Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with infected PC, probably easy.


  • This topic is locked This topic is locked
7 replies to this topic

#1 Saatsin

Saatsin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 17 April 2017 - 09:06 PM

Hello, 

here is my problem:

was installing software that ended up being riddled with malware, I Ignored Bitdefender plead to stop downloading that.

Alongside with said software, several other stuff started installing thogeter, to the point that at a time several cmd screens started flashing and disappearing. Very scary.

Ran scan with bitdefender, which got rid of a lot of stuff.

Found browser Hijacked, and ran AdwCleaner. Didn't help.

Ran Reason Core Security, which helped, until I tried installing a Chrome extension, but the download failed and yet again my browser was hijacked.

For the sake of science, tried to install extension again after reseting browser to the right search engine. Same result as before.

Ran SpyHunter. It detected about 7500 infected files. It got rid of all but one. Ran another scan and only that file was left. Tried to get rid of it again. Aparently it worked, until i tried to do the extension thing and got hijacked again.

Got desperate, didn't know what to do anymore(not a very tech savy person, you see), searched in forums for solutions. Didn't find anyone with something like that.

Ran HiJackThis.

now I am here, and i need help.

Thanks in advance.


P.S.: I'm not particularly attached to any files in this pc, most important ones are already in the cloud, so I could possibly perform a full system restore to factory settings


Hijackthis log:
 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:13:45, on 17/04/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
C:\Program Files (x86)\GbPlugin\GbpSv.exe
E:\Program Files (x86)\Steam\Steam.exe
C:\Users\Walther\AppData\Local\Akamai\netsession_win.exe
C:\Users\Walther\AppData\Local\Akamai\netsession_win.exe
C:\Users\Walther\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Walther\AppData\Local\Microsoft\OneDrive\OneDrive.exe
E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
E:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
E:\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
O4 - HKCU\..\Run: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Walther\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Walther\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Walther\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - Global Startup: Audible Download Manager.lnk = E:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: SOLIDWORKS 2016 Fast Start.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: SOLIDWORKS Electrical Collaborative Server (ewserver) - Unknown owner - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Bitdefender Product Agent Service (ProductAgentService) - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service: Remote Solver for Flow Simulation 2016 (RemoteSolverDispatcher) - Mentor Graphics Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: rscp - Unknown owner - C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
O23 - Service: Reason Core Security Service (rsService) - Reason Software Company Inc. - C:\Program Files\Reason\Security\rsService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter4 Service (SpyHunter 4 Service) - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
O23 - Service: Bitdefender Protected Service (vsservp) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 13527 bytes
 
 
 
Mod Edit
Moved from Am I Infected to MRL because of HJT log.
NickAu

Edited by NickAu, 17 April 2017 - 10:24 PM.
Mod Edit


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 AM

Posted 18 April 2017 - 08:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs.

Wait for further instructions.
===

p.s.
HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 Saatsin

Saatsin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 18 April 2017 - 11:35 AM

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 17-04-2017 01
Executado por Walther (administrador) em DESKTOP-P4JS2EE (18-04-2017 13:29:14)
Executando a partir de E:\Downloads
Perfis Carregados: Walther (Perfis Disponíveis: defaultuser0 & Walther)
Platform: Windows 10 Pro Versão 1703 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsService.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
() C:\Program Files\Reason\Security\rsLggr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\bcastdvr.exe
 
==================== Registro (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9072128 2016-11-17] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [954416 2016-12-29] (GAS Tecnologia LTDA)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [704424 2017-03-10] (Autodesk, Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-07] (Banco do Brasil)
HKU\S-1-5-21-2740690104-2874805969-3746335994-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-2740690104-2874805969-3746335994-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Walther\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2740690104-2874805969-3746335994-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1283112 2016-02-02] (Autodesk, Inc.)
HKU\S-1-5-21-2740690104-2874805969-3746335994-1001\...\Run: [Spotify Web Helper] => C:\Users\Walther\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-25] (Spotify Ltd)
HKU\S-1-5-21-2740690104-2874805969-3746335994-1001\...\Policies\Explorer: [] 
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-06-07] (Banco do Brasil)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2017-03-28]
ShortcutTarget: Audible Download Manager.lnk -> E:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2017-03-04]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
 
==================== Internet (Whitelisted) ====================
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
 
ProxyServer: [S-1-5-21-2740690104-2874805969-3746335994-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 201.21.192.167 201.21.192.162
Tcpip\..\Interfaces\{8a32e3d4-aa98-4f48-8ea0-6314481269da}: [DhcpNameServer] 201.21.192.167 201.21.192.162
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2740690104-2874805969-3746335994-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-03-29] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-09] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-09] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-03-29] (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-09] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-07] (Banco do Brasil)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-09] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-03-29] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-03-29] (Bitdefender)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-03-07]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-09] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\11.0.1.5597552\npmathplugin.dll [2016-09-21] (Wolfram Research, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Walther\AppData\Local\Google\Chrome\User Data\Default [2017-04-18]
CHR Extension: (Docs) - C:\Users\Walther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-17]
CHR Extension: (Google Drive) - C:\Users\Walther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-17]
CHR Extension: (YouTube) - C:\Users\Walther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-17]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Serviços (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1309176 2017-03-10] (Autodesk Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [689152 2017-03-18] (Microsoft Corporation)
S3 DevicesFlowUserSvc_3faaea9; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)
S3 DevicesFlowUserSvc_3faaea9; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [302592 2017-03-18] (Microsoft Corporation)
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [179208 2016-02-10] ()
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-06-07] (GAS Tecnologia)
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [64000 2017-03-18] (Microsoft Corporation)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2015-04-20] (Microsoft Corporation)
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [723968 2017-03-18] (Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2016-02-10] (Mentor Graphics Corporation)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-04-14] ()
R2 rsService; C:\Program Files\Reason\Security\rsService.exe [254232 2017-03-29] (Reason Software Company Inc.)
R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [335808 2017-03-18] (Microsoft Corporation)
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1191424 2017-03-18] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-03-04] (SolidWorks) [Arquivo não assinado]
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [868024 2017-04-17] (Enigma Software Group USA, LLC.)
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2015-04-20] (Microsoft Corporation)
R3 TokenBroker; C:\WINDOWS\System32\TokenBroker.dll [1054720 2017-03-18] (Microsoft Corporation)
R3 TokenBroker; C:\WINDOWS\SysWOW64\TokenBroker.dll [799232 2017-03-18] (Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-03-29] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1532736 2017-03-29] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [954416 2016-12-29] (GAS Tecnologia LTDA)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [555008 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation)
S3 xbgm; C:\WINDOWS\System32\xbgmsvc.dll [301216 2017-03-18] (Microsoft Corporation)
S3 XboxGipSvc; C:\WINDOWS\System32\XboxGipSvc.dll [18944 2017-03-18] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys [26568848 2017-01-25] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys [536600 2017-01-25] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
S4 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 CAD; C:\WINDOWS\System32\drivers\CAD.sys [53664 2017-03-18] (Microsoft Corporation)
S2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [12288 2017-03-18] (Microsoft Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-04-14] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-04-14] (Disc Soft Ltd)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-04-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [22704 2017-04-17] ()
R1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2017-04-16] (GAS Tecnologia)
R0 gbpddreg; C:\WINDOWS\System32\drivers\gbpddreg64.sys [29816 2017-04-16] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-05-09] (GAS Tecnologia)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation)
S3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
S3 mausbhost; C:\WINDOWS\System32\drivers\mausbhost.sys [405408 2017-03-18] (Microsoft Corporation)
S3 mausbip; C:\WINDOWS\System32\drivers\mausbip.sys [51104 2017-03-18] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [122368 2017-03-18] (Microsoft Corporation)
S3 nvdimmn; C:\WINDOWS\System32\drivers\nvdimmn.sys [80896 2017-03-18] (Microsoft Corporation)
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [101376 2017-03-18] (Microsoft Corporation)
S4 RsFx0310; C:\WINDOWS\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-10-09] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SpatialGraphFilter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [40352 2017-03-20] (Microsoft Corporation)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-05-09] (GAS Tecnologia LTDA)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [217088 2017-03-18] (Microsoft Corporation)
R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2017-04-16] (GAS Tecnologia)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [47176 2016-06-21] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-06-08] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-07] (GAS Tecnologia)
 
==================== NetSvcs (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)
NETSVC: xbgm -> C:\Windows\System32\xbgmsvc.dll (Microsoft Corporation)
NETSVC: TokenBroker -> C:\Windows\System32\TokenBroker.dll (Microsoft Corporation)
NETSVC: XboxGipSvc -> C:\Windows\System32\XboxGipSvc.dll (Microsoft Corporation)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
 
==================== Um Mês Criados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2017-04-18 13:28 - 2017-04-18 13:29 - 00000000 ____D C:\FRST
2017-04-18 11:35 - 2017-04-18 11:35 - 00002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-18 11:34 - 2017-04-18 11:40 - 00003586 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-18 11:34 - 2017-04-18 11:40 - 00003462 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-18 11:30 - 2017-04-18 11:31 - 00090670 _____ C:\TDSSKiller.3.1.0.15_18.04.2017_11.30.48_log.txt
2017-04-17 17:15 - 2017-04-17 17:15 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2017-04-17 17:15 - 2017-04-17 17:15 - 00000000 ____D C:\Users\Walther\AppData\Roaming\Enigma Software Group
2017-04-17 17:15 - 2017-04-17 17:15 - 00000000 ____D C:\sh4ldr
2017-04-17 17:15 - 2017-04-17 17:15 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-04-17 17:15 - 2017-04-17 17:15 - 00000000 _____ C:\autoexec.bat
2017-04-16 22:37 - 2017-04-16 22:37 - 00000000 ____D C:\Users\Walther\AppData\Local\PDFCreator
2017-04-16 21:12 - 2017-04-16 21:12 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-16 21:12 - 2017-04-16 21:12 - 00002388 _____ C:\Users\Walther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-16 21:11 - 2017-04-16 21:11 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2017-04-16 21:11 - 2017-04-16 21:11 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-16 21:10 - 2017-04-16 21:10 - 00000020 ___SH C:\Users\Walther\ntuser.ini
2017-04-16 21:10 - 2017-04-16 21:10 - 00000000 ____D C:\Users\Walther\AppData\Local\DBG
2017-04-16 21:10 - 2017-04-16 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-04-16 21:10 - 2017-04-16 21:10 - 00000000 ____D C:\Program Files\ATI Technologies
2017-04-16 19:56 - 2017-04-16 19:56 - 02030344 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-16 19:55 - 2017-04-16 19:55 - 00000000 ____D C:\WINDOWS\system32\ÿÿo
2017-04-16 19:55 - 2017-04-16 19:55 - 00000000 ____D C:\WINDOWS\system32\ffe44ee21a651907..bin
2017-04-16 19:55 - 2017-04-16 19:55 - 00000000 ____D C:\WINDOWS\system32\
2017-04-16 19:53 - 2017-04-16 19:53 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-04-16 19:53 - 2017-04-16 19:53 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-04-16 19:52 - 2017-04-18 09:44 - 00005256 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-P4JS2EE-Walther DESKTOP-P4JS2EE
2017-04-16 19:52 - 2017-04-18 09:32 - 00004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4AA3F089-8FEF-4816-A8B0-5BCA464B5138}
2017-04-16 19:52 - 2017-04-16 19:52 - 00022956 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-16 19:52 - 2017-04-16 19:52 - 00004876 _____ C:\WINDOWS\System32\Tasks\Muzoghtterhosy Client
2017-04-16 19:52 - 2017-04-16 19:52 - 00002782 _____ C:\WINDOWS\System32\Tasks\Reason Core Security Scheduled Scan
2017-04-16 19:52 - 2017-04-16 19:52 - 00002748 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-04-16 19:52 - 2017-04-16 19:52 - 00002742 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-04-16 19:52 - 2017-04-16 19:52 - 00002730 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-04-16 19:52 - 2017-04-16 19:52 - 00002668 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-04-16 19:52 - 2017-04-16 19:52 - 00002624 _____ C:\WINDOWS\System32\Tasks\Reason Core Security
2017-04-16 19:52 - 2017-04-16 19:52 - 00002388 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2017-04-16 19:52 - 2017-04-16 19:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-16 19:52 - 2017-04-16 19:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-04-16 19:51 - 2017-04-16 19:51 - 00000000 ____D C:\Users\Todos os Usuários\USOShared
2017-04-16 19:51 - 2017-04-16 19:51 - 00000000 ____D C:\ProgramData\USOShared
2017-04-16 19:50 - 2017-04-16 19:50 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-16 19:47 - 2017-04-16 19:51 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-16 19:47 - 2017-03-18 17:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-16 19:46 - 2017-04-18 11:35 - 00000000 ____D C:\Users\Walther
2017-04-16 19:46 - 2017-04-16 21:10 - 00000000 ____D C:\Program Files\AMD
2017-04-16 19:46 - 2017-04-16 19:52 - 00000000 ____D C:\Users\defaultuser0
2017-04-16 19:46 - 2017-04-16 19:51 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-04-16 19:46 - 2017-04-16 19:47 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-04-16 19:46 - 2017-04-16 19:47 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\Walther\Modelos
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\Walther\Meus Documentos
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\Walther\Menu Iniciar
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\Walther\Dados de Aplicativos
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\Walther\Configurações Locais
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\Walther\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\Walther\AppData\Local\Histórico
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\Walther\AppData\Local\Dados de Aplicativos
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\Walther\Ambiente de Rede
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\Walther\Ambiente de Impressão
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\defaultuser0\Modelos
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\defaultuser0\Meus Documentos
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\defaultuser0\Menu Iniciar
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\defaultuser0\Dados de Aplicativos
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\defaultuser0\Configurações Locais
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Local\Histórico
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\defaultuser0\AppData\Local\Dados de Aplicativos
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\defaultuser0\Ambiente de Rede
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 _SHDL C:\Users\defaultuser0\Ambiente de Impressão
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 ____H C:\Users\Todos os Usuários\DP45977C.lfl
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 ____D C:\Program Files\Realtek
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-04-16 19:46 - 2017-04-16 19:46 - 00000000 ____D C:\Program Files (x86)\AMD
2017-04-16 19:45 - 2017-04-18 11:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-16 19:45 - 2017-04-16 19:51 - 00217384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-16 19:43 - 2017-04-16 19:43 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 23675392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 19334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 11869696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 08319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-16 19:43 - 2017-04-16 19:43 - 08247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 06756920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-16 19:43 - 2017-04-16 19:43 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-16 19:43 - 2017-04-16 19:43 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-16 19:43 - 2017-04-16 19:43 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-16 19:43 - 2017-04-16 19:43 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-16 19:43 - 2017-04-16 19:43 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-16 19:43 - 2017-04-16 19:43 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-16 19:43 - 2017-04-16 19:43 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-16 19:43 - 2017-04-16 19:43 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-16 19:43 - 2017-04-16 19:43 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-16 19:43 - 2017-04-16 19:43 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00205728 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-16 19:43 - 2017-04-16 19:43 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-16 19:43 - 2017-04-16 19:43 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-16 19:43 - 2017-04-16 19:43 - 00000000 ____D C:\Windows.old
2017-04-16 19:42 - 2017-04-16 19:45 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-16 19:42 - 2017-04-16 19:42 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-04-16 19:42 - 2017-04-16 19:42 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-04-16 19:42 - 2017-04-16 19:42 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-16 18:57 - 2017-04-16 21:10 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-15 11:28 - 2017-04-17 17:44 - 00000000 ____D C:\Users\Walther\AppData\Local\SNARE
2017-04-14 18:06 - 2017-04-14 18:06 - 00000000 ____D C:\Users\Walther\AppData\Roaming\FiraxisLive
2017-04-14 18:06 - 2017-04-14 18:06 - 00000000 ____D C:\Users\Todos os Usuários\Steam
2017-04-14 18:06 - 2017-04-14 18:06 - 00000000 ____D C:\ProgramData\Steam
2017-04-14 18:00 - 2017-04-14 18:00 - 00000899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization VI.lnk
2017-04-14 16:14 - 2017-04-14 16:14 - 00000000 ____D C:\Users\Todos os Usuários\Reason
2017-04-14 16:14 - 2017-04-14 16:14 - 00000000 ____D C:\ProgramData\Reason
2017-04-14 16:09 - 2017-04-14 16:09 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-14 15:57 - 2017-04-16 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2017-04-14 15:57 - 2017-04-14 15:57 - 00000000 ____D C:\Program Files\Reason
2017-04-14 15:22 - 2017-04-14 15:23 - 00000000 ____D C:\AdwCleaner
2017-04-14 13:40 - 2017-04-14 13:40 - 00000000 ____D C:\Users\Walther\AppData\Temp
2017-04-14 13:23 - 2017-04-14 13:23 - 00000000 ____D C:\Users\Walther\AppData\Roaming\excdir
2017-04-14 13:14 - 2017-04-14 13:14 - 00000000 ____D C:\Users\Walther\AppData\Local\Disc_Soft_Ltd
2017-04-14 13:11 - 2017-04-17 17:44 - 00000000 ____D C:\Users\Walther\AppData\Local\Pecapale
2017-04-14 13:11 - 2017-04-17 17:44 - 00000000 ____D C:\Program Files (x86)\Muzoghtterhosy Client
2017-04-14 13:11 - 2017-04-15 11:34 - 00000000 ____D C:\Program Files (x86)\Plertus
2017-04-14 13:11 - 2017-04-14 14:12 - 00000000 ____D C:\Users\Walther\AppData\Roaming\Qazuch
2017-04-14 13:10 - 2017-04-14 13:16 - 00000000 ____D C:\Program Files\XBox
2017-04-14 13:06 - 2017-04-14 13:07 - 00000000 ____D C:\Users\Walther\AppData\Roaming\DAEMON Tools Lite
2017-04-14 13:06 - 2017-04-14 13:06 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-04-14 13:06 - 2017-04-14 13:06 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-04-14 13:05 - 2017-04-14 13:05 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2017-04-14 13:05 - 2017-04-14 13:05 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-04-12 22:22 - 2017-04-12 22:22 - 00001265 _____ C:\Users\Walther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Configurações de atualização e privacidade.lnk
2017-04-12 22:22 - 2017-04-12 22:22 - 00000000 ____D C:\Users\Walther\AppData\Local\UNP
2017-04-12 22:13 - 2017-04-16 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-04-12 22:13 - 2017-04-12 22:13 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-04-12 22:13 - 2017-04-12 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-12 22:12 - 2017-04-16 19:51 - 00000000 ____D C:\WINDOWS\SHELLNEW
2017-04-12 22:12 - 2017-04-12 22:13 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-12 22:12 - 2017-04-12 22:12 - 00000000 __RHD C:\MSOCache
2017-04-12 22:12 - 2017-04-12 22:12 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2017-04-12 22:12 - 2017-04-12 22:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-04-12 21:29 - 2017-04-14 16:02 - 00000000 ____D C:\WINDOWS\AutoKMS
2017-04-12 21:27 - 2017-04-12 22:22 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Toolkit
2017-04-12 21:27 - 2017-04-12 22:22 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2017-04-12 10:49 - 2017-04-16 19:51 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-04-12 10:49 - 2017-04-12 10:50 - 00000000 ____D C:\Program Files\UNP
2017-04-12 00:21 - 2017-04-12 00:20 - 00532136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-11 15:20 - 2017-03-28 02:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-11 15:20 - 2017-03-28 02:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-06 17:38 - 2017-04-06 17:38 - 00000000 ____D C:\Program Files (x86)\GUM8F2F.tmp
2017-04-03 14:30 - 2017-04-03 14:30 - 00001024 _____ C:\.rnd
2017-04-03 14:29 - 2017-04-18 09:29 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-04-03 14:29 - 2017-04-18 09:29 - 00000000 ____D C:\ProgramData\GbPlugin
2017-04-03 14:29 - 2017-04-16 19:52 - 00029816 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpddreg64.sys
2017-04-03 14:29 - 2017-04-16 19:52 - 00028888 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpddfac64.sys
2017-04-03 14:29 - 2017-04-16 19:51 - 00028376 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2017-04-03 14:29 - 2017-04-16 19:51 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-04-03 14:29 - 2017-04-03 14:29 - 00000000 ___HD C:\Program Files (x86)\GAS Tecnologia
2017-04-03 14:29 - 2017-04-03 14:29 - 00000000 ___HD C:\Program Files (x86)\Diebold
2017-04-03 14:29 - 2017-04-03 14:29 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2017-04-03 14:29 - 2017-04-03 14:29 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2017-04-03 14:29 - 2017-04-03 14:29 - 00000000 ____D C:\Program Files\Diebold
2017-04-03 14:29 - 2016-11-07 15:54 - 00025184 ____N (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddprm.sys
2017-04-03 14:29 - 2016-06-21 17:24 - 00047176 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddntf.sys
2017-04-03 14:29 - 2016-06-21 17:24 - 00010345 _____ C:\WINDOWS\system32\Drivers\wsddntf.cat
2017-04-03 14:29 - 2016-06-08 19:43 - 00025184 ____N (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddpp.sys
2017-04-03 14:28 - 2017-04-03 14:30 - 00000000 ____D C:\Users\Todos os Usuários\Temp
2017-04-03 14:28 - 2017-04-03 14:30 - 00000000 ____D C:\ProgramData\Temp
2017-04-02 14:06 - 2017-04-02 14:12 - 00000000 ____D C:\Users\Walther\AppData\Roaming\Mathematica
2017-04-02 14:06 - 2017-04-02 14:06 - 00000000 ____D C:\Users\Walther\AppData\Local\Wolfram
2017-04-02 14:06 - 2017-04-02 14:06 - 00000000 ____D C:\Users\Walther\AppData\Local\Mathematica
2017-04-02 08:15 - 2017-04-02 08:15 - 00087904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UNPUXWorker.exe
2017-04-01 17:53 - 2017-04-02 11:58 - 00000000 ____D C:\Users\Walther\AppData\Roaming\MuseScore
2017-04-01 17:53 - 2017-04-01 17:53 - 00000000 ____D C:\Users\Walther\AppData\Local\MuseScore
2017-04-01 17:52 - 2017-04-16 19:51 - 00000000 ____D C:\Users\Walther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2017-03-29 14:09 - 2017-04-16 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
2017-03-29 14:09 - 2017-04-02 14:06 - 00000000 ____D C:\Users\Todos os Usuários\Mathematica
2017-03-29 14:09 - 2017-04-02 14:06 - 00000000 ____D C:\ProgramData\Mathematica
2017-03-29 14:09 - 2017-03-29 14:09 - 00000000 ____D C:\Program Files\Extras
2017-03-29 14:09 - 2017-03-29 14:09 - 00000000 ____D C:\Program Files\Common Files\Wolfram Research
2017-03-29 14:02 - 2017-03-29 14:02 - 00000000 ____D C:\Program Files\Wolfram Research
2017-03-28 12:26 - 2017-04-16 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2017-03-28 11:41 - 2017-04-16 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-28 11:41 - 2017-03-28 11:58 - 00000000 ____D C:\Users\Walther\AppData\Roaming\Apple Computer
2017-03-28 11:41 - 2017-03-28 11:41 - 00000000 ____D C:\Users\Walther\AppData\Local\Apple Computer
2017-03-28 11:40 - 2017-03-28 11:40 - 00000000 ____D C:\Users\Todos os Usuários\Apple Computer
2017-03-28 11:40 - 2017-03-28 11:40 - 00000000 ____D C:\ProgramData\Apple Computer
2017-03-28 11:40 - 2017-03-28 11:40 - 00000000 ____D C:\Program Files\iPod
2017-03-28 11:39 - 2017-03-28 11:39 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-28 11:39 - 2017-03-28 11:39 - 00000000 ____D C:\Users\Walther\AppData\Local\Apple
2017-03-28 11:39 - 2017-03-28 11:39 - 00000000 ____D C:\Program Files\Bonjour
2017-03-28 11:39 - 2017-03-28 11:39 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-28 11:39 - 2017-03-28 11:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-28 11:38 - 2017-03-28 11:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-28 11:34 - 2017-03-28 11:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-03-25 17:45 - 2017-04-04 10:24 - 00000000 ____D C:\Users\Walther\AppData\Roaming\Spotify
2017-03-25 17:45 - 2017-04-04 10:24 - 00000000 ____D C:\Users\Walther\AppData\Local\Spotify
2017-03-25 17:45 - 2017-03-25 17:45 - 00001855 _____ C:\Users\Walther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-03-24 16:46 - 2017-03-24 16:46 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2017-03-24 16:46 - 2017-03-24 16:46 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-24 14:21 - 2017-04-16 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap 360
2017-03-24 14:19 - 2017-04-16 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2017 - English
2017-03-24 14:19 - 2017-03-25 14:49 - 00000000 ____D C:\Users\Walther\AppData\Local\Autodesk
2017-03-24 14:19 - 2017-03-24 14:23 - 00000000 ____D C:\Program Files (x86)\Autodesk
2017-03-24 14:17 - 2017-04-12 21:32 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2017-03-24 14:17 - 2017-03-24 14:22 - 00000000 ____D C:\Program Files\Autodesk
2017-03-24 14:13 - 2017-04-16 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-03-24 13:55 - 2017-03-24 16:51 - 00000000 ____D C:\Users\Todos os Usuários\Autodesk
2017-03-24 13:55 - 2017-03-24 16:51 - 00000000 ____D C:\ProgramData\Autodesk
2017-03-24 13:55 - 2017-03-24 16:46 - 00000000 ____D C:\Users\Walther\AppData\Roaming\Autodesk
2017-03-24 13:54 - 2017-03-24 13:54 - 00000000 ____D C:\Users\Walther\AppData\Local\Akamai
2017-03-24 13:54 - 2017-03-24 13:54 - 00000000 ____D C:\Autodesk
2017-03-20 01:28 - 2017-04-16 19:34 - 00000000 ___HD C:\$WINDOWS.~BT
2017-03-20 00:59 - 2017-04-16 19:52 - 00000000 ____D C:\WINDOWS\HoloShell
2017-03-20 00:59 - 2017-03-20 00:59 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2017-03-20 00:59 - 2017-03-20 00:59 - 00000000 ___SD C:\WINDOWS\system32\AppV
2017-03-20 00:59 - 2017-03-20 00:59 - 00000000 ____D C:\WINDOWS\system32\Hydrogen
2017-03-20 00:59 - 2017-03-20 00:59 - 00000000 ____D C:\WINDOWS\RemotePackages
2017-03-20 00:59 - 2017-03-20 00:59 - 00000000 ____D C:\Users\Todos os Usuários\WindowsHolographicDevices
2017-03-20 00:59 - 2017-03-20 00:59 - 00000000 ____D C:\ProgramData\WindowsHolographicDevices
2017-03-20 00:59 - 2017-03-20 00:59 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-03-20 00:59 - 2017-03-18 17:59 - 00034774 _____ C:\WINDOWS\Professional.xml
2017-03-20 00:58 - 2017-03-20 00:58 - 00000000 ____D C:\WINDOWS\SKB
2017-03-20 00:58 - 2017-03-20 00:58 - 00000000 ____D C:\WINDOWS\OCR
2017-03-20 00:58 - 2017-03-18 02:54 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-03-20 00:58 - 2017-03-18 02:40 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-03-20 00:58 - 2017-03-18 02:40 - 00276400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2017-03-20 00:58 - 2017-03-18 02:11 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-03-20 00:58 - 2017-03-18 02:00 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2017-03-20 00:58 - 2017-03-18 02:00 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2017-03-20 00:58 - 2017-03-18 01:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2017-03-20 00:58 - 2017-03-18 01:59 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmerror.dll
2017-03-20 00:58 - 2017-03-18 01:58 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2017-03-20 00:58 - 2017-03-18 01:57 - 00249016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2017-03-20 00:58 - 2017-03-18 01:57 - 00153976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpps.dll
2017-03-20 00:58 - 2017-03-18 01:56 - 09261568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2017-03-20 00:58 - 2017-03-18 01:56 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2017-03-20 00:58 - 2017-03-18 01:55 - 00566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\quickassist.exe
2017-03-20 00:58 - 2017-03-18 01:54 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unregmp2.exe
2017-03-20 00:58 - 2017-03-18 01:45 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-03-20 00:58 - 2017-03-18 01:44 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2017-03-20 00:58 - 2017-03-18 01:44 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2017-03-20 00:58 - 2017-03-18 01:44 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2017-03-20 00:58 - 2017-03-18 01:44 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmerror.dll
2017-03-20 00:58 - 2017-03-18 01:42 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2017-03-20 00:58 - 2017-03-18 01:41 - 09261568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2017-03-20 00:58 - 2017-03-18 01:41 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2017-03-20 00:58 - 2017-03-18 01:40 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quickassist.exe
2017-03-20 00:58 - 2017-03-18 01:39 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unregmp2.exe
2017-03-20 00:58 - 2017-03-18 01:37 - 12227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-03-20 00:58 - 2017-03-18 00:00 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.tlb
2017-03-20 00:58 - 2017-03-18 00:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\amcompat.tlb
2017-03-20 00:58 - 2017-03-17 23:52 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.tlb
2017-03-20 00:58 - 2017-03-17 23:52 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\amcompat.tlb
2017-03-20 00:57 - 2017-04-16 19:56 - 00854564 _____ C:\WINDOWS\system32\prfh0416.dat
2017-03-20 00:57 - 2017-04-16 19:56 - 00187944 _____ C:\WINDOWS\system32\prfc0416.dat
2017-03-20 00:57 - 2017-03-20 00:57 - 00328664 _____ C:\WINDOWS\system32\prfi0416.dat
2017-03-20 00:57 - 2017-03-20 00:57 - 00040858 _____ C:\WINDOWS\system32\prfd0416.dat
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\system32\0409
2017-03-20 00:57 - 2017-03-20 00:57 - 00000000 ____D C:\WINDOWS\DigitalLocker
 
==================== Um Mês Modificados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2017-04-18 12:29 - 2017-02-27 13:51 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-04-18 11:34 - 2017-02-27 13:32 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-17 22:13 - 2017-02-27 13:18 - 00000000 ____D C:\Users\Walther\AppData\Local\VirtualStore
2017-04-17 22:01 - 2017-03-18 18:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-17 22:01 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-17 17:44 - 2017-02-27 13:04 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-17 15:32 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-16 23:10 - 2017-03-18 17:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-16 21:26 - 2017-02-27 13:18 - 00000000 ____D C:\Users\Walther\AppData\Local\Packages
2017-04-16 21:17 - 2017-03-18 18:01 - 00000000 ____D C:\WINDOWS\INF
2017-04-16 21:12 - 2017-02-27 13:20 - 00000000 ___RD C:\Users\Walther\OneDrive
2017-04-16 21:10 - 2017-03-18 18:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-16 21:10 - 2017-02-27 13:18 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-16 21:10 - 2017-02-27 13:18 - 00000000 ____D C:\Users\Walther\AppData\Local\ConnectedDevicesPlatform
2017-04-16 20:56 - 2017-03-18 08:40 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2017-04-16 19:55 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\rescache
2017-04-16 19:54 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-16 19:54 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-16 19:54 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Windows NT
2017-04-16 19:53 - 2017-03-18 18:03 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2017-04-16 19:53 - 2017-03-18 18:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-16 19:52 - 2017-03-18 18:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-16 19:51 - 2017-03-18 18:03 - 00000000 ____D C:\Users\Todos os Usuários\USOPrivate
2017-04-16 19:51 - 2017-03-18 18:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-16 19:51 - 2017-03-18 08:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-16 19:51 - 2017-03-17 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry Primal
2017-04-16 19:51 - 2017-03-16 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DELFTship
2017-04-16 19:51 - 2017-03-09 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-16 19:51 - 2017-03-04 23:55 - 00000000 ____D C:\Users\Walther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-16 19:51 - 2017-03-04 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-16 19:51 - 2017-03-04 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2016
2017-04-16 19:51 - 2017-03-04 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2016
2017-04-16 19:51 - 2017-02-28 17:33 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2017-04-16 19:51 - 2017-02-28 17:33 - 00000000 ____D C:\WINDOWS\system32\1033
2017-04-16 19:51 - 2017-02-28 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2014
2017-04-16 19:51 - 2017-02-28 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 3 - Wild Hunt [GOG.com]
2017-04-16 19:51 - 2017-02-28 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-04-16 19:51 - 2017-02-27 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2017-04-16 19:51 - 2017-02-27 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-16 19:47 - 2017-03-18 18:03 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-04-16 19:47 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-16 19:47 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-16 19:47 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-16 19:47 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-04-16 19:47 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-16 19:47 - 2017-03-02 14:46 - 00000000 ____D C:\WINDOWS\system32\0796d50a9128c28081695a..bin
2017-04-16 19:47 - 2017-02-28 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-04-16 19:47 - 2017-02-28 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2017-04-16 19:47 - 2017-02-28 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2017-04-16 19:47 - 2017-02-28 13:05 - 00000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8
2017-04-16 19:47 - 2017-02-28 13:05 - 00000000 ____D C:\WINDOWS\system32\7bcf712b3d24fb1fd1c622..bin
2017-04-16 19:47 - 2017-02-27 13:50 - 00000000 ____D C:\Users\Walther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2017-04-16 19:47 - 2017-02-27 13:16 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-04-16 19:46 - 2017-03-18 08:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-16 19:46 - 2017-02-27 18:12 - 00000000 ____D C:\AMD
2017-04-16 19:45 - 2017-03-18 18:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-16 19:43 - 2017-03-18 18:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-16 19:38 - 2017-02-27 14:49 - 00014716 _____ C:\bdlog.txt
2017-04-16 02:58 - 2017-02-27 13:50 - 00000000 ____D C:\Users\Walther\AppData\Roaming\tixati
2017-04-15 15:52 - 2017-02-28 00:34 - 00000000 ____D C:\Users\Walther\AppData\Roaming\vlc
2017-04-13 10:31 - 2017-03-04 17:51 - 00000000 ____D C:\Users\Walther\AppData\Local\SolidWorks
2017-04-12 22:14 - 2017-03-16 13:56 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-04-12 22:12 - 2017-02-28 17:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-12 22:12 - 2017-02-27 13:04 - 00000167 _____ C:\WINDOWS\win.ini
2017-04-11 22:44 - 2017-02-27 15:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 22:43 - 2017-02-27 15:34 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-05 22:27 - 2017-03-04 17:54 - 00000000 ____D C:\Users\Walther\AppData\Local\TempDiretório de backup SW
2017-04-05 21:47 - 2017-03-05 00:55 - 00000000 _____ C:\Users\Walther\AppData\Local\Temptable.xml
2017-04-03 13:56 - 2017-03-18 18:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-03 13:56 - 2017-03-18 18:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-28 11:39 - 2017-02-28 17:33 - 00000000 ____D C:\Users\Todos os Usuários\Apple
2017-03-28 11:39 - 2017-02-28 17:33 - 00000000 ____D C:\ProgramData\Apple
2017-03-24 16:46 - 2017-03-04 18:52 - 00000000 ____D C:\Users\Todos os Usuários\FLEXnet
2017-03-24 16:46 - 2017-03-04 18:52 - 00000000 ____D C:\ProgramData\FLEXnet
2017-03-22 16:23 - 2017-02-28 17:42 - 00000000 ____D C:\Users\Walther\AppData\Roaming\DassaultSystemes
2017-03-22 12:12 - 2017-03-16 16:59 - 00000000 ____D C:\Users\Walther\AppData\Local\DELFTship
2017-03-20 12:57 - 2017-02-27 15:05 - 00305120 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2017-03-20 00:59 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SystemResources
2017-03-20 00:59 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SystemApps
2017-03-20 00:59 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\security
2017-03-20 00:59 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\schemas
2017-03-20 00:59 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-03-20 00:59 - 2017-03-18 17:59 - 20414976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 17048064 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 07138816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Havok.Physics.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 03162112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SnippingTool.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 02376096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 02228128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 02194944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01839520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01624480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01516448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01317888 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsCpl.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsCpl.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01200640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01161216 ____R (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.Capture.UX.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 01100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00867328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00844192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mblctr.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00751616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2013CustomActions.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscsvc.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00699296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgogl32.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00637440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msTextPrediction.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-03-20 00:59 - 2017-03-18 17:59 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrptadm.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_HoloLens_Environment.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00528896 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.Pipeline.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00506784 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrptadm.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00457216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppIdPolicyEngineApi.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SrpUxNativeSnapIn.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00304640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SrpUxNativeSnapIn.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00299624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpendp.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ConfigWrapper.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscobj.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ManagedEventLogging.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppIdPolicyEngineApi.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddputils.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmstormod.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\umrdp.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShellAPI.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00269640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpendp.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00264608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatialStore.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSHExtensions.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00232352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00230816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2017-03-20 00:59 - 2017-03-18 17:59 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddpchunk.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwsharedperformance.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppvClientEventLog.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditNativeSnapIn.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationSettings.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditNativeSnapIn.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\tspubwmi.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CmUtil.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscobj.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreShellAPI.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgmts.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmstormod.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00186272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrreg.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00184224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2017-03-20 00:59 - 2017-03-18 17:59 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgocl32.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinput.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00173984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmshell.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgmts.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00161696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVemgr.sys
2017-03-20 00:59 - 2017-03-18 17:59 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgu1132.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00149920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00147439 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2017-03-20 00:59 - 2017-03-18 17:59 - 00147439 _____ C:\WINDOWS\system32\gpedit.msc
2017-03-20 00:59 - 2017-03-18 17:59 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppManagementConfiguration.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00146389 _____ C:\WINDOWS\system32\printmanagement.msc
2017-03-20 00:59 - 2017-03-18 17:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00143776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppvVfs.sys
2017-03-20 00:59 - 2017-03-18 17:59 - 00143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\CscMig.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00139264 ____R (Microsoft Corporation) C:\WINDOWS\system32\SecureAssessmentHandlers.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddptrace.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipRenew.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\adrclient.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwclientres.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsClassExtension.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppManagementConfiguration.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00128200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Display.BrightnessOverride.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00127904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
2017-03-20 00:59 - 2017-03-18 17:59 - 00125015 ____R C:\WINDOWS\system32\CaptureCountdown.hcp
2017-03-20 00:59 - 2017-03-18 17:59 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmshell.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AnalogShell.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopView.Internal.Broker.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00120458 _____ C:\WINDOWS\system32\secpol.msc
2017-03-20 00:59 - 2017-03-18 17:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00119017 ____R C:\WINDOWS\system32\CaptureBrackets.hcp
2017-03-20 00:59 - 2017-03-18 17:59 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00108032 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.Broker.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00106496 _____ C:\WINDOWS\system32\RDVGHelper.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizardElev.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerWizard.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00099784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Display.BrightnessOverride.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adrclient.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvgumd32.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00096256 ____R (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.SecureAssessment.CfgProvider.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessCsp.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpolmsg.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpolmsg.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00091136 _____ C:\WINDOWS\system32\hvsigpext.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00090112 _____ C:\WINDOWS\system32\hvsievaluator.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmlib.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmlib.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppVMgmtCSP.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsign.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmtrace.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageInspector.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncController.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dggpext.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuditPolicyGPInterop.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintBrmUi.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddp_ps.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmtrace.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShellCompositor.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppCore.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuditPolicyGPInterop.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistHttpTrans.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CabUtil.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsdefenderapplicationguardcsp.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00052224 ____R (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.Capture.Pipeline.ProxyStub.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DFDWiz.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RotMgr.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hwrcomp.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.EventLogMessages.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Office2010CustomActions.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dfdts.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00043566 _____ C:\WINDOWS\SysWOW64\rsop.msc
2017-03-20 00:59 - 2017-03-18 17:59 - 00043566 _____ C:\WINDOWS\system32\rsop.msc
2017-03-20 00:59 - 2017-03-18 17:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.ProxyStub.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00042400 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmbeddedAppLauncherConfig.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistAD.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAgentPolicyGenerator.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00040864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmbeddedAppLauncherConfig.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00040352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SpatialGraphFilter.sys
2017-03-20 00:59 - 2017-03-18 17:59 - 00040344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UevAgentDriver.sys
2017-03-20 00:59 - 2017-03-18 17:59 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIWmi.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2010CustomActions.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00035840 ____R (Microsoft Corporation) C:\WINDOWS\system32\MixedRealityCapture.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetppui.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm_ps.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00030720 _____ C:\WINDOWS\system32\LockdownUtil.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00030624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2017-03-20 00:59 - 2017-03-18 17:59 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qwinsta.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorPerformanceEvents.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\qprocess.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVClientPS.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msg.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Win32_DeviceGuard.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\quser.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00024992 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedapplauncher.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\qappsrv.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgport.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tskill.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsdiscon.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscon.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Management.WmiAccess.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rwinsta.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoff.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\chglogon.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.ProxyStub.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\chgusr.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorCustomAdbAlgorithm.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00021920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScriptRunner.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Management.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppData.WinRT.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00019872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVTerminator.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncCommon.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.Common.WinRT.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopView.Internal.Broker.ProxyStub.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00018336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVTerminator.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.LocalSyncProvider.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00017806 ____R C:\WINDOWS\system32\CaptureToast.hcp
2017-03-20 00:59 - 2017-03-18 17:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\reset.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\change.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm_ps.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\query.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00015264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVSentinel.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00014336 _____ C:\WINDOWS\system32\HolographicShareInterop.ProxyStub.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernSync.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevTemplateBaselineGenerator.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AgentDriverEvents.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\appvetwstreamingux.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00013728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVSentinel.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevTemplateConfigItemGenerator.exe
2017-03-20 00:59 - 2017-03-18 17:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSErrRedir.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeSysprep.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SmbSyncProvider.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.MonitorSyncProvider.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.SyncConditions.dll
2017-03-20 00:59 - 2017-03-18 17:59 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.SecureAssessment.Diagnostics.dll
2017-03-20 00:59 - 2017-03-18 17:56 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys
2017-03-20 00:59 - 2017-03-18 17:56 - 00037280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\terminpt.sys
2017-03-20 00:59 - 2017-03-18 17:56 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2017-03-20 00:58 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-03-20 00:58 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-03-20 00:58 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-03-20 00:58 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2017-03-20 00:58 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-03-20 00:58 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2017-03-20 00:58 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2017-03-20 00:58 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\et-EE
2017-03-20 00:58 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\es-MX
2017-03-20 00:58 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-03-20 00:58 - 2017-03-18 17:59 - 05091328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0416.dll
2017-03-20 00:58 - 2017-03-18 17:59 - 05091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0416.dll
2017-03-20 00:58 - 2017-03-18 17:59 - 04434944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS6.dll
2017-03-20 00:58 - 2017-03-18 17:59 - 04383232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS6.dll
2017-03-20 00:58 - 2017-03-18 17:59 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0416.dll
2017-03-20 00:58 - 2017-03-18 17:59 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0416.dll
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\system32\Com
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\IME
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\WINDOWS\Help
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files\Windows Defender
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-20 00:57 - 2017-03-18 18:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-20 00:57 - 2017-03-18 08:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-03-20 00:57 - 2017-03-18 08:40 - 00000000 ____D C:\WINDOWS\servicing
 
==================== Arquivos na raiz de alguns diretórios =======
 
2017-03-05 00:55 - 2017-04-05 21:47 - 0000000 _____ () C:\Users\Walther\AppData\Local\Temptable.xml
2017-04-16 19:46 - 2017-04-16 19:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(Não há correção automática para arquivos que não passaram na verificação.)
 
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
 
LastRegBack: 2017-04-16 19:45
 
==================== Fim de FRST.txt ============================

Attached Files



#4 Saatsin

Saatsin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 18 April 2017 - 11:38 AM

Apparently it registered a lot of the stuff in the file in my native tongue. If you need any translations, just let me know.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 AM

Posted 19 April 2017 - 09:07 AM

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Online.io Application (x32 Version: 2.2.0 - Microleaves) Hidden <==== ATENÇÃO
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2740690104-2874805969-3746335994-1001\...\Policies\Explorer: []
Task: {025EBCF7-B6D8-406F-A69C-EB00D818718C} - \Milimili -> Nenhum Arquivo <==== ATENÇÃO
Task: {04D1270C-ECCB-4539-9042-C948E97E3ABE} - \Traffic Exchange v209 - 2 -> Nenhum Arquivo <==== ATENÇÃO
Task: {398036C1-3231-4AE1-80C4-F92DDD457095} - \Traffic Exchange v209 - 1 -> Nenhum Arquivo <==== ATENÇÃO
Task: {789B884A-3C7D-4E92-9319-9B5AADA43E23} - \Traffic Exchange v209 - 3 -> Nenhum Arquivo <==== ATENÇÃO
Task: {7AF2D15C-B6EE-428E-8E7D-E6694874B28B} - System32\Tasks\Muzoghtterhosy Client => C:\Program Files (x86)\Plertus\xpiqerck.exe
Task: {D352A822-BD18-4C90-A408-2406C01ED573} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Version 2.2.0\Online-Guardian.exe  <==== ATENÇÃO
Task: {FA787C6C-830C-4DC5-A060-E05F9EEEC465} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Version 2.2.0\Online-Guardian.exe  <==== ATENÇÃO
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [2262]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
C:\Program Files (x86)\Plertus
C:\Program Files (x86)\Microleaves

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===


Please post the logs and let me know what problem persists with this computer.

#6 Saatsin

Saatsin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 19 April 2017 - 01:57 PM

MBAM is done. It found 6785 threats. It is still trying to quarantine them, i'll tell you the situation after that. I couldn't find the Online.io Application in the programs and resources tab, might have something to do with the fact that it is hidden, as the ending of the name of the program suggest, right? (Online.io Application (x32 Version: 2.2.0 - Microleaves) Hidden). Appart from that , here is the fixlog.txt:
 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 17-04-2017 01
Executado por Walther (19-04-2017 15:38:56) Run:1
Executando a partir de E:\Downloads
Perfis Carregados: Walther (Perfis Disponíveis: defaultuser0 & Walther)
Modo da Inicialização: Normal
==============================================
 
fixlist Conteúdo:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-2740690104-2874805969-3746335994-1001\...\Policies\Explorer: []
Task: {025EBCF7-B6D8-406F-A69C-EB00D818718C} - \Milimili -> Nenhum Arquivo <==== ATENÇÃO
Task: {04D1270C-ECCB-4539-9042-C948E97E3ABE} - \Traffic Exchange v209 - 2 -> Nenhum Arquivo <==== ATENÇÃO
Task: {398036C1-3231-4AE1-80C4-F92DDD457095} - \Traffic Exchange v209 - 1 -> Nenhum Arquivo <==== ATENÇÃO
Task: {789B884A-3C7D-4E92-9319-9B5AADA43E23} - \Traffic Exchange v209 - 3 -> Nenhum Arquivo <==== ATENÇÃO
Task: {7AF2D15C-B6EE-428E-8E7D-E6694874B28B} - System32\Tasks\Muzoghtterhosy Client => C:\Program Files (x86)\Plertus\xpiqerck.exe
Task: {D352A822-BD18-4C90-A408-2406C01ED573} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Version 2.2.0\Online-Guardian.exe  <==== ATENÇÃO
Task: {FA787C6C-830C-4DC5-A060-E05F9EEEC465} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Version 2.2.0\Online-Guardian.exe  <==== ATENÇÃO
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [2262]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
C:\Program Files (x86)\Plertus
C:\Program Files (x86)\Microleaves
 
End
*****************
 
Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKU\S-1-5-21-2740690104-2874805969-3746335994-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => valor removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{025EBCF7-B6D8-406F-A69C-EB00D818718C} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{025EBCF7-B6D8-406F-A69C-EB00D818718C} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => chave não encontrado (a). 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04D1270C-ECCB-4539-9042-C948E97E3ABE} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04D1270C-ECCB-4539-9042-C948E97E3ABE} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 2 => chave não encontrado (a). 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{398036C1-3231-4AE1-80C4-F92DDD457095} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{398036C1-3231-4AE1-80C4-F92DDD457095} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 1 => chave não encontrado (a). 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{789B884A-3C7D-4E92-9319-9B5AADA43E23} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{789B884A-3C7D-4E92-9319-9B5AADA43E23} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Traffic Exchange v209 - 3 => chave não encontrado (a). 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AF2D15C-B6EE-428E-8E7D-E6694874B28B} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AF2D15C-B6EE-428E-8E7D-E6694874B28B} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Muzoghtterhosy Client => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Muzoghtterhosy Client => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D352A822-BD18-4C90-A408-2406C01ED573} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D352A822-BD18-4C90-A408-2406C01ED573} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application v209 Guardian => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v209 Guardian => chave não encontrado (a). 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA787C6C-830C-4DC5-A060-E05F9EEEC465} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA787C6C-830C-4DC5-A060-E05F9EEEC465} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application v209 Guard => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application v209 Guard => chave não encontrado (a). 
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..
C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso..
C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso..
C:\WINDOWS\system32\Drivers\gbpddreg64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso..
C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso..
C:\ProgramData\GbPlugin => ":IncompleteStartGbprcm.cnt" ADS removido (a) com sucesso..
"C:\Users\Todos os Usuários\GbPlugin" => ":IncompleteStartGbprcm.cnt" ADS não encontrado (a).
C:\Program Files (x86)\Plertus => movido com sucesso
"C:\Program Files (x86)\Microleaves" => não encontrado (a).
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15034360 B
Java, Flash, Steam htmlcache => 7278348 B
Windows/system/drivers => 2615341 B
Edge => 104236443 B
Chrome => 430248371 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 822 B
NetworkService => 11698 B
defaultuser0 => 0 B
Walther => 33835575 B
 
RecycleBin => 13780938 B
EmptyTemp: => 585.2 MB de dados temporários Removidos.
 
================================
 
 
O sistema precisou ser reiniciado.
 
==== Fim de Fixlog 15:39:17 ====


#7 Saatsin

Saatsin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 19 April 2017 - 03:16 PM

Malwarebytes finished. I can once again download chrome extensions. Browser stopped getting hijacked. I think it is fixed, I'll report if any other instances arise. 

For now, thank you very much!! You are awesome!! It's nice to know we can count on people like you :D



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:14 AM

Posted 20 April 2017 - 07:18 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users