Ir ao conteúdo
  • Comunicados

    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.

freed03

Membros Juniores
  • Total de itens

    8
  • Registro em

  • Última visita

  • Qualificações

    N/D
  1. Bom dia Roni_! Alguns arquivos foram colocados em quarentena pelo outro antivirus que uso (McAfee Antivirus Plus), por isso não aparecem na lista abaixo, mas já deletei todos. Log ESET: C:\AdwCleaner\quarantine\frAQBc8Wsa\{BAAB946F-7E00-41F4-BEC7-B8CCF758E012}\setup.msi a variant of Win32/UwS.SlimDrivers.A application deleted C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\File System\078\p\00\00000000 a variant of Win32/Packed.VMProtect.ABD trojan deleted C:\Users\fredg\Desktop\A R Q\Blocos e Famílias\Familias REVIT\acessórios-objetos\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application cleaned by deleting C:\Users\fredg\Desktop\Backup PC\Fred\Familias REVIT\acessórios-objetos\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application cleaned by deleting C:\Users\fredg\Documents\Programas ARQ\AUTODESK.REVIT.ARCHITECTURE.V2014-ISO\rac2014.iso a variant of Win32/Keygen.HA potentially unsafe application deleted C:\Users\fredg\Downloads\ccsetup532pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting C:\Users\fredg\Downloads\Instaladores\Adobe.InDesign.CC.2017.v12.0.x64.rar a variant of Win32/HackTool.Patcher.CH potentially unsafe application deleted C:\Users\fredg\Downloads\Instaladores\Office 2016 AIO.iso MSIL/HackTool.Agent.BD potentially unsafe application deleted C:\Users\fredg\Downloads\Instaladores\SkullCracked-Cinema 4D R18.rar a variant of Win32/Packed.VMProtect.ABD trojan deleted C:\Users\fredg\Downloads\Instaladores\xf-adsk2016_x64.7z a variant of Win32/Keygen.OX potentially unsafe application deleted C:\Users\fredg\Downloads\Instaladores\Adobe After Effects CC 2017 v14.0.1 + Crack [SadeemPC]\Crack\Adobe CC 2017 XFORCE Activation.zip BAT/HostsChanger.A potentially unsafe application deleted C:\Users\fredg\Downloads\Instaladores\Adobe Photoshop CC 2017 v18.0.1 (x86x64) Incl Crack + Portable [SadeemPC]\Crack\Adobe CC 2017 XFORCE Activation.zip BAT/HostsChanger.A potentially unsafe application deleted C:\Users\fredg\Downloads\Instaladores\Adobe Photoshop CC 2017 v18.0.1 (x86x64) Incl Crack + Portable [SadeemPC]\Crack\Adobe CC 2015.5 XFORCE Activation\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application cleaned by deleting C:\Users\fredg\Downloads\Instaladores\Autodesk AutoCAD 2016 (x64)\64 Bit {X64}\Keygen\xf-adsk2016_x64.exe a variant of Win32/Keygen.OX potentially unsafe application cleaned by deleting C:\Users\fredg\Downloads\Instaladores\Autodesk Revit 2016 R2 x64 + Revit Extensions + Crack\Autodesk Revit 2016_\Autodesk_Revit_2016_R2\xf-adsk2016_x64.7z a variant of Win32/Keygen.OX potentially unsafe application deleted C:\Users\fredg\Downloads\Instaladores\AUTODESK.REVIT.ARCHITECTURE.V2014-ISO\rac2014.iso a variant of Win32/Keygen.HA potentially unsafe application deleted C:\Users\fredg\Downloads\Instaladores\AUTODESK.REVIT.V2017.WIN64-ISO\rvt2017_x64.iso a variant of Win32/Keygen.OX potentially unsafe application deleted (after the next restart) C:\Users\fredg\Downloads\Instaladores\Lumion 8\Lumion 8.0 Pro + Serial Number Reading Tool - [CrackzSoft]\Lumion8.0 Pro Serial number reading tool.rar a variant of Win32/Packed.EnigmaProtector.J suspicious application deleted
  2. Boa tarde! Log Farbar: Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018 Ran by fredg (28-03-2018 15:48:37) Run:1 Running from C:\Users\fredg\Desktop Loaded Profiles: fredg (Available Profiles: fredg & frarq) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: RemoveProxy: HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated) <==== ATTENTION HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated) <==== ATTENTION EmptyTemp: End ***************** Restore point was successfully created. Processes closed successfully. ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= "HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2" => removed successfully "HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1" => removed successfully =========== EmptyTemp: ========== BITS transfer queue => 9461760 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 227830870 B Java, Flash, Steam htmlcache => 527974260 B Windows/system/drivers => 3304361 B Edge => 4608 B Chrome => 1024731538 B Firefox => 3949026 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 162821 B systemprofile32 => 0 B LocalService => 146940 B NetworkService => 444002 B fredg => 293899756 B frarq => 31886 B RecycleBin => 6235024618 B EmptyTemp: => 7.8 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 15:55:10 ==== ESET log: C:\AdwCleaner\quarantine\frAQBc8Wsa\{BAAB946F-7E00-41F4-BEC7-B8CCF758E012}\setup.msi a variant of Win32/UwS.SlimDrivers.A application C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\File System\078\p\00\00000000 a variant of Win32/Packed.VMProtect.ABD trojan C:\Users\fredg\Desktop\A R Q\Blocos e Famílias\Familias REVIT\acessórios-objetos\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application C:\Users\fredg\Desktop\Backup PC\Fred\Familias REVIT\acessórios-objetos\spsetup116.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application C:\Users\fredg\Desktop\Backup PC\Fred\Lumion v5.0\L.5.pro.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application C:\Users\fredg\Documents\Programas ARQ\AUTODESK.REVIT.ARCHITECTURE.V2014-ISO\rac2014.iso a variant of Win32/Keygen.HA potentially unsafe application C:\Users\fredg\Downloads\ccsetup532pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\Users\fredg\Downloads\Adobe After Effects CC 2017 v14.0.1 + Crack [SadeemPC]\Crack\Adobe CC 2017 XFORCE Activation.zip BAT/HostsChanger.A potentially unsafe application C:\Users\fredg\Downloads\Instaladores\Adobe.InDesign.CC.2017.v12.0.x64.rar a variant of Win32/HackTool.Patcher.CH potentially unsafe application C:\Users\fredg\Downloads\Instaladores\Office 2016 AIO.iso MSIL/HackTool.Agent.BD potentially unsafe application C:\Users\fredg\Downloads\Instaladores\SkullCracked-Cinema 4D R18.rar a variant of Win32/Packed.VMProtect.ABD trojan C:\Users\fredg\Downloads\Instaladores\xf-adsk2016_x64.7z a variant of Win32/Keygen.OX potentially unsafe application C:\Users\fredg\Downloads\Instaladores\Adobe Photoshop CC 2017 v18.0.1 (x86x64) Incl Crack + Portable [SadeemPC]\Crack\Adobe CC 2017 XFORCE Activation.zip BAT/HostsChanger.A potentially unsafe application C:\Users\fredg\Downloads\Instaladores\Adobe Photoshop CC 2017 v18.0.1 (x86x64) Incl Crack + Portable [SadeemPC]\Crack\Adobe CC 2015.5 XFORCE Activation\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application C:\Users\fredg\Downloads\Instaladores\Autodesk AutoCAD 2016 (x64)\64 Bit {X64}\Keygen\xf-adsk2016_x64.exe a variant of Win32/Keygen.OX potentially unsafe application C:\Users\fredg\Downloads\Instaladores\Autodesk Revit 2016 R2 x64 + Revit Extensions + Crack\Autodesk Revit 2016_\Autodesk_Revit_2016_R2\xf-adsk2016_x64.7z a variant of Win32/Keygen.OX potentially unsafe application C:\Users\fredg\Downloads\Instaladores\AUTODESK.REVIT.ARCHITECTURE.V2014-ISO\rac2014.iso a variant of Win32/Keygen.HA potentially unsafe application C:\Users\fredg\Downloads\Instaladores\AUTODESK.REVIT.V2017.WIN64-ISO\rvt2017_x64.iso a variant of Win32/Keygen.OX potentially unsafe application C:\Users\fredg\Downloads\Instaladores\Cinema 4D R18\Crack\xf-c4dr18.exe a variant of Win32/Packed.VMProtect.ABD trojan C:\Users\fredg\Downloads\Instaladores\Lumion 8\Lumion 8.0 Pro + Serial Number Reading Tool - [CrackzSoft]\Lumion8.0 Pro Serial number reading tool.rar a variant of Win32/Packed.EnigmaProtector.J suspicious application
  3. Log Addition.txt: Addition.txt Log FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018 Ran by fredg (administrator) on FRED-PC (23-03-2018 15:21:52) Running from C:\Users\fredg\Desktop Loaded Profiles: fredg (Available Profiles: fredg & frarq) Platform: Windows 10 Home Version 1709 16299.309 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (McAfee LLC) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee LLC) C:\Windows\System32\mfevtps.exe (McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_8\mcapexe.exe (McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\UPDMGR\5.9.117.1\mcupdatemgr.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\McCSPServiceHost.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MHN\AlertHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerSt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (KoshyJohn.com) C:\Users\fredg\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2018-01-26] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [339464 2016-02-10] (Autodesk, Inc.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567936 2018-03-15] (Dropbox, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [692160 2016-01-19] (Autodesk, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [701984 2017-07-13] (HP Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerST.exe [133952 2016-09-28] (HP) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2018-01-17] (Intel) HKLM-x32\...\Run: [HDD Regenerator] => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03222018000917523\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [404016 2017-10-25] (Microsoft Corporation) HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [HP Officejet 7610 series (NET)] => C:\Program Files\HP\HP Officejet 7610 series\Bin\ScanToPCActivationApp.exe [2631784 2012-10-21] (Hewlett-Packard Co.) HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd) HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [小米云服务] => C:\Users\fredg\AppData\Local\MiCloudPC\update.exe [1524136 2017-08-14] (GitHub) HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [Memory Cleaner] => C:\Users\fredg\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe [1035912 2017-09-18] (KoshyJohn.com) HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [dowll] => C:\Users\fredg\AppData\Roaming\fredg\Clow.vbe HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Run: [Spotify Web Helper] => C:\Users\fredg\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-02] (Spotify Ltd) HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated) <==== ATTENTION HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-01-30] (Adobe Systems Incorporated) <==== ATTENTION HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\...\Policies\Explorer: [] HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [404016 2017-10-25] (Microsoft Corporation) Startup: C:\Users\fredg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2016-09-12] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\fredg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 7110 series (Network).lnk [2017-01-20] ShortcutTarget: Monitor Ink Alerts - HP Officejet 7110 series (Network).lnk -> C:\Program Files\HP\HP Officejet 7110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9d04c4d7-6cfc-4cac-98d8-f3c35b784df6}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{cf915970-ae6a-4d96-87fd-db672fa7dade}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE HKU\S-1-5-21-3809071994-1686498011-1761039581-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-01-21] (Oracle Corporation) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-02] (McAfee, Inc.) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-21] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-02] (McAfee, Inc.) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-03-02] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-03-02] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-01-25] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-01-25] (McAfee, Inc.) FireFox: ======== FF DefaultProfile: ilnon12z.default FF ProfilePath: C:\Users\fredg\AppData\Roaming\Mozilla\Firefox\Profiles\ilnon12z.default [2018-03-19] FF Homepage: Mozilla\Firefox\Profiles\ilnon12z.default -> about:home FF NewTab: Mozilla\Firefox\Profiles\ilnon12z.default -> about:newtab FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-02-09] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-21] (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-01-25] () FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-01-30] (Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-01-25] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-29] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-01-30] (Adobe Systems) Chrome: ======= CHR NewTab: Default -> Active:"chrome-extension://nnnkddnnlpamobajfibfdgfnbcnkgngh/home/home.html" CHR Profile: C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default [2018-03-23] CHR Extension: (Apresentações) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-19] CHR Extension: (Kindle Cloud Reader) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldnnhmpcmipijphdbchbfdmnafnjia [2018-03-19] CHR Extension: (3DTin) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi [2018-03-19] CHR Extension: (Documentos) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-19] CHR Extension: (Google Drive) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-19] CHR Extension: (YouTube) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-19] CHR Extension: (Adobe Acrobat) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-03-19] CHR Extension: (Planilhas) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-19] CHR Extension: (McAfee® WebAdvisor) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-03-19] CHR Extension: (Documentos Google off-line) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-19] CHR Extension: (Vysor) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2018-03-22] CHR Extension: (AdBlock) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-19] CHR Extension: (Pinterest Save Button) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-03-19] CHR Extension: (Cisco WebEx Extension) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-03-19] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-03-19] CHR Extension: (Infinity New Tab (Pro)) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnnkddnnlpamobajfibfdgfnbcnkgngh [2018-03-19] CHR Extension: (AdSkipper) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2018-03-19] CHR Extension: (Psykopaint) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2018-03-19] CHR Extension: (Gmail) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-19] CHR Extension: (Chrome Media Router) - C:\Users\fredg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-19] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0037141521772140mcinstcleanup; C:\WINDOWS\TEMP\003714~1.EXE [1031928 2018-03-22] (McAfee, Inc.) S4 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1222664 2016-01-19] (Autodesk Inc.) S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-01-30] (Adobe Systems Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated) S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-02-03] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation) S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc.) S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-08] (Dropbox, Inc.) S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-08] (Dropbox, Inc.) S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-03-15] (Dropbox, Inc.) S4 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [2183440 2014-12-10] (DIAL GmbH) S4 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2018-01-17] (Intel) S4 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [1701480 2018-01-26] (Intel Corporation) S4 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] () S4 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1319208 2017-07-05] (HP Inc.) S4 hp3ddgsrv; C:\WINDOWS\system32\HP3DDGService.exe [130072 2017-09-22] (HP) S4 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38752 2016-09-26] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.) S4 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc.) S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53680 2018-02-05] (AnchorFree Inc.) S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18488 2016-03-08] (Intel Corporation) S4 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2018-01-10] (Intel Corporation) S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel(R) Corporation) S4 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation) S4 Intel(R) WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-18] (Intel Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-03-02] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728296 2018-01-31] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.7.371.0\\McCSPServiceHost.exe [2140888 2017-12-14] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-01-26] (McAfee LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-01-26] (McAfee LLC) R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [475600 2018-01-26] (McAfee LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1666224 2017-12-19] (McAfee, Inc.) S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-01-17] () S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-24] (Electronic Arts) S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-24] (Electronic Arts) S4 PDF Architect 5 Manager; C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985904 2017-02-28] (© pdfforge GmbH.) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1045360 2018-01-30] (McAfee, Inc.) R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2016-07-16] () S4 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc) S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324576 2018-01-26] (Realtek Semiconductor) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated) S4 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [182544 2018-01-11] () S4 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [886032 2018-01-11] () S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe [356152 2018-03-03] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe [106280 2018-03-03] (Microsoft Corporation) S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed] S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2018-01-17] (Intel® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [53760 2017-12-18] (HP) S3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-01-03] (AnchorFree Inc.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-01-31] (McAfee LLC) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69560 2018-01-26] (Intel Corporation) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-11] (Disc Soft Ltd) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [33448 2016-12-07] () R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [30320 2017-11-23] (Windows (R) Codename Longhorn DDK provider) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382392 2018-01-26] (Intel Corporation) S3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-13] (ELAN Microelectronic Corp.) S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed] S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218336 2017-10-09] (McAfee, Inc.) R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [39936 2017-12-18] (HP) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-07-13] (REALiX(tm)) S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2018-01-10] (Intel Corporation) R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-21] (Malwarebytes) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [496544 2018-01-31] (McAfee LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [357792 2018-01-31] (McAfee LLC) U3 mfeavfk01; no ImagePath S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-01-31] (McAfee LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [528288 2018-01-31] (McAfee LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [948128 2018-01-31] (McAfee LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [521128 2017-11-21] (McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108464 2017-11-21] (McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115104 2018-01-31] (McAfee LLC) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-01-31] (McAfee LLC) S3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw04.sys [3556072 2017-07-30] (Intel Corporation) S3 NETwNs64; C:\WINDOWS\System32\drivers\Netwsw04.sys [3471880 2017-10-26] (Intel Corporation) R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8614888 2018-01-17] (Intel Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-11-16] (Realtek ) S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782816 2017-11-16] (Realsil Semiconductor Corporation) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation) S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41512 2018-01-11] () S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-02-22] (Anchorfree Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-03-03] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288296 2018-03-03] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129568 2018-03-03] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-23 15:21 - 2018-03-23 15:24 - 000030879 _____ C:\Users\fredg\Desktop\FRST.txt 2018-03-23 15:21 - 2018-03-23 15:21 - 000000000 ____D C:\FRST 2018-03-23 15:20 - 2018-03-23 15:20 - 001388448 _____ C:\Users\Public\ASR.dat 2018-03-23 15:18 - 2018-03-23 15:18 - 002403328 _____ (Farbar) C:\Users\fredg\Desktop\FRST64.exe 2018-03-22 22:57 - 2018-03-22 22:57 - 000001860 _____ C:\Users\fredg\Desktop\mb-scan.txt 2018-03-20 17:18 - 2018-03-21 00:21 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-03-20 17:17 - 2018-03-20 17:17 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-03-20 17:17 - 2018-03-20 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-20 17:17 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2018-03-20 17:10 - 2018-03-20 17:17 - 070573424 _____ (Malwarebytes ) C:\Users\fredg\Desktop\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4420.exe 2018-03-20 17:01 - 2018-03-20 17:05 - 000049104 _____ C:\Users\fredg\Desktop\ZHPCleaner.html 2018-03-20 17:01 - 2018-03-20 17:05 - 000021795 _____ C:\Users\fredg\Desktop\ZHPCleaner.txt 2018-03-20 16:43 - 2018-03-20 17:05 - 000000000 ____D C:\Users\fredg\AppData\Roaming\ZHP 2018-03-20 16:43 - 2018-03-20 16:43 - 000000882 _____ C:\Users\fredg\Desktop\ZHPCleaner.lnk 2018-03-20 16:43 - 2018-03-20 16:43 - 000000000 ____D C:\Users\fredg\AppData\Local\ZHP 2018-03-20 16:42 - 2018-03-20 16:42 - 003102592 _____ C:\Users\fredg\Desktop\ZHPCleaner.exe 2018-03-20 16:38 - 2018-03-20 16:40 - 000001838 _____ C:\Users\fredg\Desktop\sc-cleaner.txt 2018-03-20 16:23 - 2018-03-20 16:23 - 000472016 _____ (Bleeping Computer, LLC) C:\Users\fredg\Desktop\sc-cleaner.exe 2018-03-19 14:28 - 2018-03-19 14:28 - 000001339 _____ C:\Users\fredg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee WebAdvisor.lnk 2018-03-19 14:19 - 2018-03-19 14:19 - 000002132 _____ C:\Users\Public\Desktop\McAfee® AntiVirus Plus.lnk 2018-03-19 14:19 - 2018-03-19 14:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2018-03-19 14:18 - 2017-10-09 23:14 - 000218336 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys 2018-03-19 14:17 - 2018-03-19 14:26 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon 2018-03-19 14:16 - 2018-03-19 14:20 - 000000000 ____D C:\Program Files\McAfee 2018-03-19 14:16 - 2018-03-19 14:16 - 000000000 ____D C:\Program Files\McAfee.com 2018-03-19 14:15 - 2018-03-22 23:28 - 000000000 ____D C:\Program Files (x86)\McAfee 2018-03-19 14:09 - 2018-01-26 15:48 - 000475600 _____ (McAfee LLC) C:\WINDOWS\system32\mfevtps.exe 2018-03-19 13:51 - 2018-03-19 13:51 - 000000000 ____D C:\Users\fredg\AppData\Local\DBG 2018-03-19 13:05 - 2018-03-19 13:05 - 000004796 _____ C:\Users\fredg\Desktop\MCShield-AllScans.txt 2018-03-19 12:53 - 2018-03-23 15:06 - 000000000 ____D C:\ProgramData\MCShield 2018-03-19 12:53 - 2018-03-19 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield 2018-03-19 12:53 - 2018-03-19 12:53 - 000000000 ____D C:\Program Files (x86)\MCShield 2018-03-19 07:29 - 2018-03-19 07:29 - 000000000 ____D C:\Users\fredg\AppData\Local\NetworkTiles 2018-03-19 07:28 - 2018-03-19 06:22 - 000024064 _____ C:\WINDOWS\zoek-delete.exe 2018-03-18 22:03 - 2018-03-18 22:03 - 002856736 _____ (MyCity) C:\Users\fredg\Desktop\MCShield-Setup.exe 2018-03-18 17:35 - 2018-03-19 14:28 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2018-03-18 17:12 - 2018-03-18 17:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2018-03-18 14:15 - 2018-03-18 14:15 - 000000000 ____D C:\zoek_backup 2018-03-18 12:55 - 2018-03-18 12:55 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2018-03-18 12:45 - 2018-03-18 13:12 - 000629606 _____ C:\WINDOWS\ntbtlog.txt 2018-03-18 12:39 - 2018-03-18 12:39 - 000000000 _____ C:\Users\fredg\AppData\Local\{0D4446B2-8224-42BF-8D5F-3EF814DC9ACD} 2018-03-18 12:22 - 2018-03-18 12:22 - 000000000 ____D C:\Users\fredg\AppData\Roaming\pwclean 2018-03-18 12:02 - 2018-03-18 12:02 - 008222496 _____ (Malwarebytes) C:\Users\fredg\Downloads\adwcleaner_7.0.8.0.exe 2018-03-18 11:57 - 2018-03-18 11:57 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2517E4C3.sys 2018-03-18 11:57 - 2018-03-18 11:57 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5A65448E.sys 2018-03-18 10:03 - 2018-03-02 00:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2018-03-18 10:03 - 2018-03-02 00:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll 2018-03-18 10:03 - 2018-03-02 00:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-03-18 10:03 - 2018-03-02 00:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll 2018-03-18 10:03 - 2018-03-02 00:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll 2018-03-18 10:03 - 2018-03-02 00:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll 2018-03-18 10:03 - 2018-03-01 23:59 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2018-03-18 10:03 - 2018-03-01 17:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll 2018-03-18 10:03 - 2018-03-01 04:50 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2018-03-18 10:03 - 2018-03-01 04:49 - 000389536 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2018-03-18 10:03 - 2018-03-01 04:48 - 000664472 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2018-03-18 10:03 - 2018-03-01 04:47 - 000749464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2018-03-18 10:03 - 2018-03-01 04:47 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2018-03-18 10:03 - 2018-03-01 04:46 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2018-03-18 10:03 - 2018-03-01 04:46 - 001568664 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2018-03-18 10:03 - 2018-03-01 04:46 - 000609176 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2018-03-18 10:03 - 2018-03-01 04:46 - 000138144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2018-03-18 10:03 - 2018-03-01 04:45 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2018-03-18 10:03 - 2018-03-01 04:40 - 002514936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2018-03-18 10:03 - 2018-03-01 04:40 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2018-03-18 10:03 - 2018-03-01 04:40 - 000273304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2018-03-18 10:03 - 2018-03-01 04:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2018-03-18 10:03 - 2018-03-01 04:31 - 008602520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-03-18 10:03 - 2018-03-01 04:30 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-03-18 10:03 - 2018-03-01 04:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2018-03-18 10:03 - 2018-03-01 04:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2018-03-18 10:03 - 2018-03-01 04:27 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2018-03-18 10:03 - 2018-03-01 04:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-03-18 10:03 - 2018-03-01 04:25 - 000377752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2018-03-18 10:03 - 2018-03-01 04:23 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2018-03-18 10:03 - 2018-03-01 04:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-03-18 10:03 - 2018-03-01 04:17 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-03-18 10:03 - 2018-03-01 04:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2018-03-18 10:03 - 2018-03-01 04:17 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2018-03-18 10:03 - 2018-03-01 04:15 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-03-18 10:03 - 2018-03-01 04:14 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-03-18 10:03 - 2018-03-01 04:14 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-03-18 10:03 - 2018-03-01 04:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll 2018-03-18 10:03 - 2018-03-01 04:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2018-03-18 10:03 - 2018-03-01 04:14 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2018-03-18 10:03 - 2018-03-01 04:14 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2018-03-18 10:03 - 2018-03-01 04:14 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2018-03-18 10:03 - 2018-03-01 04:12 - 000677272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-03-18 10:03 - 2018-03-01 04:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2018-03-18 10:03 - 2018-03-01 04:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2018-03-18 10:03 - 2018-03-01 04:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2018-03-18 10:03 - 2018-03-01 04:10 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2018-03-18 10:03 - 2018-03-01 04:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll 2018-03-18 10:03 - 2018-03-01 04:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys 2018-03-18 10:03 - 2018-03-01 04:09 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-03-18 10:03 - 2018-03-01 03:51 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2018-03-18 10:03 - 2018-03-01 03:48 - 001930736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2018-03-18 10:03 - 2018-03-01 03:39 - 000213400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2018-03-18 10:03 - 2018-03-01 03:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2018-03-18 10:03 - 2018-03-01 03:29 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-03-18 10:03 - 2018-03-01 03:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-03-18 10:03 - 2018-03-01 03:28 - 006480616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-03-18 10:03 - 2018-03-01 03:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-03-18 10:03 - 2018-03-01 03:28 - 000115096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2018-03-18 10:03 - 2018-03-01 03:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2018-03-18 10:03 - 2018-03-01 03:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2018-03-18 10:03 - 2018-03-01 03:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2018-03-18 10:03 - 2018-03-01 03:26 - 001057816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-03-18 10:03 - 2018-03-01 03:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll 2018-03-18 10:03 - 2018-03-01 03:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2018-03-18 10:03 - 2018-03-01 03:09 - 025251840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-03-18 10:03 - 2018-03-01 03:03 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-03-18 10:03 - 2018-03-01 03:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll 2018-03-18 10:03 - 2018-03-01 03:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-03-18 10:03 - 2018-03-01 03:03 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll 2018-03-18 10:03 - 2018-03-01 03:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2018-03-18 10:03 - 2018-03-01 03:01 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-03-18 10:03 - 2018-03-01 03:01 - 006575616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-03-18 10:03 - 2018-03-01 03:01 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-03-18 10:03 - 2018-03-01 03:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll 2018-03-18 10:03 - 2018-03-01 03:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2018-03-18 10:03 - 2018-03-01 02:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll 2018-03-18 10:03 - 2018-03-01 02:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2018-03-18 10:03 - 2018-03-01 02:58 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-03-18 10:03 - 2018-03-01 02:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll 2018-03-18 10:03 - 2018-03-01 02:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2018-03-18 10:03 - 2018-03-01 02:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-03-18 10:03 - 2018-03-01 02:56 - 018922496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-03-18 10:03 - 2018-03-01 02:56 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-03-18 10:03 - 2018-03-01 02:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll 2018-03-18 10:03 - 2018-03-01 02:54 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-03-18 10:03 - 2018-03-01 02:54 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2018-03-18 10:03 - 2018-03-01 02:54 - 001296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-03-18 10:03 - 2018-03-01 02:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-03-18 10:03 - 2018-03-01 02:54 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-03-18 10:03 - 2018-03-01 02:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-03-18 10:03 - 2018-03-01 02:53 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-03-18 10:03 - 2018-03-01 02:53 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-03-18 10:03 - 2018-03-01 02:53 - 000399872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-03-18 10:03 - 2018-03-01 02:53 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-03-18 10:03 - 2018-03-01 02:53 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2018-03-18 10:03 - 2018-03-01 02:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2018-03-18 10:03 - 2018-03-01 02:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2018-03-18 10:03 - 2018-03-01 02:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2018-03-18 10:03 - 2018-03-01 02:53 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll 2018-03-18 10:03 - 2018-03-01 02:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2018-03-18 10:03 - 2018-03-01 02:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-03-18 10:03 - 2018-03-01 02:52 - 006030336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-03-18 10:03 - 2018-03-01 02:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2018-03-18 10:03 - 2018-03-01 02:51 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-03-18 10:03 - 2018-03-01 02:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2018-03-18 10:03 - 2018-03-01 02:51 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll 2018-03-18 10:03 - 2018-03-01 02:50 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-03-18 10:03 - 2018-03-01 02:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-03-18 10:03 - 2018-03-01 02:50 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2018-03-18 10:03 - 2018-03-01 02:50 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2018-03-18 10:03 - 2018-03-01 02:50 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys 2018-03-18 10:03 - 2018-03-01 02:49 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-03-18 10:03 - 2018-03-01 02:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-03-18 10:03 - 2018-03-01 02:49 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll 2018-03-18 10:03 - 2018-03-01 02:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2018-03-18 10:03 - 2018-03-01 02:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll 2018-03-18 10:03 - 2018-03-01 02:48 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2018-03-18 10:03 - 2018-03-01 02:47 - 023674368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-03-18 10:03 - 2018-03-01 02:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll 2018-03-18 10:03 - 2018-03-01 02:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll 2018-03-18 10:03 - 2018-03-01 02:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2018-03-18 10:03 - 2018-03-01 02:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2018-03-18 10:03 - 2018-03-01 02:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll 2018-03-18 10:03 - 2018-03-01 02:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-03-18 10:03 - 2018-03-01 02:45 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-03-18 10:03 - 2018-03-01 02:45 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2018-03-18 10:03 - 2018-03-01 02:44 - 008030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-03-18 10:03 - 2018-03-01 02:44 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2018-03-18 10:03 - 2018-03-01 02:43 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-03-18 10:03 - 2018-03-01 02:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2018-03-18 10:03 - 2018-03-01 02:42 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-03-18 10:03 - 2018-03-01 02:41 - 008103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-03-18 10:03 - 2018-03-01 02:41 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-03-18 10:03 - 2018-03-01 02:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-03-18 10:03 - 2018-03-01 02:41 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-03-18 10:03 - 2018-03-01 02:41 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-03-18 10:03 - 2018-03-01 02:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2018-03-18 10:03 - 2018-03-01 02:39 - 002222592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2018-03-18 10:03 - 2018-03-01 02:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2018-03-18 10:03 - 2018-03-01 02:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2018-03-18 10:03 - 2018-03-01 02:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll 2018-03-18 10:03 - 2018-03-01 02:38 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2018-03-18 10:03 - 2018-03-01 02:38 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-03-18 10:03 - 2018-03-01 02:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2018-03-18 10:03 - 2018-03-01 02:36 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll 2018-03-18 10:03 - 2018-03-01 02:35 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2018-03-18 10:03 - 2018-03-01 02:35 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll 2018-03-18 10:03 - 2018-03-01 02:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2018-03-18 10:03 - 2018-02-21 23:23 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-03-18 10:03 - 2018-02-21 23:23 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-03-18 10:03 - 2018-02-21 23:13 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2018-03-18 10:03 - 2018-02-21 23:13 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-03-18 10:03 - 2018-02-21 23:11 - 000109984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys 2018-03-18 10:03 - 2018-02-21 23:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2018-03-18 10:03 - 2018-02-21 23:08 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-03-18 10:03 - 2018-02-21 23:08 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-03-18 10:03 - 2018-02-21 23:08 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2018-03-18 10:03 - 2018-02-21 23:07 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-03-18 10:03 - 2018-02-21 23:07 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-03-18 10:03 - 2018-02-21 23:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys 2018-03-18 10:03 - 2018-02-21 23:03 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2018-03-18 10:03 - 2018-02-21 23:03 - 000082848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2018-03-18 10:03 - 2018-02-21 23:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys 2018-03-18 10:03 - 2018-02-21 23:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2018-03-18 10:03 - 2018-02-21 22:59 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-03-18 10:03 - 2018-02-21 22:54 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2018-03-18 10:03 - 2018-02-21 22:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2018-03-18 10:03 - 2018-02-21 22:51 - 000555424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2018-03-18 10:03 - 2018-02-21 22:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2018-03-18 10:03 - 2018-02-21 22:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys 2018-03-18 10:03 - 2018-02-21 22:50 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-03-18 10:03 - 2018-02-21 22:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-03-18 10:03 - 2018-02-21 21:41 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-03-18 10:03 - 2018-02-21 21:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys 2018-03-18 10:03 - 2018-02-21 21:30 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys 2018-03-18 10:03 - 2018-02-21 21:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2018-03-18 10:03 - 2018-02-21 21:30 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys 2018-03-18 10:03 - 2018-02-21 21:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2018-03-18 10:03 - 2018-02-21 21:26 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2018-03-18 10:03 - 2018-02-21 21:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2018-03-18 10:03 - 2018-02-21 21:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2018-03-18 10:03 - 2018-02-21 21:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2018-03-17 19:26 - 2018-03-17 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-03-15 08:50 - 2018-03-15 08:50 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2018-03-15 08:50 - 2018-03-15 08:50 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2018-03-15 08:50 - 2018-03-15 08:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2018-03-15 08:50 - 2018-03-15 08:50 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2018-03-10 16:37 - 2018-03-10 18:48 - 000000000 ____D C:\Users\fredg\Desktop\New folder 2018-03-10 15:33 - 2018-03-10 15:33 - 000324379 _____ C:\Users\fredg\Desktop\mergedReport.pdf 2018-03-08 14:42 - 2018-03-19 13:50 - 000000000 ____D C:\Users\fredg\Desktop\Apresentação Edna e Evellyn 2018-03-07 16:49 - 2018-03-20 22:10 - 000000578 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2018-03-06 15:51 - 2018-03-06 16:03 - 123746472 _____ (HP Development Company, L.P. ) C:\Users\fredg\Downloads\sp84148.exe 2018-03-03 14:45 - 2018-03-05 16:28 - 000000000 ____D C:\Users\fredg\Desktop\Boletão 2018-02-25 15:14 - 2018-02-25 15:14 - 000000000 ____D C:\Users\fredg\AppData\Local\Simplify3D 2018-02-25 15:13 - 2018-02-25 15:14 - 000000000 ____D C:\Program Files\Simplify3D-4.0.0 2018-02-25 15:13 - 2018-02-25 15:13 - 000001870 _____ C:\Users\Public\Desktop\Simplify3D.lnk 2018-02-25 15:13 - 2018-02-25 15:13 - 000000000 __SHD C:\ProgramData\ms-drivers 2018-02-25 15:13 - 2018-02-25 15:13 - 000000000 __SHD C:\ProgramData\icsxml 2018-02-25 15:13 - 2018-02-25 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simplify3D Software 2018-02-25 15:06 - 2018-02-25 15:06 - 000028570 _____ C:\Users\fredg\Downloads\Simplify3d.v3.0.3d.printing.application.windows.x86.x64.torrent 2018-02-24 21:03 - 2018-03-17 18:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-02-21 16:36 - 2018-02-21 16:36 - 000000000 ___RD C:\Users\fredg\Creative Cloud Files ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-23 15:08 - 2017-10-27 22:37 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{184EBAEA-6704-429D-A33D-516DEB38A8CF} 2018-03-22 22:59 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-03-22 22:58 - 2017-09-29 10:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-03-22 22:58 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-03-22 22:53 - 2017-10-27 21:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-03-22 00:07 - 2017-10-27 22:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-03-22 00:07 - 2017-10-27 22:00 - 000000000 ____D C:\Users\fredg 2018-03-21 23:41 - 2017-10-27 22:37 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3809071994-1686498011-1761039581-1001 2018-03-21 23:40 - 2016-07-08 21:59 - 000002374 _____ C:\Users\fredg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-03-21 23:25 - 2016-07-08 21:59 - 000000000 __RDL C:\Users\fredg\OneDrive 2018-03-21 23:19 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-03-21 01:56 - 2016-07-10 02:13 - 000000000 ____D C:\Users\fredg\AppData\Local\Spotify 2018-03-21 01:53 - 2016-07-10 02:12 - 000000000 ____D C:\Users\fredg\AppData\Roaming\Spotify 2018-03-21 00:18 - 2017-09-29 05:45 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2018-03-20 20:40 - 2016-07-08 21:59 - 000002306 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-20 17:17 - 2016-09-08 20:29 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-20 16:24 - 2016-12-14 22:10 - 000000000 ____D C:\AdwCleaner 2018-03-19 18:51 - 2017-09-29 10:44 - 000000000 ____D C:\WINDOWS\INF 2018-03-19 17:30 - 2016-06-25 11:10 - 000000000 ____D C:\ProgramData\McAfee 2018-03-19 17:27 - 2017-10-27 21:59 - 001213670 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-03-19 14:28 - 2017-09-29 10:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2018-03-19 14:27 - 2017-09-29 05:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-03-19 14:27 - 2017-07-09 22:46 - 000000000 ____D C:\Program Files\Common Files\AV 2018-03-19 14:26 - 2017-07-09 22:39 - 000000000 ____D C:\Program Files\Common Files\McAfee 2018-03-19 14:25 - 2017-10-27 22:37 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2018-03-19 14:15 - 2017-10-27 22:37 - 000003442 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare) 2018-03-19 14:06 - 2017-08-02 15:52 - 000000000 ____D C:\Users\fredg\Downloads\Instaladores 2018-03-18 17:16 - 2015-10-30 03:28 - 000000000 ____D C:\Users\Default.migrated 2018-03-18 14:06 - 2016-09-28 17:49 - 000000132 _____ C:\Users\fredg\AppData\Roaming\Adobe PNG Format CS6 Prefs 2018-03-18 11:41 - 2016-07-08 21:50 - 000000000 __SHD C:\Users\fredg\IntelGraphicsProfiles 2018-03-18 11:15 - 2016-09-20 23:22 - 000000000 ___RD C:\Users\fredg\3D Objects 2018-03-18 11:15 - 2015-11-02 15:02 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-03-18 11:13 - 2017-10-27 21:53 - 005728352 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-03-18 11:10 - 2016-08-13 13:24 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForfredg.job 2018-03-18 11:07 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\TextInput 2018-03-18 11:07 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-03-18 11:07 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2018-03-18 10:32 - 2017-09-29 10:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-03-18 10:14 - 2017-09-29 10:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-03-18 09:32 - 2017-09-29 10:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2018-03-17 21:39 - 2016-07-10 00:33 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-03-17 21:34 - 2017-10-27 22:37 - 000003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForfredg 2018-03-17 21:31 - 2017-10-10 15:09 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-03-17 21:31 - 2016-07-10 00:33 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-03-17 19:29 - 2016-04-01 15:56 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-03-17 18:43 - 2017-10-27 22:00 - 000000000 ____D C:\Users\frarq 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ___SD C:\WINDOWS\system32\F12 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ___RD C:\Program Files\Windows Defender 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\setup 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\system32\migwiz 2018-03-17 18:42 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2018-03-17 18:42 - 2017-09-29 05:45 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-03-17 18:42 - 2016-06-25 10:43 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles 2018-03-17 18:41 - 2017-09-29 11:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2018-03-17 18:41 - 2017-09-29 11:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2018-03-17 18:41 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\rescache 2018-03-17 18:41 - 2017-09-29 05:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2018-03-17 18:41 - 2017-09-29 05:45 - 000000000 ____D C:\WINDOWS\servicing 2018-03-17 18:41 - 2017-07-13 09:50 - 000000000 ____D C:\Users\fredg\AppData\LocalLow\IObit 2018-03-17 18:41 - 2017-01-06 23:40 - 000000000 ____D C:\Users\fredg\AppData\LocalLow\Heroes and Generals 2018-03-17 18:41 - 2016-08-13 21:03 - 000000000 ____D C:\ProgramData\FLEXnet 2018-03-17 18:41 - 2016-08-13 20:27 - 000000000 ____D C:\ProgramData\Autodesk 2018-03-17 18:29 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\InfusedApps 2018-03-17 18:06 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\registration 2018-03-17 18:03 - 2017-09-29 10:46 - 000000000 ____D C:\WINDOWS\SystemApps 2018-03-17 17:57 - 2017-04-19 14:04 - 000000000 ____D C:\Users\fredg\AppData\LocalLow\Sun 2018-03-17 17:55 - 2016-09-29 14:46 - 000000000 ____D C:\Users\fredg\AppData\LocalLow\Google 2018-03-16 19:11 - 2017-10-27 22:02 - 000000000 ____D C:\Users\fredg\AppData\Local\Packages 2018-03-10 17:48 - 2016-09-22 19:24 - 000000000 ____D C:\Users\fredg\AppData\Local\ElevatedDiagnostics 2018-03-10 09:33 - 2016-08-13 21:05 - 000239424 _____ C:\Users\fredg\AppData\Local\GDIPFONTCACHEV1.DAT 2018-03-09 14:11 - 2016-08-13 21:33 - 000000000 ___RD C:\Users\fredg\Desktop\A R Q 2018-03-02 20:47 - 2017-10-27 22:37 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-03-02 18:09 - 2018-01-16 21:38 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-03-02 18:09 - 2018-01-16 21:38 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-02-25 17:26 - 2016-07-08 22:14 - 000000000 ____D C:\Program Files (x86)\Steam 2018-02-25 15:12 - 2017-03-18 19:17 - 000000000 ____D C:\Users\fredg\AppData\Roaming\BitTorrent 2018-02-23 19:26 - 2017-03-07 18:32 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-02-21 16:35 - 2017-11-29 10:15 - 000000000 ___HD C:\adobeTemp 2018-02-21 16:34 - 2016-08-13 21:18 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-02-21 16:33 - 2016-07-08 21:50 - 000000000 ____D C:\Users\fredg\AppData\Roaming\Adobe 2018-02-21 16:32 - 2016-08-13 21:14 - 000000000 ____D C:\ProgramData\Adobe ==================== Files in the root of some directories ======= 2018-03-23 15:20 - 2018-03-23 15:20 - 001388448 _____ () C:\Users\Public\ASR.dat 2017-02-03 02:35 - 2017-02-03 03:19 - 000000132 _____ () C:\Users\fredg\AppData\Roaming\Adobe BMP Format CS6 Prefs 2016-09-28 17:49 - 2018-03-18 14:06 - 000000132 _____ () C:\Users\fredg\AppData\Roaming\Adobe PNG Format CS6 Prefs 2017-07-31 17:29 - 2017-07-31 17:29 - 000001456 _____ () C:\Users\fredg\AppData\Local\Adobe Save for Web 13.0 Prefs 2018-02-06 16:23 - 2018-02-06 16:23 - 000007617 _____ () C:\Users\fredg\AppData\Local\Resmon.ResmonCfg 2018-03-18 12:39 - 2018-03-18 12:39 - 000000000 _____ () C:\Users\fredg\AppData\Local\{0D4446B2-8224-42BF-8D5F-3EF814DC9ACD} Files to move or delete: ==================== C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe Some files in TEMP: ==================== 2018-03-20 16:13 - 2015-01-26 13:34 - 000015752 _____ (Autodesk, Inc.) C:\Users\fredg\AppData\Local\Temp\AcDeltree.exe 2018-03-20 16:13 - 2018-03-20 16:19 - 001962752 _____ (Flexera Software LLC) C:\Users\fredg\AppData\Local\Temp\FNP_ACT_InstallerCA.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-03-18 08:49 ==================== End of FRST.txt ============================
  4. Log AdwCleaner: AdwCleaner[C3].txt Log ScCleaner: sc-cleaner.txt Log ZHPCleaner: ZHPCleaner.txt Log Malwarebytes: mb-scan.txt Não estou conseguindo mais mudar os programas padrões que uso. Eles ficam voltando para os originais do windows e aparece a seguinte mensagem: An app default was reset An app caused a problem with the default app settings for (extensão do arquivo) files, so it was reset to (programa padrão). Mesmo eu não alterando nenhum programa, continua aparecendo essa mensagem.
  5. Obrigado, roni_! Logs: MCShield-AllScan zoek-results.logs.txt adicionado 53 minutos depois Parece que com o MCShield o vírus foi apagado de vez. Testei os dois pendrives que estavam infectados e nenhum apareceu mais aquele problema. Muitíssimo obrigado, roni_!!!!
  6. Recentemente emprestei um pendrive para uma pessoa e acabei pegando um vírus. Quando conecto o pendrive no meu PC aparece a seguinte mensagem: Porém, não possuo o avast instalado no meu PC. Em seguida, tudo que estava no pendrive some e gera apenas um atalho e pastas ocultas (como mostra a foto a seguir): Se eu clicar nessa icone do cadeado, é aberto um prompt de comando dizendo "Arquivos escaneados pelo Avast." que logo em seguida é fechado. Nas propriedades desse atalho aparecem as seguintes informações: Os arquivos originais do pendrive ficam localizados nessa pasta Securet. Já na pasta Cookie estão os seguintes arquivos: Tentei formatar o pendrive, escaneei com o McAfee Antivirus Plus tanto o pendrive quanto o PC e nada de parar com esse problema. Agora a pouco, vários prompts de comando começaram a abrir e fechar bem rápido, reiniciei o PC e parou de acontecer isso, mas o pendrive continua com o mesmo problema. Procurei sobre como resolver isso pela internet toda e não acho solução. Tentei também o processo de apagar o wscript.exe, mas sem sucesso. Agradeço desde já caso consigam me ajudar! Log: ZA-Scan.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×