamachi 2018-01-18 16:58 - 2017-11-18 09:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-01-18 16:58 - 2017-07-22 12:34 - 000000000 ____D C:\Users\bolic\AppData\Roaming\Spotify 2018-01-18 16:58 - 2017-07-17 01:03 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA 2018-01-18 16:58 - 2017-07-17 01:03 - 000000000 ____D C:\ProgramData\NVIDIA 2018-01-18 04:08 - 2017-09-29 06:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-01-18 03:24 - 2017-11-18 08:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-01-17 23:28 - 2017-11-18 09:01 - 000004184 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{227BB1C1-E6B8-4D0A-98C4-68FEF8A49C62} 2018-01-17 22:59 - 2017-07-17 23:33 - 000000000 ____D C:\Users\bolic\AppData\Local\CrashDumps 2018-01-17 22:42 - 2017-11-18 08:58 - 000000000 ____D C:\Users\bolic\AppData\Local\Packages 2018-01-17 22:35 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-01-17 22:29 - 2017-11-18 08:58 - 000000000 ____D C:\Users\bolic 2018-01-17 22:29 - 2017-07-18 00:00 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-01-17 22:02 - 2017-11-02 18:17 - 000000000 ____D C:\WINDOWS\system32\appmgmt 2018-01-17 22:01 - 2017-07-17 22:12 - 000000000 ____D C:\Users\bolic\AppData\Roaming\discord 2018-01-17 20:26 - 2017-07-17 21:48 - 000000000 ____D C:\Program Files\Opera 2018-01-17 17:26 - 2017-09-29 11:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-01-17 17:26 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-01-17 17:22 - 2017-07-21 00:13 - 000000000 ____D C:\Users\bolic\AppData\Roaming\uTorrent 2018-01-17 04:06 - 2017-07-19 22:41 - 000000000 ____D C:\Program Files (x86)\Steam 2018-01-16 19:25 - 2017-07-19 22:49 - 000000000 ____D C:\Users\bolic\AppData\Local\Adobe 2018-01-16 19:24 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-01-16 19:24 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-01-16 18:32 - 2017-11-02 17:31 - 000000000 ____D C:\Users\Todos os Usuários\Apple 2018-01-16 18:32 - 2017-11-02 17:31 - 000000000 ____D C:\ProgramData\Apple 2018-01-16 18:32 - 2017-09-29 11:44 - 000000000 ____D C:\WINDOWS\INF 2018-01-16 18:04 - 2017-11-16 14:57 - 000000000 ___DC C:\WINDOWS\Panther 2018-01-15 20:30 - 2017-09-29 11:46 - 000000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2018-01-15 20:30 - 2017-09-29 11:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-01-15 20:29 - 2017-07-27 21:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-01-12 11:05 - 2017-07-19 22:43 - 000000000 ____D C:\Users\bolic\Desktop\Checklists 2018-01-11 17:37 - 2017-07-17 22:55 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-01-11 17:36 - 2017-10-10 21:11 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-01-11 17:36 - 2017-09-29 11:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-01-11 17:36 - 2017-07-17 22:55 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-01-11 03:30 - 2017-12-03 21:16 - 000000000 ____D C:\Users\bolic\Desktop\Pack Calculadoras Pangya 2018-01-09 00:43 - 2017-07-17 22:11 - 000000000 ____D C:\Users\bolic\AppData\Local\Discord 2018-01-08 22:19 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\rescache 2018-01-08 16:42 - 2017-11-18 09:03 - 000000000 ___RD C:\Users\bolic\3D Objects 2018-01-08 16:42 - 2017-07-17 00:45 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-01-08 16:41 - 2017-11-18 08:56 - 000385608 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ___SD C:\WINDOWS\system32\F12 2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\TextInput 2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\system32\migwiz 2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\Provisioning 2018-01-08 16:40 - 2017-09-29 11:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2018-01-08 16:40 - 2017-09-29 06:45 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-01-04 18:42 - 2017-09-29 11:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2018-01-04 18:42 - 2017-09-29 11:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-01-04 18:42 - 2017-09-29 11:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2018-01-02 11:58 - 2017-11-02 17:46 - 000000000 ____D C:\Users\bolic\AppData\Roaming\Apple Computer 2017-12-22 11:45 - 2017-09-29 11:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-12-22 11:45 - 2017-09-29 11:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-12-21 18:39 - 2017-10-13 00:25 - 000000000 ____D C:\Users\bolic\AppData\Local\UnrealEngine 2017-12-21 18:39 - 2017-07-17 22:52 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-12-21 18:39 - 2017-07-17 22:52 - 000000000 ____D C:\ProgramData\Package Cache 2017-12-20 23:22 - 2017-12-04 01:12 - 000000000 ____D C:\Users\bolic\AppData\Local\AngleViewPro 2017-12-20 21:19 - 2017-10-12 14:38 - 000000975 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk Alguns arquivos em TEMP: ==================== 2018-01-17 01:58 - 2018-01-17 01:58 - 000000000 _____ () C:\Users\bolic\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll 2018-01-17 01:58 - 2018-01-17 01:58 - 000000017 _____ () C:\Users\bolic\AppData\Local\Temp\5609c9b79db4463ae0118079c8aa7f39.dll ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2018-01-08 22:18 ==================== Fim de FRST.txt ============================ adicionado 1 minuto depois Agora, segue o Addition.txt : Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 17.01.2018 01 Executado por bolic (18-01-2018 17:03:35) Executando a partir de C:\Users\bolic\Desktop Windows 10 Pro Versão 1709 16299.192 (X64) (2017-11-18 11:03:04) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-3771028101-2572381435-3112059945-500 - Administrator - Disabled) bolic (S-1-5-21-3771028101-2572381435-3112059945-1001 - Administrator - Enabled) => C:\Users\bolic Convidado (S-1-5-21-3771028101-2572381435-3112059945-501 - Limited - Disabled) DefaultAccount (S-1-5-21-3771028101-2572381435-3112059945-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3771028101-2572381435-3112059945-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.) Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.) AMD Ryzen Master (HKLM\...\{03213877-8001-4F2C-8917-26B127DE1540}) (Version: 1.0.1.0239 - Advanced Micro Devices, Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) CPUID HWMonitor 1.34 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.34 - ) Discord (HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Discord) (Version: 0.0.300 - Discord Inc.) Dragon Nest Brasil versão 88 (HKLM-x32\...\{E6C1B8AD-4135-4E55-97DB-753931B9755E}_is1) (Version: 88 - DNBR) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan) Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) Little Fighter (HKLM-x32\...\Little Fighter) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.) Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.8730.2175 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team) NVIDIA Driver de áudio HD 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) NVIDIA Driver de controle do 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA Driver de gráficos 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.31 - NVIDIA Corporation) NVIDIA Driver do 3D Vision 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.31 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.8730.2175 - Microsoft Corporation) Hidden Opera Stable 50.0.2762.58 (HKLM-x32\...\Opera 50.0.2762.58) (Version: 50.0.2762.58 - Opera Software) Painel de controle da NVIDIA 388.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.31 - NVIDIA Corporation) Hidden PangYa_BR (NtreevSoft) (HKLM-x32\...\PangYa) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Spotify) (Version: 1.0.72.117.g6bd7cc73 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stremio (HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\Stremio) (Version: 3.6.5 - Smart Code Ltd.) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer) Torchlight 2 (HKLM-x32\...\Torchlight 2_is1) (Version: - ) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Yonder: The Cloud Catcher Chronicles Update 2 (HKLM\...\eW9uZGVydGhlY2xvdWRjYXRjaGVyY2hyb25pY2xlcw_is1) (Version: 1 - ) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-3771028101-2572381435-3112059945-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\bolic\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\amd64\FileSyncShell64.dll => Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Nenhum Arquivo ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-18] () ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-11-14] (NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {02098CC0-56EC-4A1A-ACE4-C4144ED7CB06} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-15] (Microsoft Corporation) Task: {0A5F337B-6765-44D8-B322-AD79F5058D1B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-01-15] (Microsoft Corporation) Task: {26FCC2FD-674A-4F98-AC21-FAC6C4E1BFB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {33707FBD-22D2-4A38-9EC0-6ED0B74110B8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-14] (NVIDIA Corporation) Task: {3C058B8D-23CF-4ED2-9DA0-E63418489C51} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-16] (Adobe Systems Incorporated) Task: {44DAB95A-926C-4020-B2B2-0003CE6E36A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {474A796C-331B-4814-A459-F98A617344C6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-14] (NVIDIA Corporation) Task: {4A33AEE9-0A5F-41C4-8E40-C198227765F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {73B65C88-1BA1-49B2-805F-7B2D05374437} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-14] (NVIDIA Corporation) Task: {7978C2FB-F699-4CD5-BFE4-6120DA56524F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-15] (Microsoft Corporation) Task: {7BEED093-7B77-4A63-9A1D-0F5B6CFB8246} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-14] (NVIDIA Corporation) Task: {99A21FB3-A78F-4C41-8773-ED627A6CE256} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation) Task: {B7BD18C3-A2CC-4466-9294-C8B86DD33C0A} - System32\Tasks\S-1-5-21-3771028101-2572381435-3112059945-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation) Task: {C03DD9B6-A8A9-4CF6-8F34-E16470A93B95} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-14] (NVIDIA Corporation) Task: {C3C33711-3677-49C9-A14D-82BF862878F1} - System32\Tasks\Opera scheduled Autoupdate 1516150118 => C:\Program Files\Opera\launcher.exe [2018-01-10] (Opera Software) Task: {CEAD837B-DEC6-497F-A7FD-56AC5259A8CF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation) Task: {CF1B6794-4E67-4616-B957-4E47B58B7AB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-02] (Microsoft Corporation) Task: {F8BD6E3A-50FD-460D-ABB8-32C384ED2076} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-15] (Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2017-09-29 11:41 - 2017-09-29 11:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-06-18 19:44 - 2017-06-18 19:44 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-12-12 22:05 - 2017-11-26 10:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-12-12 22:05 - 2017-11-26 10:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-12-12 22:05 - 2017-11-26 11:30 - 003657624 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll 2017-12-12 22:05 - 2017-11-26 11:31 - 002470296 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll 2018-01-16 22:48 - 2018-01-10 04:18 - 096342312 _____ () C:\Program Files\Opera\50.0.2762.58\opera_browser.dll 2018-01-16 22:48 - 2018-01-10 04:18 - 004215592 _____ () C:\Program Files\Opera\50.0.2762.58\libglesv2.dll 2018-01-16 22:48 - 2018-01-10 04:18 - 000108328 _____ () C:\Program Files\Opera\50.0.2762.58\libegl.dll 2018-01-09 00:43 - 2018-01-08 17:52 - 001891832 _____ () C:\Users\bolic\AppData\Local\Discord\app-0.0.300\ffmpeg.dll 2018-01-09 03:14 - 2018-01-09 03:14 - 001780216 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_overlay2\discord_overlay2.node 2018-01-09 00:43 - 2018-01-08 17:52 - 001937912 _____ () C:\Users\bolic\AppData\Local\Discord\app-0.0.300\libglesv2.dll 2018-01-09 00:43 - 2018-01-08 17:52 - 000095736 _____ () C:\Users\bolic\AppData\Local\Discord\app-0.0.300\libegl.dll 2018-01-09 03:14 - 2018-01-09 03:14 - 009804280 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_voice\discord_voice.node 2018-01-09 03:14 - 2018-01-09 03:14 - 001505784 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_utils\discord_utils.node 2018-01-09 03:14 - 2018-01-09 03:14 - 000513016 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_erlpack\discord_erlpack.node 2018-01-09 03:14 - 2018-01-09 03:14 - 002662904 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_rpc\discord_rpc.node 2018-01-09 03:14 - 2018-01-09 03:14 - 001517048 _____ () \\?\C:\Users\bolic\AppData\Roaming\discord\0.0.300\modules\discord_game_utils\discord_game_utils.node ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2017-03-18 19:03 - 2017-03-18 19:01 - 000000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bolic\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == HKU\S-1-5-21-3771028101-2572381435-3112059945-1001\...\StartupApproved\StartupFolder: => "WO Mic Client.lnk" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{49ABFD8B-2936-4F45-8E61-AFC7D2E8BE87}] => (Block) D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe FirewallRules: [{B068DD78-7B43-4008-93B8-1CC021B10260}] => (Block) D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{B549EF9D-8265-4CA9-941E-78102FBDCE61}D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{CE0D60D8-2653-4156-A3C1-7799B47C60DF}D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\blizzard app\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe FirewallRules: [{512F9175-1471-4E6F-BBB5-87E95D8E7F89}] => (Block) D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe FirewallRules: [{A26FA5D6-EA02-4D6E-8134-F1E9B84A650B}] => (Block) D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe FirewallRules: [UDP Query User{3B8FDB56-3342-4CAD-B7D0-23A6080E0FBD}D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe FirewallRules: [TCP Query User{428240D1-198D-4C11-8547-6A6B39846D6E}D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\astroneer.pre-alpha.v0.2.10125.0.cracked-3dm\astro\binaries\win64\astro-win64-shipping.exe FirewallRules: [{C890C183-75FC-445D-B037-0A7589D228F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{01588F31-7D60-44CF-AA36-FB067ED661CB}] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [{8374E4C7-265D-44A5-B3A8-64EC1F9EBE21}] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [UDP Query User{8F4774A6-A94B-4482-AA1B-C981E6AA7713}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [TCP Query User{688873AE-5F30-4AE6-BCAC-7BDF97150F4D}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [{A56185FC-993D-4766-92B7-AA421B8C2F7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe FirewallRules: [{5BBC1839-A2D6-488E-BED2-2701BE2E2043}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe FirewallRules: [{D16C0611-1089-458C-8FA9-FCA996C6F6CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{56EF4F5F-08D1-4067-A244-03C3D77F1796}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{0DFA0470-1B0E-49D7-A903-8ABCB606340B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{C319BA5F-FA3E-45F8-9882-729FD24D4B31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{20814E3F-015A-4568-A1A6-0FA75F3AECD0}] => (Block) C:\program files (x86)\runic games\torchlight 2\torchlight2.exe FirewallRules: [{7C4E6F85-DCB8-49A8-8D37-2C8B83A469F9}] => (Block) C:\program files (x86)\runic games\torchlight 2\torchlight2.exe FirewallRules: [UDP Query User{9A39B626-C9F8-44A4-A71F-A4BA7F4731E5}C:\program files (x86)\runic games\torchlight 2\torchlight2.exe] => (Allow) C:\program files (x86)\runic games\torchlight 2\torchlight2.exe FirewallRules: [TCP Query User{C8A154E9-B303-4858-9758-6BCA4158020D}C:\program files (x86)\runic games\torchlight 2\torchlight2.exe] => (Allow) C:\program files (x86)\runic games\torchlight 2\torchlight2.exe FirewallRules: [{4F7FAECC-B02E-4813-86BF-FC3010A67CF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\V\V.exe FirewallRules: [{E5DDEF7C-9950-4CE7-881D-CBAD73BADE07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\V\V.exe FirewallRules: [{F2F9FBFF-34EA-4C6C-B62D-FD7A08770512}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{3622C7A1-C840-4226-9E6D-A0C16252EEDD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{93951FF4-CC5E-4F8F-A9E5-0A9187C4FCD5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{AC51422B-DAEC-4311-AC93-943814E17C50}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{9B962948-64D1-4961-AF45-3DE1FC202904}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{C88A0843-463C-40B8-885F-C40EBF4228A8}] => (Block) C:\program files\yonder the cloud catcher chronicles\yonderccc.exe FirewallRules: [{26DC2F43-CB13-47FD-A258-D0E00B97F70E}] => (Block) C:\program files\yonder the cloud catcher chronicles\yonderccc.exe FirewallRules: [UDP Query User{9C9CFAD0-3426-4725-A1F9-93B7E5061A2F}C:\program files\yonder the cloud catcher chronicles\yonderccc.exe] => (Allow) C:\program files\yonder the cloud catcher chronicles\yonderccc.exe FirewallRules: [TCP Query User{66540456-65B3-4279-A8F7-F442A3578C2C}C:\program files\yonder the cloud catcher chronicles\yonderccc.exe] => (Allow) C:\program files\yonder the cloud catcher chronicles\yonderccc.exe FirewallRules: [{F99A60DB-F5BA-4B41-B50D-A35413E78C9A}] => (Block) C:\users\bolic\appdata\roaming\spotify\spotify.exe FirewallRules: [{2618FED4-DBBE-45E9-ACBA-4E70A6DAD058}] => (Block) C:\users\bolic\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{573C0D20-7112-4C7B-8B2E-8A64407D703B}C:\users\bolic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bolic\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{877903CB-7DBE-4F52-8621-C5F851E3CBF7}C:\users\bolic\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bolic\appdata\roaming\spotify\spotify.exe FirewallRules: [{C7804552-3E59-4939-BA43-624EB39DE4E6}] => (Allow) C:\Users\bolic\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D3C61DBB-C9B6-4253-BD57-FBA4266C5373}] => (Allow) C:\Users\bolic\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{987EABC3-3E80-4B5D-AFF9-3400E99E690F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1C6F5BC6-489B-4C6F-B17B-91F8B8FE6B66}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{F77BBFA9-93B0-4268-B799-4E68D4124BFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0AFDE99E-5746-4106-8D5E-7C58BE3D03FC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{B4C219FF-33BC-4AF4-81AD-0358EEF1007F}C:\program files (x86)\littlefighter\lf2.exe] => (Allow) C:\program files (x86)\littlefighter\lf2.exe FirewallRules: [TCP Query User{D122D8FB-20D0-4B0A-A557-921091F5F006}C:\program files (x86)\littlefighter\lf2.exe] => (Allow) C:\program files (x86)\littlefighter\lf2.exe FirewallRules: [{326174CE-C3F6-4F5D-9B53-FB6FD4E52DD0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E7CEBB7F-92F5-4F6E-9CC3-DAEBDE77EDAA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C48FF6FD-2262-4E66-BBEB-410583F32211}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{23938E78-FD2C-4EF4-AF77-6D0B05616A64}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{74506E84-D741-432C-8DDC-0030A9D724E7}] => (Allow) D:\DNUS\DragonNest.exe FirewallRules: [{D98F9467-E8C7-4816-B9C4-611B238A4FE6}] => (Allow) D:\DNUS\DragonNest.exe FirewallRules: [{96FFF342-4365-492C-A6E4-CD1777DC4657}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe FirewallRules: [{7BCD76F5-E29A-4921-85C3-F9FE4D2682AB}] => (Allow) C:\Program Files\EZ mic\EZMicServer.exe FirewallRules: [{FF6B2330-7004-41B4-86D7-7F8554216396}] => (Allow) C:\Program Files\EZ mic\EZMicBroadcast.exe FirewallRules: [{2AD28AA8-2B6E-40D1-A3EE-218452A60FB1}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe FirewallRules: [TCP Query User{D84D4FF6-779F-49C9-9E51-38942F1F06A3}D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe] => (Allow) D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{C7842A43-EC35-41D1-BDFC-868C106A58F8}D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe] => (Allow) D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe FirewallRules: [{803D170C-0925-42EC-BECD-E93278435C59}] => (Block) D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe FirewallRules: [{4F7D8F83-70BF-468F-B6BA-CC643870C238}] => (Block) D:\blizzard app\heroes of the storm\versions\base59988\heroesofthestorm_x64.exe FirewallRules: [{BF5892CB-40EE-479B-9B60-F1B167E43092}] => (Allow) %ProgramFiles% (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame.exe FirewallRules: [TCP Query User{BAEE37B0-4520-43C7-BB69-748557234566}C:\users\bolic\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\bolic\appdata\local\programs\lnv\stremio\stremio.exe FirewallRules: [UDP Query User{EBF9485D-A305-4D5F-AB17-15D88BB66E27}C:\users\bolic\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\bolic\appdata\local\programs\lnv\stremio\stremio.exe FirewallRules: [{B3747EFE-634D-4692-930E-2F8FDCF91C75}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{575E7A9A-D9B7-4430-A388-2B2D1160A9F4}] => (Allow) C:\Program Files\Opera\50.0.2762.58\opera.exe ==================== Pontos de Restauração ========================= ATENÇÃO: A Restauração do Sistema está desabilitada ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (01/18/2018 04:59:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0x80004005 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/18/2018 04:58:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0x80004005 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/18/2018 04:58:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0x80004005 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (01/18/2018 04:58:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0x80004005 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/17/2018 10:59:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ProjectG.exe, versão: 5.0.0.2, carimbo de data/hora: 0x4d645cef Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento da falha: 0xa01a47f9 ID do processo com falha: 0x1778 Hora de início do aplicativo com falha: 0x01d38ff7994164db Caminho do aplicativo com falha: D:\PANGYA\PangYa_BR\ProjectG.exe Caminho do módulo com falha: unknown ID do Relatório: f03f81d7-b0c6-4157-9592-cb869b6c3276 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (01/17/2018 10:54:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ProjectG.exe, versão: 5.0.0.2, carimbo de data/hora: 0x4d645cef Nome do módulo com falha: wangreal.dll, versão: 1.0.0.1, carimbo de data/hora: 0x4d645bcb Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000762a ID do processo com falha: 0xf00 Hora de início do aplicativo com falha: 0x01d38ff402e665cc Caminho do aplicativo com falha: D:\PANGYA\PangYa_BR\ProjectG.exe Caminho do módulo com falha: D:\PANGYA\PangYa_BR\wangreal.dll ID do Relatório: 290c564e-6163-4ada-afa1-eec8000e4527 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (01/17/2018 10:33:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ProjectG.exe, versão: 5.0.0.2, carimbo de data/hora: 0x4d645cef Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0xc0000005 Deslocamento da falha: 0xa01a47f9 ID do processo com falha: 0xf00 Hora de início do aplicativo com falha: 0x01d38ff402e665cc Caminho do aplicativo com falha: D:\PANGYA\PangYa_BR\ProjectG.exe Caminho do módulo com falha: unknown ID do Relatório: 63ea78d2-e621-4ba7-8acb-4d006d8b6580 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (01/17/2018 10:31:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0x80004005 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/17/2018 10:29:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0x80004005 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (01/17/2018 10:29:54 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0x80004005 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Erros de Sistema: ============= Error: (01/18/2018 04:58:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF6LAKC) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao usuário DESKTOP-GF6LAKC\bolic SID (S-1-5-21-3771028101-2572381435-3112059945-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (01/18/2018 04:58:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF6LAKC) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao usuário DESKTOP-GF6LAKC\bolic SID (S-1-5-21-3771028101-2572381435-3112059945-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (01/18/2018 04:58:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço WsDrvInst devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (01/18/2018 04:58:28 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF6LAKC) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Iniciar para o aplicativo de Servidor COM com CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} e APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} ao usuário DESKTOP-GF6LAKC\bolic SID (S-1-5-21-3771028101-2572381435-3112059945-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (01/18/2018 04:58:27 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} e APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (01/18/2018 04:58:27 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} e APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (01/18/2018 04:58:27 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} e APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (01/18/2018 04:58:27 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} e APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (01/18/2018 02:00:04 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF6LAKC) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao usuário DESKTOP-GF6LAKC\bolic SID (S-1-5-21-3771028101-2572381435-3112059945-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (01/18/2018 12:30:30 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GF6LAKC) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} e APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} ao usuário DESKTOP-GF6LAKC\bolic SID (S-1-5-21-3771028101-2572381435-3112059945-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. CodeIntegrity: =================================== Date: 2018-01-16 22:39:51.770 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Opera\50.0.2762.58\opera.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-16 22:38:15.108 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Opera\50.0.2762.58\opera.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-16 22:34:19.737 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Opera\50.0.2762.58\opera.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-16 18:42:19.990 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-16 18:42:19.989 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-16 18:38:40.507 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-16 18:38:40.506 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-16 18:30:33.359 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-16 18:30:33.359 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-01-16 18:21:28.407 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Informações da Memória =========================== Processador: AMD Ryzen 5 1600X Six-Core Processor Percentagem de memória em uso: 31% RAM física total: 8124.08 MB RAM física disponível: 5599.11 MB Virtual Total: 14780.08 MB Virtual disponível: 12062.13 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.24 GB) (Free:50.39 GB) NTFS Drive d: (Disco Local) (Fixed) (Total:931.39 GB) (Free:821.22 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== Fim de Addition.txt ============================
  4. Boa noite galera, tudo certo? Cara, vocês são minha ultima esperança pra remover essa desgraça do computador. Não sei mais o que fazer na vida pra tirar isso. O pipeschannels é um site que abre como popup (mesmo com adblock e bloqueio de anuncios do opera ligado) e fica me redirecionando pra outros sites, como duckduckgo, uploadocean, digitaldsp, cracxpro, liveadexchanger, waudeesestew, entre VARIOS E VARIOS outros... Ja tentei Malwarebytes (as 2 ferramentas, inclusive a especifica pra malware), Ja deletei o opera e instalei de novo, ja passei o spyhunter 4, ja passei o windows defender, ja passei ccleaner, ja deletei as entradas no registro, ja tentei combofix (mas não roda em win 10 parece), ja passei o adwcleaner, ja verifiquei se existem extensões, addons, e tudo a mais... Coisas que achei suspeitas: 1- Na minhas opções da internet, quando clico em Conexões e, em seguida, Configuração de LAN, tinha um script setado pra ser executar. Tirei o set dele, mas o link pernace la... deixei marcado somente Detectar configurações automaticamente. O script é esse link (http://unstopnet.com/wpad.dat?746ff3c23e469e8fce25f69a7204956637745857); 2- Nas minhas exceções, tava marcado automaticamente para NÃO BLOQUEAR: Baidu.com, yandex.com, duckduckgo.com, google.com, facebook.com. Tirei todos tambem pra bloquear propaganda de tudo; 3- Se clico algumas vezes entre a barra url e a pagina do site, no google, aparece uma Secure Search bar, como se fosse pra mim digitar a pesquisa. Se dou botão direito, não vira nada, é como se fosse invisivel. Além disso, quando fecho a barra, ela fecha a aba e abre uma aba em branco (speed dial do opera) 4- As vezes, faço uma pesquisa no google ou na própria barra URL e ao invés de pesquisar no google, pesquisa no Yahoo, sendo que está setado todas as pequisas no google; Bom, isso é o que fiz até agora. Pode ser que tenha esquecido algo, mas é que to tiltado 100000% chateado com isso, por não conseguir resolver. POR FAVOR, REPITO, POR FAVOR ALGUEM ME AJUDE!!!

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×