Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with mail.ru Malware that keeps downloading archives from the CMD


  • This topic is locked This topic is locked
1 reply to this topic

#1 Doodsey

Doodsey

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 04 January 2018 - 04:32 AM

The title describes it all, every 30 minutes my cmd opens (if I close it) and starts downloading the archive on the annex:

 

Attached File  ASDASDFASD.png   82.26KB   0 downloads

 

I don't know what else to do... I've ran the FRST tool and I'll follow up with the log, please help me! My CPU usage simply Skyrockets whenever the cmd finishes the download, making it so that I have to keep resetting the PC very often, it's really annoying.

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 02.01.2018
Executado por eduad (administrador) em PIRILAMPO (04-01-2018 07:25:39)
Executando a partir de C:\Users\eduad\Desktop
Perfis Carregados: eduad (Perfis Disponíveis: eduad)
Platform: Windows 10 Pro Versão 1709 16299.192 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
() C:\Windows\KMS-R@1n.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Discord Inc.) C:\Users\eduad\AppData\Local\Discord\app-0.0.299\Discord.exe
(Spotify Ltd) C:\Users\eduad\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\eduad\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Spotify Ltd) C:\Users\eduad\AppData\Roaming\Spotify\Spotify.exe
(Discord Inc.) C:\Users\eduad\AppData\Local\Discord\app-0.0.299\Discord.exe
(Spotify Ltd) C:\Users\eduad\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Spotify Ltd) C:\Users\eduad\AppData\Roaming\Spotify\Spotify.exe
(香港飞翔科技集团有限公司) C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Discord Inc.) C:\Users\eduad\AppData\Local\Discord\app-0.0.299\Discord.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(BitTorrent Inc.) C:\Users\eduad\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\eduad\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(BitTorrent Inc.) C:\Users\eduad\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Windows\KMS-R@1nhook.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => c:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\Run: [Discord] => C:\Users\eduad\AppData\Local\Discord\app-0.0.299\Discord.exe [57954808 2017-12-11] (Discord Inc.)
HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10024624 2017-11-08] (Piriform Ltd)
HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\Run: [Spotify] => C:\Users\eduad\AppData\Roaming\Spotify\Spotify.exe [21070224 2017-12-17] (Spotify Ltd)
HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\Run: [World of Tanks] => "C:\World Of Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\Run: [Spotify Web Helper] => C:\Users\eduad\AppData\Roaming\Spotify\SpotifyWebHelper.exe [780688 2017-12-17] (Spotify Ltd)
HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe [2382432 2017-09-20] (Adobe Systems Incorporated)
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nhook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nhook.exe
Startup: C:\Users\eduad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MotoSpeed Mouse.lnk [2017-11-14]
ShortcutTarget: MotoSpeed Mouse.lnk -> C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe (香港飞翔科技集团有限公司)
Startup: C:\Users\eduad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-12-30]
ShortcutTarget: Twitch.lnk -> C:\Users\eduad\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\..\Interfaces\{3bdc754f-94c1-4435-965e-d390b19a1ca9}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2296285372-3677760609-50217273-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: hlkycn4s.default-1514932134659
FF ProfilePath: C:\Users\eduad\AppData\Roaming\Mozilla\Firefox\Profiles\hlkycn4s.default-1514932134659 [2018-01-04]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-15] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-15] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://mail.ru/cnt/10445?gp=811141
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141"
CHR NewTab: Default -> "active": true,
            "entry": "chrome-extension://ligncphnohhjkgekjkghahajihclailj/visual-bookmarks.html"
          
CHR DefaultSearchKeyword: Default -> google.com.br
CHR Profile: C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default [2018-01-04]
CHR Extension: (Apresentações) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-22]
CHR Extension: (Material Incognito Dark Theme) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahifcnpnjgbadkjdhagpfjfkmlapfoel [2017-10-22]
CHR Extension: (Documentos) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-22]
CHR Extension: (Google Drive) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-22]
CHR Extension: (MEGA) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2017-12-22]
CHR Extension: (YouTube) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-22]
CHR Extension: (Social Blade) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2017-12-22]
CHR Extension: (Rastreador de Pacotes dos Correios) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnlegggomkoaacenefdcdddgcgjhjmfg [2017-11-13]
CHR Extension: (Fair AdBlocker App) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-10-22]
CHR Extension: (Tampermonkey) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-01-02]
CHR Extension: (ScriptGate) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocknbjpmfgaclencnfjfkklmmfmiie [2018-01-02]
CHR Extension: (Planilhas) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-22]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-10-22]
CHR Extension: (Favoritos do iCloud) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-10-22]
CHR Extension: (Documentos Google off-line) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-22]
CHR Extension: (AdBlock) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-12-06]
CHR Extension: (Inbox by Gmail) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkljgfmjocfalijkgoogmfffkhmkbgol [2017-10-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-16]
CHR Extension: (Reedy) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbdojmggkmjbhfflnchljfkgdhokffj [2017-10-22]
CHR Extension: (Grammarly for Chrome) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-12-21]
CHR Extension: (Пульс) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ligncphnohhjkgekjkghahajihclailj [2018-01-02]
CHR Extension: (Tom's Hardware - My Threads) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip [2017-10-22]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-22]
CHR Extension: (Gmail) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\eduad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-14]
CHR HKLM-x32\...\Chrome\Extension: [ligncphnohhjkgekjkghahajihclailj] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-28] ()
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2017-11-03] () [Arquivo não assinado]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [18432 2016-06-25] () [Arquivo não assinado]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [345064 2017-10-04] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.)
S3 iVCam; C:\Windows\system32\DRIVERS\iVCam.sys [1089480 2017-11-25] (e2eSoft)
S3 KINONI_Wave; C:\Windows\system32\drivers\kinonivad.sys [32360 2016-04-17] (Windows ® Win 7 DDK provider)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d37ca5c2cde53609\nvlddmkm.sys [17028552 2017-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-30] (Microsoft Corporation)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [47096 2017-10-30] (Wellbia.com Co., Ltd.)
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-01-04 07:25 - 2018-01-04 07:26 - 000019442 _____ C:\Users\eduad\Desktop\FRST.txt
2018-01-04 05:54 - 2018-01-04 06:00 - 000000000 ____D C:\Users\eduad\Desktop\DeSmuME
2018-01-04 05:53 - 2018-01-04 05:53 - 001868290 _____ C:\Users\eduad\Downloads\desmume-0.9.11-win64.zip
2018-01-04 05:49 - 2018-01-04 05:49 - 060822854 _____ C:\Users\eduad\Downloads\4787 - Pokemon - HeartGold Version (US).zip
2018-01-04 05:42 - 2018-01-04 05:42 - 000000000 ____D C:\Users\eduad\Downloads\Met-Art-2015-06-08-Kika-Quinte-x119-2884x4324
2018-01-04 05:19 - 2018-01-04 05:42 - 143594981 _____ C:\Users\eduad\Downloads\Met-Art-2015-06-08-Kika-Quinte-x119-2884x4324.zip
2018-01-04 05:05 - 2018-01-04 05:05 - 000000000 ____D C:\Users\eduad\AppData\LocalLow\uTorrent
2018-01-04 05:04 - 2018-01-04 05:04 - 000010692 _____ C:\Users\eduad\Downloads\Pokemon-HeartGold-nds-rom.torrent
2018-01-04 05:01 - 2018-01-04 05:01 - 013122151 _____ C:\Users\eduad\Downloads\2sg2ss4105.zip
2018-01-04 01:04 - 2018-01-04 01:04 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-01-04 00:46 - 2018-01-01 15:15 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-01-04 00:46 - 2018-01-01 10:54 - 000924648 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-01-04 00:46 - 2018-01-01 10:53 - 001090984 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-04 00:46 - 2018-01-01 10:52 - 000066712 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
2018-01-04 00:46 - 2018-01-01 10:51 - 001414784 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-04 00:46 - 2018-01-01 10:51 - 001209240 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-04 00:46 - 2018-01-01 10:51 - 001055128 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-01-04 00:46 - 2018-01-01 10:51 - 000191816 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2018-01-04 00:46 - 2018-01-01 10:51 - 000059800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bam.sys
2018-01-04 00:46 - 2018-01-01 10:50 - 005905752 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2018-01-04 00:46 - 2018-01-01 10:50 - 000780464 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2018-01-04 00:46 - 2018-01-01 10:50 - 000479912 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase_enclave.dll
2018-01-04 00:46 - 2018-01-01 10:50 - 000077208 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-01-04 00:46 - 2018-01-01 10:49 - 008605080 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-04 00:46 - 2018-01-01 10:49 - 000599448 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-01-04 00:46 - 2018-01-01 10:49 - 000319352 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-04 00:46 - 2018-01-01 10:49 - 000292376 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2018-01-04 00:46 - 2018-01-01 10:48 - 007831760 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-01-04 00:46 - 2018-01-01 10:48 - 001954048 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-04 00:46 - 2018-01-01 10:48 - 000382360 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-04 00:46 - 2018-01-01 10:47 - 000649304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-04 00:46 - 2018-01-01 10:47 - 000082840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-01-04 00:46 - 2018-01-01 10:46 - 002709704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-04 00:46 - 2018-01-01 10:46 - 000898216 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-01-04 00:46 - 2018-01-01 10:46 - 000733592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-01-04 00:46 - 2018-01-01 10:46 - 000471960 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-04 00:46 - 2018-01-01 10:45 - 002395032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-04 00:46 - 2018-01-01 10:45 - 001277848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-04 00:46 - 2018-01-01 10:45 - 000398744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-04 00:46 - 2018-01-01 10:43 - 001173576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-04 00:46 - 2018-01-01 10:43 - 000367336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2018-01-04 00:46 - 2018-01-01 10:43 - 000062872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys
2018-01-04 00:46 - 2018-01-01 10:42 - 001029016 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2018-01-04 00:46 - 2018-01-01 10:42 - 000571288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2018-01-04 00:46 - 2018-01-01 10:42 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2018-01-04 00:46 - 2018-01-01 10:42 - 000184984 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-04 00:46 - 2018-01-01 10:42 - 000109976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys
2018-01-04 00:46 - 2018-01-01 10:41 - 007676296 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-01-04 00:46 - 2018-01-01 10:41 - 000559512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2018-01-04 00:46 - 2018-01-01 10:41 - 000549552 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2018-01-04 00:46 - 2018-01-01 10:40 - 001206680 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-01-04 00:46 - 2018-01-01 10:39 - 000902416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-04 00:46 - 2018-01-01 10:39 - 000677784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-01-04 00:46 - 2018-01-01 10:39 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2018-01-04 00:46 - 2018-01-01 10:39 - 000362904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-01-04 00:46 - 2018-01-01 10:39 - 000129432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
2018-01-04 00:46 - 2018-01-01 10:38 - 003904808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-01-04 00:46 - 2018-01-01 10:38 - 000727448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-01-04 00:46 - 2018-01-01 10:38 - 000519152 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2018-01-04 00:46 - 2018-01-01 10:38 - 000103320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2018-01-04 00:46 - 2018-01-01 10:38 - 000038808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2018-01-04 00:46 - 2018-01-01 10:37 - 001426664 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2018-01-04 00:46 - 2018-01-01 10:37 - 000461720 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2018-01-04 00:46 - 2018-01-01 10:36 - 000413888 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2018-01-04 00:46 - 2018-01-01 10:36 - 000374032 _____ (Microsoft Corporation) C:\Windows\system32\vac.exe
2018-01-04 00:46 - 2018-01-01 10:36 - 000166296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2018-01-04 00:46 - 2018-01-01 10:36 - 000113560 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-04 00:46 - 2018-01-01 10:36 - 000057752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-04 00:46 - 2018-01-01 10:35 - 001170008 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-01-04 00:46 - 2018-01-01 10:35 - 000075160 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthProxyStub.dll
2018-01-04 00:46 - 2018-01-01 10:34 - 007385088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-01-04 00:46 - 2018-01-01 10:34 - 001336344 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-04 00:46 - 2018-01-01 10:34 - 000260896 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-01-04 00:46 - 2018-01-01 10:34 - 000087384 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2018-01-04 00:46 - 2018-01-01 10:33 - 002773400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-01-04 00:46 - 2018-01-01 10:33 - 000603920 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2018-01-04 00:46 - 2018-01-01 10:32 - 004481240 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-01-04 00:46 - 2018-01-01 10:32 - 000617304 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2018-01-04 00:46 - 2018-01-01 10:27 - 000713624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-01-04 00:46 - 2018-01-01 10:27 - 000163736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2018-01-04 00:46 - 2018-01-01 10:26 - 000428952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-01-04 00:46 - 2018-01-01 10:26 - 000081304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmcl.sys
2018-01-04 00:46 - 2018-01-01 10:25 - 000615768 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2018-01-04 00:46 - 2018-01-01 10:25 - 000147864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2018-01-04 00:46 - 2018-01-01 10:23 - 021352144 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-04 00:46 - 2018-01-01 10:21 - 001103768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-04 00:46 - 2018-01-01 10:21 - 000614296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-01-04 00:46 - 2018-01-01 10:06 - 000311192 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-04 00:46 - 2018-01-01 10:03 - 000777904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-04 00:46 - 2018-01-01 10:03 - 000650328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2018-01-04 00:46 - 2018-01-01 10:03 - 000566664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-01-04 00:46 - 2018-01-01 10:03 - 000123512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-04 00:46 - 2018-01-01 09:53 - 001615712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-04 00:46 - 2018-01-01 09:49 - 000481464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-04 00:46 - 2018-01-01 09:49 - 000258808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2018-01-04 00:46 - 2018-01-01 09:46 - 003485392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2018-01-04 00:46 - 2018-01-01 09:46 - 000289816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-04 00:46 - 2018-01-01 09:45 - 006092152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-01-04 00:46 - 2018-01-01 09:45 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-01-04 00:46 - 2018-01-01 09:45 - 002192624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-04 00:46 - 2018-01-01 09:45 - 000450928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2018-01-04 00:46 - 2018-01-01 09:43 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-04 00:46 - 2018-01-01 09:42 - 006479552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-04 00:46 - 2018-01-01 09:42 - 004644912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-01-04 00:46 - 2018-01-01 09:42 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-01-04 00:46 - 2018-01-01 09:42 - 001003152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-04 00:46 - 2018-01-01 09:42 - 000982528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-01-04 00:46 - 2018-01-01 09:42 - 000386424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2018-01-04 00:46 - 2018-01-01 09:42 - 000129184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-01-04 00:46 - 2018-01-01 09:42 - 000074992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2018-01-04 00:46 - 2018-01-01 09:37 - 025247232 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-01-04 00:46 - 2018-01-01 09:34 - 000703568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-04 00:46 - 2018-01-01 09:25 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-01-04 00:46 - 2018-01-01 09:25 - 001008640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-01-04 00:46 - 2018-01-01 09:25 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-04 00:46 - 2018-01-01 09:25 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-01-04 00:46 - 2018-01-01 09:25 - 000097792 _____ C:\Windows\system32\runexehelper.exe
2018-01-04 00:46 - 2018-01-01 09:24 - 003668480 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-01-04 00:46 - 2018-01-01 09:24 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\AboutSettingsHandlers.dll
2018-01-04 00:46 - 2018-01-01 09:24 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2018-01-04 00:46 - 2018-01-01 09:24 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-04 00:46 - 2018-01-01 09:24 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-04 00:46 - 2018-01-01 09:23 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2018-01-04 00:46 - 2018-01-01 09:23 - 000561152 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-04 00:46 - 2018-01-01 09:23 - 000536576 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-01-04 00:46 - 2018-01-01 09:23 - 000385024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cldflt.sys
2018-01-04 00:46 - 2018-01-01 09:23 - 000250368 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2018-01-04 00:46 - 2018-01-01 09:23 - 000232960 _____ (Microsoft Corporation) C:\Windows\system32\convertvhd.exe
2018-01-04 00:46 - 2018-01-01 09:23 - 000121344 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-04 00:46 - 2018-01-01 09:23 - 000080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2018-01-04 00:46 - 2018-01-01 09:23 - 000047104 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-04 00:46 - 2018-01-01 09:22 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rfxvmt.dll
2018-01-04 00:46 - 2018-01-01 09:22 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-04 00:46 - 2018-01-01 09:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpstorport.sys
2018-01-04 00:46 - 2018-01-01 09:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\VmApplicationHealthMonitorProxy.dll
2018-01-04 00:46 - 2018-01-01 09:21 - 000268288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-04 00:46 - 2018-01-01 09:21 - 000233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppLockerCSP.dll
2018-01-04 00:46 - 2018-01-01 09:21 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys
2018-01-04 00:46 - 2018-01-01 09:21 - 000133632 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2018-01-04 00:46 - 2018-01-01 09:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-04 00:46 - 2018-01-01 09:21 - 000097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys
2018-01-04 00:46 - 2018-01-01 09:21 - 000080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-04 00:46 - 2018-01-01 09:21 - 000062976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-04 00:46 - 2018-01-01 09:21 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 019337216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 018917888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000524288 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2018-01-04 00:46 - 2018-01-01 09:20 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\container.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000186368 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\rasauto.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\SCardDlg.dll
2018-01-04 00:46 - 2018-01-01 09:20 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RfxVmt.sys
2018-01-04 00:46 - 2018-01-01 09:20 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshhttp.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 008014848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000795136 _____ (Microsoft Corporation) C:\Windows\system32\NaturalAuth.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000675328 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000416768 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-04 00:46 - 2018-01-01 09:19 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-04 00:46 - 2018-01-01 09:19 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2018-01-04 00:46 - 2018-01-01 09:19 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000149504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\container.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msoert2.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000093696 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2018-01-04 00:46 - 2018-01-01 09:19 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-04 00:46 - 2018-01-01 09:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000748032 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000699904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000436224 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000432640 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000431616 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000427008 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000391168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000380928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\APHostService.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000336896 _____ (Microsoft Corporation) C:\Windows\system32\AppLockerCSP.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000276480 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\SCardSvr.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-04 00:46 - 2018-01-01 09:18 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\provdatastore.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 011923968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 006564864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000791552 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000616960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000594432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000555520 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000423936 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-04 00:46 - 2018-01-01 09:17 - 000228352 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-04 00:46 - 2018-01-01 09:17 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\msoert2.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 005833216 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 003676672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000966656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000956928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000831488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000815616 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000812544 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000720896 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000624128 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll
2018-01-04 00:46 - 2018-01-01 09:16 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 012687872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 006029312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 002349568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 001657856 _____ (Microsoft Corporation) C:\Windows\system32\rdpserverbase.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 001245184 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 000951808 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 000588800 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 000434176 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 000366080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-04 00:46 - 2018-01-01 09:15 - 000258560 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-04 00:46 - 2018-01-01 09:14 - 023655936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-04 00:46 - 2018-01-01 09:14 - 002465280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-01-04 00:46 - 2018-01-01 09:14 - 001495040 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-01-04 00:46 - 2018-01-01 09:14 - 001097728 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2018-01-04 00:46 - 2018-01-01 09:14 - 001003008 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2018-01-04 00:46 - 2018-01-01 09:14 - 000985600 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-04 00:46 - 2018-01-01 09:14 - 000917504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2018-01-04 00:46 - 2018-01-01 09:14 - 000870912 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2018-01-04 00:46 - 2018-01-01 09:13 - 013657600 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-01-04 00:46 - 2018-01-01 09:13 - 012830208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-04 00:46 - 2018-01-01 09:13 - 003121664 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-04 00:46 - 2018-01-01 09:13 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-04 00:46 - 2018-01-01 09:13 - 002013184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-04 00:46 - 2018-01-01 09:13 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-04 00:46 - 2018-01-01 09:13 - 001474560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-04 00:46 - 2018-01-01 09:13 - 000897024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-04 00:46 - 2018-01-01 09:12 - 002633216 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-01-04 00:46 - 2018-01-01 09:12 - 002208768 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-01-04 00:46 - 2018-01-01 09:12 - 001573376 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2018-01-04 00:46 - 2018-01-01 09:12 - 001547776 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-04 00:46 - 2018-01-01 09:12 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2018-01-04 00:46 - 2018-01-01 09:12 - 000760320 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-04 00:46 - 2018-01-01 09:12 - 000464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 008108544 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 004748288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 003165696 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 002859520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 002082304 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-04 00:46 - 2018-01-01 09:11 - 001955328 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 001822208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 001816576 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 001597952 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 001343488 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 001231872 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-04 00:46 - 2018-01-01 09:11 - 000715776 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-04 00:46 - 2018-01-01 09:10 - 003126272 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2018-01-04 00:46 - 2018-01-01 09:10 - 002528256 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-01-04 00:46 - 2018-01-01 09:10 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll
2018-01-04 00:46 - 2018-01-01 09:09 - 001487872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-01-04 00:46 - 2018-01-01 09:09 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-04 00:46 - 2018-01-01 09:09 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\DbgModel.dll
2018-01-04 00:46 - 2018-01-01 09:09 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2018-01-04 00:46 - 2018-01-01 09:08 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-01-04 00:46 - 2018-01-01 09:08 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-04 00:46 - 2018-01-01 09:08 - 000685056 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-01-04 00:46 - 2018-01-01 09:08 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-04 00:46 - 2018-01-01 09:06 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wscproxystub.dll
2018-01-04 00:46 - 2018-01-01 09:05 - 002510848 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2018-01-04 00:46 - 2018-01-01 09:05 - 001160704 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2018-01-04 00:46 - 2018-01-01 09:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2018-01-04 00:27 - 2018-01-04 00:55 - 000006408 _____ C:\Users\eduad\Desktop\Fixlog.txt
2018-01-04 00:19 - 2018-01-04 00:20 - 000062316 _____ C:\Users\eduad\Downloads\Addition.txt
2018-01-04 00:18 - 2018-01-04 00:20 - 000191140 _____ C:\Users\eduad\Downloads\FRST.txt
2018-01-04 00:17 - 2018-01-04 07:25 - 000000000 ____D C:\FRST
2018-01-04 00:17 - 2018-01-04 00:17 - 002393088 _____ (Farbar) C:\Users\eduad\Desktop\FRST64.exe
2018-01-03 22:16 - 2018-01-04 05:13 - 000000000 ____D C:\Users\eduad\Downloads\MetArt.com.16.12.24.Daniel.Sea.Temmo.XXX.IMAGESET-IEVA[rarbg]
2018-01-03 16:10 - 2018-01-03 16:10 - 000000000 ____D C:\Users\eduad\AppData\Local\ESET
2018-01-03 16:06 - 2018-01-03 16:06 - 006968952 _____ (ESET spol. s r.o.) C:\Users\eduad\Downloads\esetonlinescanner_enu.exe
2018-01-03 16:04 - 2018-01-03 16:04 - 008198432 _____ (Malwarebytes) C:\Users\eduad\Downloads\AdwCleaner.exe
2018-01-03 14:04 - 2018-01-03 16:03 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable)
2018-01-03 14:04 - 2018-01-03 16:03 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-01-03 14:04 - 2018-01-03 14:04 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\4767F513.sys
2018-01-03 14:03 - 2018-01-03 14:03 - 014178840 _____ (Malwarebytes Corp.) C:\Users\eduad\Downloads\mbar-1.10.3.1001.exe
2018-01-03 14:02 - 2018-01-03 14:02 - 000000222 _____ C:\Users\eduad\Desktop\ha.txt
2018-01-02 23:53 - 2018-01-03 01:02 - 000000000 ____D C:\Program Files (x86)\Resident Evil 7 Biohazard
2018-01-02 23:10 - 2018-01-02 23:10 - 012363764 _____ C:\Users\eduad\Downloads\[HS][Chara][Arisha][roy12][v1.1].7z
2018-01-02 23:09 - 2018-01-02 23:09 - 010843475 _____ C:\Users\eduad\Downloads\[HS][Chara][Lili][roy12][v1.0].7z
2018-01-02 23:03 - 2018-01-03 14:04 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2018-01-02 23:03 - 2018-01-03 14:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-02 23:03 - 2018-01-02 23:03 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-02 23:03 - 2018-01-02 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-02 23:03 - 2018-01-02 23:03 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-02 23:03 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-02 23:02 - 2018-01-02 23:03 - 083316440 _____ (Malwarebytes ) C:\Users\eduad\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3374.exe
2018-01-02 18:01 - 2018-01-02 18:01 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-01-02 18:01 - 2018-01-02 18:01 - 000000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2018-01-02 18:01 - 2018-01-02 18:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-02 18:01 - 2018-01-02 18:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-02 14:53 - 2018-01-03 16:05 - 000000000 ____D C:\AdwCleaner
2018-01-02 14:52 - 2018-01-02 14:52 - 008198432 _____ (Malwarebytes) C:\Users\eduad\Downloads\adwcleaner-7-0-6-0.exe
2018-01-02 14:44 - 2018-01-04 07:11 - 000003324 _____ C:\Windows\System32\Tasks\LjRekYiYAtJ
2018-01-02 14:44 - 2018-01-04 01:11 - 000003546 _____ C:\Windows\System32\Tasks\EoAauKDauI
2018-01-02 14:44 - 2018-01-02 14:44 - 000003704 _____ C:\Windows\System32\Tasks\AyeEeXeI
2018-01-02 14:44 - 2018-01-02 14:44 - 000000001 _____ C:\Users\eduad\AppData\Local\WMI.ini
2018-01-02 14:44 - 2017-09-29 11:42 - 000174592 _____ (Microsoft Corporation) C:\Windows\YBOZOiA.exe
2018-01-02 14:44 - 2017-09-29 11:42 - 000059904 _____ (Microsoft Corporation) C:\Users\eduad\AppData\Roaming\eQeWALMjE.exe
2018-01-02 14:44 - 2017-09-29 11:42 - 000001098 _____ C:\Windows\iZYFY
2018-01-02 14:44 - 2017-09-29 11:42 - 000000939 _____ C:\Windows\HLLYlRbERKVw
2018-01-02 14:44 - 2017-09-29 11:42 - 000000053 _____ C:\Windows\SysWOW64\rryEfEnTyuPEI
2018-01-02 14:44 - 2017-09-29 11:42 - 000000046 _____ C:\Windows\uwYzUoeIOEo
2018-01-02 14:27 - 2018-01-02 14:35 - 932602286 _____ C:\Users\eduad\Downloads\sdm4Bq6.zip
2018-01-01 14:59 - 2018-01-01 14:59 - 000000038 _____ C:\Users\eduad\Documents\Final Fantasy XIV.txt
2017-12-31 20:06 - 2017-12-31 20:06 - 000000000 ____D C:\Users\eduad\Desktop\ePSXe
2017-12-31 20:05 - 2017-12-31 20:05 - 001307547 _____ C:\Users\eduad\Downloads\ePSXe202-1.zip
2017-12-31 20:01 - 2017-12-31 20:01 - 000050383 _____ C:\Users\eduad\Downloads\SSSPSX-0.0.34e.ZIP
2017-12-31 20:01 - 2017-12-31 20:01 - 000050383 _____ C:\Users\eduad\Downloads\SSSPSX-0.0.34e(1).ZIP
2017-12-31 14:17 - 2018-01-04 02:04 - 000000000 ____D C:\Users\eduad\AppData\Local\LogMeIn Hamachi
2017-12-31 14:17 - 2017-12-31 14:17 - 000000000 ____D C:\Users\Todos os Usuários\LogMeIn
2017-12-31 14:17 - 2017-12-31 14:17 - 000000000 ____D C:\Users\eduad\AppData\Local\LogMeIn
2017-12-31 14:17 - 2017-12-31 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2017-12-31 14:17 - 2017-12-31 14:17 - 000000000 ____D C:\ProgramData\LogMeIn
2017-12-31 14:17 - 2017-12-31 14:17 - 000000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2017-12-31 14:16 - 2017-12-31 14:16 - 009781248 _____ C:\Users\eduad\Downloads\hamachi.msi
2017-12-31 14:12 - 2017-12-31 14:12 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-12-31 14:09 - 2017-12-31 14:09 - 000000222 _____ C:\Users\eduad\Desktop\Terraria.url
2017-12-30 20:23 - 2017-12-30 20:32 - 000000000 ____D C:\Users\eduad\AppData\Roaming\Twitch
2017-12-30 20:23 - 2017-12-30 20:23 - 000000972 _____ C:\Users\eduad\Desktop\Twitch.lnk
2017-12-30 20:23 - 2017-12-30 20:23 - 000000958 _____ C:\Users\eduad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
2017-12-30 20:22 - 2017-12-30 20:23 - 109436736 _____ C:\Users\eduad\Downloads\TwitchSetup_[usher-139742669].exe
2017-12-30 17:19 - 2017-12-30 17:19 - 000000221 _____ C:\Users\eduad\Desktop\FINAL FANTASY XIV Online.url
2017-12-29 23:43 - 2017-12-29 23:43 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsigndfbafd020bc6ff03
2017-12-29 23:43 - 2017-12-29 23:43 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign690ce7be9ebb3db3
2017-12-29 23:43 - 2017-12-29 23:43 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign4ed7e0b4d65f7049
2017-12-29 23:43 - 2017-12-29 23:43 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign1d443c25b6db06bc
2017-12-29 03:47 - 2017-12-29 03:47 - 000000000 ____D C:\Users\eduad\AppData\Roaming\Wargaming.net
2017-12-28 14:29 - 2017-12-28 14:29 - 000000000 ____D C:\Users\eduad\AppData\Roaming\AnkamaCertificates
2017-12-28 14:27 - 2017-12-28 14:37 - 000000008 _____ C:\Users\eduad\AppData\Roaming\DofusAppId0_1
2017-12-28 14:27 - 2017-12-28 14:37 - 000000000 ____D C:\Users\eduad\AppData\Roaming\Dofus
2017-12-28 14:27 - 2017-12-28 14:28 - 000000000 ____D C:\Users\eduad\AppData\Roaming\Reg
2017-12-28 14:27 - 2017-12-28 14:27 - 000000113 _____ C:\Users\eduad\AppData\Roaming\D2Info0
2017-12-28 13:28 - 2017-12-28 14:27 - 000347815 _____ C:\Users\eduad\AppData\Localtransition_66dee9f2b0fd52bf1b060ee36e97c818.ini
2017-12-28 13:28 - 2017-12-28 13:28 - 000001118 _____ C:\Users\eduad\AppData\Roaming\Microsoft\Windows\Start Menu\Dofus.lnk
2017-12-28 13:28 - 2017-12-28 13:28 - 000001116 _____ C:\Users\eduad\Desktop\Dofus.lnk
2017-12-28 13:28 - 2017-12-28 13:28 - 000000000 ____D C:\Users\eduad\AppData\Local\Ankama
2017-12-28 10:57 - 2017-12-28 10:57 - 000002062 _____ C:\Users\eduad\Desktop\Movie Battles 2.lnk
2017-12-28 10:05 - 2017-12-28 10:05 - 000000000 ____D C:\Users\eduad\AppData\Local\Movie_Battles_Team
2017-12-28 03:28 - 2017-12-28 04:04 - 000000000 ____D C:\Users\eduad\Downloads\MovieBattlesII_FULL_V1.4.8
2017-12-28 03:28 - 2017-12-28 03:28 - 000000220 _____ C:\Users\eduad\Desktop\STAR WARS Jedi Knight Jedi Academy.url
2017-12-28 00:23 - 2017-12-28 00:24 - 000000000 ____D C:\Users\eduad\AppData\LocalLow\eforb
2017-12-27 15:57 - 2017-12-27 15:58 - 000000000 ____D C:\Users\eduad\Downloads\Digimon World (USA)
2017-12-27 15:45 - 2017-12-27 15:45 - 000000706 _____ C:\Users\eduad\Desktop\ePSXe.lnk
2017-12-27 15:36 - 2017-12-27 15:36 - 000000000 ____D C:\Users\eduad\Documents\ePSXe
2017-12-27 15:26 - 2017-12-27 15:54 - 000000000 ____D C:\Users\eduad\Downloads\darkwood_hotfix3
2017-12-27 10:44 - 2018-01-04 00:32 - 000000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2017-12-27 10:44 - 2018-01-04 00:32 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-12-26 18:40 - 2017-12-26 18:40 - 000000000 ____D C:\Override
2017-12-26 18:12 - 2017-12-26 18:12 - 000000221 _____ C:\Users\eduad\Desktop\STAR WARS Knights of the Old Republic.url
2017-12-26 11:36 - 2017-12-26 11:36 - 000000000 ____D C:\Users\eduad\Documents\idle_master
2017-12-26 11:34 - 2017-12-26 11:34 - 000000000 ____D C:\Users\eduad\Documents\Pasta Legal
2017-12-25 23:53 - 2017-12-25 23:53 - 000000000 ____D C:\Users\eduad\AppData\Roaming\RenPy
2017-12-25 23:43 - 2017-12-25 23:51 - 1121626627 ____R C:\Users\eduad\Downloads\GalaxyGirlsDeluxeUncensored.zip
2017-12-25 22:09 - 2017-12-25 22:10 - 000000000 ____D C:\Users\eduad\Documents\Color Sustainer
2017-12-25 22:09 - 2017-12-25 22:09 - 000000000 ____D C:\Users\eduad\Documents\nVidia Inspector
2017-12-25 20:44 - 2017-12-26 11:36 - 000000000 ____D C:\Users\eduad\AppData\Local\IdleMaster
2017-12-25 20:44 - 2017-12-25 20:44 - 000000000 ____D C:\Users\eduad\Desktop\idlemaster
2017-12-24 18:20 - 2017-12-24 18:32 - 000000000 ____D C:\Users\eduad\Downloads\The Silence Of The Lambs (1991) [1080p]
2017-12-24 18:09 - 2017-12-24 18:09 - 000000222 _____ C:\Users\eduad\Desktop\Sleeping Dogs Definitive Edition.url
2017-12-22 13:12 - 2017-12-22 13:12 - 000000222 _____ C:\Users\eduad\Desktop\Doki Doki Literature Club.url
2017-12-21 09:32 - 2017-12-21 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-21 09:32 - 2017-12-21 09:32 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-21 09:32 - 2017-12-15 20:47 - 000143960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-21 09:32 - 2017-09-13 21:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-12-21 09:32 - 2017-09-13 21:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-12-21 09:32 - 2017-09-13 21:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-12-21 09:32 - 2017-09-13 21:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-12-21 09:28 - 2017-12-15 22:23 - 040237456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 035157488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 029381936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 023267096 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 019040512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 013867656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 013255032 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 011781912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 010883744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 004202992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 003615032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 001990128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438871.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 001674736 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438871.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 001331016 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 001321448 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 001101104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 001044848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 001038496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 001032688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 000980880 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 000933360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 000794392 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 000740144 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 000634224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 000618744 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 000616240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 000599536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-12-21 09:28 - 2017-12-15 22:23 - 000506864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-12-20 09:36 - 2017-12-20 09:36 - 000000000 ____D C:\Users\eduad\AppData\Local\id Software
2017-12-19 23:13 - 2017-12-19 23:13 - 000000222 _____ C:\Users\eduad\Desktop\DOOM.url
2017-12-17 11:43 - 2018-01-04 00:25 - 000000000 ____D C:\Users\eduad\AppData\Local\Spotify
2017-12-17 11:43 - 2017-12-17 11:43 - 000001850 _____ C:\Users\eduad\Desktop\Spotify.lnk
2017-12-17 11:43 - 2017-12-17 11:43 - 000001836 _____ C:\Users\eduad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-12-17 11:42 - 2018-01-04 05:44 - 000000000 ____D C:\Users\eduad\AppData\Roaming\Spotify
2017-12-15 16:13 - 2017-12-15 16:13 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsigndc56a4ec5994ddcc
2017-12-15 16:12 - 2017-12-15 16:12 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsigne4ccb391179ac62e
2017-12-15 16:12 - 2017-12-15 16:12 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign832598ad2c512493
2017-12-15 16:12 - 2017-12-15 16:12 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign7c87c81623750a2b
2017-12-15 16:12 - 2017-12-15 16:12 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign47e310a74e8e9448
2017-12-14 22:22 - 2017-12-14 22:22 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsignf08306c510af69f1
2017-12-14 22:22 - 2017-12-14 22:22 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign6aeeef8e75dce4bf
2017-12-14 22:22 - 2017-12-14 22:22 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign5896046fcc9fc6a3
2017-12-14 22:22 - 2017-12-14 22:22 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign25547731672cde54
2017-12-14 22:20 - 2017-12-14 22:20 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsignbc1e32ece9ea029b
2017-12-14 22:19 - 2017-12-14 22:19 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign62b8859b8bbbef3b
2017-12-14 22:18 - 2017-12-14 22:18 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsigna4df45169d648fd5
2017-12-14 22:18 - 2017-12-14 22:18 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign75213dadee309393
2017-12-14 12:31 - 2017-12-14 12:31 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsigne1b88678d69d7816
2017-12-14 12:31 - 2017-12-14 12:31 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsignc57f23f1d7c12c05
2017-12-14 12:31 - 2017-12-14 12:31 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign90c2e6ba34fcee1d
2017-12-14 12:31 - 2017-12-14 12:31 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign75476775f6035312
2017-12-14 12:31 - 2017-12-14 12:31 - 000000000 ____D C:\Users\eduad\AppData\Local\Tempzxpsign2b5bd2cac55f8a1a
2017-12-13 14:07 - 2017-12-13 14:07 - 000000000 ____D C:\Users\eduad\Documents\NBGI
2017-12-13 14:06 - 2017-12-13 14:06 - 000000000 ____D C:\Users\eduad\AppData\Local\NBGI
2017-12-13 13:47 - 2017-12-13 13:47 - 000001578 _____ C:\Users\Public\Desktop\Dark Souls - Prepare to Die Edition.lnk
2017-12-13 13:46 - 2017-12-13 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BANDAI NAMCO Games
2017-12-13 13:40 - 2017-12-13 13:40 - 000000000 ____D C:\Program Files (x86)\BANDAI NAMCO Games
2017-12-13 13:10 - 2017-12-13 13:10 - 000000000 ____D C:\Users\eduad\Documents\Assassin's Creed IV Black Flag
2017-12-13 10:39 - 2017-12-08 04:52 - 000666112 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2017-12-13 10:39 - 2017-12-07 21:34 - 001925296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2017-12-13 10:39 - 2017-12-07 21:34 - 001634288 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-12-13 10:39 - 2017-12-07 21:28 - 000710912 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-12-13 10:39 - 2017-12-07 21:28 - 000630752 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2017-12-13 10:39 - 2017-12-07 21:27 - 004504456 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2017-12-13 10:39 - 2017-12-07 21:26 - 000525208 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2017-12-13 10:39 - 2017-12-07 21:24 - 000705944 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2017-12-13 10:39 - 2017-12-07 21:24 - 000437144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2017-12-13 10:39 - 2017-12-07 21:24 - 000246168 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-12-13 10:39 - 2017-12-07 21:22 - 001003104 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-12-13 10:39 - 2017-12-07 21:22 - 000979352 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2017-12-13 10:39 - 2017-12-07 21:22 - 000137544 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-12-13 10:39 - 2017-12-07 21:16 - 001776272 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-12-13 10:39 - 2017-12-07 21:15 - 000721592 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-12-13 10:39 - 2017-12-07 21:12 - 000401304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2017-12-13 10:39 - 2017-12-07 20:56 - 001528904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-12-13 10:39 - 2017-12-07 20:55 - 001490328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 10:39 - 2017-12-07 20:55 - 000097144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-12-13 10:39 - 2017-12-07 20:37 - 001145104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-12-13 10:39 - 2017-12-07 20:36 - 000769096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2017-12-13 10:39 - 2017-12-07 20:33 - 000747416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2017-12-13 10:39 - 2017-12-07 20:33 - 000592280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2017-12-13 10:39 - 2017-12-07 20:31 - 001522176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-12-13 10:39 - 2017-12-07 20:29 - 000047000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KeyboardFilterShim.dll
2017-12-13 10:39 - 2017-12-07 20:12 - 000101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscript.ocx
2017-12-13 10:39 - 2017-12-07 20:10 - 006466048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-12-13 10:39 - 2017-12-07 20:10 - 000150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2017-12-13 10:39 - 2017-12-07 20:10 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-12-13 10:39 - 2017-12-07 20:09 - 001663488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\batmeter.dll
2017-12-13 10:39 - 2017-12-07 20:09 - 000235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FSClient.dll
2017-12-13 10:39 - 2017-12-07 20:09 - 000147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2017-12-13 10:39 - 2017-12-07 20:09 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2017-12-13 10:39 - 2017-12-07 20:09 - 000136704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gamingtcui.dll
2017-12-13 10:39 - 2017-12-07 20:08 - 000514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-12-13 10:39 - 2017-12-07 20:08 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2017-12-13 10:39 - 2017-12-07 20:08 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-12-13 10:39 - 2017-12-07 20:07 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\PushToInstall.dll
2017-12-13 10:39 - 2017-12-07 20:07 - 000246272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 10:39 - 2017-12-07 20:07 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2017-12-13 10:39 - 2017-12-07 20:07 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2017-12-13 10:39 - 2017-12-07 20:06 - 000676352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2017-12-13 10:39 - 2017-12-07 20:06 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcui.dll
2017-12-13 10:39 - 2017-12-07 20:06 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2017-12-13 10:39 - 2017-12-07 20:05 - 001670656 _____ (Microsoft Corporation) C:\Windows\system32\batmeter.dll
2017-12-13 10:39 - 2017-12-07 20:05 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-12-13 10:39 - 2017-12-07 20:05 - 000539136 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2017-12-13 10:39 - 2017-12-07 20:05 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2017-12-13 10:39 - 2017-12-07 20:05 - 000363008 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll
2017-12-13 10:39 - 2017-12-07 20:05 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\FSClient.dll
2017-12-13 10:39 - 2017-12-07 20:05 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2017-12-13 10:39 - 2017-12-07 20:05 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2017-12-13 10:39 - 2017-12-07 20:05 - 000019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2017-12-13 10:39 - 2017-12-07 20:04 - 001498112 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2017-12-13 10:39 - 2017-12-07 20:04 - 001321472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 10:39 - 2017-12-07 20:03 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2017-12-13 10:39 - 2017-12-07 20:03 - 000841728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2017-12-13 10:39 - 2017-12-07 20:03 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2017-12-13 10:39 - 2017-12-07 20:03 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 10:39 - 2017-12-07 20:03 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\hascsp.dll
2017-12-13 10:39 - 2017-12-07 20:02 - 007545344 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-12-13 10:39 - 2017-12-07 20:02 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-12-13 10:39 - 2017-12-07 20:02 - 002117632 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2017-12-13 10:39 - 2017-12-07 20:02 - 000496640 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2017-12-13 10:39 - 2017-12-07 20:01 - 004592640 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 10:39 - 2017-12-07 20:01 - 001980928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-12-13 10:39 - 2017-12-07 20:01 - 000601088 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2017-12-13 10:39 - 2017-12-07 20:01 - 000021504 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2017-12-13 10:39 - 2017-12-07 20:00 - 001509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 10:39 - 2017-12-07 19:59 - 002105856 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-12-13 10:39 - 2017-12-07 19:59 - 001666048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2017-12-13 10:39 - 2017-12-07 19:59 - 001058304 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2017-12-13 10:39 - 2017-12-07 19:58 - 003478016 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-12-13 10:39 - 2017-12-07 19:58 - 003211776 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-12-13 10:39 - 2017-12-07 19:58 - 001353728 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2017-12-13 10:39 - 2017-12-07 19:56 - 002666496 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-12-13 10:39 - 2017-12-07 19:56 - 001739264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2017-12-13 10:39 - 2017-12-07 19:54 - 001570816 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2017-12-12 09:40 - 2017-12-12 09:40 - 000001248 _____ C:\Users\eduad\Desktop\AIDA64 Extreme.lnk
2017-12-12 09:40 - 2017-12-12 09:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2017-12-12 09:40 - 2017-12-12 09:40 - 000000000 ____D C:\Program Files (x86)\FinalWire
2017-12-12 09:39 - 2017-12-12 09:40 - 050693368 _____ (FinalWire Ltd. ) C:\Users\eduad\Downloads\aida64extreme595.exe
2017-12-11 19:15 - 2017-12-11 22:21 - 000000039 _____ C:\Users\eduad\Documents\ringous[.txt
2017-12-11 19:02 - 2017-12-11 19:02 - 000000000 ____D C:\Users\eduad\Documents\Curse
2017-12-11 19:00 - 2017-12-11 19:00 - 000000000 ____D C:\Users\Todos os Usuários\Twitch
2017-12-11 19:00 - 2017-12-11 19:00 - 000000000 ____D C:\ProgramData\Twitch
2017-12-09 22:22 - 2018-01-01 09:13 - 000003130 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-12-09 11:12 - 2017-12-09 11:48 - 000000000 ____D C:\Users\eduad\Zomboid
2017-12-09 11:12 - 2017-12-09 11:12 - 000000000 ____D C:\Users\Todos os Usuários\Oracle
2017-12-09 11:12 - 2017-12-09 11:12 - 000000000 ____D C:\ProgramData\Oracle
2017-12-09 10:53 - 2017-12-09 10:53 - 000000222 _____ C:\Users\eduad\Desktop\Tom Clancy's Rainbow Six Siege.url
2017-12-08 19:30 - 2012-06-26 22:00 - 016969792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm-patched.sys
2017-12-08 14:18 - 2017-12-12 10:40 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-12-08 14:18 - 2017-12-12 10:39 - 000000000 ____D C:\Program Files\Rockstar Games
2017-12-08 14:18 - 2017-12-08 14:18 - 000000000 ____D C:\Users\eduad\Documents\Rockstar Games
2017-12-08 14:18 - 2017-12-08 14:18 - 000000000 ____D C:\Users\eduad\AppData\Local\Rockstar Games
2017-12-08 10:27 - 2017-12-08 10:27 - 000000000 ____D C:\Users\eduad\Documents\PCSX2
2017-12-08 10:26 - 2017-12-08 10:26 - 000002008 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2017-12-08 10:26 - 2017-12-08 10:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2017-12-08 10:26 - 2017-12-08 10:26 - 000000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2017-12-07 20:31 - 2017-12-07 20:31 - 000000222 _____ C:\Users\eduad\Desktop\Grand Theft Auto V.url
2017-12-07 02:06 - 2017-12-07 02:06 - 000000222 _____ C:\Users\eduad\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url
2017-12-05 14:51 - 2017-12-05 14:51 - 000000222 _____ C:\Users\eduad\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server).url
2017-12-05 10:27 - 2017-12-08 18:03 - 000000000 ____D C:\Users\eduad\Documents\Jogos PS2
2017-12-05 00:04 - 2017-12-05 00:06 - 000000000 ____D C:\Users\eduad\AppData\Roaming\FiraxisLive
2017-12-05 00:02 - 2017-12-05 00:02 - 000000000 ____D C:\Users\eduad\AppData\Roaming\ModLauncherWPF

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-01-04 07:26 - 2017-10-27 11:19 - 000000000 ____D C:\Users\eduad\AppData\Roaming\uTorrent
2018-01-04 05:55 - 2012-05-25 13:09 - 000000000 ____D C:\Users\eduad\Desktop\Sacred Gold & Storm Silver V1.05
2018-01-04 05:15 - 2017-10-26 05:55 - 000000000 ____D C:\Users\eduad\AppData\LocalLow\Mozilla
2018-01-04 04:57 - 2017-10-22 19:25 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-01-04 04:11 - 2017-11-01 20:24 - 000000000 ____D C:\Users\eduad\AppData\Local\CrashDumps
2018-01-04 01:11 - 2017-10-22 19:35 - 002866228 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-04 01:11 - 2017-09-30 12:30 - 001044554 _____ C:\Windows\system32\prfh0416.dat
2018-01-04 01:11 - 2017-09-30 12:30 - 000398280 _____ C:\Windows\system32\prfc0416.dat
2018-01-04 01:09 - 2017-10-22 20:28 - 000000000 ____D C:\Program Files (x86)\Steam
2018-01-04 01:08 - 2017-10-22 19:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-04 01:08 - 2017-10-22 19:36 - 000000000 ___RD C:\Users\eduad\3D Objects
2018-01-04 01:07 - 2017-09-29 11:44 - 000000000 ____D C:\Windows\INF
2018-01-04 01:06 - 2017-11-28 15:31 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
2018-01-04 01:06 - 2017-11-28 15:31 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-04 01:05 - 2017-10-22 19:25 - 005007056 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-04 01:04 - 2017-10-22 19:25 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-04 01:02 - 2017-09-29 06:45 - 000786432 _____ C:\Windows\system32\config\BBI
2018-01-04 01:01 - 2017-09-29 11:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-01-04 01:01 - 2017-09-29 11:46 - 000000000 ___SD C:\Windows\system32\F12
2018-01-04 01:01 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\TextInput
2018-01-04 01:01 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
2018-01-04 01:01 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\system32\oobe
2018-01-04 01:01 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\system32\migwiz
2018-01-04 01:01 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-01-04 01:01 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\Provisioning
2018-01-04 01:01 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-01-04 01:01 - 2017-09-29 06:45 - 000000000 ____D C:\Windows\system32\Dism
2018-01-04 00:50 - 2017-09-29 11:37 - 000000000 ____D C:\Windows\CbsTemp
2018-01-04 00:49 - 2017-09-29 11:41 - 000403968 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2018-01-04 00:48 - 2017-09-29 11:41 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-01-04 00:48 - 2017-09-29 11:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-01-04 00:40 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-01-04 00:28 - 2017-10-26 20:15 - 000000000 ____D C:\Users\eduad\AppData\LocalLow\Temp
2018-01-04 00:27 - 2017-09-29 11:46 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-01-04 00:27 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-01-04 00:21 - 2017-10-22 19:34 - 000000000 ____D C:\Users\eduad
2018-01-04 00:20 - 2017-11-28 12:06 - 000000000 ____D C:\Users\eduad\AppData\Local\Ubisoft Game Launcher
2018-01-03 14:01 - 2017-10-27 04:03 - 000000000 ____D C:\Windows\Minidump
2018-01-03 13:52 - 2017-09-29 11:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-03 13:52 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\AppReadiness
2018-01-03 00:18 - 2017-10-28 09:31 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2018-01-02 23:08 - 2017-10-25 03:56 - 000000000 ____D C:\Program Files (x86)\Cheat Engine 6.7
2018-01-01 20:07 - 2017-10-30 15:08 - 000000000 ____D C:\Users\eduad\AppData\Roaming\discord
2017-12-31 14:12 - 2017-10-23 00:01 - 000000000 ____D C:\Users\eduad\Documents\My Games
2017-12-30 02:11 - 2017-10-26 05:55 - 000000000 ____D C:\Users\eduad\AppData\Local\Mozilla
2017-12-30 02:06 - 2017-10-26 05:55 - 000000000 ____D C:\Users\eduad\AppData\Roaming\Mozilla
2017-12-28 14:51 - 2017-11-15 11:19 - 000000000 ____D C:\Users\eduad\AppData\Roaming\vlc
2017-12-28 14:47 - 2017-11-29 22:57 - 000000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2017-12-28 14:47 - 2017-11-29 22:57 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-12-28 14:40 - 2017-11-06 11:41 - 000000000 ____D C:\Users\eduad\AppData\Roaming\obs-studio
2017-12-26 11:54 - 2017-12-02 11:10 - 000000000 ____D C:\Users\eduad\Desktop\Yet To Play
2017-12-26 01:55 - 2017-11-04 09:26 - 000000000 ____D C:\Users\Todos os Usuários\X360CE
2017-12-26 01:55 - 2017-11-04 09:26 - 000000000 ____D C:\ProgramData\X360CE
2017-12-25 23:53 - 2017-11-11 10:41 - 000000000 ____D C:\Users\eduad\AppData\Local\NVIDIA
2017-12-23 19:16 - 2017-10-28 09:31 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-12-21 09:33 - 2017-10-26 02:10 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 09:33 - 2017-10-26 02:10 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 09:33 - 2017-10-26 02:10 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 09:33 - 2017-10-26 02:10 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 09:32 - 2017-11-28 15:29 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2017-12-21 09:32 - 2017-11-28 15:29 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-21 09:32 - 2017-10-26 02:10 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-21 08:45 - 2017-10-23 00:17 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-12-21 08:45 - 2017-10-23 00:17 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-15 22:23 - 2017-11-28 15:29 - 036350960 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-12-15 22:23 - 2017-11-28 15:29 - 004485376 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-12-15 22:23 - 2017-11-28 15:29 - 003817584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-12-15 22:23 - 2017-11-28 15:29 - 000048442 _____ C:\Windows\system32\nvinfo.pb
2017-12-15 22:23 - 2017-10-26 02:10 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-12-15 21:15 - 2017-10-26 02:09 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-12-15 20:34 - 2017-11-28 15:31 - 005964688 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-12-15 20:34 - 2017-11-28 15:31 - 002589168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-12-15 20:34 - 2017-11-28 15:31 - 001767408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-12-15 20:34 - 2017-11-28 15:31 - 000608056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-12-15 20:34 - 2017-11-28 15:31 - 000450544 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-12-15 20:34 - 2017-11-28 15:31 - 000123704 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-12-15 20:34 - 2017-11-28 15:31 - 000082928 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-12-14 16:24 - 2017-10-22 20:13 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-14 16:17 - 2017-11-28 15:31 - 007917671 _____ C:\Windows\system32\nvcoproc.bin
2017-12-14 10:38 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\LiveKernelReports
2017-12-14 05:09 - 2017-09-29 11:46 - 000000000 ____D C:\Windows\rescache
2017-12-13 18:30 - 2017-10-22 19:36 - 000000000 ____D C:\Users\eduad\AppData\Local\Packages
2017-12-13 14:06 - 2017-10-22 19:36 - 000000000 ____D C:\Users\eduad\AppData\Local\VirtualStore
2017-12-13 10:45 - 2017-10-22 19:55 - 000000000 ____D C:\Windows\system32\MRT
2017-12-13 10:42 - 2017-10-22 19:55 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-13 10:42 - 2017-10-22 19:55 - 133326408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-11 20:54 - 2017-10-30 15:08 - 000002233 _____ C:\Users\eduad\Desktop\Discord.lnk
2017-12-11 20:54 - 2017-10-30 15:08 - 000000000 ____D C:\Users\eduad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-12-11 20:54 - 2017-10-30 15:08 - 000000000 ____D C:\Users\eduad\AppData\Local\Discord
2017-12-08 20:19 - 2017-10-25 04:48 - 000000000 ____D C:\Program Files (x86)\Illusion
2017-12-08 10:26 - 2017-10-28 09:32 - 000000000 ____D C:\Windows\SysWOW64\directx

==================== Arquivos na raiz de alguns diretórios =======

2017-12-28 14:27 - 2017-12-28 14:27 - 000000113 _____ () C:\Users\eduad\AppData\Roaming\D2Info0
2017-12-28 14:27 - 2017-12-28 14:37 - 000000008 _____ () C:\Users\eduad\AppData\Roaming\DofusAppId0_1
2018-01-02 14:44 - 2017-09-29 11:42 - 000059904 _____ (Microsoft Corporation) C:\Users\eduad\AppData\Roaming\eQeWALMjE.exe
2017-11-03 13:10 - 2017-11-03 13:10 - 000000003 _____ () C:\Users\eduad\AppData\Local\updater.log
2017-11-03 13:10 - 2017-11-03 13:10 - 000000425 _____ () C:\Users\eduad\AppData\Local\UserProducts.xml
2018-01-02 14:44 - 2018-01-02 14:44 - 000000001 _____ () C:\Users\eduad\AppData\Local\WMI.ini

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2018-01-01 06:34

==================== Fim de FRST.txt ============================

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 02.01.2018
Executado por eduad (04-01-2018 07:26:56)
Executando a partir de C:\Users\eduad\Desktop
Windows 10 Pro Versão 1709 16299.192 (X64) (2017-10-22 21:30:12)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-2296285372-3677760609-50217273-500 - Administrator - Disabled)
Convidado (S-1-5-21-2296285372-3677760609-50217273-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-2296285372-3677760609-50217273-503 - Limited - Disabled)
eduad (S-1-5-21-2296285372-3677760609-50217273-1001 - Administrator - Enabled) => C:\Users\eduad
WDAGUtilityAccount (S-1-5-21-2296285372-3677760609-50217273-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere (HKLM\...\{C1CB876C-A08E-4692-B525-42848BD154D7}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
AIDA64 Extreme v5.95 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.95 - FinalWire Ltd.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
CPUID HWMonitor 1.33 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.33 - )
DARK SOULS - Prepare To Die Edition (HKLM-x32\...\DARK SOULS - Prepare To Die Edition_is1) (Version:  - )
Discord (HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\Discord) (Version: 0.0.299 - Discord Inc.)
Dofus (HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\2744A393-554C-4E35-A24F-DEF0392B4484-2) (Version:  - Ankama)
DVD-Cloner V14.10 Build 1421 (HKLM-x32\...\DVD-Cloner Gold_is1) (Version: 14.10.0.1421 - OpenCloner Inc.)
Epic Games Launcher (HKLM-x32\...\{39A82E16-22F5-4E4C-890B-0D2EDD431760}) (Version: 1.1.129.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{8CCCD0E7-56E4-45FB-B3FB-9F5183C2F4F0}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
LOOT versão 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team)
Malwarebytes versão 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotoSpeed Gaming MouseV30 (HKLM-x32\...\{3E20AE4F-C805-4162-A3AB-4AC2B3FC96E5}_is1) (Version: 1.0 - 香港飞翔科技集团有限公司)
Mozilla Firefox 57.0.3 (x64 pt-BR) (HKLM\...\Mozilla Firefox 57.0.3 (x64 pt-BR)) (Version: 57.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
MSI Afterburner 4.4.0 (HKLM-x32\...\Afterburner) (Version: 4.4.0 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA Driver de áudio HD 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Driver de gráficos 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.71 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.71 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.1.1 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Painel de controle da NVIDIA 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.71 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Remote Mouse version 3.002 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 3.002 - Remote Mouse)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RivaTuner Statistics Server 7.0.0 (HKLM-x32\...\RTSS) (Version: 7.0.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.3.1 - Rockstar Games)
Spotify (HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\Spotify) (Version: 1.0.70.388.g8e1ed5af - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Twitch (HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-012B-0416-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\WhatsApp) (Version: 0.2.6968 - WhatsApp)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-2296285372-3677760609-50217273-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F3CE210F6533}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-2296285372-3677760609-50217273-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Nenhum Arquivo
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-15] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {2A698375-F022-4423-9131-71275FF535FC} - System32\Tasks\EoAauKDauI => C:\Windows\SysWOW64\rryEfEnTyuPEI.bat [2017-09-29] () <==== ATENÇÃO
Task: {3A566652-041E-4B1A-9659-6853DBDFC490} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
Task: {3A6B3FCB-E882-4666-AE61-789B011A0E72} - System32\Tasks\LjRekYiYAtJ => C:\Windows\uwYzUoeIOEo.bat [2017-09-29] () <==== ATENÇÃO
Task: {3B7B5C72-32FA-46BF-ACAA-D48B84F04D74} - System32\Tasks\update-S-1-5-21-2296285372-3677760609-50217273-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {3E0EC6E9-EBA4-46CA-A5F2-BDCF45E4C78C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-15] (NVIDIA Corporation)
Task: {3F2B9413-0A9D-419F-9E03-C0C5D7008E6F} - System32\Tasks\V30-Marquee-TaskPlan => C:\Program Files\Gaming MouseV30\MotoSpeed_GamingMouse_V30.exe [2016-08-19] (香港飞翔科技集团有限公司)
Task: {55E780C9-BD63-400E-8C59-F9A84852708B} - System32\Tasks\BorderlessGaming => C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe
Task: {64321ED6-52F7-4330-A720-FE5FB4EA3512} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {6B7C1A26-5C15-4313-96F0-51EB64C4A2F5} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {6D0F18D3-E1DA-441F-80C0-C24EDA71DB0A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {6D1A8654-9B55-4D3F-811D-7E0C7D26302B} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe
Task: {731D682D-5DCE-430E-BFAC-F2E86166955E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {881C1C68-7F6B-475E-9D9A-0C13BB1B926B} - System32\Tasks\AyeEeXeI => C:\Users\eduad\AppData\Roaming\eQeWALMjE.exe [2017-09-29] (Microsoft Corporation) <==== ATENÇÃO
Task: {8AEC3A9A-BE3D-487B-B63E-2CA384FA417F} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2017-10-31] ()
Task: {94B909E7-9D24-4C40-9107-A8B4536DEFFD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-11-08] (Piriform Ltd)
Task: {9FD79534-F2BE-4AA0-9015-A8BF75832287} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-12-15] (NVIDIA Corporation)
Task: {A71659C0-F6BB-49B6-ABE8-A822208BF52D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-22] (Google Inc.)
Task: {A8C2E65D-B4BF-4516-82D3-22C66913EC1E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {B6AD71CA-EA6F-4152-8FEF-C1DC27A5F5D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {C4600920-0D47-472D-A1F9-89FF454A4354} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-12-15] (NVIDIA Corporation)
Task: {E2FD9249-6F56-4909-80EF-5AEACD10F88F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-22] (Google Inc.)
Task: {E7A4CD51-36E9-4A12-ADBC-040918A6E764} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-15] (NVIDIA Corporation)
Task: {EADF96B5-99EE-422D-A21E-8E8A478AB03F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-11-08] (Piriform Ltd)
Task: {EC55A3DD-3F68-4CC2-B433-BC430424787A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {F572A424-2A8B-4204-BA59-E2FE21EC6852} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {F9EB978C-FC70-458D-840C-59B58CB1CDCF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-12-15] (NVIDIA Corporation)
Task: {FBA2E7E2-AC23-4BA2-9842-C5F268EBABD4} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-eduad2010@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\update-S-1-5-21-2296285372-3677760609-50217273-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)


ShortcutWithArgument: C:\Users\eduad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble

==================== Módulos Carregados (Whitelisted) ==============

2017-09-29 11:41 - 2017-09-29 11:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-11-10 10:08 - 2016-06-25 08:52 - 000018432 _____ () C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
2017-11-03 11:58 - 2017-11-03 11:58 - 000026112 _____ () C:\Windows\KMS-R@1n.exe
2016-03-18 22:56 - 2016-03-18 22:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 001329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-22 20:47 - 2017-10-04 16:28 - 000345064 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
2017-09-27 18:29 - 2017-10-31 04:07 - 000444008 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
2017-09-26 02:52 - 2017-09-26 02:52 - 000491600 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2017-10-31 07:05 - 2017-10-31 07:05 - 000722216 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2017-10-22 20:47 - 2017-12-17 05:54 - 001348072 _____ () C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
2017-12-02 11:48 - 2017-11-26 10:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-02 11:47 - 2017-11-26 10:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-31 04:07 - 2017-10-31 04:07 - 000252008 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
2017-10-31 04:07 - 2017-10-31 04:07 - 000035432 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
2017-10-31 04:07 - 2017-10-31 04:07 - 000061032 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
2017-11-03 11:58 - 2017-11-03 11:58 - 000004608 _____ () C:\Windows\KMS-R@1nhook.exe
2017-10-29 18:01 - 2017-10-29 18:01 - 000071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2017-10-29 18:00 - 2017-10-29 18:00 - 000056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2017-10-29 18:01 - 2017-10-29 18:01 - 000232448 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2017-10-29 18:01 - 2017-10-29 18:01 - 000357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2017-10-29 18:01 - 2017-10-29 18:01 - 000565760 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2017-09-27 18:29 - 2017-10-31 04:07 - 000410728 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
2017-10-22 20:30 - 2017-11-29 03:09 - 000781088 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-10-22 20:30 - 2017-12-15 17:59 - 002558752 _____ () C:\Program Files (x86)\Steam\video.dll
2017-10-22 20:30 - 2016-08-31 23:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-12-14 10:39 - 2017-11-03 23:54 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 10:39 - 2017-11-03 23:54 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 10:39 - 2017-11-03 23:54 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 10:39 - 2017-11-03 23:54 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2017-12-14 10:39 - 2017-11-03 23:54 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-10-22 20:30 - 2016-08-31 23:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-10-22 20:30 - 2016-08-31 23:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-10-22 20:30 - 2017-12-15 17:59 - 000904992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-10-22 20:30 - 2016-07-04 20:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-12-11 20:54 - 2017-12-11 10:54 - 001893880 _____ () C:\Users\eduad\AppData\Local\Discord\app-0.0.299\ffmpeg.dll
2017-12-11 21:30 - 2017-12-11 21:30 - 001886712 _____ () \\?\C:\Users\eduad\AppData\Roaming\discord\0.0.299\modules\discord_toaster\discord_toaster.node
2017-12-11 21:30 - 2017-12-11 21:30 - 001773560 _____ () \\?\C:\Users\eduad\AppData\Roaming\discord\0.0.299\modules\discord_overlay2\discord_overlay2.node
2017-12-17 11:43 - 2017-12-17 15:34 - 068214160 _____ () C:\Users\eduad\AppData\Roaming\Spotify\libcef.dll
2017-12-11 20:54 - 2017-12-11 10:54 - 001938424 _____ () C:\Users\eduad\AppData\Local\Discord\app-0.0.299\libglesv2.dll
2017-12-11 20:54 - 2017-12-11 10:54 - 000095736 _____ () C:\Users\eduad\AppData\Local\Discord\app-0.0.299\libegl.dll
2017-12-17 11:43 - 2017-12-17 15:34 - 003112848 _____ () C:\Users\eduad\AppData\Roaming\Spotify\libglesv2.dll
2017-12-17 11:43 - 2017-12-17 15:34 - 000089488 _____ () C:\Users\eduad\AppData\Roaming\Spotify\libegl.dll
2017-10-22 20:31 - 2017-09-07 00:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-10-22 20:31 - 2017-10-31 02:44 - 071471904 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-10-22 20:30 - 2015-09-24 21:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-12-11 21:30 - 2017-12-11 21:30 - 009802232 _____ () \\?\C:\Users\eduad\AppData\Roaming\discord\0.0.299\modules\discord_voice\discord_voice.node
2017-12-11 21:30 - 2017-12-11 21:30 - 001505784 _____ () \\?\C:\Users\eduad\AppData\Roaming\discord\0.0.299\modules\discord_utils\discord_utils.node
2017-12-11 21:30 - 2017-12-11 21:30 - 000513016 _____ () \\?\C:\Users\eduad\AppData\Roaming\discord\0.0.299\modules\discord_erlpack\discord_erlpack.node
2017-12-11 21:30 - 2017-12-11 21:30 - 002662904 _____ () \\?\C:\Users\eduad\AppData\Roaming\discord\0.0.299\modules\discord_rpc\discord_rpc.node
2017-12-11 21:30 - 2017-12-11 21:30 - 001517048 _____ () \\?\C:\Users\eduad\AppData\Roaming\discord\0.0.299\modules\discord_game_utils\discord_game_utils.node
2017-12-11 21:31 - 2017-12-11 21:31 - 002749944 _____ () \\?\C:\Users\eduad\AppData\Roaming\discord\0.0.299\modules\discord_contact_import\discord_contact_import.node
2017-10-10 16:52 - 2017-10-10 16:52 - 000353792 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
2017-10-10 16:52 - 2017-10-10 16:52 - 000071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
2017-10-10 16:51 - 2017-10-10 16:51 - 000055808 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)


==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2017-09-29 11:46 - 2017-09-29 11:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-2296285372-3677760609-50217273-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\eduad\Pictures\Wallpaper Robots.png
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2296285372-3677760609-50217273-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [TCP Query User{275F6020-3F2E-42DA-876A-191933B1057E}C:\users\eduad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eduad\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{69435429-88F3-4BC6-B190-5FB81073A52E}C:\users\eduad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eduad\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BB41708E-92D2-4B8E-827A-6A6D080AC562}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2AE13503-C10B-4B3F-80F0-E1832F57F101}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1862D478-A974-454C-BAC7-22BF003416B2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7DEB564C-F581-4D29-B095-30BF6DE2F37D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A3AFA5EE-BC9A-4917-BC63-644D8BE1ECCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{BC7A0D2A-A246-4D11-B295-DEE838D4B3CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe
FirewallRules: [{C7356233-B563-445E-8994-EC07F91CE2DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{8AE6299E-5E56-4CB9-AB15-B445D69ED3A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [TCP Query User{210EB9DA-8801-4D2D-910F-D6504E72D451}C:\program files (x86)\pro evolution soccer 2018\pes2018.exe] => (Allow) C:\program files (x86)\pro evolution soccer 2018\pes2018.exe
FirewallRules: [UDP Query User{757C4D70-BD23-4424-A21C-E0A2FAB14574}C:\program files (x86)\pro evolution soccer 2018\pes2018.exe] => (Allow) C:\program files (x86)\pro evolution soccer 2018\pes2018.exe
FirewallRules: [TCP Query User{734B8F89-6C77-4F6E-BFC4-8CABB54DCEB1}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{8B49D4FE-0841-413B-A9F8-88C6DFAEBC5A}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{2684AB70-6BDD-4081-89E9-22D6FE6DA23B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{BC0F88ED-846A-40FE-B42B-3C8794CF1236}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{F273CAF2-B5B2-4185-AD85-4BCAFC82A0E5}] => (Allow) C:\Users\eduad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FB987131-A811-4286-9D67-119BEB014977}] => (Allow) C:\Users\eduad\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F01B6555-DB79-4182-9D8E-D21B4DF613C2}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{0F0E09BE-E27A-44B0-B5AB-0E0D8837CF35}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{E193D42A-DF11-409E-A815-8EED7C4A7ECB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{59AE0FE9-C35D-4A45-9CE6-99B6CE4DAE15}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{8911FBF6-CFC1-47E1-90EA-3B2816E1AD51}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{2F52E903-DB4B-4043-9C45-6D8DDB43CA32}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{5BCB474B-C1A0-4AD4-9D8F-A85D9AECAD1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{647FF37F-D43D-420E-B3E1-47EA34EF37BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{87F821B8-4C17-4F2B-BFE3-4D6272D188B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{2ADE064E-F0FA-47D5-9FA9-6AAE63AF63F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [TCP Query User{04033A49-AB6F-4CD0-BDB7-FFE2A30C59D6}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{10C594B5-7403-4459-AE80-377EB247CD26}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{2B4B35FC-3CB6-4408-9AD7-C5CD1D018A12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\deponia.exe
FirewallRules: [{E084BD04-0911-4EBD-B70F-B52F906375F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\deponia.exe
FirewallRules: [{3EB4422E-74FC-4231-868C-164297A8BE6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{844C5799-263B-4079-A433-595998352649}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{959352F9-0BB1-4ED6-9801-F1E354E4493C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
FirewallRules: [{06700E68-F4A9-4DC9-8DCB-D80156D10AD7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cave Story+\CaveStory+.exe
FirewallRules: [{116B4B2C-ADCA-4405-8CAA-0E0031D911A3}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{57D85B09-FFA4-4BCF-AC6A-3F10BA4C8B3B}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [TCP Query User{5BF941F4-C8A2-49B7-B4A9-DDED57771A1A}C:\program files (x86)\battle.net\games\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\battle.net\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{0ADCF7A2-5E56-4213-BC20-7E3A5913F43C}C:\program files (x86)\battle.net\games\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\battle.net\games\overwatch\overwatch.exe
FirewallRules: [{034B6D2F-7D88-45AD-897F-ABB19F716325}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{C64C67D1-CDDF-4F14-AC2F-B4C998C68EA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{24BD394E-BCD1-44B1-B2C3-7516EF543DE1}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{FB6189D5-71B8-471A-AF81-2FBFF37ACD0D}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{4B3857B4-3E1D-4DBC-8CFC-73A0E53973C3}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{FFC27CD8-CB8A-45F0-9534-61EC4E1F0047}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{1C47EBE8-EE2D-4366-BDA7-3272685737D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{699B20CE-B9CD-401A-9AD2-FD200F6924D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{44CCE1D3-6B5D-4160-AD58-DA74729AE478}] => (Allow) LPort=9143
FirewallRules: [{2EA90644-D0CE-490F-96BF-F472478C019B}] => (Allow) LPort=2333
FirewallRules: [{230DC50C-2A99-4979-9D8E-E3B9DA2755B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe
FirewallRules: [{02B3F841-4041-4BF7-9223-D48678EBC497}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yu-Gi-Oh! Duel Links\dlpc.exe
FirewallRules: [{A898C567-77E4-44C7-89F9-029F55F67D8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{ABB27CDC-A328-436E-A114-921D460461BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{7352C8CE-7CE2-4F3A-9779-6C4BD3B5D520}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{50CB96DF-235C-4FE5-BB54-26CC3A2949BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{C36737C4-ED31-455A-AF92-C315712BF1EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{B2B45CEA-409D-4FF2-AE6E-AE2C550408B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{E2BA73DE-CBF6-4E2D-990C-FC30F418CA15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DC4AA4FF-3ADB-4AA2-A1A7-88AEB607FB90}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA4B5D34-FC05-47B2-90C0-7E46F1967521}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{26E36DEA-B745-4912-A246-04970BBE2FEE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{75534F2F-783C-4F1E-A6CF-8B3300F1369F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{8660C6FA-43D9-4242-AA9A-E361E96DF56D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{F7FB19D9-6699-42F8-B2F4-74C69B96B9A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{4A5665AE-AFA4-4A61-9729-12F38B0DCB66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{E81F94B7-821A-482E-B049-67518CFFD49B}C:\program files (x86)\illusion\playhome\playhome64bit.exe] => (Allow) C:\program files (x86)\illusion\playhome\playhome64bit.exe
FirewallRules: [UDP Query User{4FA7F5F9-F41E-4D7E-BCC4-35BE6040992D}C:\program files (x86)\illusion\playhome\playhome64bit.exe] => (Allow) C:\program files (x86)\illusion\playhome\playhome64bit.exe
FirewallRules: [{00BD1D86-22D3-4765-9834-E0A8BE191805}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0128D892-1E85-45EB-A5DE-0FE6DB5A65A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{3F70D2CA-2D32-40A5-BA2D-8910BCAEBCF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{25DA1682-D57B-42E4-B4FC-46DFBDB7EEC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{B2459F46-3293-4C87-813A-33F05268BD50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe
FirewallRules: [{844E166B-2D2A-463B-920F-CBBFA9A78555}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2B3D8A82-032B-4096-8C83-2E12388C93D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5B6F937B-BF8C-4F3B-AD38-C1D514A24668}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom\Kingdom.exe
FirewallRules: [{C972131C-6010-4818-9658-7DB223CE65F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kingdom\Kingdom.exe
FirewallRules: [{983BBF17-86D2-4259-BDA0-E297757966D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{1AF57226-F700-4E7C-A681-8C411F1B2C94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{5EEEEB4A-5C7D-4D49-A819-CBE5560C2017}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{3A9B94EA-3E1E-4C10-8437-EECFC359112A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe
FirewallRules: [{CD2C32E3-92B8-4CC9-B1D6-53FFB0069F0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
FirewallRules: [{5E90C184-D921-47D4-8146-885AABEF6CBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
FirewallRules: [{17B8138A-4916-470E-93E8-D3411FF2FD4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{BD44DAF5-FE88-4F03-AE33-ADCD86ACE1C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{BD224B6D-92C2-4849-B4DA-E1451FBCA6D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{9E20945E-3672-418A-8A64-960B7AFF2580}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{7FCAB419-C3AC-4FD8-8AAA-1F9E1ECBCEBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{40987CE0-1F95-4F61-8FAD-78A03A846C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{0815E773-1A1D-49D7-9196-7C1B42710E9A}] => (Allow) C:\World Of Tanks\WoTLauncher.exe
FirewallRules: [{1BE3893F-C35B-4A06-9B4F-5BC81F61F98B}] => (Allow) C:\World Of Tanks\WoTLauncher.exe
FirewallRules: [{40F74A12-6C71-45DD-8925-5AA8CCDC6B76}] => (Allow) C:\World Of Tanks\worldoftanks.exe
FirewallRules: [{8BABA503-FB49-402F-B030-9AB33C9EA933}] => (Allow) C:\World Of Tanks\worldoftanks.exe
FirewallRules: [{3E0A889B-310B-4D71-8966-61DEEDAD3014}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9DDAE6C9-6A06-4332-9C09-57A9986941DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe
FirewallRules: [{B1310E52-8243-431B-A89F-5B13E0598A1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe
FirewallRules: [{26D9D195-30F1-4848-96C9-EA01EFDC1EBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{3CA6CA16-1840-460D-8652-73C03C30925B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe

==================== Pontos de Restauração =========================

31-12-2017 14:12:02 Installed Microsoft XNA Framework Redistributable 4.0
31-12-2017 14:17:09 Installed LogMeIn Hamachi
04-01-2018 00:45:31 Windows Update

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (01/04/2018 04:11:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 2715410563.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e36
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x25ffc08b
ID do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d38522de16e4fd
Caminho do aplicativo com falha: C:\Users\eduad\AppData\Local\Temp\is-9BEEN.tmp\2715410563.exe
Caminho do módulo com falha: unknown
ID do Relatório: 26aeabf4-83a8-4436-bfe3-1cf519436454
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (01/04/2018 04:11:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 2715410563.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e36
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x25ffc08b
ID do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d38522de16e4fd
Caminho do aplicativo com falha: C:\Users\eduad\AppData\Local\Temp\is-9BEEN.tmp\2715410563.exe
Caminho do módulo com falha: unknown
ID do Relatório: 565488f5-4d6f-4734-bbe1-1c48c0707c8c
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (01/04/2018 04:11:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 2715410563.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e36
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x25ffc08b
ID do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d38522de16e4fd
Caminho do aplicativo com falha: C:\Users\eduad\AppData\Local\Temp\is-9BEEN.tmp\2715410563.exe
Caminho do módulo com falha: unknown
ID do Relatório: 571e59cb-6933-4a17-be43-e955b6cf3863
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (01/04/2018 04:11:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 2715410563.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e36
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x25ffc08b
ID do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d38522de16e4fd
Caminho do aplicativo com falha: C:\Users\eduad\AppData\Local\Temp\is-9BEEN.tmp\2715410563.exe
Caminho do módulo com falha: unknown
ID do Relatório: 3388d859-b9e8-4550-8020-62929b31505f
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (01/04/2018 04:11:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 2715410563.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e36
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x25ffc08b
ID do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d38522de16e4fd
Caminho do aplicativo com falha: C:\Users\eduad\AppData\Local\Temp\is-9BEEN.tmp\2715410563.exe
Caminho do módulo com falha: unknown
ID do Relatório: 6d7d85e5-a733-4b29-a3f2-dbb076dde294
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (01/04/2018 04:11:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 2715410563.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e36
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x25ffc08b
ID do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d38522de16e4fd
Caminho do aplicativo com falha: C:\Users\eduad\AppData\Local\Temp\is-9BEEN.tmp\2715410563.exe
Caminho do módulo com falha: unknown
ID do Relatório: a1c7bfc8-9ab1-4710-91b8-a436d8ae42d2
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (01/04/2018 04:11:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 2715410563.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e36
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x25ffc08b
ID do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d38522de16e4fd
Caminho do aplicativo com falha: C:\Users\eduad\AppData\Local\Temp\is-9BEEN.tmp\2715410563.exe
Caminho do módulo com falha: unknown
ID do Relatório: 7467ab28-58dc-4188-b3cc-0e1dd9ec3db4
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (01/04/2018 04:11:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 2715410563.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e36
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x25ffc08b
ID do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d38522de16e4fd
Caminho do aplicativo com falha: C:\Users\eduad\AppData\Local\Temp\is-9BEEN.tmp\2715410563.exe
Caminho do módulo com falha: unknown
ID do Relatório: fcf5ec1c-8b84-4609-9931-f0f2b094de37
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (01/04/2018 04:11:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 2715410563.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e36
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x25ffc08b
ID do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d38522de16e4fd
Caminho do aplicativo com falha: C:\Users\eduad\AppData\Local\Temp\is-9BEEN.tmp\2715410563.exe
Caminho do módulo com falha: unknown
ID do Relatório: ee8f53ca-f818-47de-b185-70396465f05d
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (01/04/2018 04:11:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: 2715410563.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e36
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento da falha: 0x18343272
ID do processo com falha: 0x1454
Hora de início do aplicativo com falha: 0x01d38522de16e4fd
Caminho do aplicativo com falha: C:\Users\eduad\AppData\Local\Temp\is-9BEEN.tmp\2715410563.exe
Caminho do módulo com falha: unknown
ID do Relatório: dfe83f89-50a8-4dc0-a064-f29875ce8973
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:


Erros de Sistema:
=============
Error: (01/04/2018 07:26:45 AM) (Source: DCOM) (EventID: 10001) (User: PIRILAMPO)
Description: Não é possível iniciar o servidor DCOM: {9AA46009-3CE0-458A-A354-715610A075E6} como Não Disponível/Não Disponível. O erro:
"740"
Aconteceu ao iniciar este comando:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (01/04/2018 07:26:45 AM) (Source: DCOM) (EventID: 10001) (User: PIRILAMPO)
Description: Não é possível iniciar o servidor DCOM: {9AA46009-3CE0-458A-A354-715610A075E6} como Não Disponível/Não Disponível. O erro:
"740"
Aconteceu ao iniciar este comando:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (01/04/2018 07:26:45 AM) (Source: DCOM) (EventID: 10001) (User: PIRILAMPO)
Description: Não é possível iniciar o servidor DCOM: {9AA46009-3CE0-458A-A354-715610A075E6} como Não Disponível/Não Disponível. O erro:
"740"
Aconteceu ao iniciar este comando:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (01/04/2018 07:20:46 AM) (Source: DCOM) (EventID: 10001) (User: PIRILAMPO)
Description: Não é possível iniciar o servidor DCOM: {9AA46009-3CE0-458A-A354-715610A075E6} como Não Disponível/Não Disponível. O erro:
"740"
Aconteceu ao iniciar este comando:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (01/04/2018 07:20:45 AM) (Source: DCOM) (EventID: 10001) (User: PIRILAMPO)
Description: Não é possível iniciar o servidor DCOM: {9AA46009-3CE0-458A-A354-715610A075E6} como Não Disponível/Não Disponível. O erro:
"740"
Aconteceu ao iniciar este comando:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (01/04/2018 07:20:43 AM) (Source: DCOM) (EventID: 10001) (User: PIRILAMPO)
Description: Não é possível iniciar o servidor DCOM: {9AA46009-3CE0-458A-A354-715610A075E6} como Não Disponível/Não Disponível. O erro:
"740"
Aconteceu ao iniciar este comando:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (01/04/2018 07:20:40 AM) (Source: DCOM) (EventID: 10001) (User: PIRILAMPO)
Description: Não é possível iniciar o servidor DCOM: {9AA46009-3CE0-458A-A354-715610A075E6} como Não Disponível/Não Disponível. O erro:
"740"
Aconteceu ao iniciar este comando:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (01/04/2018 07:20:40 AM) (Source: DCOM) (EventID: 10001) (User: PIRILAMPO)
Description: Não é possível iniciar o servidor DCOM: {9AA46009-3CE0-458A-A354-715610A075E6} como Não Disponível/Não Disponível. O erro:
"740"
Aconteceu ao iniciar este comando:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (01/04/2018 07:17:05 AM) (Source: DCOM) (EventID: 10001) (User: PIRILAMPO)
Description: Não é possível iniciar o servidor DCOM: {9AA46009-3CE0-458A-A354-715610A075E6} como Não Disponível/Não Disponível. O erro:
"740"
Aconteceu ao iniciar este comando:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Error: (01/04/2018 07:17:05 AM) (Source: DCOM) (EventID: 10001) (User: PIRILAMPO)
Description: Não é possível iniciar o servidor DCOM: {9AA46009-3CE0-458A-A354-715610A075E6} como Não Disponível/Não Disponível. O erro:
"740"
Aconteceu ao iniciar este comando:
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding


CodeIntegrity:
===================================
  Date: 2018-01-04 07:27:28.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 07:27:28.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 07:22:44.501
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 07:22:44.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 07:12:27.787
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 07:12:27.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 07:07:43.326
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 07:07:43.325
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 06:57:26.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2018-01-04 06:57:26.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Informações da Memória ===========================

Processador: AMD FX™-8350 Eight-Core Processor
Percentagem de memória em uso: 46%
RAM física total: 8161.87 MB
RAM física disponível: 4389.39 MB
Virtual Total: 14561.87 MB
Virtual disponível: 9118 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.02 GB) (Free:294.27 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1AA23AEF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:57 AM

Posted 04 January 2018 - 07:59 AM

Hi Doodsey :)

I just picked up your thread on Malwarebytes Forums, so we'll continue there.

https://forums.malwarebytes.com/topic/217717-infected-with-mailru-malware-that-keeps-downloading-archives-from-the-cmd/

Thank you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users