Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Installed KMSpico, System Problems


  • This topic is locked This topic is locked
13 replies to this topic

#1 Langell

Langell

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 26 August 2017 - 12:15 PM

Hi. A few days ago, a friend tried to active my office 2013 using kmspico, but we didn't realized it was a virus...

 

It was not activated, and now i'm having a lot of problems.

 

I tried installing and running a few anti-virus but it won't let me.

 

I tried to return to a recovery points but it won't let me do this either..

 

I'm using win 8.1 x64.

 

How should i proceed ?

 

Thanks in advance.

 

The prompt appear and disappear a lot, every 3 or 4 minutes

Everytime i click on my google chrome, oppens a random website

And sometimes when i try to acces any site it appears like i'm not connected, but after a few 'f5', it works..

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 20-08-2017

Executado por lucas (administrador) em ANGELI (26-08-2017 13:40:55)

Executando a partir de C:\Users\lucas\Downloads

Perfis Carregados: lucas (Perfis Disponíveis: lucas)

Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil)

Internet Explorer Versão 11 (Navegador padrão: Chrome)

Modo da Inicialização: Normal

Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe

(SAMSUNG Electronics co., LTD.) C:\ProgramData\Samsung\ShutdownEvent.exe

(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(M-Audio) C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(M-Audio) C:\Program Files (x86)\M-Audio\M-Track\AudioDevMon.exe

(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe

(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

() C:\Users\lucas\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe

() C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe

() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TODO: <Company name>) C:\ProgramData\Samsung\DisplaySwitch.exe

(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe

(4t Niagara Software) C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe

(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

(4t Niagara Software) C:\Program Files (x86)\4t Tray Minimizer\4t-min64.exe

(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe

(AVG Technologies CZ, s.r.o.) C:\Windows\Temp\AvgSetup\c5c54647-bc8d-47ce-a089-f5bcec0a6e6f\install\avgsetupx.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-01-29] (Copyright 2013 SAMSUNG)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3965904 2013-06-06] ()

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2793200 2013-11-29] (Synaptics Incorporated)

HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1161240 2016-05-22] (Highresolution Enterprises)

HKLM\...\Run: [Cm108Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm108.dll,CMICtrlWnd

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13874392 1999-12-31] (Realtek Semiconductor)

HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [992304 2017-07-11] (GAS Tecnologia LTDA)

HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"

HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-01] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-22] (Dropbox, Inc.)

HKLM-x32\...\Run: [M-Audio Panel Launcher] => C:\Program Files (x86)\M-Audio\M-Track\MAPanel.exe [1190096 2013-04-24] (M-Audio)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\ GbPluginAbn: C:\Program Files (x86)\GbPlugin\gbiehAbn.dll [2014-11-18] (Banco Real)

Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2017-02-12] (Banco Itaú Unibanco)

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2014-01-06] (Atheros Communications)

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [DisplaySwitch] => C:\programdata\samsung\DisplaySwitch.exe [1758512 2013-12-10] (TODO: <Company name>)

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50377336 2015-12-14] (Skype Technologies S.A.)

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-11-29] (Disc Soft Ltd)

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [{4B6956A8-1D9A-C665-5DA6-C6FBAD7C8F78}] => C:\Program Files (x86)\KMSPico 10.2.2 Final\17364e4224244e99f9f910bba12790ff.exe

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [UZmedia] => C:\Users\lucas\AppData\Local\UZmedia\17364e4224244e99f9f910bba12790ff.exe [337920 2017-06-12] (InstallShield Software Corporation)

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\MountPoints2: {53e120bc-57a2-11e6-82ac-24f5aaee879c} - "E:\LG_PC_Programs.exe"

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll [1939512 2014-11-18] (Banco Real)

ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1951968 2017-02-12] (Banco Itaú Unibanco)

Startup: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4t Tray Minimizer.lnk [2015-07-22]

ShortcutTarget: 4t Tray Minimizer.lnk -> C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe (4t Niagara Software)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyEnable: [S-1-5-21-1212341227-2709655083-2383566263-1001] => Proxy está habilitado.

ProxyServer: [S-1-5-21-1212341227-2709655083-2383566263-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080

Winsock: Catalog5-x64 01 C:\ProgramData\Windows\System32\Mswapi64.dll [3302400 2017-07-18] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{8C3EB827-679A-470F-945D-D618734C93FD}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{8C3EB827-679A-470F-945D-D618734C93FD}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{F7B0196B-8DF1-4919-A84B-372B227942FE}: [DhcpNameServer] 201.17.128.72 201.17.128.77

ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080

 

Internet Explorer:

==================

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com/?pc=smjb

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com/?pc=smjb

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001 -> DefaultScope {7B7060F1-3B3F-425E-802B-CC2442925CE5} URL =

SearchScopes: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001 -> {7B7060F1-3B3F-425E-802B-CC2442925CE5} URL =

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)

BHO: Sem Nome -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Nenhum Arquivo

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-06-13] (Microsoft Corporation)

BHO-x32: Sem Nome -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Nenhum Arquivo

BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540007} -> C:\Program Files (x86)\GbPlugin\gbiehabn.dll [2014-11-18] (Banco Real)

BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2017-02-12] (Banco Itaú Unibanco)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-10] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-19] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)

FF Plugin HKU\S-1-5-21-1212341227-2709655083-2383566263-1001: gastecnologia.com.br/sf/abn -> C:\Users\lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-19] (GAS Tecnologia)

FF Plugin HKU\S-1-5-21-1212341227-2709655083-2383566263-1001: gastecnologia.com.br/sf/abn64 -> C:\Users\lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll [2015-02-19] (GAS Tecnologia)

FF Plugin HKU\S-1-5-21-1212341227-2709655083-2383566263-1001: SkypePlugin -> C:\Users\lucas\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.)

FF Plugin HKU\S-1-5-21-1212341227-2709655083-2383566263-1001: SkypePlugin64 -> C:\Users\lucas\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.)

Chrome:

=======

CHR DefaultProfile: Default

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-20] (Samsung) [Arquivo não assinado]

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2014-01-06] (Windows ® Win 7 DDK provider) [Arquivo não assinado]

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-08-01] (AVG Technologies CZ, s.r.o.)

S2 c780090f5b72f903cbe63e27a070343f; C:\Program Files\c780090f5b72f903cbe63e27a070343f\165f1f9d3034f0770892f3e24666b98d.exe [1605120 2017-08-18] () [Arquivo não assinado] <==== ATENÇÃO

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-21] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-21] (Dropbox, Inc.)

R2 DbxSvc; C:\windows\system32\DbxSvc.exe [49992 2017-08-22] (Dropbox, Inc.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-11-29] (Disc Soft Ltd)

R2 FastTrackAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track\AudioDevMon.exe [1962768 2013-05-21] (M-Audio)

R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [590048 2017-02-12] (GAS Tecnologia)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [Arquivo não assinado]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)

R2 MTrackAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track\AudioDevMon.exe [546816 2013-04-24] (M-Audio) [Arquivo não assinado]

R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-01-29] (Copyright 2013 SAMSUNG)

R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1594176 2014-04-21] (Samsung Electronics CO., LTD.)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]

R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-05-15] (Samsung Electronics CO., LTD.)

R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [992304 2017-07-11] (GAS Tecnologia LTDA)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

R2 WMPNetworkAcSvc; C:\Users\lucas\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [3954387 2017-08-26] () [Arquivo não assinado] <==== ATENÇÃO

R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-06] (Atheros) [Arquivo não assinado]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 58937525d89e95b2a0afdf1dc82d5229; C:\windows\system32\drivers\58937525d89e95b2a0afdf1dc82d5229.sys [77184 2017-08-18] (36IHD8) <==== ATENÇÃO

R3 athr; C:\windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)

S3 BTATH_HID; C:\windows\system32\DRIVERS\btath_hid.sys [223432 2014-01-06] (Qualcomm Atheros)

S3 BTATH_LWFLT; C:\windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-06] (Qualcomm Atheros)

R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation)

S3 dg_ssudbus; C:\windows\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)

R3 dtlitescsibus; C:\windows\System32\drivers\dtlitescsibus.sys [30264 2016-12-22] (Disc Soft Ltd)

R3 dtliteusbbus; C:\windows\System32\drivers\dtliteusbbus.sys [47672 2016-12-22] (Disc Soft Ltd)

S3 FlashUSB; C:\windows\System32\drivers\FlashUSB.sys [19968 2013-06-05] (Intel Mobile Communications)

R1 gbpddfac; C:\windows\System32\drivers\gbpddfac64.sys [28888 2017-08-26] (GAS Tecnologia)

R1 gbpddfac; C:\Windows\SysWOW64\drivers\gbpddfac64.sys [28888 2015-12-04] (GAS Tecnologia)

S0 gbpddreg; C:\Windows\SysWOW64\drivers\gbpddreg64.sys [29816 2015-12-04] (GAS Tecnologia)

R3 GBPRCM; C:\PROGRAM FILES (X86)\GBPLUGIN\gbprcm64.sys [29912 2015-12-04] (GAS Tecnologia)

S3 MAUSBFASTTRACK; C:\windows\system32\DRIVERS\MAudioFastTrack.sys [460048 2013-05-21] (M-Audio)

R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)

R0 PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)

R3 RadioHIDMini; C:\windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)

S3 shspusb; C:\windows\System32\drivers\HSPUSB.sys [24064 2013-06-05] (MobileTop)

S3 sscdserd; C:\windows\System32\drivers\sscdserd.sys [158024 2013-06-05] (MCCI Corporation)

S3 ssceserd; C:\windows\System32\drivers\ssceserd.sys [158024 2013-06-05] (MCCI Corporation)

S3 ssdudfu; C:\windows\System32\drivers\ssdudfu.sys [101960 2013-06-05] (MCCI)

S3 ssm_bus; C:\windows\System32\drivers\ssm_bus.sys [136192 2013-06-05] (MCCI Corporation)

S3 ssm_mdm; C:\windows\System32\drivers\ssm_mdm.sys [172032 2013-06-05] (MCCI Corporation)

S3 ssuddmgr; C:\windows\System32\drivers\ssuddmgr.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)

S3 ssudobex; C:\windows\System32\drivers\ssudobex.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 ssudrmnet; C:\windows\System32\drivers\ssudrmnet.sys [67864 2013-06-05] (DEVGURU Co., LTD.)

S3 ssudserd; C:\windows\System32\drivers\ssudserd.sys [203672 2013-06-05] (DEVGURU Co., LTD.(www.devguru.co.kr))

S3 ss_bserd; C:\windows\System32\drivers\ss_bserd.sys [128000 2013-06-05] (MCCI Corporation)

S3 SWDUMon; C:\windows\system32\DRIVERS\SWDUMon.sys [16056 2017-08-26] (SlimWare Utilities, Inc.)

R3 vjoy; C:\windows\System32\drivers\vjoy.sys [56440 2016-02-03] (Shaul Eizikovich)

R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-10-31] (GAS Tecnologia LTDA)

S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)

R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)

S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

R1 wfcre; C:\windows\System32\drivers\wfcre.sys [124288 2017-07-04] ()

R1 wsddfac; C:\windows\System32\drivers\wsddfac.sys [28376 2017-08-26] (GAS Tecnologia)

R1 wsddntf; C:\windows\system32\DRIVERS\wsddntf.sys [36984 2017-03-22] (GAS Tecnologia)

S1 wsddpp; C:\windows\system32\drivers\wsddpp.sys [25184 2017-03-22] (GAS Tecnologia)

S3 wsddprm; C:\windows\system32\drivers\wsddprm.sys [25184 2017-03-22] (GAS Tecnologia)

 

==================== NetSvcs (Whitelisted) ===================

 

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

 

==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

Error(1) reading file: "C:\Users\lucas\Desktop\uTorrent.exe. "

2017-08-26 13:40 - 2017-08-26 13:41 - 000023776 _____ C:\Users\lucas\Downloads\FRST.txt

2017-08-26 13:40 - 2017-08-26 13:40 - 000000000 ____D C:\FRST

2017-08-26 13:39 - 2017-08-26 13:40 - 002395648 _____ (Farbar) C:\Users\lucas\Downloads\FRST64.exe

2017-08-26 12:57 - 2017-08-26 12:57 - 000003600 _____ C:\windows\System32\Tasks\AVG EUpdate Task

2017-08-26 12:57 - 2017-08-26 12:57 - 000000000 ____D C:\Program Files (x86)\AVG

2017-08-26 12:52 - 2017-08-26 13:09 - 000000000 ____D C:\Users\lucas\AppData\Local\AvgSetupLog

2017-08-26 12:52 - 2017-08-26 12:57 - 000000000 ____D C:\ProgramData\Avg

2017-08-26 12:52 - 2017-08-26 12:52 - 000000000 ____D C:\Users\lucas\AppData\Local\Avg

2017-08-26 12:51 - 2017-08-26 12:51 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\lucas\Downloads\AVG_Protection_Free_1606.exe

2017-08-26 11:31 - 2017-08-26 11:31 - 000000043 _____ C:\Users\lucas\Desktop\DELETE.txt

2017-08-26 11:19 - 2017-08-26 12:33 - 000000000 ____D C:\Users\lucas\AppData\Local\UZmedia

2017-08-26 10:06 - 2017-08-26 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2017-08-22 13:55 - 2017-08-22 13:55 - 000049992 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe

2017-08-22 13:55 - 2017-08-22 13:55 - 000045672 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys

2017-08-22 13:55 - 2017-08-22 13:55 - 000045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys

2017-08-22 13:55 - 2017-08-22 13:55 - 000045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys

2017-08-22 04:33 - 2017-08-26 11:43 - 000588374 _____ C:\windows\ntbtlog.txt

2017-08-22 04:17 - 2017-08-22 04:17 - 006948656 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online (1).exe

2017-08-22 04:17 - 2017-08-22 04:17 - 006948656 _____ (AVAST Software) C:\Users\lucas\Downloads\avast_free_antivirus_setup_online (1).exe

2017-08-22 03:50 - 2017-08-26 10:52 - 000031443 _____ C:\windows\2706e65a61b6f70a5b949e3db917f6e6.ps1

2017-08-22 03:50 - 2017-08-26 10:52 - 000003474 _____ C:\windows\System32\Tasks\2706e65a61b6f70a5b949e3db917f6e6

2017-08-22 02:51 - 2017-08-22 02:52 - 000000000 ____D C:\ProgramData\AVAST Software

2017-08-22 02:51 - 2017-08-22 02:51 - 006948656 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe

2017-08-22 02:51 - 2017-08-22 02:51 - 006948656 _____ (AVAST Software) C:\Users\lucas\Downloads\avast_free_antivirus_setup_online.exe

2017-08-22 02:40 - 2017-08-26 12:33 - 000000000 ____D C:\windows\SysWOW64\SSL

2017-08-22 02:40 - 2017-08-26 10:50 - 000003162 _____ C:\windows\System32\Tasks\c780090f5b72f903cbe63e27a070343f

2017-08-22 02:40 - 2017-08-22 02:40 - 000000000 ____D C:\Users\lucas\AppData\Roaming\ssn

2017-08-22 02:39 - 2017-08-26 12:33 - 000000000 ____D C:\Users\lucas\AppData\Roaming\WMPNetworkAcSvc

2017-08-22 02:39 - 2017-08-26 09:47 - 000002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk

2017-08-22 02:39 - 2017-08-22 02:39 - 000014912 _____ C:\windows\System32\Tasks\{6843B084-9142-491D-9DED-9A07B9623177}

2017-08-22 02:39 - 2017-08-22 02:39 - 000000000 ____D C:\Users\lucas\AppData\Roaming\BrowserModule

2017-08-22 02:38 - 2017-08-26 12:41 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}

2017-08-22 02:38 - 2017-08-26 12:33 - 000000000 ____D C:\Program Files\c780090f5b72f903cbe63e27a070343f

2017-08-22 02:38 - 2017-08-22 04:58 - 000000000 ____D C:\ProgramData\Windows

2017-08-22 02:38 - 2017-08-22 02:38 - 000000000 ____D C:\windows\system32\tmp

2017-08-22 02:38 - 2017-08-22 02:38 - 000000000 ____D C:\Users\Public\Documents\XMUpdate

2017-08-22 02:37 - 2017-08-26 09:45 - 000002080 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk

2017-08-22 02:37 - 2017-08-26 09:45 - 000001930 _____ C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk

2017-08-22 02:35 - 2017-08-22 02:35 - 000003468 _____ C:\windows\System32\Tasks\FreeAntiVirus

2017-08-22 02:17 - 2017-08-22 02:18 - 000000000 ____D C:\ProgramData\Microsoft Toolkit

2017-08-21 23:09 - 2017-08-26 09:58 - 000000000 ____D C:\windows\System32\Tasks\Remediation

2017-08-21 22:39 - 2017-08-26 12:33 - 000000000 ____D C:\windows\Minidump

2017-08-21 22:39 - 2017-08-21 22:39 - 704805522 _____ C:\windows\MEMORY.DMP

2017-08-21 22:39 - 2017-08-21 22:39 - 000329088 _____ C:\windows\Minidump\082117-41046-01.dmp

2017-08-21 00:21 - 2017-08-21 00:31 - 619616292 _____ C:\Users\lucas\Desktop\_MG_7131.psd

2017-08-18 17:29 - 2017-08-18 17:29 - 000077184 _____ (36IHD8) C:\windows\system32\Drivers\58937525d89e95b2a0afdf1dc82d5229.sys

2017-08-14 12:45 - 2017-08-14 12:45 - 000155042 _____ C:\Users\lucas\Downloads\WhatsApp Image 2017-08-12 at 12.45.10.jpeg

2017-08-12 09:33 - 2017-08-12 09:33 - 002139891 _____ C:\Users\lucas\Downloads\wetransfer-30ae4f.zip

2017-08-10 17:01 - 2017-08-10 17:06 - 000000000 ____D C:\Users\lucas\Desktop\PD

2017-08-09 10:58 - 2017-08-02 00:17 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys

2017-08-09 10:58 - 2017-07-21 10:40 - 000518144 _____ C:\windows\SysWOW64\msjetoledb40.dll

2017-08-09 10:58 - 2017-07-21 10:40 - 000290816 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjtes40.dll

2017-08-09 10:58 - 2017-07-15 07:10 - 000536688 _____ (Microsoft Corporation) C:\windows\system32\wer.dll

2017-08-09 10:58 - 2017-07-15 07:10 - 000140016 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe

2017-08-09 10:58 - 2017-07-15 07:06 - 000449840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll

2017-08-09 10:58 - 2017-07-15 07:06 - 000136832 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe

2017-08-09 10:58 - 2017-07-14 17:08 - 000037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll

2017-08-09 10:58 - 2017-07-14 15:44 - 000033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll

2017-08-09 10:58 - 2017-07-14 03:49 - 025733632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2017-08-09 10:58 - 2017-07-14 03:44 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2017-08-09 10:58 - 2017-07-14 03:19 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2017-08-09 10:58 - 2017-07-14 02:35 - 005981184 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2017-08-09 10:58 - 2017-07-14 02:26 - 001033216 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll

2017-08-09 10:58 - 2017-07-14 02:10 - 000806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2017-08-09 10:58 - 2017-07-14 01:40 - 015254016 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2017-08-09 10:58 - 2017-07-14 01:23 - 003240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2017-08-09 10:58 - 2017-07-14 01:07 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2017-08-09 10:58 - 2017-07-14 00:58 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2017-08-09 10:58 - 2017-07-13 23:54 - 020270080 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2017-08-09 10:58 - 2017-07-13 23:48 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2017-08-09 10:58 - 2017-07-13 23:38 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2017-08-09 10:58 - 2017-07-13 23:17 - 004546048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2017-08-09 10:58 - 2017-07-13 23:17 - 000880640 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll

2017-08-09 10:58 - 2017-07-13 23:12 - 000693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2017-08-09 10:58 - 2017-07-13 23:09 - 013663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2017-08-09 10:58 - 2017-07-13 22:53 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2017-08-09 10:58 - 2017-07-13 22:50 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2017-08-09 10:58 - 2017-07-13 22:48 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

2017-08-09 10:58 - 2017-07-08 17:14 - 000376672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys

2017-08-09 10:58 - 2017-07-08 16:12 - 004169728 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2017-08-09 10:58 - 2017-07-08 14:45 - 007078912 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll

2017-08-09 10:58 - 2017-07-08 14:05 - 003631616 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll

2017-08-09 10:58 - 2017-07-08 13:39 - 005274624 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll

2017-08-09 10:58 - 2017-07-08 13:37 - 007797248 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll

2017-08-09 10:58 - 2017-07-08 13:23 - 002749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll

2017-08-09 10:58 - 2017-07-08 12:59 - 005270016 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll

2017-08-09 10:58 - 2017-07-08 00:46 - 000377688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgrx.sys

2017-08-09 10:58 - 2017-07-08 00:16 - 007440728 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2017-08-09 10:58 - 2017-07-08 00:16 - 001674520 _____ (Microsoft Corporation) C:\windows\system32\winload.efi

2017-08-09 10:58 - 2017-07-08 00:16 - 001534072 _____ (Microsoft Corporation) C:\windows\system32\winload.exe

2017-08-09 10:58 - 2017-07-08 00:16 - 001499920 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi

2017-08-09 10:58 - 2017-07-08 00:16 - 001370328 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe

2017-08-09 10:58 - 2017-07-08 00:16 - 000086360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys

2017-08-09 10:58 - 2017-07-01 10:47 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000866816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswdat10.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswstr10.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000616448 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrepl40.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000475648 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxbde40.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mspbde40.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000343552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000339968 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000310272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstext40.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000240640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msltus40.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000144896 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjint40.dll

2017-08-09 10:58 - 2017-07-01 10:47 - 000083968 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjter40.dll

2017-08-09 10:58 - 2017-06-24 13:46 - 000424448 _____ (Microsoft Corporation) C:\windows\system32\mprapi.dll

2017-08-09 10:58 - 2017-06-24 13:16 - 000352768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mprapi.dll

2017-08-09 10:58 - 2017-06-15 11:17 - 002551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll

2017-08-09 10:58 - 2017-06-15 11:16 - 001920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll

2017-08-09 10:58 - 2017-06-13 14:51 - 000324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll

2017-08-09 10:58 - 2017-06-13 14:23 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll

2017-08-09 10:58 - 2017-06-13 14:19 - 000383488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlansec.dll

2017-08-09 10:58 - 2017-06-13 14:16 - 000024064 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfdprov.dll

2017-08-09 10:58 - 2017-06-13 14:11 - 000238080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll

2017-08-09 10:58 - 2017-06-13 14:07 - 000304128 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll

2017-08-09 10:58 - 2017-06-13 11:17 - 000656384 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll

2017-08-09 10:58 - 2017-06-13 11:16 - 000252416 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll

2017-08-09 10:58 - 2017-06-13 06:47 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys

2017-08-09 10:58 - 2017-06-13 06:09 - 000445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll

2017-08-09 10:58 - 2017-06-13 05:22 - 001436160 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2017-08-09 10:58 - 2017-06-13 05:16 - 000445952 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll

2017-08-09 10:58 - 2017-06-13 05:10 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\wfdprov.dll

2017-08-09 10:58 - 2017-06-13 05:07 - 000301568 _____ (Microsoft Corporation) C:\windows\system32\ProximityService.dll

2017-08-09 10:58 - 2017-06-13 05:03 - 000302080 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll

2017-08-09 10:58 - 2017-06-13 04:54 - 000374272 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll

2017-08-09 10:58 - 2017-06-13 04:50 - 001547264 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll

2017-08-09 10:58 - 2017-06-11 21:14 - 000276320 ____C (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys

2017-08-09 10:58 - 2017-06-11 17:13 - 000301056 _____ (Microsoft Corporation) C:\windows\system32\umrdp.dll

2017-08-09 10:58 - 2017-06-11 17:11 - 000346112 _____ (Microsoft Corporation) C:\windows\system32\SessEnv.dll

2017-08-09 10:58 - 2017-06-11 17:02 - 002778112 _____ (Microsoft Corporation) C:\windows\system32\authui.dll

2017-08-09 10:58 - 2017-06-11 17:02 - 000299520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SessEnv.dll

2017-08-09 10:58 - 2017-06-11 16:52 - 002463744 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll

2017-08-09 10:58 - 2017-06-09 10:47 - 000448629 _____ C:\windows\system32\ApnDatabase.xml

2017-08-09 10:58 - 2017-06-08 14:01 - 001737600 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2017-08-09 10:58 - 2017-06-08 14:01 - 001502000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2017-08-09 10:58 - 2017-06-07 22:48 - 002457936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys

2017-08-09 10:58 - 2017-06-07 01:25 - 000428888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS

2017-08-09 10:58 - 2017-06-06 15:38 - 000607232 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll

2017-08-09 10:58 - 2017-06-06 14:44 - 000530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll

2017-08-09 10:58 - 2017-05-27 13:42 - 001115136 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll

2017-08-09 10:58 - 2017-05-27 13:38 - 000056832 _____ (Microsoft Corporation) C:\windows\system32\rdsdwmdr.dll

2017-08-08 16:11 - 2017-08-08 16:11 - 000545618 _____ C:\Users\lucas\Downloads\KIT_DOCUMENTOS_CREDITO_ATE50MM_V72_Abril_2017 (1).zip

2017-08-08 13:30 - 2017-08-08 13:30 - 000027721 _____ C:\Users\lucas\Downloads\Planejamento de Marketing.xlsx

2017-08-07 17:43 - 2017-08-07 17:43 - 000017920 _____ C:\Users\lucas\Downloads\Medição 01 - Valter Baiano.xlsx

2017-08-07 17:34 - 2017-08-07 17:34 - 000018008 _____ C:\Users\lucas\Downloads\Medição 01 - Tiago.xlsx

2017-08-07 17:22 - 2017-08-07 17:22 - 000018041 _____ C:\Users\lucas\Downloads\Medição 01 - Vanderlúcio Pintor.xlsx

2017-08-07 17:21 - 2017-08-07 17:21 - 000095480 _____ C:\Users\lucas\Desktop\FOPAG-08.17.pdf

2017-08-07 17:20 - 2017-08-07 17:20 - 000054983 _____ C:\Users\lucas\Downloads\ComprovanteInclusaoFolha.html

2017-08-07 16:48 - 2017-08-07 16:48 - 000078514 _____ C:\Users\lucas\Downloads\adesivostand.pdf

2017-08-07 15:13 - 2017-08-07 15:13 - 000070303 _____ C:\Users\lucas\Downloads\WhatsApp Image 2017-08-07 at 15.11.56.jpeg

2017-08-07 15:04 - 2017-08-07 15:04 - 000037588 _____ C:\Users\lucas\Downloads\PLANILHA DE PAGAMENTO 24.07 A   07.xlsx

2017-08-07 14:55 - 2017-08-07 14:55 - 000039489 _____ C:\Users\lucas\Downloads\PLANILHA DE PAGAMENTO 08.08 à 21.08 (4).xlsx

2017-08-07 14:53 - 2017-08-07 14:53 - 001161391 _____ C:\Users\lucas\Downloads\07.2017 (2).rar

2017-08-07 14:52 - 2017-08-07 14:52 - 000039489 _____ C:\Users\lucas\Downloads\PLANILHA DE PAGAMENTO 08.08 à 21.08 (3).xlsx

2017-08-07 14:49 - 2017-08-07 14:49 - 000039489 _____ C:\Users\lucas\Downloads\PLANILHA DE PAGAMENTO 08.08 à 21.08 (2).xlsx

2017-08-07 14:45 - 2017-08-07 14:45 - 001161391 _____ C:\Users\lucas\Downloads\07.2017 (1).rar

2017-08-07 14:21 - 2017-08-07 14:21 - 001161391 _____ C:\Users\lucas\Downloads\07.2017.rar

2017-08-07 14:15 - 2017-08-07 14:15 - 000137199 _____ C:\Users\lucas\Downloads\Boletos (5).pdf

2017-08-07 14:12 - 2017-08-07 14:12 - 000137191 _____ C:\Users\lucas\Downloads\Boletos (4).pdf

2017-08-07 09:40 - 2017-08-07 09:40 - 000017624 _____ C:\Users\lucas\Downloads\ComprovanteInclusaoFuncionario.html

2017-08-05 19:16 - 2017-08-10 13:24 - 000000000 ____D C:\Users\lucas\Desktop\Totten

2017-08-04 10:25 - 2017-08-04 10:25 - 000040032 _____ C:\Users\lucas\Downloads\PLANILHA DE PAGAMENTO 08.08 à 21.08 (1).xlsx

2017-08-04 10:24 - 2017-08-04 10:24 - 000021983 _____ C:\Users\lucas\Downloads\FOPAG TOTTEN.xlsx

2017-08-04 10:14 - 2017-08-04 10:14 - 000039489 _____ C:\Users\lucas\Downloads\PLANILHA DE PAGAMENTO 08.08 à 21.08.xlsx

2017-08-04 10:12 - 2017-08-04 10:12 - 000046080 _____ C:\Users\lucas\Downloads\FOPAG TOTTEN.xls

2017-08-02 17:39 - 2017-08-02 17:39 - 000066904 _____ C:\Users\lucas\Downloads\Boleto8540.pdf

2017-08-02 16:33 - 2017-08-02 16:33 - 000000000 ____D C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú

2017-08-02 16:31 - 2017-08-02 16:31 - 011079440 _____ (Banco Itaú) C:\Users\lucas\Downloads\DiagnosticoItau.exe

2017-08-01 17:35 - 2017-08-01 17:35 - 000406896 _____ C:\Users\lucas\Downloads\logo_totten_vertical.cdr

2017-08-01 12:25 - 2017-08-01 12:25 - 000108068 _____ C:\Users\lucas\Downloads\GerarPDF_01082017122527.pdf

2017-08-01 10:51 - 2017-08-01 10:51 - 000104668 _____ C:\Users\lucas\Downloads\GerarPDF_01082017105122.pdf

2017-08-01 09:32 - 2017-08-01 09:32 - 003180032 _____ C:\Users\lucas\Downloads\Totten.xls

2017-07-31 16:55 - 2017-07-31 16:55 - 000099067 _____ C:\Users\lucas\Downloads\comprovante.pdf

2017-07-31 14:15 - 2017-07-31 14:15 - 000099154 _____ C:\Users\lucas\Downloads\GerarPDF_31072017141433.pdf

2017-07-31 12:23 - 2017-07-31 12:23 - 000258463 _____ C:\Users\lucas\Downloads\Fatura_Itaucard_2.0_Mastercard_International_Final-8778_2017_04.pdf

2017-07-31 11:11 - 2017-07-31 11:12 - 000033209 _____ C:\Users\lucas\Downloads\RECEBÍVEIS 2017 OFICIAL NAOMY.xlsx

2017-07-31 09:14 - 2017-07-31 09:14 - 000100638 _____ C:\Users\lucas\Downloads\DanfeNF31170709327983000140550010000264001108122047.pdf

2017-07-31 08:58 - 2017-07-31 08:58 - 000137181 _____ C:\Users\lucas\Downloads\Boletos (3).pdf

 

==================== Um Mês Modificados arquivos e pastas ========

 

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

 

2017-08-26 13:41 - 2015-03-31 23:53 - 001260032 ___SH C:\Users\lucas\Downloads\Thumbs.db

2017-08-26 13:01 - 2016-09-21 14:41 - 000001032 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job

2017-08-26 12:47 - 2015-03-19 17:03 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1212341227-2709655083-2383566263-1001

2017-08-26 12:45 - 2014-06-23 01:35 - 000000000 ____D C:\ProgramData\WinClon

2017-08-26 12:44 - 2016-10-09 15:37 - 000016056 _____ (SlimWare Utilities, Inc.) C:\windows\system32\Drivers\SWDUMon.sys

2017-08-26 12:44 - 2016-10-09 15:37 - 000000424 _____ C:\windows\Tasks\SlimDrivers Startup.job

2017-08-26 12:42 - 2015-03-19 17:02 - 000000000 __RDO C:\Users\lucas\OneDrive

2017-08-26 12:41 - 2017-04-26 17:35 - 000028376 _____ (GAS Tecnologia) C:\windows\system32\Drivers\wsddfac.sys

2017-08-26 12:41 - 2017-02-08 13:53 - 000028888 _____ (GAS Tecnologia) C:\windows\system32\Drivers\gbpddfac64.sys

2017-08-26 12:41 - 2015-05-06 18:47 - 000000000 ____D C:\Program Files (x86)\GbPlugin

2017-08-26 12:40 - 2016-09-21 14:41 - 000001028 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job

2017-08-26 12:40 - 2013-08-22 11:45 - 000000006 ____H C:\windows\Tasks\SA.DAT

2017-08-26 12:33 - 2016-12-14 04:28 - 000000000 ____D C:\Users\lucas\AppData\Roaming\vlc

2017-08-26 12:33 - 2016-11-18 02:15 - 000000000 ____D C:\Users\lucas\AppData\Roaming\REAPER

2017-08-26 12:33 - 2016-09-21 14:41 - 000000000 ____D C:\Program Files (x86)\Dropbox

2017-08-26 12:33 - 2014-06-23 01:33 - 000000000 ____D C:\ProgramData\Norton

2017-08-26 12:33 - 2013-08-22 12:36 - 000000000 __RSD C:\windows\Media

2017-08-26 12:33 - 2013-08-22 12:36 - 000000000 ___RD C:\windows\ToastData

2017-08-26 12:33 - 2013-08-22 12:36 - 000000000 ____D C:\windows\rescache

2017-08-26 12:33 - 2013-08-22 12:36 - 000000000 ____D C:\windows\PolicyDefinitions

2017-08-26 12:33 - 2013-08-22 12:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2017-08-26 12:33 - 2013-08-22 10:36 - 000000000 ____D C:\windows\system32\Sysprep

2017-08-26 12:33 - 2013-08-22 10:36 - 000000000 ____D C:\windows\Inf

2017-08-26 12:21 - 2013-08-22 12:36 - 000000000 ____D C:\windows\registration

2017-08-26 11:37 - 2015-07-09 02:24 - 000000000 ____D C:\Users\lucas\AppData\Local\CrashDumps

2017-08-26 10:12 - 2016-09-07 01:59 - 000000402 _____ C:\windows\Tasks\update-S-1-5-21-1212341227-2709655083-2383566263-1001.job

2017-08-26 10:09 - 2014-06-23 01:33 - 000000000 ____D C:\Program Files (x86)\NortonInstaller

2017-08-26 09:58 - 2013-08-22 12:36 - 000000000 ___HD C:\windows\ELAMBKUP

2017-08-26 09:58 - 2013-08-22 10:25 - 000262144 ___SH C:\windows\system32\config\ELAM

2017-08-26 09:42 - 2013-08-22 12:36 - 000000000 ____D C:\windows\LiveKernelReports

2017-08-24 21:25 - 2015-03-19 16:56 - 000000000 ____D C:\Users\lucas

2017-08-22 03:01 - 2016-09-07 01:58 - 000000402 _____ C:\windows\Tasks\update-sys.job

2017-08-22 02:42 - 2015-05-06 18:47 - 000000000 ____D C:\ProgramData\GbPlugin

2017-08-22 02:38 - 2014-06-22 23:20 - 000000000 ____D C:\ProgramData\Intel

2017-08-22 02:24 - 2014-06-23 01:48 - 000000000 ____D C:\Program Files (x86)\Microsoft Office

2017-08-22 02:07 - 2017-07-25 00:33 - 000000000 ___RD C:\Users\lucas\Desktop\Fotografia

2017-08-21 11:19 - 2014-06-23 14:53 - 000774900 _____ C:\windows\system32\prfh0416.dat

2017-08-21 11:19 - 2014-06-23 14:53 - 000158494 _____ C:\windows\system32\prfc0416.dat

2017-08-21 11:19 - 2013-08-27 01:56 - 001797166 _____ C:\windows\system32\PerfStringBackup.INI

2017-08-21 01:19 - 2015-08-10 18:11 - 002199552 ___SH C:\Users\lucas\Desktop\Thumbs.db

2017-08-20 15:48 - 2016-10-09 15:48 - 000000366 _____ C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - lucas).job

2017-08-19 11:59 - 2016-11-18 02:18 - 000000000 ____D C:\Users\lucas\Documents\REAPER Media

2017-08-19 10:19 - 2013-08-22 12:36 - 000000000 ____D C:\windows\AppReadiness

2017-08-17 13:35 - 2015-07-26 07:52 - 000544424 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

2017-08-15 12:13 - 2017-05-06 04:57 - 000000000 ____D C:\Users\lucas\Desktop\Projeto 2017

2017-08-12 11:57 - 2016-09-29 15:14 - 000000000 ____D C:\Users\lucas\Desktop\Canto

2017-08-12 08:49 - 2013-08-22 12:36 - 000000000 ___HD C:\Program Files\WindowsApps

2017-08-12 08:19 - 2013-08-22 11:44 - 005138832 _____ C:\windows\system32\FNTCACHE.DAT

2017-08-10 04:47 - 2013-08-22 12:20 - 000000000 ____D C:\windows\CbsTemp

2017-08-10 04:45 - 2015-03-23 16:02 - 000000000 ____D C:\windows\system32\MRT

2017-08-10 04:43 - 2015-03-23 16:02 - 140394280 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe

2017-08-08 19:39 - 2016-10-22 18:11 - 000004494 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier

2017-08-08 19:39 - 2016-10-22 18:11 - 000004360 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2017-08-08 19:39 - 2013-08-22 12:36 - 000000000 ____D C:\windows\SysWOW64\Macromed

2017-08-08 19:39 - 2013-08-22 12:36 - 000000000 ____D C:\windows\system32\Macromed

2017-08-08 18:59 - 2015-03-19 16:57 - 000000000 ____D C:\Users\lucas\AppData\Local\Packages

2017-08-04 10:22 - 2013-08-22 12:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-08-04 10:20 - 2015-03-19 17:07 - 000000000 ____D C:\Program Files\Microsoft Office 15

2017-08-03 17:34 - 2015-09-23 23:34 - 000000132 _____ C:\Users\lucas\AppData\Roaming\Adobe PNG Format CS6 Prefs

2017-08-03 07:41 - 2013-08-22 10:25 - 000262144 ___SH C:\windows\system32\config\BBI

2017-08-02 16:33 - 2017-04-12 03:08 - 000002215 _____ C:\Users\lucas\Desktop\Itaú.lnk

2017-08-02 16:33 - 2016-07-06 16:32 - 000000000 ____D C:\Users\lucas\AppData\Local\Aplicativo Itau

2017-07-28 21:03 - 2017-04-12 22:50 - 000835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2017-07-28 21:03 - 2017-04-12 22:50 - 000177648 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2017-07-28 14:06 - 2015-07-20 03:54 - 000000000 ____D C:\Program Files\Common Files\AV

 

==================== Arquivos na raiz de alguns diretórios =======

 

2016-11-12 14:48 - 2017-04-11 02:54 - 000000132 _____ () C:\Users\lucas\AppData\Roaming\Adobe BMP Format CS6 Prefs

2015-09-23 23:34 - 2017-08-03 17:34 - 000000132 _____ () C:\Users\lucas\AppData\Roaming\Adobe PNG Format CS6 Prefs

2016-12-21 17:14 - 2016-12-21 19:10 - 000000016 _____ () C:\Users\lucas\AppData\Roaming\msregsvv.dll

2015-05-06 18:47 - 2015-05-06 18:47 - 000017248 _____ () C:\Users\lucas\AppData\Roaming\unins000.dat

2015-05-06 18:47 - 2015-05-06 18:47 - 000811218 _____ () C:\Users\lucas\AppData\Roaming\unins000.exe

2016-09-07 01:58 - 2016-09-07 01:58 - 000000003 _____ () C:\Users\lucas\AppData\Local\updater.log

2016-09-07 01:59 - 2017-05-06 22:56 - 000000425 _____ () C:\Users\lucas\AppData\Local\UserProducts.xml

2016-12-21 17:14 - 2016-12-21 19:10 - 000000016 _____ () C:\ProgramData\autobk.inc

2014-06-22 23:25 - 2014-06-22 23:25 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

2014-06-22 23:35 - 2013-02-19 04:34 - 002064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe

2014-06-22 23:35 - 2013-01-12 11:51 - 000003004 _____ () C:\ProgramData\MakeMarkerFile.xml

 

==================== Bamital & volsnap ======================

 

(Não há correção automática para arquivos que não passaram na verificação.)

 

C:\windows\system32\winlogon.exe => O arquivo é assinado digitalmente

C:\windows\system32\wininit.exe => O arquivo é assinado digitalmente

C:\windows\explorer.exe => O arquivo é assinado digitalmente

C:\windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente

C:\windows\system32\svchost.exe => O arquivo é assinado digitalmente

C:\windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente

C:\windows\system32\services.exe => O arquivo é assinado digitalmente

C:\windows\system32\User32.dll => O arquivo é assinado digitalmente

C:\windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente

C:\windows\system32\userinit.exe => O arquivo é assinado digitalmente

C:\windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente

C:\windows\system32\rpcss.dll => O arquivo é assinado digitalmente

C:\windows\system32\dnsapi.dll => O arquivo é assinado digitalmente

C:\windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente

C:\windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

 

LastRegBack: 2017-08-15 12:55

 

==================== Fim de FRST.txt ============================

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 20-08-2017
Executado por lucas (26-08-2017 13:42:20)
Executando a partir de C:\Users\lucas\Downloads
Windows 8.1 Single Language (Update) (X64) (2015-03-19 19:56:29)
Modo da Inicialização: Normal
==========================================================
 
 
==================== Contas: =============================
 
Administrador (S-1-5-21-1212341227-2709655083-2383566263-500 - Administrator - Disabled)
Convidado (S-1-5-21-1212341227-2709655083-2383566263-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1212341227-2709655083-2383566263-1003 - Limited - Enabled)
lucas (S-1-5-21-1212341227-2709655083-2383566263-1001 - Administrator - Enabled) => C:\Users\lucas
 
==================== Central de Segurança ========================
 
(Se uma entrada for incluída na fixlist, será removida.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Internet Security (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Programas Instalados ======================
 
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
 
µTorrent (HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
4t Tray Minimizer Free 5.52 (HKLM-x32\...\4t Tray Minimizer_is1) (Version: 5.52 - 4t Niagara Software)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Aplicativo Itaú (HKLM-x32\...\{0EE3E818-92D7-4A74-8EE0-0E9A5D10362D}) (Version: 1.0.92 - Banco Itaú)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
Bitcasa version 1.0.1.5011 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 1.0.1.5011 - Bitcasa Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.13.20.0 - Canon Inc.)
Cifraweb 1.08 (HKLM-x32\...\Cifraweb_is1) (Version:  - Cifraweb, Inc.)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0221 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
FMW 1 (HKLM\...\{1DA9CD4A-687F-4075-A828-0A3ACB901438}) (Version: 1.222.1 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Chase History v04072016 (HKLM-x32\...\{F4CA90A9-655D-4388-B6C2-0FFDDE21C2A5}_is1) (Version: v04072016 - History Games, Inc.)
GRF Editor version 1.7.9.5 (HKLM-x32\...\GRF Editor_is1) (Version: 1.7.9.5 - )
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
IK Multimedia Authorization Manager version 1.0.16 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.16 - IK Multimedia)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.3.1000 - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
M-Audio Fast Track 6.1.12 (x64) (HKLM\...\{102B819F-54FB-4CD3-8B48-B80C210D55BC}) (Version: 6.1.12 - M-Audio)
M-Audio M-Track Driver 1.0.6 (x64) (HKLM\...\{7E76C229-D68D-480E-BB99-DAF73BE3C67B}) (Version: 1.0.6 - M-Audio)
Microsoft Office 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 15.0.4953.1001 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 15.0.4953.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Módulo de Proteção - Banco Santander (Brasil) S.A. (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.12.1.2 - )
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0416-0000-0000000FF1CE}) (Version: 15.0.4953.1001 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.5 - Gravity Interactive, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7464 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.1.0.3 - Samsung Electronics CO., LTD.)
S Agent (HKLM\...\{5A52C7BA-14F5-4BDD-A74A-3333DCB121F0}) (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Link (HKLM-x32\...\{82EC241F-DFCA-4166-A8C3-EA5D2B9A41C4}) (Version: 1.8.0.31 - Samsung Electronics CO., LTD.)
Samsung Link 1.8.0.1401291634 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1401291634 - Copyright 2013 SAMSUNG)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{3BB58176-B3A7-47FD-9F18-C3576431D193}) (Version: 2.2.0 - Samsung Electronics CO., LTD.)
SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype Web Plugin (HKLM-x32\...\{EB96DF8B-65A7-4E72-BFB1-38DB36870D16}) (Version: 7.32.6.278 - Skype Technologies S.A.)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.104 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
SMPlayer 16.11.0 (x64) (HKLM\...\SMPlayer) (Version: 16.11.0 - Ricardo Villalba)
Star Destiny versão 7.54 (HKLM-x32\...\{3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1) (Version: 7.54 - Star Destiny)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (HKLM-x32\...\{65563DAF-7F7F-4B8A-B544-166058E7CC08}) (Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D95ED95F-3540-46F8-A6AE-9566FEED1764}) (Version: 2.1.26 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.0.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
USB PnP Sound Device (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
User Manual (HKLM-x32\...\{DA11CC4A-5E90-4EA9-8E7B-29D5328E35F0}) (Version: 2.0.00 - Samsung Electronics CO., LTD.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Warsaw 1.18.1.2 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.18.1.2 - GAS Tecnologia)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
X-Mouse Button Control 2.13.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.13.1 - Highresolution Enterprises)
 
==================== Exame Personalizado CLSID (Whitelisted): ==========================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
CustomCLSID: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0001}\InprocServer32 -> C:\Users\lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0001}\InprocServer32 -> C:\Users\lucas\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\lucas\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001_Classes\CLSID\{41052F6E-3662-4584-BCD3-77BCCAAE8470}\InprocServer32 -> C:\Users\lucas\AppData\Local\SkypePlugin\7.32.6.278\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001_Classes\CLSID\{60813F68-E9F7-4B3C-80B4-A76A66211660}\localserver32 -> C:\Users\lucas\AppData\Local\SkypePlugin\7.32.6.278\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\lucas\AppData\Local\SkypePlugin\7.32.6.278\EdgeCalling.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {DAE3BA78-FD9D-417F-9FB1-AB25F87B97FA} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-06-06] ()
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-06-06] ()
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {DAE3BA78-FD9D-417F-9FB1-AB25F87B97FA} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2013-02-11] (EldoS Corporation)
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2014-01-06] (Qualcomm®Atheros®)
ContextMenuHandlers1: [Bitcasa] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-06-06] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers2: [Bitcasa] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-06-06] ()
ContextMenuHandlers2: [BitcasaExtension] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-06-06] ()
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2014-01-06] (Qualcomm®Atheros®)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-11-28] (Intel Corporation)
ContextMenuHandlers6: [Bitcasa] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-06-06] ()
ContextMenuHandlers6: [BitcasaExtension] -> {92224F8D-0235-4EBB-BEFB-91AC297C4AEE} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2013-06-06] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal)
 
==================== Tarefas Agendadas (Whitelisted) =============
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
Task: {01B540BA-AC0C-4501-B752-53BAF8550468} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-06-10] (Microsoft Corporation)
Task: {026631D5-B8D2-48A1-AB65-D6BAC14D17C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) <==== ATENÇÃO
Task: {04694E05-7A93-49F8-8214-AD0EFD27D80E} - System32\Tasks\update-S-1-5-21-1212341227-2709655083-2383566263-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {0E856DA6-2493-4596-BE72-527D2EB49486} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-21] (Dropbox, Inc.)
Task: {1873D64C-9B5A-4BB5-9A59-143D7784F285} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) <==== ATENÇÃO
Task: {1AEB7BBC-3FBB-4575-AF5E-21043C7C7FF7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {1CE9EAC4-3260-42C2-9B73-C700B01555E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) <==== ATENÇÃO
Task: {244EB03D-B6EF-42D9-A4BD-FBEC534C3AFF} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2016-07-05] (SEC)
Task: {3332C4C4-5F1D-408F-B76C-248228EF6BFA} - System32\Tasks\LaunchSettings => C:\Program Files (x86)\Samsung\Settings\Settings.exe [2014-04-21] ()
Task: {3FBBF6ED-6D52-4A0A-9D11-DEC8A6A6C319} - System32\Tasks\SecTimeSync\TimeSyncInit => C:\Windows\SecTimeSync.exe [2013-08-23] (Samsung Electronics CO., LTD.)
Task: {46616118-1EB2-4C62-A11B-046CAEFD4710} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19] (SlimWare Utilities, Inc.)
Task: {4DE19837-EBAF-4BEE-AEB0-8C64F0F5D694} - System32\Tasks\FreeAntiVirus => C:\windows\explorer.exe "hxxp://destyy.com/qNHR3u" <==== ATENÇÃO
Task: {5180C9A9-7DAD-4D69-A0C7-4E4CDDC15751} - System32\Tasks\ShutdownOpt => C:\ProgramData\Samsung\ShutdownEvent.exe [2013-09-17] (SAMSUNG Electronics co., LTD.)
Task: {52E9B1F7-A5C4-41B6-BAFE-1252DC94EF70} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-18] (Samsung Electronics CO., LTD.)
Task: {53201A12-C6E9-4BC5-ABA4-D74FB6E0E62E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) <==== ATENÇÃO
Task: {5D77F536-FC08-4377-9500-C299A3CFC108} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-19] (Google Inc.)
Task: {5DFEBC1A-F0BF-48E3-90C5-CC044302F943} - System32\Tasks\SamsungLinkPC => C:\Program Files (x86)\Samsung\HomeSync Lite\RefreshToken.exe
Task: {624BBF40-4CA0-466D-8355-565BD8B5AF74} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - lucas) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {6993255B-C863-4D78-A6C3-5883410C1F81} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {6C5BB281-AF6A-46F4-BCE8-7BB232F6AA62} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {75E6EE6B-19D8-4DDE-AA8D-4AC6CF770587} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [1999-12-31] (Realtek Semiconductor)
Task: {78C8000C-8ECD-4858-9E19-63385DC14C44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-19] (Google Inc.)
Task: {7F57E77E-2105-4779-89BF-25C82FB988C9} - System32\Tasks\SettingsEventHandlerMonitor => C:\Program Files (x86)\Samsung\Settings\CmdServer\RSSettingEventHandler.exe [2014-04-21] (Samsung Electronics CO., LTD.)
Task: {8DCBA315-FFEE-40BB-B933-B4D3C4632522} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-09-21] (Dropbox, Inc.)
Task: {931A2213-49D9-4700-9E20-85EE94945281} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {934D6CE5-442F-4E10-BCE7-BE0FFBA3BECA} - System32\Tasks\c780090f5b72f903cbe63e27a070343f => sc start c780090f5b72f903cbe63e27a070343f <==== ATENÇÃO
Task: {93D8E348-79AB-4310-A8F3-FE7E4A34F316} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2017-08-10] (Microsoft Corporation)
Task: {998045D5-6835-4582-943A-1F5DF41D86E8} - System32\Tasks\SUPatchForW10Up => C:\ProgramData\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe [2015-08-18] (Samsung Electronics CO., LTD.)
Task: {AE6E0030-2BF4-4482-82B6-8233DF155523} - System32\Tasks\2706e65a61b6f70a5b949e3db917f6e6 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\windows\2706e65a61b6f70a5b949e3db917f6e6.ps1" <==== ATENÇÃO
Task: {BFF75F46-D7F3-4E64-A651-C0FF9562D0FE} - System32\Tasks\{6843B084-9142-491D-9DED-9A07B9623177} => rundll32.exe "C:\Users\lucas\AppData\Local\Microsoft\TaskPlay\caches.dat",StaticCache
Task: {CBF6F590-2BBC-4061-AB01-2CB758690AA9} - System32\Tasks\DisplayChecker => C:\programdata\Samsung\_DisplayChecker.exe [2013-12-10] (TODO: <Company name>)
Task: {D2F7AACB-CEE1-4E99-B65D-D93C34BB1713} - System32\Tasks\SettingsHibernateMonitor => C:\Program Files (x86)\Samsung\Settings\SettingsHibernateMonitor.exe [2014-04-21] (Samsung Electronics CO., LTD.)
Task: {DAD28543-1218-4306-9661-7AB49BE615EB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {DE3837D2-7A7A-4778-875D-5CA8B21EADA5} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {F8ADD9D1-6F41-466D-88FE-87B42C94EAD1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-06-10] (Microsoft Corporation)
Task: {FA1CEAD1-1A2A-40D3-A30D-157307D63829} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-07-11] (Microsoft Corporation)
 
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
 
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\SlimCleaner Plus (Scheduled Scan - lucas).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
Task: C:\windows\Tasks\update-S-1-5-21-1212341227-2709655083-2383566263-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Atalhos & WMI ========================
 
(As entradas podem ser listadas para serem restauradas ou removidas.)
 
 
Shortcut: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
 
==================== Módulos Carregados (Whitelisted) ==============
 
2017-07-18 23:50 - 2017-07-18 23:50 - 003302400 _____ () C:\ProgramData\Windows\System32\Mswapi64.dll
2014-06-23 01:47 - 2013-06-06 01:23 - 001645056 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2015-03-19 17:07 - 2017-01-17 04:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-22 23:36 - 2014-01-29 04:34 - 000013824 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-06-22 23:37 - 2014-06-22 23:37 - 000515584 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2014-06-22 23:36 - 2014-01-29 04:34 - 002149376 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2014-06-22 23:36 - 2014-01-29 04:34 - 001630720 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-20 23:25 - 2013-12-20 23:25 - 000036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-20 23:26 - 2013-12-20 23:26 - 000144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-20 23:27 - 2013-12-20 23:27 - 000018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-21 21:52 - 2013-10-21 21:52 - 000030720 _____ () C:\windows\SYSTEM32\MediaDB64.dll
2013-10-21 21:52 - 2013-10-21 21:52 - 000908800 _____ () C:\windows\SYSTEM32\ContentDirectoryPresenter64.dll
2013-12-20 23:27 - 2013-12-20 23:27 - 000521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 07:19 - 2013-07-23 07:19 - 000049152 _____ () C:\windows\SYSTEM32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 07:19 - 2013-07-23 07:19 - 000016896 _____ () C:\windows\SYSTEM32\boost_system-vc90-mt-1_47.dll
2013-07-23 07:19 - 2013-07-23 07:19 - 000058880 _____ () C:\windows\SYSTEM32\boost_thread-vc90-mt-1_47.dll
2013-07-23 07:19 - 2013-07-23 07:19 - 000299520 _____ () C:\windows\SYSTEM32\boost_serialization-vc90-mt-1_47.dll
2017-08-22 02:39 - 2017-08-26 09:39 - 003954387 _____ () C:\Users\lucas\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
2017-06-14 14:39 - 2017-06-14 14:39 - 000208384 _____ () C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe
2014-03-18 23:41 - 2014-03-18 23:41 - 000088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-01-06 13:29 - 2014-01-06 13:29 - 000011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-06 13:26 - 2014-01-06 13:26 - 000086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-06-22 23:36 - 2014-01-29 04:34 - 000048640 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2014-01-06 13:32 - 2014-01-06 13:32 - 000012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-11-21 01:40 - 2013-11-21 01:40 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-08-17 19:54 - 2017-08-11 04:40 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-17 19:54 - 2017-08-11 04:40 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2013-12-11 04:46 - 2013-12-11 04:46 - 001114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-07-23 07:18 - 2013-07-23 07:18 - 000227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 07:18 - 2013-07-23 07:18 - 000038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 07:18 - 2013-07-23 07:18 - 000012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 07:18 - 2013-07-23 07:18 - 000046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-10-21 21:48 - 2013-10-21 21:48 - 000707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 04:53 - 2013-10-24 04:53 - 000107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 04:46 - 2013-12-11 04:46 - 000102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-10-24 04:53 - 2013-10-24 04:53 - 000032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 04:38 - 2013-04-19 04:38 - 000055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-12-11 04:46 - 2013-12-11 04:46 - 000077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 000520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 000450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 005717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 07:48 - 2013-10-25 07:48 - 000028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-10-25 07:49 - 2013-10-25 07:49 - 000028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-12-11 04:45 - 2013-12-11 04:45 - 000017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 07:53 - 2013-10-25 07:53 - 000012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 07:48 - 2013-10-25 07:48 - 000013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 000147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 07:48 - 2013-10-25 07:48 - 000012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-10-25 07:48 - 2013-10-25 07:48 - 000064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-10-25 07:48 - 2013-10-25 07:48 - 000023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-10-25 07:53 - 2013-10-25 07:53 - 000117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-12-11 04:45 - 2013-12-11 04:45 - 000134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 07:48 - 2013-10-25 07:48 - 000024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 07:48 - 2013-10-25 07:48 - 000024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 004671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 000686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 000070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 000152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 000366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 07:48 - 2013-10-25 07:48 - 000289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 07:53 - 2013-10-25 07:53 - 001033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-10-25 07:48 - 2013-10-25 07:48 - 000290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 000399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-02-14 07:42 - 2013-02-14 07:42 - 000044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2014-04-21 21:42 - 2014-04-21 21:42 - 000211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-06-22 23:20 - 2013-09-16 17:20 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-08-26 12:56 - 2017-08-26 12:56 - 048920064 _____ () C:\windows\Temp\AvgSetup\c5c54647-bc8d-47ce-a089-f5bcec0a6e6f\install\libcef.dll
2017-08-26 12:57 - 2017-08-26 12:56 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
 
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270]
AlternateDataStreams: C:\windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
 
==================== Modo de Segurança (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
 
 
==================== Associação (Whitelisted) ===============
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
 
 
==================== Internet Explorer confiável/restrito ===============
 
(Se uma entrada for incluída na fixlist, será removida do Registro.)
 
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\bancoreal.com.br -> hxxp://www.bancoreal.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\bancosantander.com.br -> hxxp://www.bancosantander.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\bancosantander.com.br -> hxxps://www.bancosantander.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\google.com -> www.google.com
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\google.com.br -> www.google.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\itau.b.br -> www.itau.b.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\realsecureweb.com.br -> hxxps://www.realsecureweb.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\santander.com.br -> hxxp://www.santander.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\santander.com.br -> www.santander.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\santanderempresarial.com.br -> hxxp://www.santanderempresarial.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\santanderempresarial.com.br -> www.santanderempresarial.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\santandernet.com.br -> hxxps://www.santandernet.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\santandernet.com.br -> www.santandernet.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\santandernetibe.com.br -> hxxps://www.santandernetibe.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\santandernetibe.com.br -> www.santandernetibe.com.br
IE trusted site: HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\secureweb.com.br -> hxxps://www.secureweb.com.br
 
Existem ainda 1 sites a mais.
 
 
==================== Hosts Conteúdo: ===============================
 
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
 
2013-08-22 10:25 - 2016-09-02 10:15 - 000000822 ____N C:\windows\system32\Drivers\etc\hosts
 
 
==================== Outras Áreas ============================
 
(Atualmente não há nenhuma correção automática para esta seção.)
 
HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucas\Desktop\Angeli Fotografia\Wallpapers\canon_3-wallpaper-1280x768.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Firewall do Windows está habilitado.
 
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
 
HKLM\...\StartupApproved\Run: => "XMouseButtonControl"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\StartupApproved\Run: => "Skype"
 
==================== Regras do Firewall (Whitelisted) ===============
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
FirewallRules: [{DA849321-FB6E-4FC1-8BB4-90A69A121B96}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{BB715B6A-6EF7-4AE0-9EE0-FE5FB6D82C6E}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{16DF40D2-3FE7-4F38-973D-8C0E42F4D584}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
FirewallRules: [{902FF4B2-FB2B-4A21-88AB-C017A1427C78}] => (Allow) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
FirewallRules: [{2043E433-4CEC-4884-B92C-ADD8F8C02F4B}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{3DB55C36-BE6A-4431-B39C-7B75BB6CF51B}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{0B6E5DA3-5F53-4539-804F-CAEF29B5CE35}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{2B3392B6-E082-481D-977E-81658836EC19}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{FB2A18C3-C49D-4ADC-ABB3-CA95FA5DD7F8}] => (Allow) LPort=8743
FirewallRules: [{DD445B8A-324B-4613-8066-5F6F9DC392B3}] => (Allow) LPort=8643
FirewallRules: [{42081096-7E20-4C9C-BC66-F3798E11BBBB}] => (Allow) LPort=7676
FirewallRules: [{5C2F890F-586D-4C2C-9173-516F10D521AF}] => (Allow) LPort=7679
FirewallRules: [{1385872D-4BC3-49FE-8D46-9FCFF81990A9}] => (Allow) LPort=24234
FirewallRules: [{F7DBB5A9-AB19-438C-8734-3ADCD51C4833}] => (Allow) LPort=7900
FirewallRules: [{A540BC26-0103-43CD-AF87-4745830B917A}] => (Allow) LPort=1900
FirewallRules: [{8239F8B2-1F2A-435A-8BB1-7A5255D2230A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{07EB3C9B-951C-4C85-8AE6-B02595782B03}] => (Allow) C:\Users\lucas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E71CBC25-5234-4019-98C8-8E18079C01DE}] => (Allow) C:\Users\lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0BC99807-F5D5-411B-90F6-FB9347D96D04}] => (Allow) C:\Users\lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B36B2D57-8DD5-4EE3-9689-E93B2B0EDF3F}] => (Allow) C:\Users\lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{589B9E59-5057-4A45-9C96-69A0B2DA0FBB}] => (Allow) C:\Users\lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{297E8574-F0F1-4CDA-8F0F-2B08E3F93CB1}] => (Allow) C:\Users\lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4A07E429-FFCE-475A-BC35-BA75D574E765}] => (Allow) C:\Users\lucas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F2D0ED6B-0734-47F1-8684-4B649BF52215}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E0648DAC-1960-41E6-AF5C-9FF72D50E8CB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{66BF217D-6A6C-4179-B93E-EA7653428514}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [TCP Query User{28B37C7A-C250-4FB5-B238-F6A6FB4BCBF1}C:\program files (x86)\grand chase history\main.exe] => (Allow) C:\program files (x86)\grand chase history\main.exe
FirewallRules: [UDP Query User{EDD940D5-9617-412E-AEB1-52B2284272E6}C:\program files (x86)\grand chase history\main.exe] => (Allow) C:\program files (x86)\grand chase history\main.exe
FirewallRules: [{6F820428-7544-493D-9306-DA50071CDA92}] => (Allow) C:\Program Files (x86)\Grand Chase History\GrandChase.exe
FirewallRules: [{D39C2F99-DF33-4383-867B-46F831E05925}] => (Allow) C:\Program Files (x86)\Grand Chase History\GrandChase.exe
FirewallRules: [{CD7138B5-DFAE-4FD7-838E-B6439E4AD51D}] => (Allow) C:\Program Files (x86)\Grand Chase History\GrandChase.exe
FirewallRules: [{32FC3F25-CD0F-4184-B6DA-9888FF18F3BC}] => (Allow) C:\Program Files (x86)\Grand Chase History\GrandChase.exe
FirewallRules: [{946CAD49-6E1D-46CA-8C48-D63FF7999A64}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F9892EC8-2BE5-4AD6-BB53-1997138C83B5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{24028FF8-8CFF-4971-AEB7-84E184A6A0DA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{971EEBF0-6FD1-46C3-8A83-0780807609C3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{C26BDAC6-349F-4C6C-BDC9-E6C45A5534B8}C:\users\lucas\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\lucas\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{6BB3D032-328E-49AD-9A2B-ED805E6F40B2}C:\users\lucas\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\lucas\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{DDFAD5F8-1855-4BAB-84BD-C193D852C3D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{13F6542E-2A20-42FB-B6B6-CB03931B4A44}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [UDP Query User{2B1ACB02-0962-493A-AB1B-71DC60F2D635}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [{9F0E2690-872E-4198-8CC3-D7C4B2D99A4C}] => (Allow) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{02378CE7-2FB2-44EA-9D1F-DA10300A1B16}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Pontos de Restauração =========================
 
31-07-2017 08:45:47 Windows Update
03-08-2017 12:42:35 Windows Update
10-08-2017 04:42:19 Windows Update
22-08-2017 03:03:30 Operação de restauração
 
==================== Dispositivos Apresentando Falhas No Gerenciador =============
 
 
==================== Erros no Log de eventos: =========================
 
Erros em Aplicativos:
==================
Error: (08/26/2017 12:42:54 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Erro não especificado durante a Restauração do Sistema: (Windows Update). Informações adicionais: 0x80070005.
 
Error: (08/26/2017 11:35:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 17364e4224244e99f9f910bba12790ff.exe, versão: 6.6.3.3, carimbo de data/hora: 0x589c4ec7
Nome do módulo com falha: 17364e4224244e99f9f910bba12790ff.exe, versão: 6.6.3.3, carimbo de data/hora: 0x589c4ec7
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0000c550
ID do processo com falha: 0x1b60
Hora de início do aplicativo com falha: 0x01d31e7885664b42
Caminho do aplicativo com falha: C:\Users\lucas\AppData\Local\UZmedia\17364e4224244e99f9f910bba12790ff.exe
Caminho do módulo com falha: C:\Users\lucas\AppData\Local\UZmedia\17364e4224244e99f9f910bba12790ff.exe
ID do Relatório: cbcfd9c4-8a6b-11e7-8330-24f5aaee879c
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:
 
Error: (08/26/2017 11:35:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 17364e4224244e99f9f910bba12790ff.exe, versão: 6.6.3.3, carimbo de data/hora: 0x589c4ec7
Nome do módulo com falha: 17364e4224244e99f9f910bba12790ff.exe, versão: 6.6.3.3, carimbo de data/hora: 0x589c4ec7
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0000c550
ID do processo com falha: 0x1954
Hora de início do aplicativo com falha: 0x01d31e78846869cd
Caminho do aplicativo com falha: C:\Program Files (x86)\KMSPico 10.2.2 Final\17364e4224244e99f9f910bba12790ff.exe
Caminho do módulo com falha: C:\Program Files (x86)\KMSPico 10.2.2 Final\17364e4224244e99f9f910bba12790ff.exe
ID do Relatório: cbd000d4-8a6b-11e7-8330-24f5aaee879c
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:
 
Error: (08/26/2017 10:54:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa SystemSettings.exe versão 6.3.9600.17489 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID do Processo: 195c
 
Hora de Início: 01d31e72a8bd3a20
 
Hora de Término: 4
 
Caminho do Aplicativo: C:\windows\ImmersiveControlPanel\SystemSettings.exe
 
ID do Relatório: 0bdac066-8a66-11e7-832e-24f5aaee879c
 
Nome completo do pacote com falha: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
 
ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel
 
Error: (08/26/2017 10:51:43 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Erro não especificado durante a Restauração do Sistema: (Windows Update). Informações adicionais: 0x80070005.
 
Error: (08/26/2017 09:45:58 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
 
Error: (08/24/2017 09:25:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: notepad.exe, versão: 6.3.9600.17930, carimbo de data/hora: 0x559eabcc
Nome do módulo com falha: USER32.dll, versão: 6.3.9600.18725, carimbo de data/hora: 0x59380775
Código de exceção: 0xc0000142
Deslocamento da falha: 0x00000000000ece60
ID do processo com falha: 0x17a0
Hora de início do aplicativo com falha: 0x01d31d388d8b4bd9
Caminho do aplicativo com falha: C:\windows\system32\notepad.exe
Caminho do módulo com falha: USER32.dll
ID do Relatório: d473220e-892b-11e7-832b-24f5aaee879c
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:
 
Error: (08/24/2017 09:05:58 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Erro não especificado durante a Restauração do Sistema: (Windows Update). Informações adicionais: 0x80070005.
 
Error: (08/22/2017 05:11:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: notepad.exe, versão: 6.3.9600.17930, carimbo de data/hora: 0x559eabcc
Nome do módulo com falha: USER32.dll, versão: 6.3.9600.18725, carimbo de data/hora: 0x59380775
Código de exceção: 0xc0000142
Deslocamento da falha: 0x00000000000ece60
ID do processo com falha: 0x1cb0
Hora de início do aplicativo com falha: 0x01d31b1e2cb6ddfc
Caminho do aplicativo com falha: C:\windows\system32\notepad.exe
Caminho do módulo com falha: USER32.dll
ID do Relatório: 74b1ffac-8711-11e7-8328-24f5aaee879c
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:
 
Error: (08/22/2017 05:10:07 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Erro não especificado durante a Restauração do Sistema: (Windows Update). Informações adicionais: 0x80070005.
 
 
Erros de Sistema:
=============
Error: (08/26/2017 12:41:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.
 
Error: (08/26/2017 12:41:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.
 
Error: (08/26/2017 12:41:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço c780090f5b72f903cbe63e27a070343f devido ao seguinte erro: 
O serviço não respondeu à requisição de início ou controle em tempo hábil.
 
Error: (08/26/2017 12:41:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço c780090f5b72f903cbe63e27a070343f.
 
Error: (08/26/2017 12:40:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço c780090f5b72f903cbe63e27a070343f devido ao seguinte erro: 
O serviço não respondeu à requisição de início ou controle em tempo hábil.
 
Error: (08/26/2017 12:40:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço c780090f5b72f903cbe63e27a070343f.
 
Error: (08/26/2017 12:39:27 PM) (Source: vjoy) (EventID: 524) (User: )
Description: Failed to get Report Descriptor from Registry. Function WdfRegistryOpenKey failed with status 0xc0000034.
 
Error: (08/26/2017 12:39:27 PM) (Source: vjoy) (EventID: 524) (User: )
Description: Failed to get Report Descriptor from Registry. Function WdfRegistryOpenKey failed with status 0xc0000034.
 
Error: (08/26/2017 12:39:26 PM) (Source: vjoy) (EventID: 524) (User: )
Description: Failed to get Report Descriptor from Registry. Function WdfRegistryOpenKey failed with status 0xc0000034.
 
Error: (08/26/2017 12:00:22 PM) (Source: DCOM) (EventID: 10010) (User: ANGELI)
Description: O servidor {9BA05972-F6A8-11CF-A442-00A0C90A8F39} não se registrou no DCOM dentro do tempo limite necessário.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-08 20:23:16.429
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-08 20:23:16.226
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-08 20:23:16.023
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-08 20:23:15.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-08 20:23:15.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-08 20:23:15.398
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-08 20:23:01.678
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-08 20:23:01.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-08 20:22:53.662
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-08 20:22:53.459
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Informações da Memória =========================== 
 
Processador: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentagem de memória em uso: 41%
RAM física total: 8068.1 MB
RAM física disponível: 4737.8 MB
Virtual Total: 16260.1 MB
Virtual disponível: 12635.59 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:915.49 GB) (Free:765.78 GB) NTFS
 
==================== MBR & Tabela de Partições ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4C0CDB68)
 
Partition: GPT.
 
==================== Fim de Addition.txt ============================

Edited by hamluis, 27 August 2017 - 07:32 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 27 August 2017 - 12:43 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [{4B6956A8-1D9A-C665-5DA6-C6FBAD7C8F78}] => C:\Program Files (x86)\KMSPico 10.2.2 Final\17364e4224244e99f9f910bba12790ff.exe
HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [UZmedia] => C:\Users\lucas\AppData\Local\UZmedia\17364e4224244e99f9f910bba12790ff.exe [337920 2017-06-12] (InstallShield Software Corporation)
BHO: Sem Nome -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Nenhum Arquivo
BHO-x32: Sem Nome -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Nenhum Arquivo
S2 c780090f5b72f903cbe63e27a070343f; C:\Program Files\c780090f5b72f903cbe63e27a070343f\165f1f9d3034f0770892f3e24666b98d.exe [1605120 2017-08-18] () [Arquivo não assinado] <==== ATENÇÃO
R2 WMPNetworkAcSvc; C:\Users\lucas\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [3954387 2017-08-26] () [Arquivo não assinado] <==== ATENÇÃO
R1 58937525d89e95b2a0afdf1dc82d5229; C:\windows\system32\drivers\58937525d89e95b2a0afdf1dc82d5229.sys [77184 2017-08-18] (36IHD8) <==== ATENÇÃO
S3 SWDUMon; C:\windows\system32\DRIVERS\SWDUMon.sys [16056 2017-08-26] (SlimWare Utilities, Inc.)

Task: {4DE19837-EBAF-4BEE-AEB0-8C64F0F5D694} - System32\Tasks\FreeAntiVirus => C:\windows\explorer.exe "hxxp://destyy.com/qNHR3u" <==== ATENÇÃO
Task: {934D6CE5-442F-4E10-BCE7-BE0FFBA3BECA} - System32\Tasks\c780090f5b72f903cbe63e27a070343f => sc start c780090f5b72f903cbe63e27a070343f <==== ATENÇÃO
Task: {AE6E0030-2BF4-4482-82B6-8233DF155523} - System32\Tasks\2706e65a61b6f70a5b949e3db917f6e6 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\windows\2706e65a61b6f70a5b949e3db917f6e6.ps1" <==== ATENÇÃO
C:\Windos\System32\Tasks\c780090f5b72f903cbe63e27a070343f
C:|Windows\System32\Tasks\2706e65a61b6f70a5b949e3db917f6e6
C:\Program Files (x86)\KMSPico 10.2.2 Final
C:\Users\lucas\AppData\Local\UZmedia
C:\Program Files\c780090f5b72f903cbe63e27a070343f
C:\Users\lucas\AppData\Roaming\WMPNetworkAcSvc
C:\windows\system32\drivers\58937525d89e95b2a0afdf1dc82d5229.sys
C:\windows\system32\DRIVERS\SWDUMon.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#3 Langell

Langell
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 27 August 2017 - 04:49 PM

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 20-08-2017

Executado por lucas (27-08-2017 18:41:31) Run:1

Executando a partir de C:\Users\lucas\Desktop

Perfis Carregados: lucas (Perfis Disponíveis: lucas)

Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:

*****************

start

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [{4B6956A8-1D9A-C665-5DA6-C6FBAD7C8F78}] => C:\Program Files (x86)\KMSPico 10.2.2 Final\17364e4224244e99f9f910bba12790ff.exe

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\...\Run: [UZmedia] => C:\Users\lucas\AppData\Local\UZmedia\17364e4224244e99f9f910bba12790ff.exe [337920 2017-06-12] (InstallShield Software Corporation)

BHO: Sem Nome -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Nenhum Arquivo

BHO-x32: Sem Nome -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> Nenhum Arquivo

S2 c780090f5b72f903cbe63e27a070343f; C:\Program Files\c780090f5b72f903cbe63e27a070343f\165f1f9d3034f0770892f3e24666b98d.exe [1605120 2017-08-18] () [Arquivo n�o assinado] <==== ATEN��O

R2 WMPNetworkAcSvc; C:\Users\lucas\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [3954387 2017-08-26] () [Arquivo n�o assinado] <==== ATEN��O

R1 58937525d89e95b2a0afdf1dc82d5229; C:\windows\system32\drivers\58937525d89e95b2a0afdf1dc82d5229.sys [77184 2017-08-18] (36IHD8) <==== ATEN��O

S3 SWDUMon; C:\windows\system32\DRIVERS\SWDUMon.sys [16056 2017-08-26] (SlimWare Utilities, Inc.)

 

Task: {4DE19837-EBAF-4BEE-AEB0-8C64F0F5D694} - System32\Tasks\FreeAntiVirus => C:\windows\explorer.exe "hxxp://destyy.com/qNHR3u" <==== ATEN��O

Task: {934D6CE5-442F-4E10-BCE7-BE0FFBA3BECA} - System32\Tasks\c780090f5b72f903cbe63e27a070343f => sc start c780090f5b72f903cbe63e27a070343f <==== ATEN��O

Task: {AE6E0030-2BF4-4482-82B6-8233DF155523} - System32\Tasks\2706e65a61b6f70a5b949e3db917f6e6 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\windows\2706e65a61b6f70a5b949e3db917f6e6.ps1" <==== ATEN��O

C:\Windos\System32\Tasks\c780090f5b72f903cbe63e27a070343f

C:|Windows\System32\Tasks\2706e65a61b6f70a5b949e3db917f6e6

C:\Program Files (x86)\KMSPico 10.2.2 Final

C:\Users\lucas\AppData\Local\UZmedia

C:\Program Files\c780090f5b72f903cbe63e27a070343f

C:\Users\lucas\AppData\Roaming\WMPNetworkAcSvc

C:\windows\system32\drivers\58937525d89e95b2a0afdf1dc82d5229.sys

C:\windows\system32\DRIVERS\SWDUMon.sys

 

End

*****************

Ponto de Restauração criado com sucesso.

Processos fechados com sucesso.

C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe => Não foi encontrado em execução o processo

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => valor removido (a) com sucesso.

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\Software\Microsoft\Windows\CurrentVersion\Run\\{4B6956A8-1D9A-C665-5DA6-C6FBAD7C8F78} => valor removido (a) com sucesso.

HKU\S-1-5-21-1212341227-2709655083-2383566263-1001\Software\Microsoft\Windows\CurrentVersion\Run\\UZmedia => valor removido (a) com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => chave removido (a) com sucesso.

HKLM\Software\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => chave removido (a) com sucesso.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => chave removido (a) com sucesso.

HKLM\Software\Wow6432Node\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => chave removido (a) com sucesso.

HKLM\System\CurrentControlSet\Services\c780090f5b72f903cbe63e27a070343f => chave removido (a) com sucesso.

c780090f5b72f903cbe63e27a070343f => serviço removido (a) com sucesso.

HKLM\System\CurrentControlSet\Services\WMPNetworkAcSvc => chave removido (a) com sucesso.

WMPNetworkAcSvc => serviço removido (a) com sucesso.

58937525d89e95b2a0afdf1dc82d5229 => Não foi possível finalizar o serviço.

HKLM\System\CurrentControlSet\Services\58937525d89e95b2a0afdf1dc82d5229 => chave removido (a) com sucesso.

58937525d89e95b2a0afdf1dc82d5229 => serviço removido (a) com sucesso.

HKLM\System\CurrentControlSet\Services\SWDUMon => chave removido (a) com sucesso.

SWDUMon => serviço removido (a) com sucesso.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DE19837-EBAF-4BEE-AEB0-8C64F0F5D694} => chave removido (a) com sucesso.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DE19837-EBAF-4BEE-AEB0-8C64F0F5D694} => chave removido (a) com sucesso.

C:\windows\System32\Tasks\FreeAntiVirus => movido com sucesso

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeAntiVirus => chave removido (a) com sucesso.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{934D6CE5-442F-4E10-BCE7-BE0FFBA3BECA} => chave removido (a) com sucesso.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{934D6CE5-442F-4E10-BCE7-BE0FFBA3BECA} => chave removido (a) com sucesso.

C:\windows\System32\Tasks\c780090f5b72f903cbe63e27a070343f => movido com sucesso

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c780090f5b72f903cbe63e27a070343f => chave removido (a) com sucesso.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE6E0030-2BF4-4482-82B6-8233DF155523} => chave removido (a) com sucesso.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE6E0030-2BF4-4482-82B6-8233DF155523} => chave removido (a) com sucesso.

C:\windows\System32\Tasks\2706e65a61b6f70a5b949e3db917f6e6 => movido com sucesso

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2706e65a61b6f70a5b949e3db917f6e6 => chave removido (a) com sucesso.

"C:\Windos\System32\Tasks\c780090f5b72f903cbe63e27a070343f" => não encontrado (a).

C:|Windows\System32\Tasks\2706e65a61b6f70a5b949e3db917f6e6 => Erro: Nenhuma correção automática foi encontrada para esta entrada.

"C:\Program Files (x86)\KMSPico 10.2.2 Final" => não encontrado (a).

C:\Users\lucas\AppData\Local\UZmedia => movido com sucesso

C:\Program Files\c780090f5b72f903cbe63e27a070343f => movido com sucesso

C:\Users\lucas\AppData\Roaming\WMPNetworkAcSvc => movido com sucesso

C:\windows\system32\drivers\58937525d89e95b2a0afdf1dc82d5229.sys => movido com sucesso

C:\windows\system32\DRIVERS\SWDUMon.sys => movido com sucesso

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80881463 B

Java, Flash, Steam htmlcache => 998 B

Windows/system/drivers => 164440093 B

Edge => 0 B

Chrome => 12529747 B

Firefox => 0 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 334155 B

systemprofile32 => 954630 B

LocalService => 398774 B

NetworkService => 777282 B

lucas => 173922409 B

RecycleBin => 0 B

EmptyTemp: => 422.1 MB de dados temporários Removidos.

 

================================

 

O sistema precisou ser reiniciado.

==== Fim de Fixlog 18:43:22 ====


Edited by Langell, 27 August 2017 - 04:50 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 28 August 2017 - 09:19 AM

Has your problem been solved?

#5 Langell

Langell
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 28 August 2017 - 11:11 AM

Not at all, still all the same..

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 28 August 2017 - 12:19 PM

Hi.

:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Post the logs and let me know what problem persists.

#7 Langell

Langell
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 29 August 2017 - 10:09 AM

Now it seems to be working, no more ads when i click anything on google chrome, and i can't see prompts appearing and disappearing so far !!  :bananas:

 

Attached File  AdwCleanerC0.txt   2.96KB   1 downloads

Attached File  MBAMlog.txt   103.37KB   2 downloads



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 29 August 2017 - 12:14 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#9 Langell

Langell
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 29 August 2017 - 12:39 PM

About MBAM, should i clean all things that are currently on quarantine ? Sometimes a error appears telling me that the os can't find some dll's.

 

Anyway, thank you so much for all the help !



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 30 August 2017 - 06:04 AM


Hi,

About MBAM, should i clean all things that are currently on quarantine ?

Yes you can delete all the files in the Quarantine folder.


sometimes a error appears telling me that the os can't find some dll's


Let me know the error message when it happen next.

#11 Langell

Langell
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 30 August 2017 - 08:56 AM

This appears eventually, and there was another dll before, but now i only see this one appearing..

 

Attached File  Untitled-1.jpg   56.62KB   0 downloads



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 30 August 2017 - 01:11 PM

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {BFF75F46-D7F3-4E64-A651-C0FF9562D0FE} - System32\Tasks\{6843B084-9142-491D-9DED-9A07B9623177} => rundll32.exe "C:\Users\lucas\AppData\Local\Microsoft\TaskPlay\caches.dat",StaticCache
c:\Windows\System32\Tasks\{6843B084-9142-491D-9DED-9A07B9623177}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is it now?

Edited by nasdaq, 31 August 2017 - 07:06 AM.


#13 Langell

Langell
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 31 August 2017 - 02:59 AM

Now it's not appearing the error anymore ! Thank you so much for all the help nasdaq !

 

Attached File  Fixlog.txt   2.12KB   1 downloads


Edited by Langell, 31 August 2017 - 02:59 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:50 PM

Posted 31 August 2017 - 07:06 AM

Hi,

If the folder in bold is present delete it.
C:\Windows\System32\Tasks\{6843B084-9142-491D-9DED-9A07B9623177}
===


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users